47 lines
1.5 KiB
TypeScript
47 lines
1.5 KiB
TypeScript
import { test, expect, registerUser } from '../fixtures';
|
|
|
|
/**
|
|
* Admin Payments E2E tests (TEC-2749).
|
|
*
|
|
* Verifies authorization on POST /admin/payments/:id/confirm-transfer.
|
|
* Full happy-path flow (confirm → payment.COMPLETED + audit log) requires
|
|
* a seeded admin + pending bank-transfer payment and is exercised in
|
|
* the handler unit tests.
|
|
*/
|
|
test.describe('Admin Payments API — Authorization', () => {
|
|
let regularToken: string;
|
|
|
|
test.beforeAll(async ({ request }) => {
|
|
const { accessToken } = await registerUser(request);
|
|
regularToken = accessToken;
|
|
});
|
|
|
|
test.describe('POST /admin/payments/:id/confirm-transfer — Confirm bank transfer', () => {
|
|
test('rejects unauthenticated request', async ({ request }) => {
|
|
const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
|
|
data: { bankReference: 'FT123456' },
|
|
});
|
|
|
|
expect(res.status()).toBe(401);
|
|
});
|
|
|
|
test('rejects non-admin user', async ({ request }) => {
|
|
const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
|
|
data: { bankReference: 'FT123456' },
|
|
headers: { Authorization: `Bearer ${regularToken}` },
|
|
});
|
|
|
|
expect(res.status()).toBe(403);
|
|
});
|
|
|
|
test('rejects non-admin user with empty body', async ({ request }) => {
|
|
const res = await request.post('admin/payments/test-payment-id/confirm-transfer', {
|
|
data: {},
|
|
headers: { Authorization: `Bearer ${regularToken}` },
|
|
});
|
|
|
|
expect(res.status()).toBe(403);
|
|
});
|
|
});
|
|
});
|