GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/Website/TESTING_CHECKLIST.md

339 lines
9 KiB
Markdown
Raw Blame History

# Testing Checklist for Billing Invoice/Order Flow Fixes
## Prerequisites
1. **Database Setup**
- [ ] Verify `ogp_billing_invoices` table exists
- [ ] Verify `ogp_billing_orders` table exists
- [ ] Verify tables have all required columns (see create_invoices_table.sql)
2. **Configuration**
- [ ] Copy `modules/billing/includes/config.inc.php.orig` to `modules/billing/includes/config.inc.php`
- [ ] Update database credentials in config.inc.php
- [ ] Verify `$table_prefix` is set correctly (default: "ogp_")
- [ ] Verify `$SITE_DATA_DIR` path is writable
3. **PayPal Configuration**
- [ ] Verify sandbox client_id and client_secret in api/create_order.php
- [ ] Verify sandbox client_id and client_secret in api/capture_order.php
- [ ] Verify webhook_id in webhook.php
## Test 1: Add to Cart (Invoice Creation)
**Test NEW Order Flow**
1. Navigate to order.php
2. Select a game server configuration
3. Set price to $0.00 for testing (or use regular price)
4. Fill in all required fields
5. Click "Add to Cart"
**Expected Results:**
- [ ] Redirects to cart.php
- [ ] Item appears in cart
- [ ] Database check: Invoice created in `ogp_billing_invoices`
- [ ] status = 'due'
- [ ] order_id = 0 (no order yet)
- [ ] user_id matches logged-in user
- [ ] amount, qty, service_id populated correctly
**Verification SQL:**
```sql
SELECT * FROM ogp_billing_invoices WHERE status='due' ORDER BY invoice_id DESC LIMIT 5;
```
## Test 2: Free Button (Manual Order Creation)
**Test Free/Claim Flow**
1. Ensure you have item in cart with amount = 0.00
2. Click "Claim (Free)" button
**Expected Results:**
- [ ] Redirects to return.php
- [ ] Shows payment confirmation
- [ ] Invoice marked as paid
- [ ] Order created
- [ ] Cart is empty
**Verification SQL:**
```sql
-- Check invoice was marked paid
SELECT invoice_id, status, paid_date, order_id FROM ogp_billing_invoices
WHERE status='paid' ORDER BY invoice_id DESC LIMIT 1;
-- Check order was created
SELECT order_id, user_id, status, end_date, payment_txid FROM ogp_billing_orders
ORDER BY order_id DESC LIMIT 1;
-- Verify link
SELECT i.invoice_id, i.order_id, o.order_id
FROM ogp_billing_invoices i
LEFT JOIN ogp_billing_orders o ON i.order_id = o.order_id
WHERE i.status='paid' ORDER BY i.invoice_id DESC LIMIT 5;
```
**Check Logs:**
```bash
tail -50 modules/billing/logs/site.log | grep -E "(payment|free_create)"
```
## Test 3: PayPal Payment Flow
**Test PayPal Checkout**
1. Add paid item to cart (e.g., $5.00)
2. Click PayPal button in cart
3. Should redirect to PayPal sandbox
4. Login with sandbox buyer account
5. Approve payment
6. Should return to payment_success.php
**Expected Results:**
- [ ] PayPal button renders correctly
- [ ] Creates PayPal order (check browser console for order ID)
- [ ] Redirects to PayPal sandbox
- [ ] After approval, returns to payment_success.php
- [ ] No JavaScript errors in console
- [ ] No "Unexpected end of JSON input" error
- [ ] Invoice marked as paid
- [ ] Order created
- [ ] Cart is empty
**Browser Console Checks:**
```
Look for:
✓ "PayPal cart debug: ..." - Shows cart data
✓ "Creating order..." - Order creation started
✓ "Order created." - Order creation succeeded
✓ "Capturing payment..." - Capture started
✗ Any errors - Should be none
```
**Verification SQL:**
```sql
-- Check invoice
SELECT invoice_id, status, paid_date, payment_txid, payment_method, order_id
FROM ogp_billing_invoices
WHERE payment_method='paypal'
ORDER BY invoice_id DESC LIMIT 1;
-- Check order
SELECT order_id, user_id, status, price, end_date, payment_txid
FROM ogp_billing_orders
WHERE payment_txid LIKE '%'
ORDER BY order_id DESC LIMIT 1;
```
**Check API Logs:**
```bash
# Check create_order.php payload
cat modules/billing/data/create_order_payload.log
# Check corrected URLs
cat modules/billing/data/corrected_urls.log
# Check for errors
cat modules/billing/data/create_order_errors.log
```
## Test 4: Webhook Processing
**Test Webhook Handler**
1. Trigger a PayPal payment (from Test 3)
2. PayPal will send webhook to webhook.php
**Expected Results:**
- [ ] Webhook receives POST from PayPal
- [ ] Signature verification succeeds
- [ ] Payment record processed
- [ ] Invoice marked paid (if not already)
- [ ] Order created/updated (if not already)
**Verification:**
```bash
# Check webhook log
tail -50 modules/billing/data/webhook.log
# Check for payment processing
grep "process_payment" modules/billing/data/webhook.log
```
**Check Data Files:**
```bash
ls -lah modules/billing/data/*.json
cat modules/billing/data/INV-*.json # Check payment record format
```
## Test 5: Renewal Flow
**Setup Renewal Invoice**
1. Create a test order manually:
```sql
INSERT INTO ogp_billing_orders (
user_id, service_id, home_name, ip, max_players, qty, invoice_duration,
price, remote_control_password, ftp_password, status, order_date, end_date,
payment_txid, paid_ts
) VALUES (
1, 1, 'Test Server', 1, 10, 1, 'month',
5.00, 'rconpass', 'ftppass', 'paid', NOW(), DATE_ADD(NOW(), INTERVAL 1 MONTH),
'TEST-INITIAL', NOW()
);
```
2. Get the order_id from the insert:
```sql
SELECT LAST_INSERT_ID();
```
3. Create renewal invoice:
```sql
INSERT INTO ogp_billing_invoices (
order_id, user_id, service_id, home_name, ip, max_players, qty, invoice_duration,
amount, status, customer_name, customer_email, due_date, description
) VALUES (
LAST_INSERT_ID(), -- Use order_id from step 2
1, 1, 'Test Server', 1, 10, 1, 'month',
5.00, 'due', 'Test User', 'test@test.com', DATE_ADD(NOW(), INTERVAL 3 DAY),
'Renewal invoice'
);
```
**Test Renewal Payment**
1. Log in as user who owns the order
2. View cart - should show renewal invoice
3. Pay using free button or PayPal
**Expected Results:**
- [ ] Invoice marked as paid
- [ ] Original order's end_date extended by 1 month
- [ ] No duplicate order created
- [ ] Invoice.order_id still points to original order
**Verification SQL:**
```sql
-- Check order end_date was extended
SELECT order_id, end_date, status, payment_txid
FROM ogp_billing_orders
WHERE order_id = <order_id_from_step_2>;
-- Should show end_date = original end_date + 1 month
-- Check invoice
SELECT invoice_id, order_id, status, paid_date
FROM ogp_billing_invoices
WHERE order_id = <order_id_from_step_2>;
-- Should show paid invoice linked to same order_id
```
## Test 6: Error Handling
**Test Invalid Scenarios**
1. **Missing session**: Try to pay without being logged in
- [ ] Should redirect to login or show error
2. **Database connection failure**: Temporarily break DB config
- [ ] capture_order.php should return JSON error, not crash
- [ ] Error should be logged
3. **PayPal API failure**: Use invalid credentials
- [ ] Should show error in console
- [ ] Should log error
- [ ] Should not corrupt database
## Common Issues and Solutions
### Issue: "Config file not found"
**Solution**: Copy config.inc.php.orig to config.inc.php
### Issue: "Table doesn't exist"
**Solution**: Run create_invoices_table.sql
### Issue: "Permission denied writing to data/"
**Solution**:
```bash
chmod 775 modules/billing/data
chown www-data:www-data modules/billing/data # Or your web server user
```
### Issue: "PayPal button doesn't render"
**Solution**: Check browser console for errors, verify client_id
### Issue: "Unexpected end of JSON input"
**Solution**:
- Check PHP error log: `tail -f /var/log/php/error.log`
- Verify display_errors=0 in capture_order.php
- Check for syntax errors: `php -l api/capture_order.php`
### Issue: "Cart still shows items after payment"
**Solution**:
- Check if invoice status changed to 'paid'
- Check if process_payment_record was called
- Check logs for errors
## Performance Testing
**Test with Multiple Items**
1. Add 5 items to cart
2. Pay with PayPal
3. Verify all 5 invoices marked paid
4. Verify all 5 orders created
5. Verify all linked correctly
**Test Concurrent Payments**
1. Add item to cart in two different browsers (same user)
2. Attempt to pay both simultaneously
3. Verify both process correctly
4. Check for race conditions
## Security Testing
**Test SQL Injection**
1. Try adding special characters to form fields
2. Try manipulating invoice_id in POST requests
3. Verify all inputs are sanitized/escaped
**Test Session Hijacking**
1. Try accessing cart with invalid session
2. Try paying for someone else's invoice
3. Verify proper authorization checks
**Test Webhook Signature**
1. Send fake webhook without valid signature
2. Verify it's rejected
3. Check logs for security events
## Cleanup
After testing, clean up test data:
```sql
-- Remove test invoices
DELETE FROM ogp_billing_invoices WHERE customer_email = 'test@test.com';
-- Remove test orders
DELETE FROM ogp_billing_orders WHERE remote_control_password = 'rconpass';
```
## Sign-off
- [ ] All tests passed
- [ ] No errors in logs
- [ ] Documentation reviewed
- [ ] Security checks completed
- [ ] Ready for production deployment
**Tested by**: _______________
**Date**: _______________
**Environment**: _______________ (Dev/Staging/Production)
**Notes**: _______________
Reference in a new issue View git blame Copy permalink