checked epic 11 sroeies with scrum masters and applied fixes

2026-01-03 18:54:53 +02:00 · 2026-01-03 18:54:53 +02:00 · 393acde340
parent bd27a3a876
commit 393acde340
2 changed files with 796 additions and 171 deletions
--- a/docs/stories/story-11.2-public-booking-form.md
+++ b/docs/stories/story-11.2-public-booking-form.md
@ -593,10 +593,77 @@ test('invalid captcha prevents submission', function () {
        ->call('showConfirm')
        ->assertHasErrors(['captchaAnswer']);
 });
+
+test('rate limiting prevents excessive booking attempts', function () {
+    $ipKey = 'guest-booking:127.0.0.1';
+
+    // Exhaust the rate limit (5 attempts)
+    for ($i = 0; $i < 5; $i++) {
+        RateLimiter::hit($ipKey, 60 * 60 * 24);
+    }
+
+    WorkingHour::factory()->create([
+        'day_of_week' => now()->addDay()->dayOfWeek,
+        'is_active' => true,
+        'start_time' => '09:00',
+        'end_time' => '17:00',
+    ]);
+
+    $date = now()->addDay()->format('Y-m-d');
+
+    $component = Volt::test('pages.booking')
+        ->call('selectSlot', $date, '09:00')
+        ->set('guestName', 'John Doe')
+        ->set('guestEmail', 'john@example.com')
+        ->set('guestPhone', '+970599123456')
+        ->set('problemSummary', 'I need legal advice regarding a contract dispute with my employer.')
+        ->set('captchaAnswer', session('captcha_answer'))
+        ->call('showConfirm')
+        ->call('submit')
+        ->assertHasErrors(['guestEmail']);
+
+    RateLimiter::clear($ipKey);
+});
+
+test('slot taken during submission shows error', function () {
+    WorkingHour::factory()->create([
+        'day_of_week' => now()->addDay()->dayOfWeek,
+        'is_active' => true,
+        'start_time' => '09:00',
+        'end_time' => '17:00',
+    ]);
+
+    $date = now()->addDay()->format('Y-m-d');
+
+    // Start the booking process
+    $component = Volt::test('pages.booking')
+        ->call('selectSlot', $date, '09:00')
+        ->set('guestName', 'John Doe')
+        ->set('guestEmail', 'john@example.com')
+        ->set('guestPhone', '+970599123456')
+        ->set('problemSummary', 'I need legal advice regarding a contract dispute with my employer.')
+        ->set('captchaAnswer', session('captcha_answer'))
+        ->call('showConfirm')
+        ->assertSet('showConfirmation', true);
+
+    // Simulate another booking taking the slot before submission
+    Consultation::factory()->guest()->create([
+        'booking_date' => $date,
+        'booking_time' => '09:00',
+        'status' => ConsultationStatus::Pending,
+    ]);
+
+    // Try to submit - should fail with slot taken error
+    $component->call('submit')
+        ->assertHasErrors(['selectedTime']);
+});
 ```

 ## Dependencies
- Story 11.1 (Database Schema & Model Updates)
+- Story 11.1 (Database Schema & Model Updates) - provides guest fields on Consultation model
+- Story 11.3 (Guest Notifications) - provides `GuestBookingSubmittedMail` and `NewBookingAdminEmail` mailable classes
+
+**Note:** The mailable classes used in this story (`GuestBookingSubmittedMail`, `NewBookingAdminEmail`) are created in Story 11.3. During implementation, either implement Story 11.3 first or create stub mailable classes temporarily.

 ## Definition of Done
 - [ ] Guest booking form functional at `/booking`
--- a/docs/stories/story-11.3-guest-notifications-admin.md
+++ b/docs/stories/story-11.3-guest-notifications-admin.md