feat(SW-1710): add access checks to my stay page for viewing booking

2025-03-05 13:46:09 +01:00
parent 1009ea87c9
commit b0df70e552
21 changed files with 515 additions and 133 deletions
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
@@ -0,0 +1,114 @@
+import { describe, expect, it } from "@jest/globals"
+
+import accessBooking, {
+  ACCESS_GRANTED,
+  ERROR_BAD_REQUEST,
+  ERROR_NOT_FOUND,
+  ERROR_UNAUTHORIZED,
+} from "./accessBooking"
+
+import type { SafeUser } from "@/types/user"
+import type { Guest } from "@/server/routers/booking/output"
+
+describe("Access booking", () => {
+  describe("for logged in booking", () => {
+    it("should enable access if all is provided", () => {
+      expect(accessBooking(loggedIn, "Booking", user)).toBe(ACCESS_GRANTED)
+    })
+    it("should prompt to login", () => {
+      expect(accessBooking(loggedIn, "Booking", null)).toBe(ERROR_UNAUTHORIZED)
+    })
+    it("should deny access", () => {
+      expect(accessBooking(loggedIn, "NotBooking", user)).toBe(ERROR_NOT_FOUND)
+    })
+  })
+  describe("for anonymous booking", () => {
+    it("should enable access if all is provided", () => {
+      const cookieString = new URLSearchParams({
+        confirmationNumber: "123456789",
+        firstName: "Anonymous",
+        lastName: "Booking",
+        email: "logged-out@scandichotels.com",
+      }).toString()
+      expect(accessBooking(loggedOut, "Booking", null, cookieString)).toBe(
+        ACCESS_GRANTED
+      )
+    })
+    it("should prompt logout if user is logged in", () => {
+      const cookieString = new URLSearchParams({
+        confirmationNumber: "123456789",
+        firstName: "Anonymous",
+        lastName: "Booking",
+        email: "logged-out@scandichotels.com",
+      }).toString()
+      expect(accessBooking(loggedOut, "Booking", user, cookieString)).toBe(
+        ACCESS_GRANTED
+      )
+    })
+    it("should prompt for more if first name is missing", () => {
+      const cookieString = new URLSearchParams({
+        confirmationNumber: "123456789",
+        lastName: "Booking",
+        email: "logged-out@scandichotels.com",
+      }).toString()
+      expect(accessBooking(loggedOut, "Booking", null, cookieString)).toBe(
+        ERROR_BAD_REQUEST
+      )
+    })
+    it("should prompt for more if email is missing", () => {
+      const cookieString = new URLSearchParams({
+        confirmationNumber: "123456789",
+        firstName: "Anonymous",
+        lastName: "Booking",
+      }).toString()
+      expect(accessBooking(loggedOut, "Booking", null, cookieString)).toBe(
+        ERROR_BAD_REQUEST
+      )
+    })
+    it("should prompt for more if cookie is invalid", () => {
+      const cookieString = new URLSearchParams({}).toString()
+      expect(accessBooking(loggedOut, "Booking", null, cookieString)).toBe(
+        ERROR_BAD_REQUEST
+      )
+    })
+    it("should deny access", () => {
+      expect(accessBooking(loggedOut, "NotBooking", null)).toBe(ERROR_NOT_FOUND)
+    })
+  })
+})
+
+const user: SafeUser = {
+  address: {
+    city: undefined,
+    country: "Sweden",
+    countryCode: "SE",
+    streetAddress: undefined,
+    zipCode: undefined,
+  },
+  dateOfBirth: "",
+  email: "",
+  firstName: "",
+  language: undefined,
+  lastName: "",
+  membership: undefined,
+  memberships: [],
+  name: "",
+  phoneNumber: undefined,
+  profileId: "",
+}
+
+const loggedOut: Guest = {
+  email: "logged-out@scandichotels.com",
+  firstName: "Anonymous",
+  lastName: "Booking",
+  membershipNumber: null,
+  phoneNumber: "+46701234567",
+}
+
+const loggedIn: Guest = {
+  email: "logged-in@scandichotels.com",
+  firstName: "Authenticated",
+  lastName: "Booking",
+  membershipNumber: "01234567890123",
+  phoneNumber: "+46701234567",
+}