fix(SW-1710): use access object references instead

correct incorrect test that granted access incorrectly
2025-03-07 14:22:33 +01:00
parent b0df70e552
commit af08b3277d
4 changed files with 24 additions and 14 deletions
--- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx
+++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/my-stay/[refId]/page.tsx
@@ -10,7 +10,7 @@ export default async function MyStayPage({
 }: PageArgs<LangParams & { refId: string }>) {
  return (
    <Suspense fallback={<MyStaySkeleton />}>
-      <MyStay refId={params.refId} />
+      <MyStay refId={decodeURIComponent(params.refId)} />
    </Suspense>
  )
 }
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
@@ -3,6 +3,7 @@ import { describe, expect, it } from "@jest/globals"
 import accessBooking, {
  ACCESS_GRANTED,
  ERROR_BAD_REQUEST,
+  ERROR_FORBIDDEN,
  ERROR_NOT_FOUND,
  ERROR_UNAUTHORIZED,
 } from "./accessBooking"
@@ -42,7 +43,7 @@ describe("Access booking", () => {
        email: "logged-out@scandichotels.com",
      }).toString()
      expect(accessBooking(loggedOut, "Booking", user, cookieString)).toBe(
-        ACCESS_GRANTED
+        ERROR_FORBIDDEN
      )
    })
    it("should prompt for more if first name is missing", () => {
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.ts
@@ -5,6 +5,7 @@ export {
  ACCESS_GRANTED,
  accessBooking as default,
  ERROR_BAD_REQUEST,
+  ERROR_FORBIDDEN,
  ERROR_NOT_FOUND,
  ERROR_UNAUTHORIZED,
 }
@@ -29,14 +30,18 @@ function accessBooking(
  }

  if (guest.lastName === lastName) {
-    const params = new URLSearchParams(cookie)
-    if (
-      params.get("firstName") === guest.firstName &&
-      params.get("email") === guest.email
-    ) {
-      return ACCESS_GRANTED
+    if (user) {
+      return ERROR_FORBIDDEN
    } else {
-      return ERROR_BAD_REQUEST
+      const params = new URLSearchParams(cookie)
+      if (
+        params.get("firstName") === guest.firstName &&
+        params.get("email") === guest.email
+      ) {
+        return ACCESS_GRANTED
+      } else {
+        return ERROR_BAD_REQUEST
+      }
    }
  }

@@ -53,6 +58,11 @@ const ERROR_UNAUTHORIZED = {
  status: 401,
 } as const

+const ERROR_FORBIDDEN = {
+  code: "FORBIDDEN",
+  status: 403,
+} as const
+
 const ERROR_NOT_FOUND = {
  code: "NOT_FOUND",
  status: 404,
--- a/apps/scandic-web/components/HotelReservation/MyStay/index.tsx
+++ b/apps/scandic-web/components/HotelReservation/MyStay/index.tsx
@@ -47,12 +47,11 @@ export async function MyStay({ refId }: { refId: string }) {

  const { booking, hotel, room } = bookingConfirmation
  const user = await getProfileSafely()
-  const cookie = cookies()
-  const bv = cookie.get("bv")?.value
+  const bv = cookies().get("bv")?.value
  const intl = await getIntl()

  const access = accessBooking(booking.guest, lastName, user, bv)
-  if (access.status === ACCESS_GRANTED.status) {
+  if (access === ACCESS_GRANTED) {
    const linkedBookingPromises = booking.linkedReservations
      ? booking.linkedReservations.map((linkedBooking) => {
          return getBookingConfirmation(linkedBooking.confirmationNumber)
@@ -122,7 +121,7 @@ export async function MyStay({ refId }: { refId: string }) {
    )
  }

-  if (access.status === ERROR_BAD_REQUEST.status) {
+  if (access === ERROR_BAD_REQUEST) {
    return (
      <main className={styles.main}>
        <div className={styles.form}>
@@ -135,7 +134,7 @@ export async function MyStay({ refId }: { refId: string }) {
    )
  }

-  if (access.status === ERROR_UNAUTHORIZED.status) {
+  if (access === ERROR_UNAUTHORIZED) {
    return (
      <main className={styles.main}>
        <div className={styles.logIn}>