tideway 0.7.17 - Docs.rs

//! Stripe Checkout session management.
//!
//! Handles creating Stripe Checkout sessions for new subscriptions
//! and plan changes.

use super::customer::{CustomerManager, StripeClient};
use super::plans::Plans;
use super::storage::{BillableEntity, BillingStore};
use crate::error::Result;
use url::Url;

/// Checkout session management.
///
/// Creates Stripe Checkout sessions for subscription purchases.
pub struct CheckoutManager<S: BillingStore, C: StripeClient + StripeCheckoutClient> {
    customer_manager: CustomerManager<S, C>,
    client: C,
    plans: Plans,
    config: CheckoutConfig,
}

impl<S: BillingStore + Clone, C: StripeClient + StripeCheckoutClient + Clone>
    CheckoutManager<S, C>
{
    /// Create a new checkout manager.
    #[must_use]
    pub fn new(store: S, client: C, plans: Plans, config: CheckoutConfig) -> Self {
        Self {
            customer_manager: CustomerManager::new(store, client.clone()),
            client,
            plans,
            config,
        }
    }

    /// Create a checkout session for a new subscription.
    ///
    /// Returns a checkout session with a URL to redirect the customer to.
    pub async fn create_checkout_session(
        &self,
        entity: &impl BillableEntity,
        request: CheckoutRequest,
    ) -> Result<CheckoutSession> {
        // Validate redirect URLs
        self.config.validate_redirect_url(&request.success_url)?;
        self.config.validate_redirect_url(&request.cancel_url)?;

        // Validate coupon and promotion codes are not both enabled
        // Stripe doesn't allow both a pre-applied coupon and promotion code entry
        let allow_promos = request
            .allow_promotion_codes
            .unwrap_or(self.config.allow_promotion_codes);
        if request.coupon.is_some() && allow_promos {
            return Err(crate::error::TidewayError::BadRequest(
                "Cannot use both a coupon and allow_promotion_codes. \
                 Either apply a specific coupon or let users enter promotion codes, not both."
                    .to_string(),
            ));
        }

        // Validate plan exists
        let plan = self.plans.get(&request.plan_id).ok_or_else(|| {
            crate::error::TidewayError::BadRequest(format!("Unknown plan: {}", request.plan_id))
        })?;

        // Get or create customer
        let customer_id = self.customer_manager.get_or_create_customer(entity).await?;

        // Build line items
        let mut line_items = vec![CheckoutLineItem {
            price_id: plan.stripe_price_id.clone(),
            quantity: 1,
        }];

        // Add extra seats if requested
        if let Some(extra_seats) = request.extra_seats {
            if extra_seats > 0 {
                let seat_price = plan.extra_seat_price_id.as_ref().ok_or_else(|| {
                    crate::error::TidewayError::BadRequest(
                        "Plan does not support extra seats".to_string(),
                    )
                })?;
                line_items.push(CheckoutLineItem {
                    price_id: seat_price.clone(),
                    quantity: extra_seats,
                });
            }
        }

        // Determine trial days
        let trial_days = request.trial_days.or(plan.trial_days);

        // Create the Stripe checkout session
        let session = self
            .client
            .create_checkout_session(CreateCheckoutSessionRequest {
                customer_id,
                line_items,
                success_url: request.success_url,
                cancel_url: request.cancel_url,
                mode: CheckoutMode::Subscription,
                allow_promotion_codes: request
                    .allow_promotion_codes
                    .unwrap_or(self.config.allow_promotion_codes),
                trial_period_days: trial_days,
                metadata: CheckoutMetadata {
                    billable_id: entity.billable_id().to_string(),
                    billable_type: entity.billable_type().to_string(),
                    plan_id: request.plan_id,
                },
                tax_id_collection: self.config.collect_tax_id,
                billing_address_collection: self.config.collect_billing_address,
                coupon: request.coupon,
                payment_method_collection: request.payment_method_collection,
            })
            .await?;

        Ok(session)
    }

    /// Create a checkout session for adding seats to an existing subscription.
    ///
    /// Deprecated: use `SeatManager::add_seats` to update the existing
    /// subscription with Stripe proration.
    #[deprecated(note = "Use SeatManager::add_seats to update subscriptions with proration.")]
    pub async fn create_seat_checkout_session(
        &self,
        entity: &impl BillableEntity,
        request: SeatCheckoutRequest,
    ) -> Result<CheckoutSession> {
        let _ = (entity, request);
        Err(crate::error::TidewayError::BadRequest(
            "Seat add-ons via Checkout are not supported. Use SeatManager::add_seats instead."
                .to_string(),
        ))
    }
}

/// Configuration for checkout sessions.
#[derive(Debug, Clone)]
pub struct CheckoutConfig {
    /// Allow promotion codes by default.
    pub allow_promotion_codes: bool,
    /// Collect tax ID from customers.
    pub collect_tax_id: bool,
    /// Collect billing address from customers.
    pub collect_billing_address: bool,
    /// Allowed domains for redirect URLs (empty = allow any HTTPS URL).
    /// This prevents open redirect vulnerabilities.
    pub allowed_redirect_domains: Vec<String>,
    /// Allow HTTP for localhost URLs (development only).
    /// This should NEVER be enabled in production.
    pub allow_localhost_http: bool,
}

impl Default for CheckoutConfig {
    fn default() -> Self {
        Self {
            allow_promotion_codes: true,
            collect_tax_id: false,
            collect_billing_address: false,
            allowed_redirect_domains: Vec::new(),
            allow_localhost_http: false,
        }
    }
}

impl CheckoutConfig {
    /// Create a new config with default values.
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }

    /// Enable/disable promotion codes.
    #[must_use]
    pub fn allow_promotion_codes(mut self, allow: bool) -> Self {
        self.allow_promotion_codes = allow;
        self
    }

    /// Enable tax ID collection.
    #[must_use]
    pub fn collect_tax_id(mut self, collect: bool) -> Self {
        self.collect_tax_id = collect;
        self
    }

    /// Enable billing address collection.
    #[must_use]
    pub fn collect_billing_address(mut self, collect: bool) -> Self {
        self.collect_billing_address = collect;
        self
    }

    /// Set allowed redirect domains.
    ///
    /// Only URLs matching these domains will be accepted for success/cancel URLs.
    /// If empty, any HTTPS URL is allowed (not recommended for production).
    ///
    /// # Example
    /// ```ignore
    /// let config = CheckoutConfig::new()
    ///     .allowed_redirect_domains(["example.com", "app.example.com"]);
    /// ```
    #[must_use]
    pub fn allowed_redirect_domains<I, S>(mut self, domains: I) -> Self
    where
        I: IntoIterator<Item = S>,
        S: Into<String>,
    {
        self.allowed_redirect_domains = domains.into_iter().map(Into::into).collect();
        self
    }

    /// Add a single allowed redirect domain.
    #[must_use]
    pub fn add_allowed_domain(mut self, domain: impl Into<String>) -> Self {
        self.allowed_redirect_domains.push(domain.into());
        self
    }

    /// Allow HTTP for localhost URLs (development only).
    ///
    /// # Warning
    /// This should NEVER be enabled in production. It allows insecure HTTP
    /// connections for localhost, 127.0.0.1, and [::1] addresses only.
    #[must_use]
    pub fn allow_localhost_http(mut self, allow: bool) -> Self {
        self.allow_localhost_http = allow;
        self
    }

    /// Check if a host is a localhost address.
    fn is_localhost(host: &str) -> bool {
        matches!(host, "localhost" | "127.0.0.1" | "[::1]" | "::1")
    }

    /// Validate a redirect URL against the allowed domains.
    ///
    /// Returns an error if:
    /// - The URL is not valid
    /// - The URL is not HTTPS (unless localhost HTTP is allowed)
    /// - The URL's domain is not in the allowed list (if list is non-empty)
    pub fn validate_redirect_url(&self, url: &str) -> Result<()> {
        let parsed = Url::parse(url).map_err(|e| {
            crate::error::TidewayError::BadRequest(format!("Invalid redirect URL: {}", e))
        })?;

        // Check scheme - must be HTTPS, unless localhost HTTP is allowed
        let is_https = parsed.scheme() == "https";
        let is_localhost_http = self.allow_localhost_http
            && parsed.scheme() == "http"
            && parsed.host_str().map(Self::is_localhost).unwrap_or(false);

        if !is_https && !is_localhost_http {
            return Err(crate::error::TidewayError::BadRequest(
                "Redirect URL must use HTTPS".to_string(),
            ));
        }

        // Check domain if allowed list is configured
        if !self.allowed_redirect_domains.is_empty() {
            let host = parsed.host_str().ok_or_else(|| {
                crate::error::TidewayError::BadRequest("Redirect URL must have a host".to_string())
            })?;

            let domain_allowed = self.allowed_redirect_domains.iter().any(|allowed| {
                // Exact match or subdomain match
                host == allowed || host.ends_with(&format!(".{}", allowed))
            });

            if !domain_allowed {
                return Err(crate::error::TidewayError::BadRequest(format!(
                    "Redirect URL domain '{}' is not allowed",
                    host
                )));
            }
        }

        Ok(())
    }
}

/// Payment method collection behavior for checkout.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
pub enum PaymentMethodCollection {
    /// Always collect payment method (default Stripe behavior).
    #[default]
    Always,
    /// Only collect payment method if required (e.g., skip for trials).
    IfRequired,
}

impl PaymentMethodCollection {
    /// Convert to Stripe API string.
    #[must_use]
    pub fn as_str(&self) -> &'static str {
        match self {
            Self::Always => "always",
            Self::IfRequired => "if_required",
        }
    }
}

/// Request to create a checkout session.
#[derive(Debug, Clone)]
pub struct CheckoutRequest {
    /// The plan to subscribe to.
    pub plan_id: String,
    /// URL to redirect to on success.
    pub success_url: String,
    /// URL to redirect to on cancel.
    pub cancel_url: String,
    /// Number of extra seats to purchase.
    pub extra_seats: Option<u32>,
    /// Override trial days (uses plan default if not set).
    pub trial_days: Option<u32>,
    /// Allow promotion codes.
    pub allow_promotion_codes: Option<bool>,
    /// Coupon code to apply to the checkout.
    ///
    /// When set, this coupon will be automatically applied to the checkout session.
    /// Note: Cannot be used together with `allow_promotion_codes: true`.
    pub coupon: Option<String>,
    /// Payment method collection behavior.
    ///
    /// Use `IfRequired` to skip payment collection for trials.
    pub payment_method_collection: Option<PaymentMethodCollection>,
}

impl CheckoutRequest {
    /// Create a new checkout request.
    #[must_use]
    pub fn new(
        plan_id: impl Into<String>,
        success_url: impl Into<String>,
        cancel_url: impl Into<String>,
    ) -> Self {
        Self {
            plan_id: plan_id.into(),
            success_url: success_url.into(),
            cancel_url: cancel_url.into(),
            extra_seats: None,
            trial_days: None,
            allow_promotion_codes: None,
            coupon: None,
            payment_method_collection: None,
        }
    }

    /// Add extra seats to the checkout.
    #[must_use]
    pub fn with_extra_seats(mut self, seats: u32) -> Self {
        self.extra_seats = Some(seats);
        self
    }

    /// Set custom trial days.
    #[must_use]
    pub fn with_trial_days(mut self, days: u32) -> Self {
        self.trial_days = Some(days);
        self
    }

    /// Allow or disallow promotion codes.
    #[must_use]
    pub fn with_promotion_codes(mut self, allow: bool) -> Self {
        self.allow_promotion_codes = Some(allow);
        self
    }

    /// Apply a coupon code to the checkout.
    ///
    /// The coupon will be automatically applied to the checkout session.
    /// Note: When using a coupon, promotion codes should typically be disabled.
    ///
    /// # Example
    ///
    /// ```ignore
    /// let request = CheckoutRequest::new("pro", success_url, cancel_url)
    ///     .with_coupon("SAVE20")
    ///     .with_promotion_codes(false);
    /// ```
    #[must_use]
    pub fn with_coupon(mut self, coupon: impl Into<String>) -> Self {
        self.coupon = Some(coupon.into());
        self
    }

    /// Set payment method collection behavior.
    ///
    /// Use `PaymentMethodCollection::IfRequired` to skip payment collection
    /// for trials, allowing users to start without entering payment details.
    ///
    /// # Example
    ///
    /// ```ignore
    /// let request = CheckoutRequest::new("pro", success_url, cancel_url)
    ///     .with_trial_days(14)
    ///     .with_payment_method_collection(PaymentMethodCollection::IfRequired);
    /// ```
    #[must_use]
    pub fn with_payment_method_collection(mut self, collection: PaymentMethodCollection) -> Self {
        self.payment_method_collection = Some(collection);
        self
    }

    /// Skip payment collection (convenience method for trials).
    ///
    /// This is equivalent to `.with_payment_method_collection(PaymentMethodCollection::IfRequired)`.
    /// Users can start a trial without entering payment details.
    #[must_use]
    pub fn skip_payment_collection(self) -> Self {
        self.with_payment_method_collection(PaymentMethodCollection::IfRequired)
    }
}

/// Request to create a seat checkout session.
#[derive(Debug, Clone)]
pub struct SeatCheckoutRequest {
    /// The plan the subscription is on.
    pub plan_id: String,
    /// Number of seats to add.
    pub seats: u32,
    /// URL to redirect to on success.
    pub success_url: String,
    /// URL to redirect to on cancel.
    pub cancel_url: String,
}

/// Checkout session response.
#[derive(Debug, Clone)]
#[must_use]
pub struct CheckoutSession {
    /// Stripe checkout session ID.
    pub id: String,
    /// URL to redirect the customer to.
    pub url: String,
}

/// Line item for checkout.
#[derive(Debug, Clone)]
pub struct CheckoutLineItem {
    /// Stripe price ID.
    pub price_id: String,
    /// Quantity.
    pub quantity: u32,
}

/// Checkout mode.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum CheckoutMode {
    /// One-time payment.
    Payment,
    /// Subscription.
    Subscription,
    /// Setup (collect payment method).
    Setup,
}

impl CheckoutMode {
    /// Convert to Stripe API string.
    #[must_use]
    pub fn as_str(&self) -> &'static str {
        match self {
            Self::Payment => "payment",
            Self::Subscription => "subscription",
            Self::Setup => "setup",
        }
    }
}

/// Metadata for checkout sessions.
#[derive(Debug, Clone)]
pub struct CheckoutMetadata {
    /// The billable entity ID.
    pub billable_id: String,
    /// The billable entity type.
    pub billable_type: String,
    /// The plan being purchased.
    pub plan_id: String,
}

/// Request to create a Stripe checkout session.
#[derive(Debug, Clone)]
pub struct CreateCheckoutSessionRequest {
    /// Stripe customer ID.
    pub customer_id: String,
    /// Line items.
    pub line_items: Vec<CheckoutLineItem>,
    /// Success URL.
    pub success_url: String,
    /// Cancel URL.
    pub cancel_url: String,
    /// Checkout mode.
    pub mode: CheckoutMode,
    /// Allow promotion codes.
    pub allow_promotion_codes: bool,
    /// Trial period in days.
    pub trial_period_days: Option<u32>,
    /// Session metadata.
    pub metadata: CheckoutMetadata,
    /// Collect tax ID.
    pub tax_id_collection: bool,
    /// Collect billing address.
    pub billing_address_collection: bool,
    /// Coupon code to apply.
    pub coupon: Option<String>,
    /// Payment method collection behavior.
    pub payment_method_collection: Option<PaymentMethodCollection>,
}

/// Trait for Stripe checkout operations.
#[allow(async_fn_in_trait)]
pub trait StripeCheckoutClient: Send + Sync {
    /// Create a Stripe checkout session.
    async fn create_checkout_session(
        &self,
        request: CreateCheckoutSessionRequest,
    ) -> Result<CheckoutSession>;
}

/// Mock Stripe checkout client for testing.
#[cfg(any(test, feature = "test-billing"))]
pub mod test {
    use super::*;
    use std::sync::atomic::{AtomicU64, Ordering};

    /// Mock checkout client.
    #[derive(Default)]
    pub struct MockStripeCheckoutClient {
        session_counter: AtomicU64,
    }

    impl MockStripeCheckoutClient {
        /// Create a new mock client.
        #[must_use]
        pub fn new() -> Self {
            Self::default()
        }
    }

    impl StripeCheckoutClient for MockStripeCheckoutClient {
        async fn create_checkout_session(
            &self,
            _request: CreateCheckoutSessionRequest,
        ) -> Result<CheckoutSession> {
            let id = format!(
                "cs_test_{}",
                self.session_counter.fetch_add(1, Ordering::SeqCst)
            );
            Ok(CheckoutSession {
                id: id.clone(),
                url: format!("https://checkout.stripe.com/c/pay/{}", id),
            })
        }
    }

    /// Combined mock client for testing that implements all Stripe traits.
    #[derive(Default)]
    pub struct MockFullStripeClient {
        pub customer: super::super::customer::test::MockStripeClient,
        pub checkout: MockStripeCheckoutClient,
    }

    impl MockFullStripeClient {
        /// Create a new combined mock client.
        #[must_use]
        pub fn new() -> Self {
            Self::default()
        }
    }

    impl super::super::customer::StripeClient for MockFullStripeClient {
        async fn create_customer(
            &self,
            request: super::super::customer::CreateCustomerRequest,
        ) -> Result<String> {
            self.customer.create_customer(request).await
        }

        async fn update_customer(
            &self,
            customer_id: &str,
            request: super::super::customer::UpdateCustomerRequest,
        ) -> Result<()> {
            self.customer.update_customer(customer_id, request).await
        }

        async fn delete_customer(&self, customer_id: &str) -> Result<()> {
            self.customer.delete_customer(customer_id).await
        }

        async fn get_default_payment_method(&self, customer_id: &str) -> Result<Option<String>> {
            self.customer.get_default_payment_method(customer_id).await
        }
    }

    impl StripeCheckoutClient for MockFullStripeClient {
        async fn create_checkout_session(
            &self,
            request: CreateCheckoutSessionRequest,
        ) -> Result<CheckoutSession> {
            self.checkout.create_checkout_session(request).await
        }
    }

    impl Clone for MockFullStripeClient {
        fn clone(&self) -> Self {
            // For testing purposes, create a new instance
            // The counters won't be shared but that's fine for tests
            Self::new()
        }
    }
}

#[cfg(test)]
mod tests {
    use super::test::MockFullStripeClient;
    use super::*;
    use crate::billing::storage::BillableEntity;
    use crate::billing::storage::test::InMemoryBillingStore;

    struct TestEntity {
        id: String,
        email: String,
    }

    impl BillableEntity for TestEntity {
        fn billable_id(&self) -> &str {
            &self.id
        }

        fn billable_type(&self) -> &str {
            "org"
        }

        fn email(&self) -> &str {
            &self.email
        }

        fn name(&self) -> Option<&str> {
            None
        }
    }

    fn create_test_plans() -> Plans {
        Plans::builder()
            .plan("starter")
            .stripe_price("price_starter")
            .extra_seat_price("price_seat")
            .included_seats(3)
            .trial_days(14)
            .done()
            .unwrap()
            .plan("pro")
            .stripe_price("price_pro")
            .included_seats(5)
            .done()
            .unwrap()
            .build()
            .unwrap()
    }

    #[tokio::test]
    async fn test_create_checkout_session() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_123".to_string(),
            email: "test@example.com".to_string(),
        };

        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        );

        let session = manager
            .create_checkout_session(&entity, request)
            .await
            .unwrap();
        assert!(session.id.starts_with("cs_test_"));
        assert!(session.url.contains("checkout.stripe.com"));
    }

    #[tokio::test]
    async fn test_create_checkout_session_with_extra_seats() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_456".to_string(),
            email: "test@example.com".to_string(),
        };

        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_extra_seats(5);

        let session = manager
            .create_checkout_session(&entity, request)
            .await
            .unwrap();
        assert!(session.id.starts_with("cs_test_"));
    }

    #[tokio::test]
    async fn test_create_checkout_session_invalid_plan() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_789".to_string(),
            email: "test@example.com".to_string(),
        };

        let request = CheckoutRequest::new(
            "nonexistent",
            "https://example.com/success",
            "https://example.com/cancel",
        );

        let result = manager.create_checkout_session(&entity, request).await;
        assert!(result.is_err());
    }

    #[tokio::test]
    async fn test_create_checkout_session_no_seat_support() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_abc".to_string(),
            email: "test@example.com".to_string(),
        };

        // Pro plan doesn't have extra seat price configured
        let request = CheckoutRequest::new(
            "pro",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_extra_seats(5);

        let result = manager.create_checkout_session(&entity, request).await;
        assert!(result.is_err());
    }

    #[test]
    fn test_url_validation_https_required() {
        let config = CheckoutConfig::new();

        // HTTPS should pass
        assert!(
            config
                .validate_redirect_url("https://example.com/success")
                .is_ok()
        );

        // HTTP should fail
        let result = config.validate_redirect_url("http://example.com/success");
        assert!(result.is_err());
    }

    #[test]
    fn test_url_validation_invalid_url() {
        let config = CheckoutConfig::new();

        let result = config.validate_redirect_url("not-a-url");
        assert!(result.is_err());

        let result = config.validate_redirect_url("");
        assert!(result.is_err());
    }

    #[test]
    fn test_url_validation_allowed_domains() {
        let config =
            CheckoutConfig::new().allowed_redirect_domains(["example.com", "app.mysite.com"]);

        // Exact match should pass
        assert!(
            config
                .validate_redirect_url("https://example.com/success")
                .is_ok()
        );
        assert!(
            config
                .validate_redirect_url("https://app.mysite.com/cancel")
                .is_ok()
        );

        // Subdomain of allowed domain should pass
        assert!(
            config
                .validate_redirect_url("https://app.example.com/success")
                .is_ok()
        );
        assert!(
            config
                .validate_redirect_url("https://staging.app.mysite.com/success")
                .is_ok()
        );

        // Different domain should fail
        let result = config.validate_redirect_url("https://evil.com/redirect");
        assert!(result.is_err());

        // Similar but not matching domain should fail
        let result = config.validate_redirect_url("https://notexample.com/success");
        assert!(result.is_err());
    }

    #[test]
    fn test_url_validation_empty_allowed_list() {
        let config = CheckoutConfig::new();

        // Any HTTPS URL should pass when no allowed list is configured
        assert!(
            config
                .validate_redirect_url("https://example.com/success")
                .is_ok()
        );
        assert!(
            config
                .validate_redirect_url("https://any-domain.com/path")
                .is_ok()
        );
    }

    #[tokio::test]
    async fn test_checkout_rejects_invalid_url() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::new().allowed_redirect_domains(["example.com"]);

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_url_test".to_string(),
            email: "test@example.com".to_string(),
        };

        // Valid domain should succeed
        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        );
        assert!(
            manager
                .create_checkout_session(&entity, request)
                .await
                .is_ok()
        );

        // Invalid domain should fail
        let request = CheckoutRequest::new(
            "starter",
            "https://evil.com/success",
            "https://example.com/cancel",
        );
        assert!(
            manager
                .create_checkout_session(&entity, request)
                .await
                .is_err()
        );
    }

    #[test]
    fn test_checkout_request_with_coupon() {
        let request = CheckoutRequest::new(
            "pro",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_coupon("SAVE20")
        .with_promotion_codes(false);

        assert_eq!(request.plan_id, "pro");
        assert_eq!(request.coupon, Some("SAVE20".to_string()));
        assert_eq!(request.allow_promotion_codes, Some(false));
    }

    #[tokio::test]
    async fn test_create_checkout_session_with_coupon() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_coupon_test".to_string(),
            email: "test@example.com".to_string(),
        };

        // Must disable promotion codes when using a coupon
        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_coupon("WELCOME50")
        .with_promotion_codes(false);

        let session = manager
            .create_checkout_session(&entity, request)
            .await
            .unwrap();
        assert!(session.id.starts_with("cs_test_"));
    }

    #[tokio::test]
    async fn test_checkout_rejects_coupon_with_promotion_codes() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        // Config has allow_promotion_codes: true by default
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_conflict_test".to_string(),
            email: "test@example.com".to_string(),
        };

        // Try to use both coupon AND promotion codes - should fail
        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_coupon("SAVE20")
        .with_promotion_codes(true);

        let result = manager.create_checkout_session(&entity, request).await;
        assert!(result.is_err());
        let err = result.unwrap_err().to_string();
        assert!(err.contains("coupon") && err.contains("promotion"));
    }

    #[tokio::test]
    async fn test_checkout_allows_coupon_without_promotion_codes() {
        let store = InMemoryBillingStore::new();
        let client = MockFullStripeClient::new();
        let plans = create_test_plans();
        let config = CheckoutConfig::default();

        let manager = CheckoutManager::new(store, client, plans, config);

        let entity = TestEntity {
            id: "org_coupon_only".to_string(),
            email: "test@example.com".to_string(),
        };

        // Use coupon with promotion codes disabled - should succeed
        let request = CheckoutRequest::new(
            "starter",
            "https://example.com/success",
            "https://example.com/cancel",
        )
        .with_coupon("SAVE20")
        .with_promotion_codes(false);

        let result = manager.create_checkout_session(&entity, request).await;
        assert!(result.is_ok());
    }

    #[test]
    fn test_url_validation_localhost_http() {
        // Without flag, HTTP localhost should fail
        let config = CheckoutConfig::new();
        assert!(
            config
                .validate_redirect_url("http://localhost:5173/success")
                .is_err()
        );
        assert!(
            config
                .validate_redirect_url("http://127.0.0.1:3000/cancel")
                .is_err()
        );

        // With flag enabled, HTTP localhost should pass
        let config = CheckoutConfig::new().allow_localhost_http(true);
        assert!(
            config
                .validate_redirect_url("http://localhost:5173/success")
                .is_ok()
        );
        assert!(
            config
                .validate_redirect_url("http://127.0.0.1:3000/cancel")
                .is_ok()
        );
        assert!(
            config
                .validate_redirect_url("http://[::1]:8080/success")
                .is_ok()
        );

        // HTTP on non-localhost should still fail
        assert!(
            config
                .validate_redirect_url("http://example.com/success")
                .is_err()
        );

        // HTTPS should always work
        assert!(
            config
                .validate_redirect_url("https://example.com/success")
                .is_ok()
        );
    }
}