Added a check & response for expired voucher in validation endpoint

ok200paul · ok200paul · commit 98f593fa41cc · 2025-09-23T09:50:00.000+10:00
diff --git a/app/Http/Controllers/Api/V1/ApiVoucherValidationController.php b/app/Http/Controllers/Api/V1/ApiVoucherValidationController.php
@@ -145,6 +145,15 @@ public function store(): JsonResponse
                 ]
             );
 
+            if (!is_null($voucher->expires_at)) {
+                if ($voucher->expires_at <= now()) {
+                    $this->responseCode = 409;
+                    $this->message      = ApiResponse::RESPONSE_REDEMPTION_FAILED_VOUCHER_EXPIRED->value;
+
+                    return $this->respond();
+                }
+            }
+
             /**
              * At this point everything checks out, we can return the voucher details
              */
diff --git a/tests/Feature/API/App/VoucherValidation/VoucherValidationPostTest.php b/tests/Feature/API/App/VoucherValidation/VoucherValidationPostTest.php
@@ -2,6 +2,7 @@
 
 namespace Tests\Feature\API\App\VoucherValidation;
 
+use App\Enums\ApiResponse;
 use App\Models\Voucher;
 use App\Models\VoucherSet;
 use App\Models\VoucherSetMerchantTeam;
@@ -17,7 +18,7 @@ class VoucherValidationPostTest extends BaseAPITestCase
     protected string $endPoint = '/voucher-validation';
 
     #[Test]
-    public function itFailsIfVoucherIdentifierIsWrong()
+    public function itCanValidateVoucherUsingId()
     {
 
         $this->user = $this->createUserWithTeam();
@@ -34,20 +35,29 @@ public function itFailsIfVoucherIdentifierIsWrong()
             ]
         );
 
+        $voucher = Voucher::factory()->create(
+            [
+                'voucher_set_id' => $voucherSet->id,
+            ]
+        );
+
+        $voucher->refresh();
+
         $payload = [
             'type'  => 'voucher_id',
-            'value' => 'INCORRECT VALUE',
+            'value' => $voucher->id,
         ];
 
-        $data = json_encode($payload);
-
         $response = $this->postJson($this->apiRoot . $this->endPoint, $payload);
+        $response->assertOk();
 
-        $response->assertStatus(404);
+        $responseObj = json_decode($response->getContent());
+
+        $this->assertEquals($voucher->id, $responseObj->data->id);
     }
 
     #[Test]
-    public function itCanValidateVoucherUsingId()
+    public function itCanValidateVoucherUsingShortCode()
     {
 
         $this->user = $this->createUserWithTeam();
@@ -56,7 +66,8 @@ public function itCanValidateVoucherUsingId()
             $this->user
         );
 
-        $voucherSet         = VoucherSet::factory()->createQuietly();
+        $voucherSet = VoucherSet::factory()->createQuietly();
+
         $voucherSetMerchant = VoucherSetMerchantTeam::factory()->createQuietly(
             [
                 'voucher_set_id'   => $voucherSet->id,
@@ -73,20 +84,20 @@ public function itCanValidateVoucherUsingId()
         $voucher->refresh();
 
         $payload = [
-            'type'  => 'voucher_id',
-            'value' => $voucher->id,
+            'type'  => 'voucher_code',
+            'value' => $voucher->voucher_short_code,
         ];
 
         $response = $this->postJson($this->apiRoot . $this->endPoint, $payload);
-        $response->assertOk();
 
         $responseObj = json_decode($response->getContent());
 
+        $response->assertOk();
         $this->assertEquals($voucher->id, $responseObj->data->id);
     }
 
     #[Test]
-    public function itCanValidateVoucherUsingShortCode()
+    public function itHidesSensitiveFieldsFromValidationResponse()
     {
 
         $this->user = $this->createUserWithTeam();
@@ -123,10 +134,12 @@ public function itCanValidateVoucherUsingShortCode()
 
         $response->assertOk();
         $this->assertEquals($voucher->id, $responseObj->data->id);
+        $this->assertObjectNotHasProperty(propertyName: 'created_by_team_id', object: $responseObj->data);
+        $this->assertObjectNotHasProperty(propertyName: 'allocated_to_service_team_id', object: $responseObj->data);
     }
 
     #[Test]
-    public function itHidesSensitiveFieldsFromValidationResponse()
+    public function itFailsIfVoucherIdentifierIsWrong()
     {
 
         $this->user = $this->createUserWithTeam();
@@ -135,8 +148,37 @@ public function itHidesSensitiveFieldsFromValidationResponse()
             $this->user
         );
 
-        $voucherSet = VoucherSet::factory()->createQuietly();
+        $voucherSet         = VoucherSet::factory()->createQuietly();
+        $voucherSetMerchant = VoucherSetMerchantTeam::factory()->createQuietly(
+            [
+                'voucher_set_id'   => $voucherSet->id,
+                'merchant_team_id' => $this->user->current_team_id,
+            ]
+        );
+
+        $payload = [
+            'type'  => 'voucher_id',
+            'value' => 'INCORRECT VALUE',
+        ];
+
+        $data = json_encode($payload);
+
+        $response = $this->postJson($this->apiRoot . $this->endPoint, $payload);
+
+        $response->assertStatus(404);
+    }
 
+    #[Test]
+    public function itFailsIfVoucherIsExpired()
+    {
+
+        $this->user = $this->createUserWithTeam();
+
+        Sanctum::actingAs(
+            $this->user
+        );
+
+        $voucherSet         = VoucherSet::factory()->createQuietly();
         $voucherSetMerchant = VoucherSetMerchantTeam::factory()->createQuietly(
             [
                 'voucher_set_id'   => $voucherSet->id,
@@ -147,24 +189,24 @@ public function itHidesSensitiveFieldsFromValidationResponse()
         $voucher = Voucher::factory()->create(
             [
                 'voucher_set_id' => $voucherSet->id,
+                'expires_at'     => now()->subMonth(),
             ]
         );
 
-        $voucher->refresh();
-
         $payload = [
-            'type'  => 'voucher_code',
-            'value' => $voucher->voucher_short_code,
+            'type'  => 'voucher_id',
+            'value' => $voucher->id,
         ];
 
         $response = $this->postJson($this->apiRoot . $this->endPoint, $payload);
 
-        $responseObj = json_decode($response->getContent());
+        $responseObject = json_decode($response->getContent());
 
-        $response->assertOk();
-        $this->assertEquals($voucher->id, $responseObj->data->id);
-        $this->assertObjectNotHasProperty(propertyName: 'created_by_team_id', object: $responseObj->data);
-        $this->assertObjectNotHasProperty(propertyName: 'allocated_to_service_team_id', object: $responseObj->data);
+        /**
+         * Assert status code & message are expected
+         */
+        $response->assertStatus(409);
+        $this->assertEquals($responseObject->meta->message, ApiResponse::RESPONSE_REDEMPTION_FAILED_VOUCHER_EXPIRED->value);
     }
 
     #[Test]
