ldraney/basketball-api
1
0
Fork 0
Code Issues 90 Pull requests 11 Projects Releases Packages Wiki Activity Actions

Legacy jersey webhook handler missing payment_status guard #267

New issue
Open
opened 2026-03-31 00:21:49 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-31 00:21:49 +00:00
Contributor
Copy link

Type

Bug

Lineage

Discovered scope from QA review of basketball-api PR #266 (2026-03-30).

Repo

forgejo_admin/basketball-api

What Broke

_handle_jersey_checkout_completed in routes/webhooks.py is a legacy handler that marks players as paid without checking payment_status == "paid" first. PR #266 fixed this in _handle_generic_order_completed but the legacy handler was not updated.

Repro Steps

  1. Stripe fires checkout.session.completed for a legacy jersey checkout
  2. Legacy handler processes event without checking payment_status
  3. Player could be marked as paid before payment actually completes

Expected Behavior

Legacy handler should check payment_status == "paid" before updating player/order records, matching the pattern fixed in PR #266.

Environment

  • Cluster/namespace: prod / basketball-api
  • Service version: latest main (post PR #266)

Acceptance Criteria

  • _handle_jersey_checkout_completed guards on payment_status == "paid"
  • Existing tests updated to cover this path

Related

  • project-westside-basketball
  • story:WS-S18
  • basketball-api PR #266 -- fixed the generic handler but not this legacy one
### Type Bug ### Lineage Discovered scope from QA review of basketball-api PR #266 (2026-03-30). ### Repo `forgejo_admin/basketball-api` ### What Broke `_handle_jersey_checkout_completed` in `routes/webhooks.py` is a legacy handler that marks players as paid without checking `payment_status == "paid"` first. PR #266 fixed this in `_handle_generic_order_completed` but the legacy handler was not updated. ### Repro Steps 1. Stripe fires checkout.session.completed for a legacy jersey checkout 2. Legacy handler processes event without checking payment_status 3. Player could be marked as paid before payment actually completes ### Expected Behavior Legacy handler should check `payment_status == "paid"` before updating player/order records, matching the pattern fixed in PR #266. ### Environment - Cluster/namespace: prod / basketball-api - Service version: latest main (post PR #266) ### Acceptance Criteria - [ ] `_handle_jersey_checkout_completed` guards on `payment_status == "paid"` - [ ] Existing tests updated to cover this path ### Related - `project-westside-basketball` - story:WS-S18 - basketball-api PR #266 -- fixed the generic handler but not this legacy one
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/payment-links-outstanding-balance
monthly-payment-email-may
510-grant-tournament-tables-to-ro-role
458-skip-proration-v2
458-skip-proration
466-cherry-pick-first-payment
458-merge-first-payment-blast
369-first-payment-email-blast
408-player-nickname
313-local-first-week-email
320-mjml-sponsor-outreach-template
270-contract-reminder-email
205-clean-test-data-from-production-db-playe
114-email-verification
147-feat-add-get-jersey-player-info-endpoint
124-feat-many-to-many-player-team-assignment
125-feat-add-new-players-manually-seydou-gou
126-feat-team-placement-congratulations-emai
121-admin-teams-spa-endpoints
70-add-graduating-class-to-roster-api-respo
59-fix-auth-test
62-phase-4l-sveltekit-dashboard-wkq-tailsca
11-phase-1a-fix-ci-pipeline-venv-in-test-st
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/basketball-api#267
No description provided.