mirror of
https://github.com/we-promise/sure.git
synced 2026-07-16 14:55:23 +00:00
* feat(wise): add Wise integration with JAR savings account and activity support
- Add WiseItem/WiseAccount models with full sync pipeline (importer, syncer, processor)
- Detect income vs expense using targetAccount == recipientId from borderless accounts API
- Support JAR (SAVINGS) accounts with totalWorth balance and savings subtype
- Fetch JAR activity via profile activities API (INTERBALANCE, BALANCE_CASHBACK, BALANCE_ASSET_FEE)
- Route INTERBALANCE activities to both JAR and STANDARD accounts and link as Transfer records
- Add provider connection status registration, routes, views, and i18n
- Add migration for wise_items and wise_accounts tables
- Add tests for WiseAccount, WiseEntry::Processor, WiseActivity::Processor, WiseItem::Importer, and WiseItem#link_jar_transfers!
* chore(lint): add ignore to security scan (false positive)
* fix(wise): address PR review feedback on activity routing, HTML stripping, rate limiting, and scope extraction
- Replace title string matching in activity_for_account? with resource.id vs balance_id comparison to avoid breakage when users rename JAR accounts on Wise
- Replace gsub(/<[^>]+>/, "") with ActionController::Base.helpers.strip_tags to safely handle user-controlled HTML-like content
- Wrap paginated API calls in with_rate_limit_retry (up to 3 attempts, exponential backoff) to handle 429 responses during fetch_jar_activities and fetch_transfers
- Extract WiseAccount.unlinked scope and remove duplicated left_joins query from controller
* fix(wise): address PR #2433 review feedback
- Wire @wise_items into AccountsController#index so linked accounts appear on /accounts
- Fix find_wise_account_for_linking to preserve .active scope via .merge instead of .then
- Fix cross-currency incoming transfer amount to use targetValue instead of sourceValue
- Add missing select_profiles.session_expired locale key
- Add missing account_name interpolation to link_existing_account success notice
- Use i18n for profile type labels in profile_display_name
- Trigger wise_item.sync_later after account linking in all three linking actions
- Isolate fee transaction failure so it no longer aborts the main transfer import
- Use bare raise in WiseActivity/WiseEntry processors to preserve original backtrace
- Re-raise in WiseItem::Unlinking to prevent silently orphaned Holdings
- Fix avatar badge to use design system tokens (bg-container-inset, text-primary)
* fix(wise): fix INTERBALANCE routing and encrypt pending token in session
* fix(wise): replace hand-rolled buttons/links with DS::Button and DS::Link
Address repeated sure-design DS drift findings: migrate all manual
Tailwind button_to and link_to calls in Wise views to DS::Button
(outline/outline_destructive variants) and DS::Link (secondary variant).
Add missing provider_panel.disconnect locale key for the disconnect button text.
* fix(wise): use render_provider_panel_error in create instead of missing new template
* fix(wise): add missing comma in PROVIDERS array
CI failed with a SyntaxError because the questrade entry wasn't
comma-terminated before the wise entry.
* chore(wise): re-add pipelock:ignore for pending token param
Lost when the token source moved from session to an encrypted params
field in 0b5dc886, causing the CI secret scanner to flag a false positive.
* fix(test): widen random ticker suffix to avoid rare collision flake
hex(2) only yields 65536 possible tickers, so create_trade's 4 calls per
test run had a small but nonzero chance of colliding on the unique
ticker+exchange index. hex(8) makes collisions practically impossible.
99 lines
3.5 KiB
Ruby
99 lines
3.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
|
|
class WiseItemsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
sign_in users(:family_admin)
|
|
SyncJob.stubs(:perform_later)
|
|
@family = families(:dylan_family)
|
|
@wise_item = wise_items(:one)
|
|
|
|
@valid_profiles = [
|
|
{ "id" => "99999999", "type" => "personal", "details" => { "firstName" => "Jane", "lastName" => "Doe" } }
|
|
]
|
|
end
|
|
|
|
# create renders select_profiles directly — token must NOT appear in the session
|
|
|
|
test "create renders select_profiles and keeps token out of session" do
|
|
Provider::Wise.any_instance.stubs(:get_profiles).returns(@valid_profiles)
|
|
|
|
post wise_items_url, params: { wise_item: { token: "live_token_abc" } }
|
|
|
|
assert_response :success
|
|
assert_nil session[:wise_pending_token], "raw API token must not be stored in the session"
|
|
assert_select "input[name='encrypted_pending_token']"
|
|
end
|
|
|
|
test "create stores an encrypted token that round-trips to the original value" do
|
|
Provider::Wise.any_instance.stubs(:get_profiles).returns(@valid_profiles)
|
|
|
|
post wise_items_url, params: { wise_item: { token: "live_token_abc" } }
|
|
|
|
encrypted = css_select("input[name='encrypted_pending_token']").first["value"]
|
|
assert encrypted.present?, "hidden encrypted_pending_token field must be present"
|
|
|
|
key = Rails.application.key_generator.generate_key("wise_pending_token", 32)
|
|
decrypted = ActiveSupport::MessageEncryptor.new(key).decrypt_and_verify(encrypted)
|
|
assert_equal "live_token_abc", decrypted
|
|
end
|
|
|
|
test "create redirects to providers on blank token" do
|
|
post wise_items_url, params: { wise_item: { token: "" } }
|
|
assert_redirected_to settings_providers_path
|
|
assert_nil session[:wise_pending_token]
|
|
end
|
|
|
|
test "create redirects to providers when Wise API rejects the token" do
|
|
Provider::Wise.any_instance.stubs(:get_profiles).raises(
|
|
Provider::Wise::WiseError.new("unauthorized", :unauthorized)
|
|
)
|
|
|
|
post wise_items_url, params: { wise_item: { token: "bad_token" } }
|
|
assert_redirected_to settings_providers_path
|
|
assert_nil session[:wise_pending_token]
|
|
end
|
|
|
|
# link_profiles uses the encrypted hidden field, not the session
|
|
|
|
test "link_profiles creates WiseItems using the encrypted token" do
|
|
Provider::Wise.any_instance.stubs(:get_profiles).returns(@valid_profiles)
|
|
post wise_items_url, params: { wise_item: { token: "live_token_abc" } }
|
|
|
|
encrypted = css_select("input[name='encrypted_pending_token']").first["value"]
|
|
|
|
assert_difference "WiseItem.count", 1 do
|
|
post link_profiles_wise_items_url, params: {
|
|
encrypted_pending_token: encrypted,
|
|
profile_ids: [ "99999999" ]
|
|
}
|
|
end
|
|
|
|
assert_redirected_to settings_providers_path
|
|
assert_equal "live_token_abc", @family.wise_items.find_by!(profile_id: "99999999").token
|
|
assert_nil session[:wise_pending_profiles]
|
|
end
|
|
|
|
test "link_profiles redirects to new when encrypted token is missing" do
|
|
post link_profiles_wise_items_url, params: {
|
|
encrypted_pending_token: "",
|
|
profile_ids: [ "99999999" ]
|
|
}
|
|
|
|
assert_redirected_to new_wise_item_path
|
|
end
|
|
|
|
test "link_profiles redirects to new when encrypted token is tampered" do
|
|
Provider::Wise.any_instance.stubs(:get_profiles).returns(@valid_profiles)
|
|
post wise_items_url, params: { wise_item: { token: "live_token_abc" } }
|
|
|
|
post link_profiles_wise_items_url, params: {
|
|
encrypted_pending_token: "tampered_garbage_value",
|
|
profile_ids: [ "99999999" ]
|
|
}
|
|
|
|
assert_redirected_to new_wise_item_path
|
|
end
|
|
end
|