feat(loyalty): Phase 1 production launch hardening

Phase 1 of the loyalty production launch plan: config & security hardening, dropped-data fix, DB integrity guards, rate limiting, and constant-time auth compare. 362 tests pass. - 1.4 Persist customer birth_date (new column + migration). Enrollment form was collecting it but the value was silently dropped because create_customer_for_enrollment never received it. Backfills existing customers without overwriting. - 1.1 LOYALTY_GOOGLE_SERVICE_ACCOUNT_JSON validated at startup (file must exist and be readable; ~ expanded). Adds is_google_wallet_enabled and is_apple_wallet_enabled derived flags. Prod path documented as ~/apps/orion/google-wallet-sa.json. - 1.5 CHECK constraints on loyalty_cards (points_balance, stamp_count non-negative) and loyalty_programs (min_purchase, points_per_euro, welcome_bonus non-negative; stamps_target >= 1). Mirrored as CheckConstraint in models. Pre-flight scan showed zero violations. - 1.3 @rate_limit on store mutating endpoints: stamp 60/min, redeem/points-earn 30-60/min, void/adjust 20/min, pin unlock 10/min. - 1.2 Constant-time hmac.compare_digest for Apple Wallet auth token (pulled forward from Phase 9 — code is safe whenever Apple ships). See app/modules/loyalty/docs/production-launch-plan.md for the full launch plan and remaining phases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 23:36:34 +02:00
parent 27ac7f3e28
commit 4b56eb7ab1
20 changed files with 848 additions and 12 deletions
--- a/app/modules/loyalty/tests/unit/test_card_service.py
+++ b/app/modules/loyalty/tests/unit/test_card_service.py
@@ -233,6 +233,80 @@ class TestResolveCustomerId:
                db, customer_id=None, email=None, store_id=test_store.id
            )

+    def test_resolve_persists_birthday_on_create(self, db, test_store):
+        """Birthday provided at self-enrollment is saved on the new customer."""
+        from datetime import date
+
+        email = f"birthday-create-{uuid.uuid4().hex[:8]}@test.com"
+        result = self.service.resolve_customer_id(
+            db,
+            customer_id=None,
+            email=email,
+            store_id=test_store.id,
+            create_if_missing=True,
+            customer_name="Anna Test",
+            customer_birthday=date(1992, 6, 15),
+        )
+        customer = db.query(Customer).filter(Customer.id == result).first()
+        assert customer.birth_date == date(1992, 6, 15)
+
+    def test_resolve_backfills_birthday_on_existing_customer(
+        self, db, test_store
+    ):
+        """An existing customer without a birthday is backfilled from form."""
+        from datetime import date
+
+        email = f"backfill-{uuid.uuid4().hex[:8]}@test.com"
+        # Pre-create a customer with no birth_date
+        existing = self.service.resolve_customer_id(
+            db,
+            customer_id=None,
+            email=email,
+            store_id=test_store.id,
+            create_if_missing=True,
+            customer_name="No Birthday",
+        )
+        customer = db.query(Customer).filter(Customer.id == existing).first()
+        assert customer.birth_date is None
+
+        # Re-enroll with birthday — should backfill
+        self.service.resolve_customer_id(
+            db,
+            customer_id=None,
+            email=email,
+            store_id=test_store.id,
+            create_if_missing=True,
+            customer_birthday=date(1985, 3, 22),
+        )
+        db.refresh(customer)
+        assert customer.birth_date == date(1985, 3, 22)
+
+    def test_resolve_does_not_overwrite_existing_birthday(self, db, test_store):
+        """Birthday already on the customer is not overwritten by form input."""
+        from datetime import date
+
+        email = f"no-overwrite-{uuid.uuid4().hex[:8]}@test.com"
+        # Create with original birthday
+        cid = self.service.resolve_customer_id(
+            db,
+            customer_id=None,
+            email=email,
+            store_id=test_store.id,
+            create_if_missing=True,
+            customer_birthday=date(1990, 1, 1),
+        )
+        # Re-enroll with a different birthday
+        self.service.resolve_customer_id(
+            db,
+            customer_id=None,
+            email=email,
+            store_id=test_store.id,
+            create_if_missing=True,
+            customer_birthday=date(2000, 1, 1),
+        )
+        customer = db.query(Customer).filter(Customer.id == cid).first()
+        assert customer.birth_date == date(1990, 1, 1)
+

@pytest.mark.unit
@pytest.mark.loyalty