Merge branch 'dev/qit-e2e-shopper-specs-migration' into dev/qit-e2e-merchant-specs-migration

Author: mgascam

tests/qit/e2e/bootstrap/class-wp-cli-qit-dev-command.php

@@ -33,6 +33,12 @@ class WP_CLI_QIT_Dev_Command {
 	 * @param array $assoc_args Associative arguments passed to the command.
 	 */
 	public function qit_jetpack_connection( array $args, array $assoc_args ): void {
+		// Safety check: Only allow in local/development environments.
+		$environment_type = function_exists( 'wp_get_environment_type' ) ? wp_get_environment_type() : 'production';
+		if ( 'local' !== $environment_type && 'development' !== $environment_type ) {
+			\WP_CLI::error( 'This command can only be run in local or development environments for safety.' );
+		}
+
 		if ( empty( $args[0] ) || ! is_numeric( $args[0] ) ) {
 			\WP_CLI::error( 'Please provide a numeric blog ID.' );
 		}
@@ -71,6 +77,36 @@ public function qit_jetpack_connection( array $args, array $assoc_args ): void {
 		\WP_CLI::line( 'Account data fetched from server based on Jetpack connection' );
 	}
 
+	/**
+	 * Shows Jetpack connection status for WooPayments QIT testing.
+	 *
+	 * @when after_wp_load
+	 */
+	public function qit_jetpack_status(): void {
+		// Safety check: Only allow in local/development environments.
+		$environment_type = function_exists( 'wp_get_environment_type' ) ? wp_get_environment_type() : 'production';
+		if ( 'local' !== $environment_type && 'development' !== $environment_type ) {
+			\WP_CLI::error( 'This command can only be run in local or development environments for safety.' );
+		}
+
+		\WP_CLI::line( '=== QIT Jetpack Connection Status ===' );
+
+		if ( class_exists( 'Jetpack_Options' ) ) {
+			$blog_id = Jetpack_Options::get_option( 'id' );
+			\WP_CLI::line( 'Blog ID: ' . ( $blog_id ? $blog_id : 'Not Set' ) );
+		}
+
+		if ( class_exists( 'WC_Payments' ) ) {
+			$database_cache = \WC_Payments::get_database_cache();
+			if ( $database_cache ) {
+				$account_data = $database_cache->get( Database_Cache::ACCOUNT_KEY );
+				\WP_CLI::line( 'Account Data: ' . ( $account_data ? 'Present' : 'Not Set' ) );
+			}
+		}
+
+		\WP_CLI::line( 'Dev Mode: ' . ( get_option( 'wcpaydev_dev_mode' ) ? 'Enabled' : 'Disabled' ) );
+	}
+
 	/**
 	 * Configures Jetpack connection options.
 	 *
@@ -104,6 +140,23 @@ private function enable_dev_mode(): void {
 
 	/**
 	 * Forces WCP test mode by setting filters and gateway settings.
+	 *
+	 * DEFENSE IN DEPTH STRATEGY:
+	 * This method uses multiple independent mechanisms to ensure test mode is active.
+	 * While WP_ENVIRONMENT_TYPE=development automatically enables dev mode (see WCPay\Core\Mode),
+	 * we explicitly set test mode through multiple layers for maximum safety:
+	 *
+	 * 1. WordPress filters - Override mode detection at runtime
+	 * 2. Gateway settings - Persist test mode in database
+	 * 3. Onboarding service - Set test mode at service layer
+	 *
+	 * This redundancy protects against:
+	 * - Changes to Mode class logic
+	 * - Filter overrides by other code
+	 * - Environment variable changes
+	 * - Accidental live mode activation
+	 *
+	 * All mechanisms must fail for live mode to activate - acceptable tradeoff for test safety.
 	 */
 	private function force_test_mode(): void {
 		// Force test mode onboarding and test mode since we're using a test account.
@@ -157,28 +210,4 @@ private function refresh_account_data(): void {
 			\WP_CLI::warning( 'Account refresh failed: ' . $e->getMessage() );
 		}
 	}
-
-	/**
-	 * Shows Jetpack connection status for WooPayments QIT testing.
-	 *
-	 * @when after_wp_load
-	 */
-	public function qit_jetpack_status(): void {
-		\WP_CLI::line( '=== QIT Jetpack Connection Status ===' );
-
-		if ( class_exists( 'Jetpack_Options' ) ) {
-			$blog_id = Jetpack_Options::get_option( 'id' );
-			\WP_CLI::line( 'Blog ID: ' . ( $blog_id ? $blog_id : 'Not Set' ) );
-		}
-
-		if ( class_exists( 'WC_Payments' ) ) {
-			$database_cache = \WC_Payments::get_database_cache();
-			if ( $database_cache ) {
-				$account_data = $database_cache->get( Database_Cache::ACCOUNT_KEY );
-				\WP_CLI::line( 'Account Data: ' . ( $account_data ? 'Present' : 'Not Set' ) );
-			}
-		}
-
-		\WP_CLI::line( 'Dev Mode: ' . ( get_option( 'wcpaydev_dev_mode' ) ? 'Enabled' : 'Disabled' ) );
-	}
 }

tests/qit/e2e/bootstrap/setup.sh

@@ -8,8 +8,8 @@ IFS=$'\n\t'
 
 echo "Setting up WooPayments for E2E testing..."
 
-# Ensure environment is marked as local so dev-only CLI commands are available
-wp config set WP_ENVIRONMENT_TYPE local --quiet 2>/dev/null || true
+# Ensure environment is marked as development so dev-only CLI commands are available
+wp config set WP_ENVIRONMENT_TYPE development --quiet 2>/dev/null || true
 
 echo "Installing WordPress importer for sample data..."
 if ! wp plugin is-installed wordpress-importer >/dev/null 2>&1; then