feat(loyalty): production readiness round 2 — 12 security, integrity & correctness fixes

Security: - Fix TOCTOU race conditions: move balance/limit checks after row lock in redeem_points, add_stamp, redeem_stamps - Add PIN ownership verification to update/delete/unlock store routes - Gate adjust_points endpoint to merchant_owner role only Data integrity: - Track total_points_voided in void_points - Add order_reference idempotency guard in earn_points Correctness: - Fix LoyaltyProgramAlreadyExistsException to use merchant_id parameter - Add StorefrontProgramResponse excluding wallet IDs from public API - Add bounds (±100000) to PointsAdjustRequest.points_delta Audit & config: - Add CARD_REACTIVATED transaction type with audit record - Improve admin audit logging with actor identity and old values - Use merchant-specific PIN lockout settings with global fallback - Guard MerchantLoyaltySettings creation with get_or_create pattern Tests: 27 new tests (265 total) covering all 12 items — unit and integration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 23:37:23 +01:00
parent b6047f5b7d
commit 7d652716bb
20 changed files with 955 additions and 28 deletions
--- a/app/modules/loyalty/tests/unit/test_pin_service.py
+++ b/app/modules/loyalty/tests/unit/test_pin_service.py
@@ -233,3 +233,52 @@ class TestVerifyPin:
        # Should find the active PIN
        result = self.service.verify_pin(db, program.id, "2222", store_id=store.id)
        assert result.name == "Active"
+
+
+# ============================================================================
+# Item 11: Merchant-specific PIN lockout settings
+# ============================================================================
+
+
+@pytest.mark.unit
+@pytest.mark.loyalty
+class TestVerifyPinMerchantSettings:
+    """Tests for verify_pin using merchant-specific lockout settings."""
+
+    def setup_method(self):
+        self.service = PinService()
+
+    def test_uses_merchant_lockout_attempts(self, db, pin_setup):
+        """Failed attempts use merchant settings, not global config."""
+        from app.modules.loyalty.models import MerchantLoyaltySettings
+
+        program = pin_setup["program"]
+        store = pin_setup["store"]
+        merchant = pin_setup["merchant"]
+
+        # Create merchant settings with low lockout threshold
+        settings = MerchantLoyaltySettings(
+            merchant_id=merchant.id,
+            staff_pin_lockout_attempts=3,
+            staff_pin_lockout_minutes=60,
+        )
+        db.add(settings)
+        db.commit()
+
+        self.service.create_pin(db, program.id, store.id, PinCreate(name="Test", pin="1234"))
+
+        # Fail 3 times (merchant setting), should lock
+        for _ in range(3):
+            try:
+                self.service.verify_pin(db, program.id, "9999", store_id=store.id)
+            except (InvalidStaffPinException, StaffPinLockedException):
+                pass
+
+        # Next attempt should be locked
+        with pytest.raises((InvalidStaffPinException, StaffPinLockedException)):
+            self.service.verify_pin(db, program.id, "9999", store_id=store.id)
+
+        # Verify the PIN is actually locked
+        pins = self.service.list_pins(db, program.id, store_id=store.id, is_active=True)
+        locked_pins = [p for p in pins if p.is_locked]
+        assert len(locked_pins) >= 1