fix: storefront login 403, cookie path, double-storefront URLs, and auth redirects

- Extract store/platform context from Referer header for storefront API requests (StoreContextMiddleware and PlatformContextMiddleware) so login POST works in dev mode where API paths lack /platforms/{code}/ prefix - Set customer token cookie path to "/" for cross-route compatibility - Fix double storefront in URLs: replace {{ base_url }}storefront/ with {{ base_url }} across all 24 storefront templates - Fix auth error redirect to include platform prefix and use store_code - Update seed script to output correct storefront login URLs - Add 20 new unit tests covering all fixes; fix 9 pre-existing test failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 12:29:52 +01:00
parent 32e4aa6564
commit f47c680cb8
38 changed files with 759 additions and 165 deletions
--- a/tests/unit/middleware/test_platform_context.py
+++ b/tests/unit/middleware/test_platform_context.py
@@ -995,3 +995,88 @@ class TestURLRoutingSummary:
        assert context["detection_method"] == "domain"
        assert context["domain"] == "omsflow.lu"
        # clean_path not set for domain detection - uses original path
+
+
+@pytest.mark.unit
+@pytest.mark.middleware
+class TestExtractPlatformFromReferer:
+    """Tests for Referer-based platform detection for storefront API requests."""
+
+    def test_extract_platform_from_referer_with_platforms_prefix(self):
+        """Extract platform code from Referer with /platforms/{code}/ path."""
+        middleware = PlatformContextMiddleware(app=None)
+        result = middleware._extract_platform_from_referer(
+            "http://localhost:8000/platforms/loyalty/storefront/FASHIONHUB/account/login"
+        )
+        assert result is not None
+        assert result["path_prefix"] == "loyalty"
+        assert result["detection_method"] == "path"
+
+    def test_extract_platform_from_referer_no_platforms_prefix(self):
+        """Referer without /platforms/ returns None."""
+        middleware = PlatformContextMiddleware(app=None)
+        result = middleware._extract_platform_from_referer(
+            "http://localhost:8000/storefront/FASHIONHUB/products"
+        )
+        assert result is None
+
+    def test_extract_platform_from_referer_empty_string(self):
+        """Empty referer returns None."""
+        middleware = PlatformContextMiddleware(app=None)
+        result = middleware._extract_platform_from_referer("")
+        assert result is None
+
+    def test_extract_platform_from_referer_oms_platform(self):
+        """Extract OMS platform from Referer."""
+        middleware = PlatformContextMiddleware(app=None)
+        result = middleware._extract_platform_from_referer(
+            "http://localhost:8000/platforms/oms/store/WIZATECH/dashboard"
+        )
+        assert result is not None
+        assert result["path_prefix"] == "oms"
+
+
+@pytest.mark.unit
+@pytest.mark.middleware
+class TestPlatformContextMiddlewareReferer:
+    """Test PlatformContextMiddleware __call__ with Referer-based platform detection."""
+
+    @pytest.mark.asyncio
+    async def test_middleware_storefront_api_uses_referer_platform(self):
+        """Test storefront API requests on localhost extract platform from Referer."""
+        mock_app = AsyncMock()
+        middleware = PlatformContextMiddleware(app=mock_app)
+
+        mock_platform = Mock()
+        mock_platform.id = 3
+        mock_platform.code = "loyalty"
+        mock_platform.name = "Loyalty Platform"
+
+        scope = {
+            "type": "http",
+            "path": "/api/v1/storefront/auth/login",
+            "headers": [
+                (b"host", b"localhost:8000"),
+                (b"referer", b"http://localhost:8000/platforms/loyalty/storefront/FASHIONHUB/account/login"),
+            ],
+        }
+
+        receive = AsyncMock()
+        send = AsyncMock()
+
+        mock_db = MagicMock()
+
+        with patch(
+            "middleware.platform_context.get_db", return_value=iter([mock_db])
+        ), patch.object(
+            PlatformContextManager,
+            "get_platform_from_context",
+            return_value=mock_platform,
+        ):
+            await middleware(scope, receive, send)
+
+        # Platform should be detected from Referer
+        assert scope["state"]["platform"] is mock_platform
+        assert scope["state"]["platform_context"]["path_prefix"] == "loyalty"
+        # API path should NOT be rewritten to the Referer's path
+        assert scope["path"] == "/api/v1/storefront/auth/login"