fix(auth): update getRecallerId to cast ID to int

[hasbi-ashshidiq23]

Background

Users reported being unable to redeem rewards using points, receiving this error:

"Gagal membuka order. Mohon untuk menghubungi Tim Development untuk segera mengatasi masalah ini."

After tracing the execution flow inside OrderStoreAction, the issue originates from this invariant check:

// Dicoding/Domain/Order/Contracts/Order.php:127
public function setOrderer(Member $orderer)
{
    if ($this->getOrdererId() !== $orderer->getId()) {
        throw new InvariantException('ORDER.INVALID_ORDERER');
    }

    $this->orderer = $orderer;
}

Why does this comparison fail?

getOrdererId() and $orderer->getId() should represent the same authenticated user ID — but:

• getOrdererId() → string "283"
• $orderer->getId() → integer 283

Because the comparison uses strict (!==), the mismatch throws ORDER.INVALID_ORDERER.

---

Root Cause

getOrdererId() gets its value from Auth::id().
And Auth::id() pulls the ID from Illuminate/Auth/Guard::id() in two ways:

$id = $this->session->get($this->getName(), $this->getRecallerId());

Meaning:

• If the session is active, $id comes from the session
• If the session is expired, it falls back to getRecallerId()

getRecallerId() extracts the user ID from the “remember me” cookie:

// remember me token example: "283|token"
return head(explode('|', $recaller));

This function returns the head as a string, so Auth::id() becomes a string whenever the user is authenticated via the "remember me" cookie.

This creates the strict-comparison mismatch in Order::setOrderer().

Changes Introduced

• Cast getRecallerId() return value to int
  Ensures consistent data type for user IDs returned by Auth::id(), regardless of session state.
• Added a test verifying that when session value is missing and authentication falls back to the remember-me recaller Auth::id() always returns an integer

This prevents regressions and ensures type consistency across the authentication layer.

Impact

• Fixes reward redemption failures caused by the mismatched strict comparison.
• Ensures consistent integer IDs from Laravel’s authentication guard.
• Prevents future silent failures in domain logic that rely on strict ID checks.

Detailed documentation: https://www.notion.so/dicoding/Root-Cause-Analysis-Auth-id-Returning-string-2bd92c6a7b91804cb18dc435f77fdc58

[rizqyhi]

All good ya @hasbi-ashshidiq23 👍

[hasbi-ashshidiq23]

mantap mang @rizqyhi terimakasih bantuannya