sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes
Some checks failed
CI / ruff (push) Successful in 12s
Details
CI / validate (push) Successful in 27s
Details
CI / dependency-scanning (push) Successful in 31s
Details
CI / pytest (push) Failing after 3h14m58s
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details

Browse Source 
Security:
- Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps
- Add PIN ownership verification to update/delete/unlock store routes
- Gate adjust_points endpoint to merchant_owner role only

Data integrity:
- Track total_points_voided in void_points
- Add order_reference idempotency guard in earn_points

Correctness:
- Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter
- Add StorefrontProgramResponse excluding wallet IDs from public API
- Add bounds (±100000) to PointsAdjustRequest.points_delta

Audit & config:
- Add CARD_REACTIVATED transaction type with audit record
- Improve admin audit logging with actor identity and old values
- Use merchant-specific PIN lockout settings with global fallback
- Guard MerchantLoyaltySettings creation with get_or_create pattern

Tests: 27 new tests (265 total) covering all 12 items — unit and integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-03-16 23:37:23 +01:00
parent b6047f5b7d
commit 7d652716bb
20 changed files with 955 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/modules/loyalty/routes/api/admin.py
View File

@@ -157,7 +157,9 @@ def delete_program(
):
"""Delete a loyalty program (admin override)."""
program_service.delete_program(db, program_id)
logger.info(f"Admin deleted loyalty program {program_id}")
logger.info(
f"Admin {current_user.id} ({current_user.email}) deleted loyalty program {program_id}"
)
@router.post("/programs/{program_id}/activate", response_model=ProgramResponse)
@@ -236,13 +238,20 @@ def update_merchant_settings(
settings = program_service.get_or_create_merchant_settings(db, merchant_id)
update_data = data.model_dump(exclude_unset=True)
# Capture old values before overwrite for audit trail
old_values = {field: getattr(settings, field) for field in update_data}
for field, value in update_data.items():
setattr(settings, field, value)
db.commit()
db.refresh(settings)
logger.info(f"Updated merchant {merchant_id} loyalty settings: {list(update_data.keys())}")
logger.info(
f"Admin {current_user.id} ({current_user.email}) updated merchant {merchant_id} "
f"loyalty settings: {list(update_data.keys())} (old: {old_values})"
)
return MerchantSettingsResponse.model_validate(settings)