Merged in feat/SW-2903-tokens (pull request #2508)

feat(SW-2358): Use personal token if logged in * feat(SW-2903): Use personal token if logged in * Avoid encoding values in cookie * Fix tests Approved-by: Anton Gunnarsson
2025-07-08 11:24:31 +00:00
parent 5d9006bfdc
commit b35ceafc00
9 changed files with 118 additions and 67 deletions
--- a/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
+++ b/apps/scandic-web/components/HotelReservation/MyStay/accessBooking.test.ts
@@ -11,6 +11,7 @@ import accessBooking, {
 import type { Guest } from "@scandic-hotels/trpc/routers/booking/output"

 import type { SafeUser } from "@/types/user"
+import type { AdditionalInfoCookieValue } from "../FindMyBooking/AdditionalInfoForm"

 describe("Access booking", () => {
  describe("for logged in booking", () => {
@@ -43,90 +44,90 @@ describe("Access booking", () => {

  describe("for anonymous booking", () => {
    it("should enable access if all is provided", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: AdditionalInfoCookieValue = {
        confirmationNumber: "123456789",
        firstName: "Anonymous",
        lastName: "Booking",
        email: "logged+out@scandichotels.com",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ACCESS_GRANTED
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ACCESS_GRANTED)
    })
    it("should enable access if all is provided and be case-insensitive for first name", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: AdditionalInfoCookieValue = {
        confirmationNumber: "123456789",
        firstName: "AnOnYmOuS",
        lastName: "Booking",
        email: "logged+out@scandichotels.com",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ACCESS_GRANTED
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ACCESS_GRANTED)
    })
    it("should enable access if all is provided and be case-insensitive for last name", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: AdditionalInfoCookieValue = {
        confirmationNumber: "123456789",
        firstName: "Anonymous",
        lastName: "Booking",
        email: "logged+out@scandichotels.com",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "BoOkInG", null, cookieString)).toBe(
-        ACCESS_GRANTED
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "BoOkInG", null, JSON.stringify(cookie))
+      ).toBe(ACCESS_GRANTED)
    })
    it("should enable access if all is provided and be case-insensitive for email", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: AdditionalInfoCookieValue = {
        confirmationNumber: "123456789",
        firstName: "Anonymous",
        lastName: "Booking",
        email: "LOGGED+out@scandichotels.com",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ACCESS_GRANTED
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ACCESS_GRANTED)
    })
    it("should prompt logout if user is logged in", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: AdditionalInfoCookieValue = {
        confirmationNumber: "123456789",
        firstName: "Anonymous",
        lastName: "Booking",
        email: "logged+out@scandichotels.com",
-      }).toString()
+      }
      expect(
        accessBooking(
          loggedOutGuest,
          "Booking",
          authenticatedUser,
-          cookieString
+          JSON.stringify(cookie)
        )
      ).toBe(ERROR_FORBIDDEN)
    })
    it("should prompt for more if first name is missing", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: Partial<AdditionalInfoCookieValue> = {
        confirmationNumber: "123456789",
        lastName: "Booking",
        email: "logged+out@scandichotels.com",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ERROR_BAD_REQUEST
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ERROR_BAD_REQUEST)
    })
    it("should prompt for more if email is missing", () => {
-      const cookieString = new URLSearchParams({
+      const cookie: Partial<AdditionalInfoCookieValue> = {
        confirmationNumber: "123456789",
        firstName: "Anonymous",
        lastName: "Booking",
-      }).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ERROR_BAD_REQUEST
-      )
+      }
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ERROR_BAD_REQUEST)
    })
    it("should prompt for more if cookie is invalid", () => {
-      const cookieString = new URLSearchParams({}).toString()
-      expect(accessBooking(loggedOutGuest, "Booking", null, cookieString)).toBe(
-        ERROR_BAD_REQUEST
-      )
+      const cookie = {}
+      expect(
+        accessBooking(loggedOutGuest, "Booking", null, JSON.stringify(cookie))
+      ).toBe(ERROR_BAD_REQUEST)
    })
    it("should deny access if refId mismatch", () => {
      expect(accessBooking(loggedOutGuest, "NotBooking", null)).toBe(