Ensure only current user gets client_reference_id

jahseng-lee · Dec 21, 2023 · c2d1036 · c2d1036
1 parent b052ee0
commit c2d1036
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/app/controllers/choose_plans_controller.rb b/app/controllers/choose_plans_controller.rb
@@ -6,7 +6,7 @@ def show
         current_user.cancelled_subscription?
       @checkout_client_reference_id = SecureRandom.hex(32)
 
-      User.update!(
+      current_user.update!(
         last_checkout_reference: @checkout_client_reference_id
       )
     else

diff --git a/spec/requests/choose_plans_controller.rb b/spec/requests/choose_plans_controller.rb
@@ -0,0 +1,37 @@
+require 'rails_helper'
+
+RSpec.describe "Citizenships", type: :request do
+  let(:signed_in_user) { create(:user) }
+  before do
+    sign_in signed_in_user
+  end
+
+  describe "GET #show" do
+    context "with multiple users in the system" do
+      let!(:other_user) { create(:user) }
+
+      it "sets up the signed_in user with a random client reference id" do
+        get choose_plan_path
+
+        signed_in_user.reload
+        other_user.reload
+
+        expect(signed_in_user.last_checkout_reference).not_to be_nil
+        expect(other_user.last_checkout_reference).to be_nil
+      end
+    end
+
+    context "if the user already has a linked stripe accont" do
+      before do
+        signed_in_user.update!(stripe_customer_id: "foobar")
+      end
+
+      it "redirects to the profile page" do
+        get choose_plan_path
+
+        expect(response.status).to eq 302
+        expect(response.location).to eq profile_url
+      end
+    end
+  end
+end