mobile-foundation/tests/integration/documents-expired-webhook.test.ts

/**
 * DOCUMENT_EXPIRED webhook handling — locks in fix(documenso). The handler
 * was previously defined but never wired to the route's event switch, so
 * expired EOIs stayed in `sent` / `partially_signed` forever.
 */
import { describe, expect, it } from 'vitest';
import { eq } from 'drizzle-orm';

import { db } from '@/lib/db';
import { documents, documentEvents } from '@/lib/db/schema/documents';
import { interests } from '@/lib/db/schema/interests';
import { handleDocumentExpired } from '@/lib/services/documents.service';
import { makeBerth, makeClient, makePort } from '../helpers/factories';

describe('handleDocumentExpired', () => {
  it('flips a sent EOI to expired and writes a documentEvents row', async () => {
    const port = await makePort();
    const client = await makeClient({ portId: port.id });

    const documensoId = `documenso-test-${Date.now()}`;
    const [doc] = await db
      .insert(documents)
      .values({
        portId: port.id,
        clientId: client.id,
        documentType: 'eoi',
        title: 'Expiring EOI',
        status: 'sent',
        documensoId,
        createdBy: 'seed',
      })
      .returning();

    await handleDocumentExpired({ documentId: documensoId });

    const after = await db.query.documents.findFirst({
      where: eq(documents.id, doc!.id),
    });
    expect(after?.status).toBe('expired');

    const events = await db
      .select()
      .from(documentEvents)
      .where(eq(documentEvents.documentId, doc!.id));
    expect(events.map((e) => e.eventType)).toContain('expired');
  });

  it('also flips the linked interest eoiStatus to expired', async () => {
    const port = await makePort();
    const client = await makeClient({ portId: port.id });
    const berth = await makeBerth({ portId: port.id });

    const [interest] = await db
      .insert(interests)
      .values({
        portId: port.id,
        clientId: client.id,
        berthId: berth.id,
        pipelineStage: 'eoi_sent',
        leadCategory: 'hot_lead',
        eoiStatus: 'sent',
      })
      .returning();

    const documensoId = `documenso-test-${Date.now()}-i`;
    await db.insert(documents).values({
      portId: port.id,
      clientId: client.id,
      interestId: interest!.id,
      documentType: 'eoi',
      title: 'Expiring EOI for interest',
      status: 'sent',
      documensoId,
      createdBy: 'seed',
    });

    await handleDocumentExpired({ documentId: documensoId });

    const updatedInterest = await db.query.interests.findFirst({
      where: eq(interests.id, interest!.id),
    });
    expect(updatedInterest?.eoiStatus).toBe('expired');
  });

  it('is a no-op when the documensoId does not match any document', async () => {
    // Should NOT throw — the handler logs a warning and returns. Verify no
    // exception propagates up to the webhook route.
    await expect(
      handleDocumentExpired({ documentId: 'definitely-not-a-real-doc' }),
    ).resolves.toBeUndefined();
  });
});
test(audit-fixes): cover the new permission and webhook surfaces Adds integration coverage for the routes / handlers shipped in the preceding audit-fix commits, plus refactors two route files to expose inner handlers from a sibling `handlers.ts` (the pattern used elsewhere in `src/app/api/v1`) so tests can call them without the `withAuth(withPermission(…))` wrapper. New tests (18 cases across 4 files): - `tests/integration/portal-auth.test.ts` (6) — verifyPortalToken rejects tokens missing `aud: 'portal'` or `iss: 'pn-crm'`, with the wrong audience (CRM-session-replay shape) or wrong issuer, plus a round-trip happy path. Locks in the portal-vs-CRM token isolation. - `tests/integration/api/saved-views-ownership.test.ts` (6) — patch and delete handlers return 403 for a different user, 404 for an unknown id or cross-port id, and 200 for the owner. Ownership is enforced at the route layer regardless of the service's internal filtering. - `tests/integration/api/berth-reservations-list.test.ts` (3) — the new global list returns rows for the current port only and honors pagination params. A reservation in a different port never leaks. - `tests/integration/documents-expired-webhook.test.ts` (3) — handleDocumentExpired flips the document to `expired`, also flips the linked interest's `eoiStatus`, writes a `documentEvents` row, and is a no-op (not a throw) when the documensoId is unknown. Refactors: - `src/app/api/v1/saved-views/[id]/route.ts` extracts `patchHandler` / `deleteHandler` (and the shared `assertViewOwner`) into `handlers.ts`. The route file is now a 4-line `withAuth(handler)` wrapper. - `src/app/api/v1/berth-reservations/route.ts` extracts `listHandler` similarly. Tests import directly from `handlers.ts`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-02 23:17:08 +02:00			`/**`
			`* DOCUMENT_EXPIRED webhook handling — locks in fix(documenso). The handler`
			`* was previously defined but never wired to the route's event switch, so`
			* expired EOIs stayed in `sent` / `partially_signed` forever.
			`*/`
			`import { describe, expect, it } from 'vitest';`
			`import { eq } from 'drizzle-orm';`

			`import { db } from '@/lib/db';`
			`import { documents, documentEvents } from '@/lib/db/schema/documents';`
			`import { interests } from '@/lib/db/schema/interests';`
			`import { handleDocumentExpired } from '@/lib/services/documents.service';`
			`import { makeBerth, makeClient, makePort } from '../helpers/factories';`

			`describe('handleDocumentExpired', () => {`
			`it('flips a sent EOI to expired and writes a documentEvents row', async () => {`
			`const port = await makePort();`
			`const client = await makeClient({ portId: port.id });`

			const documensoId = `documenso-test-${Date.now()}`;
			`const [doc] = await db`
			`.insert(documents)`
			`.values({`
			`portId: port.id,`
			`clientId: client.id,`
			`documentType: 'eoi',`
			`title: 'Expiring EOI',`
			`status: 'sent',`
			`documensoId,`
			`createdBy: 'seed',`
			`})`
			`.returning();`

			`await handleDocumentExpired({ documentId: documensoId });`

			`const after = await db.query.documents.findFirst({`
			`where: eq(documents.id, doc!.id),`
			`});`
			`expect(after?.status).toBe('expired');`

			`const events = await db`
			`.select()`
			`.from(documentEvents)`
			`.where(eq(documentEvents.documentId, doc!.id));`
			`expect(events.map((e) => e.eventType)).toContain('expired');`
			`});`

			`it('also flips the linked interest eoiStatus to expired', async () => {`
			`const port = await makePort();`
			`const client = await makeClient({ portId: port.id });`
			`const berth = await makeBerth({ portId: port.id });`

			`const [interest] = await db`
			`.insert(interests)`
			`.values({`
			`portId: port.id,`
			`clientId: client.id,`
			`berthId: berth.id,`
			`pipelineStage: 'eoi_sent',`
			`leadCategory: 'hot_lead',`
			`eoiStatus: 'sent',`
			`})`
			`.returning();`

			const documensoId = `documenso-test-${Date.now()}-i`;
			`await db.insert(documents).values({`
			`portId: port.id,`
			`clientId: client.id,`
			`interestId: interest!.id,`
			`documentType: 'eoi',`
			`title: 'Expiring EOI for interest',`
			`status: 'sent',`
			`documensoId,`
			`createdBy: 'seed',`
			`});`

			`await handleDocumentExpired({ documentId: documensoId });`

			`const updatedInterest = await db.query.interests.findFirst({`
			`where: eq(interests.id, interest!.id),`
			`});`
			`expect(updatedInterest?.eoiStatus).toBe('expired');`
			`});`

			`it('is a no-op when the documensoId does not match any document', async () => {`
			`// Should NOT throw — the handler logs a warning and returns. Verify no`
			`// exception propagates up to the webhook route.`
			`await expect(`
			`handleDocumentExpired({ documentId: 'definitely-not-a-real-doc' }),`
			`).resolves.toBeUndefined();`
			`});`
			`});`