sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes
Some checks failed
CI / ruff (push) Successful in 12s
Details
CI / validate (push) Successful in 27s
Details
CI / dependency-scanning (push) Successful in 31s
Details
CI / pytest (push) Failing after 3h14m58s
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details

Browse Source 
Security:
- Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps
- Add PIN ownership verification to update/delete/unlock store routes
- Gate adjust_points endpoint to merchant_owner role only

Data integrity:
- Track total_points_voided in void_points
- Add order_reference idempotency guard in earn_points

Correctness:
- Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter
- Add StorefrontProgramResponse excluding wallet IDs from public API
- Add bounds (±100000) to PointsAdjustRequest.points_delta

Audit & config:
- Add CARD_REACTIVATED transaction type with audit record
- Improve admin audit logging with actor identity and old values
- Use merchant-specific PIN lockout settings with global fallback
- Guard MerchantLoyaltySettings creation with get_or_create pattern

Tests: 27 new tests (265 total) covering all 12 items — unit and integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-03-16 23:37:23 +01:00
parent b6047f5b7d
commit 7d652716bb
20 changed files with 955 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/modules/loyalty/services/stamp_service.py
View File

@@ -110,7 +110,10 @@ class StampService:
raise StaffPinRequiredException()
verified_pin = pin_service.verify_pin(db, program.id, staff_pin, store_id=store_id)
# Check cooldown
# Re-fetch with row lock to prevent concurrent modification
card = card_service.get_card_for_update(db, card.id)
# Check cooldown AFTER acquiring lock to prevent TOCTOU race
now = datetime.now(UTC)
if card.last_stamp_at:
cooldown_ends = card.last_stamp_at + timedelta(minutes=program.cooldown_minutes)
@@ -120,14 +123,11 @@ class StampService:
program.cooldown_minutes,
)
# Check daily limit
# Check daily limit AFTER acquiring lock
stamps_today = card_service.get_stamps_today(db, card.id)
if stamps_today >= program.max_daily_stamps:
raise DailyStampLimitException(program.max_daily_stamps, stamps_today)
# Re-fetch with row lock to prevent concurrent modification
card = card_service.get_card_for_update(db, card.id)
# Add the stamp
card.stamp_count += 1
card.total_stamps_earned += 1
@@ -241,10 +241,6 @@ class StampService:
if not program.is_active:
raise LoyaltyProgramInactiveException(program.id)
# Check if enough stamps
if card.stamp_count < program.stamps_target:
raise InsufficientStampsException(card.stamp_count, program.stamps_target)
# Verify staff PIN if required
verified_pin = None
if program.require_staff_pin:
@@ -255,6 +251,10 @@ class StampService:
# Re-fetch with row lock to prevent concurrent modification
card = card_service.get_card_for_update(db, card.id)
# Check stamp count AFTER acquiring lock to prevent TOCTOU race
if card.stamp_count < program.stamps_target:
raise InsufficientStampsException(card.stamp_count, program.stamps_target)
# Redeem stamps
now = datetime.now(UTC)
stamps_redeemed = program.stamps_target