sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): Phase 1 production launch hardening
Some checks failed
CI / ruff (push) Successful in 18s
Details
CI / pytest (push) Failing after 2h37m39s
Details
CI / validate (push) Successful in 30s
Details
CI / dependency-scanning (push) Successful in 32s
Details
CI / docs (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details

Browse Source 
Phase 1 of the loyalty production launch plan: config & security
hardening, dropped-data fix, DB integrity guards, rate limiting, and
constant-time auth compare. 362 tests pass.

- 1.4 Persist customer birth_date (new column + migration). Enrollment
  form was collecting it but the value was silently dropped because
  create_customer_for_enrollment never received it. Backfills existing
  customers without overwriting.
- 1.1 LOYALTY_GOOGLE_SERVICE_ACCOUNT_JSON validated at startup (file
  must exist and be readable; ~ expanded). Adds is_google_wallet_enabled
  and is_apple_wallet_enabled derived flags. Prod path documented as
  ~/apps/orion/google-wallet-sa.json.
- 1.5 CHECK constraints on loyalty_cards (points_balance, stamp_count
  non-negative) and loyalty_programs (min_purchase, points_per_euro,
  welcome_bonus non-negative; stamps_target >= 1). Mirrored as
  CheckConstraint in models. Pre-flight scan showed zero violations.
- 1.3 @rate_limit on store mutating endpoints: stamp 60/min,
  redeem/points-earn 30-60/min, void/adjust 20/min, pin unlock 10/min.
- 1.2 Constant-time hmac.compare_digest for Apple Wallet auth token
  (pulled forward from Phase 9 — code is safe whenever Apple ships).

See app/modules/loyalty/docs/production-launch-plan.md for the full
launch plan and remaining phases.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-04-09 23:36:34 +02:00
parent 27ac7f3e28
commit 4b56eb7ab1
20 changed files with 848 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/modules/loyalty/tests/unit/test_schemas.py
View File

@@ -32,6 +32,8 @@ class TestCardEnrollRequest:
def test_self_enrollment_fields(self):
"""Self-enrollment accepts name, phone, birthday."""
from datetime import date
req = CardEnrollRequest(
email="self@example.com",
customer_name="Jane Doe",
@@ -40,7 +42,36 @@ class TestCardEnrollRequest:
)
assert req.customer_name == "Jane Doe"
assert req.customer_phone == "+352123456"
assert req.customer_birthday == "1990-01-15"
assert req.customer_birthday == date(1990, 1, 15)
def test_birthday_in_future_rejected(self):
"""Future birthdays are rejected."""
from datetime import date, timedelta
import pytest
from pydantic import ValidationError
with pytest.raises(ValidationError, match="must be in the past"):
CardEnrollRequest(
email="self@example.com",
customer_birthday=(date.today() + timedelta(days=1)).isoformat(),
)
def test_birthday_implausible_age_rejected(self):
"""Birthdays implying impossible ages are rejected."""
import pytest
from pydantic import ValidationError
with pytest.raises(ValidationError, match="implausible age"):
CardEnrollRequest(
email="self@example.com",
customer_birthday="1800-01-01",
)
def test_birthday_omitted_is_valid(self):
"""Birthday is optional."""
req = CardEnrollRequest(email="self@example.com")
assert req.customer_birthday is None
@pytest.mark.unit