Task #800
openEpic #786: Square Payment Gateway Integration
Feature #798: Service Pack Payments
Pricing Validation
0%
Description
Before initiating payment, validate service pack pricing against database values to prevent tampering. Ensure backend is the source of truth for pricing, not frontend.
Updated by Deeksha Singh about 2 months ago
Module: Pricing Validation (Service Pack)
TC_ID: SP_PRICE_01
Title: Verify payment uses backend price instead of frontend value
Preconditions: Service pack exists with price in DB
Steps:
Open UI and select service pack
Intercept request and modify price (lower value)
Send payment request
Test Data: UI price = 100, Modified = 10
Expected Result: Backend ignores modified value and uses original DB price
TC_ID: SP_PRICE_02
Title: Verify correct price fetched from database during payment
Preconditions: Valid service pack
Steps:
Initiate payment
Capture backend request processing
Test Data: Service pack price in DB
Expected Result: Price used matches database value
TC_ID: SP_PRICE_03
Title: Verify payment fails when price mismatch detected
Preconditions: Price tampering attempted
Steps:
Modify request price
Initiate payment
Test Data: Altered price
Expected Result: Payment is rejected with validation error
TC_ID: SP_PRICE_04
Title: Verify price consistency between UI and backend
Preconditions: Service pack configured
Steps:
Check displayed price on UI
Trigger payment
Compare with backend value
Test Data: Service pack
Expected Result: UI price matches backend price
TC_ID: SP_PRICE_05
Title: Verify handling of invalid or missing price
Preconditions: Corrupted or missing price data
Steps:
Attempt payment
Test Data: Null/zero price
Expected Result: Payment blocked with appropriate error
TC_ID: SP_PRICE_06
Title: Verify price validation for multiple service packs
Preconditions: Multiple service packs available
Steps:
Select different service packs
Initiate payments
Test Data: Multiple prices
Expected Result: Correct DB price used for each service pack
TC_ID: SP_PRICE_07
Title: Verify no direct price input accepted from frontend
Preconditions: API accessible
Steps:
Send manual API request with custom price
Test Data: Custom price field
Expected Result: Backend ignores or rejects frontend price field
TC_ID: SP_PRICE_08
Title: Verify logging for price mismatch attempts
Preconditions: Logging enabled
Steps:
Attempt price tampering
Check logs
Test Data: Altered request
Expected Result: Mismatch attempt logged for audit
Updated by Deeksha Singh about 1 month ago
- Status changed from New to Ready for Client