2026-05-05 20:53:34 +02:00
|
|
|
/**
|
|
|
|
|
* Tests for the Documenso webhook receiver route at
|
|
|
|
|
* `src/app/api/webhooks/documenso/route.ts`.
|
|
|
|
|
*
|
|
|
|
|
* The receiver was previously only covered indirectly: the unit test
|
|
|
|
|
* `webhook-event-map.test.ts` validates the static event-name map, and
|
|
|
|
|
* `documents-expired-webhook.test.ts` calls handlers directly. Neither
|
|
|
|
|
* exercised the route's auth, dedup, dispatch loop, or 200-on-failure
|
|
|
|
|
* envelope. This file fills that gap.
|
|
|
|
|
*
|
|
|
|
|
* Refs: docs/audit-comprehensive-2026-05-05.md HIGH §19 (auditor-J Issue 2).
|
|
|
|
|
*/
|
|
|
|
|
import { describe, it, expect } from 'vitest';
|
|
|
|
|
import { eq } from 'drizzle-orm';
|
|
|
|
|
import { NextRequest } from 'next/server';
|
|
|
|
|
|
|
|
|
|
import { POST as documensoWebhook } from '@/app/api/webhooks/documenso/route';
|
|
|
|
|
import { db } from '@/lib/db';
|
|
|
|
|
import { documents, documentEvents } from '@/lib/db/schema/documents';
|
feat(pipeline): 9→7 stage refactor + v1.1 hardening wave
Replaces the legacy 9-stage pipeline with 7 canonical stages
(enquiry → qualified → eoi → reservation → deposit_paid → contract →
nurturing) plus three doc sub-status columns (eoi_doc_status,
reservation_doc_status, contract_doc_status) that track sent/signed
within a single stage instead of branching it.
Schema (migration 0062):
- interests gains assigned_to, deposit_expected_amount/currency,
three doc-status columns, two documenso-id columns, and
date_reservation_signed.
- New tables: qualification_criteria (per-port admin-configurable),
interest_qualifications (per-interest state), payments (deposit /
balance / refund records keyed to interest + client).
- Default qualification criteria seeded for every existing port.
- Dummy-data UPDATEs collapse Sent/Signed pairs and 'completed' into
the new stage + doc-status + outcome shape.
Migration 0063 adds interest_contact_log.voice_transcript and
template_used columns for v1.1-A/B (quick-template buttons + voice
transcription via Web Speech API).
v1.1 phase work bundled here:
- A/B: Quick-template buttons (Call / Visit / Email) + mic toggle on
the contact-log compose dialog (useVoiceTranscription hook).
- C: berth-rules-engine wraps state writes in pg_advisory_xact_lock
with an idempotent re-read; emits rule_evaluated audit traces.
- D: Documenso webhook: reservation/contract sub-status stamping
moved out of the PDF-download try-block so a download failure
no longer swallows the stamp. New integration test coverage.
- E: /admin/qualification-criteria CRUD page + admin component.
- F: default_new_interest_owner exposed in System Settings.
- G: recentActivityCount + active_engagement deal-pulse signal
surfaced as a chip on interests + hot-deals card.
- H: interest_assigned notification on assignedTo change (skips
self-assign, uses a dedupe key).
Plus the supporting components: AssignedToChip, DealPulseChip,
PaymentsSection, QualificationChecklist, MultiEoiChip,
SkipAheadBanner, WonStatusPanel, InterestBerthStatusBanner,
SupplementalInfoRequestButton, UserPicker.
Tests: 1370/1370 vitest pass (added deal-health unit suite +
expanded constants/validators/pipeline-transitions coverage). tsc
clean, eslint clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 03:39:21 +02:00
|
|
|
import { interests } from '@/lib/db/schema/interests';
|
2026-05-05 20:53:34 +02:00
|
|
|
import { env } from '@/lib/env';
|
|
|
|
|
import { makeClient, makePort } from '../helpers/factories';
|
|
|
|
|
|
|
|
|
|
function buildRequest(body: Record<string, unknown>, secret: string): NextRequest {
|
|
|
|
|
return new NextRequest('http://localhost:3000/api/webhooks/documenso', {
|
|
|
|
|
method: 'POST',
|
|
|
|
|
headers: {
|
|
|
|
|
'content-type': 'application/json',
|
|
|
|
|
'x-documenso-secret': secret,
|
|
|
|
|
},
|
|
|
|
|
body: JSON.stringify(body),
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe('Documenso webhook route', () => {
|
|
|
|
|
it('returns 200 with ok:false when the secret header is missing or wrong', async () => {
|
|
|
|
|
const req = buildRequest(
|
|
|
|
|
{ event: 'DOCUMENT_SIGNED', payload: { id: 'abc', recipients: [] } },
|
|
|
|
|
'wrong-secret',
|
|
|
|
|
);
|
|
|
|
|
const res = await documensoWebhook(req);
|
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
|
const body = await res.json();
|
|
|
|
|
expect(body).toMatchObject({ ok: false });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('with a valid secret + DOCUMENT_SIGNED writes a documentEvents row', async () => {
|
|
|
|
|
const port = await makePort();
|
|
|
|
|
const client = await makeClient({ portId: port.id });
|
|
|
|
|
|
|
|
|
|
const documensoId = `docu-test-${Date.now()}`;
|
|
|
|
|
const [doc] = await db
|
|
|
|
|
.insert(documents)
|
|
|
|
|
.values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
documentType: 'eoi',
|
|
|
|
|
title: 'Webhook test EOI',
|
|
|
|
|
status: 'sent',
|
|
|
|
|
documensoId,
|
|
|
|
|
createdBy: 'seed',
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const req = buildRequest(
|
|
|
|
|
{
|
|
|
|
|
event: 'DOCUMENT_SIGNED',
|
|
|
|
|
payload: {
|
|
|
|
|
id: documensoId,
|
|
|
|
|
recipients: [{ email: 'signer@test.invalid', signingStatus: 'SIGNED' }],
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
env.DOCUMENSO_WEBHOOK_SECRET,
|
|
|
|
|
);
|
|
|
|
|
const res = await documensoWebhook(req);
|
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
|
|
|
|
|
|
const events = await db
|
|
|
|
|
.select()
|
|
|
|
|
.from(documentEvents)
|
|
|
|
|
.where(eq(documentEvents.documentId, doc!.id));
|
|
|
|
|
expect(events.length).toBeGreaterThanOrEqual(1);
|
|
|
|
|
});
|
|
|
|
|
|
feat(pipeline): 9→7 stage refactor + v1.1 hardening wave
Replaces the legacy 9-stage pipeline with 7 canonical stages
(enquiry → qualified → eoi → reservation → deposit_paid → contract →
nurturing) plus three doc sub-status columns (eoi_doc_status,
reservation_doc_status, contract_doc_status) that track sent/signed
within a single stage instead of branching it.
Schema (migration 0062):
- interests gains assigned_to, deposit_expected_amount/currency,
three doc-status columns, two documenso-id columns, and
date_reservation_signed.
- New tables: qualification_criteria (per-port admin-configurable),
interest_qualifications (per-interest state), payments (deposit /
balance / refund records keyed to interest + client).
- Default qualification criteria seeded for every existing port.
- Dummy-data UPDATEs collapse Sent/Signed pairs and 'completed' into
the new stage + doc-status + outcome shape.
Migration 0063 adds interest_contact_log.voice_transcript and
template_used columns for v1.1-A/B (quick-template buttons + voice
transcription via Web Speech API).
v1.1 phase work bundled here:
- A/B: Quick-template buttons (Call / Visit / Email) + mic toggle on
the contact-log compose dialog (useVoiceTranscription hook).
- C: berth-rules-engine wraps state writes in pg_advisory_xact_lock
with an idempotent re-read; emits rule_evaluated audit traces.
- D: Documenso webhook: reservation/contract sub-status stamping
moved out of the PDF-download try-block so a download failure
no longer swallows the stamp. New integration test coverage.
- E: /admin/qualification-criteria CRUD page + admin component.
- F: default_new_interest_owner exposed in System Settings.
- G: recentActivityCount + active_engagement deal-pulse signal
surfaced as a chip on interests + hot-deals card.
- H: interest_assigned notification on assignedTo change (skips
self-assign, uses a dedupe key).
Plus the supporting components: AssignedToChip, DealPulseChip,
PaymentsSection, QualificationChecklist, MultiEoiChip,
SkipAheadBanner, WonStatusPanel, InterestBerthStatusBanner,
SupplementalInfoRequestButton, UserPicker.
Tests: 1370/1370 vitest pass (added deal-health unit suite +
expanded constants/validators/pipeline-transitions coverage). tsc
clean, eslint clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 03:39:21 +02:00
|
|
|
it('DOCUMENT_COMPLETED for a reservation_agreement stamps reservationDocStatus on the linked interest', async () => {
|
|
|
|
|
const port = await makePort();
|
|
|
|
|
const client = await makeClient({ portId: port.id });
|
|
|
|
|
|
|
|
|
|
const [interest] = await db
|
|
|
|
|
.insert(interests)
|
|
|
|
|
.values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
pipelineStage: 'reservation',
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const documensoId = `docu-resv-${Date.now()}`;
|
|
|
|
|
await db.insert(documents).values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
interestId: interest!.id,
|
|
|
|
|
documentType: 'reservation_agreement',
|
|
|
|
|
title: 'Reservation webhook test',
|
|
|
|
|
status: 'sent',
|
|
|
|
|
documensoId,
|
|
|
|
|
createdBy: 'seed',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const req = buildRequest(
|
|
|
|
|
{
|
|
|
|
|
event: 'DOCUMENT_COMPLETED',
|
|
|
|
|
payload: { id: documensoId, recipients: [] },
|
|
|
|
|
},
|
|
|
|
|
env.DOCUMENSO_WEBHOOK_SECRET,
|
|
|
|
|
);
|
|
|
|
|
const res = await documensoWebhook(req);
|
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
|
|
|
|
|
|
const [updated] = await db.select().from(interests).where(eq(interests.id, interest!.id));
|
|
|
|
|
expect(updated?.reservationDocStatus).toBe('signed');
|
|
|
|
|
expect(updated?.dateReservationSigned).not.toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('DOCUMENT_COMPLETED for a contract stamps contractDocStatus on the linked interest', async () => {
|
|
|
|
|
const port = await makePort();
|
|
|
|
|
const client = await makeClient({ portId: port.id });
|
|
|
|
|
|
|
|
|
|
const [interest] = await db
|
|
|
|
|
.insert(interests)
|
|
|
|
|
.values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
pipelineStage: 'contract',
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const documensoId = `docu-contract-${Date.now()}`;
|
|
|
|
|
await db.insert(documents).values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
interestId: interest!.id,
|
|
|
|
|
documentType: 'contract',
|
|
|
|
|
title: 'Contract webhook test',
|
|
|
|
|
status: 'sent',
|
|
|
|
|
documensoId,
|
|
|
|
|
createdBy: 'seed',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const req = buildRequest(
|
|
|
|
|
{
|
|
|
|
|
event: 'DOCUMENT_COMPLETED',
|
|
|
|
|
payload: { id: documensoId, recipients: [] },
|
|
|
|
|
},
|
|
|
|
|
env.DOCUMENSO_WEBHOOK_SECRET,
|
|
|
|
|
);
|
|
|
|
|
const res = await documensoWebhook(req);
|
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
|
|
|
|
|
|
const [updated] = await db.select().from(interests).where(eq(interests.id, interest!.id));
|
|
|
|
|
expect(updated?.contractDocStatus).toBe('signed');
|
|
|
|
|
expect(updated?.dateContractSigned).not.toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
2026-05-05 20:53:34 +02:00
|
|
|
it('replays of the same body are no-ops (signatureHash dedup)', async () => {
|
|
|
|
|
const port = await makePort();
|
|
|
|
|
const client = await makeClient({ portId: port.id });
|
|
|
|
|
|
|
|
|
|
const documensoId = `docu-dedup-${Date.now()}`;
|
|
|
|
|
const [doc] = await db
|
|
|
|
|
.insert(documents)
|
|
|
|
|
.values({
|
|
|
|
|
portId: port.id,
|
|
|
|
|
clientId: client.id,
|
|
|
|
|
documentType: 'eoi',
|
|
|
|
|
title: 'Dedup test EOI',
|
|
|
|
|
status: 'sent',
|
|
|
|
|
documensoId,
|
|
|
|
|
createdBy: 'seed',
|
|
|
|
|
})
|
|
|
|
|
.returning();
|
|
|
|
|
|
|
|
|
|
const body = {
|
|
|
|
|
event: 'DOCUMENT_OPENED',
|
|
|
|
|
payload: {
|
|
|
|
|
id: documensoId,
|
|
|
|
|
recipients: [{ email: 'opener@test.invalid', readStatus: 'OPENED' }],
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await documensoWebhook(buildRequest(body, env.DOCUMENSO_WEBHOOK_SECRET));
|
|
|
|
|
await documensoWebhook(buildRequest(body, env.DOCUMENSO_WEBHOOK_SECRET));
|
|
|
|
|
|
|
|
|
|
const events = await db
|
|
|
|
|
.select()
|
|
|
|
|
.from(documentEvents)
|
|
|
|
|
.where(eq(documentEvents.documentId, doc!.id));
|
|
|
|
|
// The route's `handleDocumentOpened` writes an event with type
|
|
|
|
|
// `'viewed'`. One row from the first call; the second should have
|
|
|
|
|
// been refused by the signatureHash dedup guard.
|
|
|
|
|
const viewedEvents = events.filter((e) => e.eventType === 'viewed');
|
|
|
|
|
expect(viewedEvents.length).toBe(1);
|
|
|
|
|
});
|
|
|
|
|
});
|
