Merge pull request #33340 from overleaf/rh-pause-block

Prevent calls to pause endpoint if pause-subscription not enabled GitOrigin-RevId: 6efd00391576441b3104e34def2e5ad110dcc853
2026-05-23 17:19:37 +02:00 · 2026-05-06 13:44:58 +01:00
parent a6c8ce32c3
commit 5c348078c2
2 changed files with 37 additions and 0 deletions
--- a/services/web/app/src/Features/Subscription/SubscriptionController.mjs
+++ b/services/web/app/src/Features/Subscription/SubscriptionController.mjs
@@ -399,6 +399,14 @@ const pauseSubscriptionSchema = z.object({
 */
 async function pauseSubscription(req, res, next) {
  const user = SessionManager.getSessionUser(req.session)
+  const { variant } = await SplitTestHandler.promises.getAssignment(
+    req,
+    res,
+    'pause-subscription'
+  )
+  if (variant !== 'enabled') {
+    return HttpErrorHandler.forbidden(req, res)
+  }
  const { params } = parseReq(req, pauseSubscriptionSchema)
  const pauseCycles = params.pauseCycles
  if (pauseCycles < 0) {
--- a/services/web/test/unit/src/Subscription/SubscriptionController.test.mjs
+++ b/services/web/test/unit/src/Subscription/SubscriptionController.test.mjs
@@ -283,6 +283,10 @@ describe('SubscriptionController', function () {
          res.status(400)
          res.json({ message })
        }),
+        forbidden: sinon.stub().callsFake((req, res, message) => {
+          res.status(403)
+          res.json({ message })
+        }),
      }),
    }))

@@ -679,6 +683,12 @@ describe('SubscriptionController', function () {
  })

  describe('pauseSubscription', function () {
+    beforeEach(function (ctx) {
+      ctx.SplitTestV2Hander.promises.getAssignment
+        .withArgs(sinon.match.any, sinon.match.any, 'pause-subscription')
+        .resolves({ variant: 'enabled' })
+    })
+
    it('should throw an error if no pause length is provided', async function (ctx) {
      ctx.res = new MockResponse(vi)
      ctx.req = new MockRequest(vi)
@@ -713,6 +723,25 @@ describe('SubscriptionController', function () {
      )
      expect(ctx.res.statusCode).to.equal(200)
    })
+
+    it('should return a 403 when the pause-subscription feature flag is not enabled', async function (ctx) {
+      ctx.SplitTestV2Hander.promises.getAssignment
+        .withArgs(sinon.match.any, sinon.match.any, 'pause-subscription')
+        .resolves({ variant: 'default' })
+      ctx.res = new MockResponse(vi)
+      ctx.req = new MockRequest(vi)
+      ctx.req.params = { pauseCycles: '3' }
+      ctx.next = sinon.stub()
+      await ctx.SubscriptionController.pauseSubscription(
+        ctx.req,
+        ctx.res,
+        ctx.next
+      )
+      expect(ctx.res.statusCode).to.equal(403)
+      expect(
+        ctx.SubscriptionHandler.promises.pauseSubscription.called
+      ).to.equal(false)
+    })
  })

  describe('resumeSubscription', function () {