fix: audit fixes — cert upload safety, currency propagation, search rename#32
Merged
Conversation
…ename - Delete old S3 object before replacing tax certificate to avoid orphaned blobs - Validate file type (PDF/JPEG/PNG) and size before S3 upload - Use refresh-aware authenticatedFetch in admin cert upload instead of raw fetch - Expose accessToken via auth context; remove localStorage parsing in cart-api - Rename findByVariantSkuExact → findByVariantSkuContaining to match ILIKE semantics - Remove fully-qualified ArrayList references in SearchService - Add currency field to CompanySpendingSummaryResponse; populate from active price list - Add requireOwnerOrManager guard to buyer-side cert upload - Fix test constructor calls broken by earlier record field additions (CartResponse, CompanyResponse, PaymentService) - Add integration tests for cert validation, currency retrieval, and active price list lookup
…erload OrderService.createFromCart grew a currency parameter in a previous commit; all Mockito stubs and verifications were still matching the 8-arg overload, causing PotentialStubbingProblem failures in CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
uploadTaxCertificateAdminnow usesrequireOwnerOrManagerguard for buyer-side; admin path validates existence firstfindByVariantSkuExact→findByVariantSkuContainingto accurately reflect theILIKEpattern match semantics; updateSearchServicecallsite and remove fully-qualifiedArrayListreferencesCompanySpendingSummaryResponsegains acurrencyfield populated from the active price list (falls back toUSD)CartResponse,CompanyResponse, andPaymentServiceconstructor calls in existing tests broken by earlier record-field additionsTest plan
CompanyServiceIT— cert upload validation (type, size, old-key deletion, role guard)PriceListServiceIT—getActiveCurrencyreturns USD default, active list currency, 404 for unknown companySearchServiceIT— search returns results viafindByVariantSkuContainingCompanyControllerTest,CartControllerTest,PaymentServiceTest— compile and pass