fix auth completion and payment resume hardening

2026-05-05 05:30:44 +08:00 · 2026-04-21 08:23:26 +08:00
parent f11b7d5105
commit 09351e9459
8 changed files with 199 additions and 47 deletions
--- a/frontend/src/views/user/tests/PaymentResultView.spec.ts
+++ b/frontend/src/views/user/tests/PaymentResultView.spec.ts
@@ -225,16 +225,13 @@ describe('PaymentResultView', () => {
    expect(verifyOrder).not.toHaveBeenCalled()
  })

-  it('keeps legacy out_trade_no verification as a fallback when no order context is available', async () => {
+  it('does not use anonymous out_trade_no verification when no signed resume context is available', async () => {
    routeState.query = {
      out_trade_no: 'legacy-123',
      trade_status: 'TRADE_SUCCESS',
    }
-    verifyOrderPublic.mockResolvedValue({
-      data: orderFactory('PAID'),
-    })

-    const wrapper = mount(PaymentResultView, {
+    mount(PaymentResultView, {
      global: {
        stubs: {
          OrderStatusBadge: true,
@@ -244,8 +241,8 @@ describe('PaymentResultView', () => {

    await flushPromises()

-    expect(verifyOrderPublic).toHaveBeenCalledWith('legacy-123')
-    expect(wrapper.text()).toContain('payment.result.success')
+    expect(verifyOrderPublic).not.toHaveBeenCalled()
+    expect(verifyOrder).not.toHaveBeenCalled()
  })

  it('does not use public out_trade_no verification for bare order numbers without legacy return markers', async () => {