[TBT-381] Create beta_plan for org

Author: mshahzaib-travis

lib/travis/api/app/endpoint/assembla.rb

@@ -2,48 +2,42 @@
 require 'jwt'
 require 'travis/remote_vcs/user'
 require 'travis/remote_vcs/repository'
+require 'travis/api/v3/billing_client'
+require_relative '../jwt_utils'
 
 class Travis::Api::App
   class Endpoint
     class Assembla < Endpoint
+      include Travis::Api::App::JWTUtils
       set prefix: '/assembla'
       set :check_auth, false
 
       before do
         halt 403, { error: 'Deep integration not enabled' } unless deep_integration_enabled?
         halt 403, { error: 'Invalid ASM cluster' } unless valid_asm_cluster?
-        @jwt_payload = verify_jwt
+        begin
+          @jwt_payload = verify_jwt(request, Travis.config.assembla_jwt_secret)
+        rescue JWTUtils::UnauthorizedError => e
+          halt 401, { error: e.message }.to_json
+        end
       end
 
       # POST /assembla/login
       # Accepts a JWT, finds or creates a user, and signs them in
       post '/login' do
         user = find_or_create_user(@jwt_payload)
-        begin
-          Travis::RemoteVCS::User.new.sync(user_id: user.id)
-        rescue => e
-          halt 500, { error: 'User sync failed', details: e.message }.to_json
-        end
-        { user_id: user.id, login: user.login, token: user.token, status: 'signed_in' }.to_json
-      end
-
-      private
+        sync_user(user.id)
+        create_org_subscription(user.id, @jwt_payload[:space_id])
 
-      def verify_jwt
-        token = extract_jwt_token
-        halt 401, { error: 'Missing JWT' } unless token
-        secret = Travis.config.assembla_jwt_secret
-        begin
-          decoded, = JWT.decode(token, secret, true, { algorithm: 'HS256' })
-          decoded
-        rescue JWT::DecodeError => e
-          halt 401, { error: 'Invalid JWT', details: e.message }
-        end
+        {
+          user_id: user.id,
+          login: user.login,
+          token: user.token,
+          status: 'signed_in'
+        }.to_json
       end
 
-      def extract_jwt_token
-        request.env['HTTP_AUTHORIZATION']&.split(' ')&.last
-      end
+      private
 
       def deep_integration_enabled?
         Travis.config.deep_integration_enabled
@@ -69,7 +63,24 @@ def find_or_create_user(payload)
           org_id: payload['space_id'],
           vcs_type: 'AssemblaUser'
         }
-        ::User.first_or_create!(attrs)
+        ::User.find_or_create_by!(attrs)
+      end
+
+      def sync_user(user_id)
+        Travis::RemoteVCS::User.new.sync(user_id: user_id)
+      rescue => e
+        halt 500, { error: 'User sync failed', details: e.message }.to_json
+      end
+
+      def create_org_subscription(user_id, space_id)
+        plan = 'beta_plan'
+        client = Travis::API::V3::BillingClient.new(user_id)
+        client.create_v2_subscription({
+          'plan' => plan,
+          'organization_id' => space_id,
+        })
+      rescue => e
+        halt 500, { error: 'Subscription creation failed', details: e.message }.to_json
       end
     end
   end

lib/travis/api/app/jwt_utils.rb

@@ -0,0 +1,20 @@
+class Travis::Api::App
+  module JWTUtils
+    def extract_jwt_token(request)
+      request.env['HTTP_AUTHORIZATION']&.split(' ')&.last
+    end
+
+    def verify_jwt(request, secret)
+      token = extract_jwt_token(request)
+      raise UnauthorizedError, 'Missing JWT' unless token
+      begin
+        decoded, = JWT.decode(token, secret, true, { algorithm: 'HS256' })
+        decoded
+      rescue JWT::DecodeError => e
+        raise UnauthorizedError, "Invalid JWT: #{e.message}"
+      end
+    end
+
+    class UnauthorizedError < StandardError; end
+  end
+end

spec/unit/endpoint/assembla_spec.rb

@@ -27,18 +27,17 @@
   describe 'POST /assembla/login' do
     context 'with valid JWT' do
       before do
-        allow(::User).to receive(:first_or_create!).and_return(double('User', id: 1, login: 'testuser', token: 'abc123'))
         allow_any_instance_of(Travis::RemoteVCS::User).to receive(:sync).and_return(true)
+        allow_any_instance_of(Travis::API::V3::BillingClient).to receive(:create_v2_subscription).and_return(true)
       end
 
       it 'returns user info and token' do
         header 'Authorization', "Bearer #{token}"
         post '/assembla/login'
         expect(last_response.status).to eq(200)
         body = JSON.parse(last_response.body)
-        expect(body['user_id']).to eq(1)
         expect(body['login']).to eq('testuser')
-        expect(body['token']).to eq('abc123')
+        expect(body['token']).to be_present
         expect(body['status']).to eq('signed_in')
       end
     end
@@ -94,5 +93,44 @@
         expect(last_response.body).to include('Invalid ASM cluster')
       end
     end
+
+    context 'with missing required fields in JWT payload' do
+      let(:payload) do
+        {
+          'name' => 'Test User',
+          'login' => 'testuser',
+          'space_id' => 'space123' # 'email' is missing
+        }
+      end
+      let(:token) { JWT.encode(payload, jwt_secret, 'HS256') }
+
+      it 'returns 400 with missing fields' do
+        header 'Authorization', "Bearer #{token}"
+        post '/assembla/login'
+        expect(last_response.status).to eq(400)
+        expect(last_response.body).to include('Missing required fields')
+        expect(last_response.body).to include('email')
+      end
+    end
+
+    context 'with expired JWT token' do
+      let(:payload) do
+        {
+          'name' => 'Test User',
+          'email' => '[email protected]',
+          'login' => 'testuser',
+          'space_id' => 'space123',
+          'exp' => (Time.now.to_i - 60)
+        }
+      end
+      let(:token) { JWT.encode(payload, jwt_secret, 'HS256') }
+
+      it 'returns 401 with expired error' do
+        header 'Authorization', "Bearer #{token}"
+        post '/assembla/login'
+        expect(last_response.status).to eq(401)
+        expect(last_response.body).to match(/expired|exp/i)
+      end
+    end
   end
 end