effective_orders 1.0.0

data/Rakefile

@@ -0,0 +1,24 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+# Our tasks
+load 'lib/tasks/effective_orders_tasks.rake'
+
+# Testing tasks
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+require "bundler/vendored_thor"
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec

data/app/assets/javascripts/effective_orders/shipping_address_toggle.js.coffee

@@ -0,0 +1,30 @@
+hideShippingAddressFields = (shipping_address) ->
+  shipping_address.hide().find('input,select').prop('required', false)
+
+showShippingAddressFields = (shipping_address) ->
+  shipping_address.show().find("input:not([name$='[address2]']),select:not([name$='[state_code]'])").prop('required', true)
+
+initShippingAddressFields = ->
+  effective_order = $('.effective-order').first()
+
+  if effective_order.length > 0
+    shipping_address_same_as_billing = effective_order.find('#effective_order_shipping_address_same_as_billing')
+    shipping_address = effective_order.find('.shipping_address_fields')
+
+    if shipping_address_same_as_billing.length > 0 && shipping_address.length > 0
+      if shipping_address_same_as_billing.is(':checked')
+        hideShippingAddressFields(shipping_address)
+      else
+        showShippingAddressFields(shipping_address)
+
+$ -> initShippingAddressFields()
+$(document).on 'page:change', -> initShippingAddressFields()
+
+$(document).on 'change', '#effective_order_shipping_address_same_as_billing', (event) ->
+  obj = $(event.currentTarget)
+  shipping_address = obj.closest('form').find('.shipping_address_fields')
+
+  if obj.is(':checked')
+    hideShippingAddressFields(shipping_address)
+  else
+    showShippingAddressFields(shipping_address)

data/app/assets/javascripts/effective_orders/stripe_charges.js.coffee

@@ -0,0 +1,26 @@
+stripeCheckoutHandler = (key, form) ->
+  StripeCheckout.configure
+    key: key
+    token: (token, args) ->
+      if token.error
+        form.find("input[type='submit']").prop('disabled', false)
+        alert("An error ocurred when contacting Stripe.  Your card has not been charged.  Please refresh the page and try again. #{token.error.message}")
+      else
+        form.find("input[type='submit']").prop('disabled', true)
+        form.find('input#effective_stripe_charge_token').val('' + token['id'])
+        form.submit()
+
+$(document).on 'click', "#effective-orders-new-charge-form form input[type='submit']", (event) ->
+  event.preventDefault()
+
+  obj = $('#effective-orders-new-charge-form')
+  form = obj.find('form').first()
+
+  form.find("input[type='submit']").prop('disabled', true)
+
+  stripeCheckoutHandler(obj.data('stripe-publishable-key'), form).open
+    name: obj.data('site-title')
+    email: obj.data('user-email')
+    description: obj.data('description')
+    amount: obj.data('amount')
+    closed: -> form.find("input[type='submit']").prop('disabled', false)

data/app/assets/javascripts/effective_orders/stripe_subscriptions.js.coffee

@@ -0,0 +1,28 @@
+stripeCheckoutHandler = (key, form) ->
+  StripeCheckout.configure
+    key: key
+    token: (token, args) ->
+      if token.error
+        form.find("input[type='submit']").prop('disabled', false)
+        alert("An error ocurred when contacting Stripe.  Your card has not been charged.  Please refresh the page and try again. #{token.error.message}")
+      else
+        form.find("input[type='submit']").prop('disabled', true)
+        form.find('input#effective_stripe_subscription_token').val('' + token['id'])
+        form.submit()
+
+$(document).on 'click', "#effective-orders-new-subscription-form form input[type='submit']", (event) ->
+  event.preventDefault()
+
+  obj = $('#effective-orders-new-subscription-form')
+  form = obj.find('form').first()
+  plan = form.find('option:selected')
+
+  if plan.length > 0
+    form.find("input[type='submit']").prop('disabled', true)
+
+    stripeCheckoutHandler(obj.data('stripe-publishable-key'), form).open
+      name: obj.data('site-title')
+      email: obj.data('user-email')
+      description: plan.text()
+      panelLabel: 'Start Subscription'
+      closed: -> form.find("input[type='submit']").prop('disabled', false)

data/app/assets/javascripts/effective_orders.js

@@ -0,0 +1,2 @@
+//= require_tree ./effective_orders
+

data/app/assets/stylesheets/effective_orders/_order.scss

@@ -0,0 +1,30 @@
+.effective-order {
+  .table {
+    clear: both;
+
+    tfoot {
+      > tr:first-child {
+        border-top: 20px solid transparent;
+      }
+
+      th {
+        border: none;
+        text-align: right;
+        padding-right: 65px;
+      }
+
+      .actions { border: none; }
+    }
+
+    .price { text-align: right; }
+  }
+
+  .effective-stripe-subscription {
+    input {
+      margin-top: 5px;
+      width: 30%;
+      min-width: 200px;
+    }
+  }
+
+}

data/app/assets/stylesheets/effective_orders.css.scss

@@ -0,0 +1 @@
+@import "effective_orders/order";

data/app/controllers/admin/customers_controller.rb

@@ -0,0 +1,15 @@
+module Admin
+  class CustomersController < ApplicationController
+    before_filter :authenticate_user!   # This is devise, ensure we're logged in.
+
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_customers] : EffectiveOrders.layout)
+    
+    def index
+      @datatable = Effective::Datatables::Customers.new() if defined?(EffectiveDatatables)
+      @page_title = 'Customers'
+
+      EffectiveOrders.authorized?(self, :index, Effective::Customer)
+    end
+
+  end
+end

data/app/controllers/admin/orders_controller.rb

@@ -0,0 +1,22 @@
+module Admin
+  class OrdersController < ApplicationController
+    before_filter :authenticate_user!   # This is devise, ensure we're logged in.
+
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_orders] : EffectiveOrders.layout)
+
+    def index
+      @datatable = Effective::Datatables::Orders.new() if defined?(EffectiveDatatables)
+      @page_title = 'Orders'
+
+      EffectiveOrders.authorized?(self, :index, Effective::Order)
+    end
+
+    def show
+      @order = Effective::Order.find(params[:id])
+      @page_title = "Order ##{@order.to_param}"
+
+      EffectiveOrders.authorized?(self, :show, @order)
+    end
+
+  end
+end

data/app/controllers/effective/carts_controller.rb

@@ -0,0 +1,70 @@
+module Effective
+  class CartsController < ApplicationController
+    include EffectiveCartsHelper
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:carts] : EffectiveOrders.layout)
+
+    def show
+      @cart = current_cart
+      @page_title ||= 'Shopping Cart'
+      EffectiveOrders.authorized?(self, :show, @cart)
+    end
+
+    def destroy
+      @cart = current_cart
+
+      EffectiveOrders.authorized?(self, :destroy, @cart)
+
+      if @cart.destroy
+        flash[:success] = 'Successfully emptied cart'
+      else
+        flash[:danger] = 'Unable to destroy cart:' + e.message
+      end
+
+      request.referrer ? (redirect_to :back) : (redirect_to effective_orders.cart_path)
+    end
+
+    def add_to_cart
+      @purchasable = (add_to_cart_params[:purchasable_type].constantize.find(add_to_cart_params[:purchasable_id].to_i) rescue nil)
+
+      EffectiveOrders.authorized?(self, :update, current_cart)
+
+      begin
+        raise "please select a valid #{add_to_cart_params[:purchasable_type] || 'item' }" unless @purchasable
+
+        current_cart.add_to_cart(@purchasable, [add_to_cart_params[:quantity].to_i, 1].max)
+        flash[:success] = 'Successfully added item to cart'
+      rescue EffectiveOrders::SoldOutException
+        flash[:warning] = 'This item is sold out'
+      rescue => e
+        flash[:danger] = 'Unable to add item to cart: ' + e.message
+      end
+
+      request.referrer ? (redirect_to :back) : (redirect_to effective_orders.cart_path)
+    end
+
+    def remove_from_cart
+      @cart_item = current_cart.cart_items.find(remove_from_cart_params[:id])
+
+      EffectiveOrders.authorized?(self, :update, current_cart)
+
+      if @cart_item.destroy
+        flash[:success] = 'Successfully removed item from cart'
+      else
+        flash[:danger] = 'Unable to remove item from cart: ' + e.message
+      end
+
+      request.referrer ? (redirect_to :back) : (redirect_to effective_orders.cart_path)
+    end
+
+    private
+
+    def add_to_cart_params
+      params.permit(:purchasable_type, :purchasable_id, :quantity)
+    end
+
+    def remove_from_cart_params
+      params.permit(:id)
+    end
+
+  end
+end

data/app/controllers/effective/orders_controller.rb

@@ -0,0 +1,191 @@
+module Effective
+  class OrdersController < ApplicationController
+    include EffectiveCartsHelper
+
+    include Providers::Moneris if EffectiveOrders.moneris_enabled
+    include Providers::Paypal if EffectiveOrders.paypal_enabled
+    include Providers::Stripe if EffectiveOrders.stripe_enabled
+    include Providers::StripeConnect if EffectiveOrders.stripe_connect_enabled
+
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:orders] : EffectiveOrders.layout)
+
+    before_filter :authenticate_user!, :except => [:paypal_postback]
+    before_filter :set_page_title
+
+    # This is the entry point for the "Checkout" buttons
+    def new
+      @order ||= Order.new(current_cart, current_user)
+
+      EffectiveOrders.authorized?(self, :new, @order)
+
+      # We're only going to check for a subset of errors on this step,
+      # with the idea that we don't want to create an Order object if the Order is totally invalid
+      @order.valid?
+
+      if @order.errors[:order_items].present?
+        flash[:danger] = @order.errors[:order_items].first
+        redirect_to effective_orders.cart_path
+      elsif @order.errors[:total].present?
+        flash[:danger] = @order.errors[:total].first.gsub(EffectiveOrders.minimum_charge.to_i.to_s, view_context.price_to_currency(EffectiveOrders.minimum_charge.to_i))
+        redirect_to effective_orders.cart_path
+      end
+    end
+
+    def create
+      @order = Order.new(current_cart, current_user)
+      @order.attributes = order_params
+      @order.shipping_address = @order.billing_address if @order.shipping_address_same_as_billing?
+
+      EffectiveOrders.authorized?(self, :create, @order)
+
+      Effective::Order.transaction do
+        begin
+          if @order.save_billing_address? && @order.user.respond_to?(:billing_address)
+            @order.user.billing_address = @order.billing_address
+          end
+
+          if @order.save_shipping_address? && @order.user.respond_to?(:shipping_address)
+            @order.user.shipping_address = @order.shipping_address
+          end
+
+          @order.save!
+
+          if @order.total < 0.01 && @order.total >= 0.00 && EffectiveOrders.allow_free_orders
+            order_purchased('zero-dollar order')
+          else
+            redirect_to(effective_orders.order_path(@order))
+          end
+
+          return
+        rescue => e
+          Rails.logger.info e.message
+          flash[:danger] = "An error has ocurred. Please try again. Message: #{e.message}"
+          raise ActiveRecord::Rollback
+        end
+      end
+
+      render :action => :new
+    end
+
+    def show
+      @order = Order.find(params[:id])
+      EffectiveOrders.authorized?(self, :show, @order)
+
+      if @order.purchased? == false
+        @page_title = 'Checkout'
+        render(:checkout) and return
+      end
+
+    end
+
+    def index
+      redirect_to effective_orders.my_purchases_path
+    end
+
+    # Basically an index page.
+    # Purchases is an Order History page.  List of purchased orders
+    def my_purchases
+      @orders = Order.purchased_by(current_user)
+
+      EffectiveOrders.authorized?(self, :index, Effective::Order)
+    end
+
+    # Sales is a list of what products beign sold by me have been purchased
+    def my_sales
+      @order_items = OrderItem.sold_by(current_user)
+
+      EffectiveOrders.authorized?(self, :index, Effective::Order)
+    end
+
+    # Thank you for Purchasing this Order.  This is where a successfully purchased order ends up
+    def purchased # Thank You!
+      @order = Order.find(params[:id])
+      EffectiveOrders.authorized?(self, :show, @order)
+    end
+
+    # An error has occurred, please try again
+    def declined # An error occurred!
+      @order = Order.find(params[:id])
+      EffectiveOrders.authorized?(self, :show, @order)
+    end
+
+    def resend_buyer_receipt
+      @order = Effective::Order.find(params[:id])
+      EffectiveOrders.authorized?(self, :show, @order)
+
+      if (Effective::OrdersMailer.order_receipt_to_buyer(@order).deliver rescue false)
+        flash[:success] = "Successfully resent order receipt to #{@order.user.email}"
+      else
+        flash[:danger] = "Unable to send order receipt"
+      end
+
+      begin
+        redirect_to :back
+      rescue => e
+        redirect_to effective_orders.admin_orders_path
+      end
+    end
+
+    def pretend_purchase
+      if Rails.env.development? || EffectiveOrders.allow_pretend_purchase_in_production
+        @order = Order.find(params[:id])
+        EffectiveOrders.authorized?(self, :update, @order)
+        order_purchased('for pretend', params[:purchased_redirect_url], params[:declined_redirect_url])
+      end
+    end
+
+    protected
+
+    def order_purchased(details = nil, redirect_url = nil, declined_redirect_url = nil)
+      begin
+        @order.purchase!(details)
+        current_cart.try(:destroy)
+
+        flash[:success] = "Successfully purchased order"
+
+        redirect_to (redirect_url.presence || effective_orders.order_purchased_path(@order)).gsub(':id', @order.id.to_s)
+      rescue => e
+        binding.pry
+        flash[:danger] = "Unable to process your order.  Your card has not been charged.  Your Cart items have been restored.  Please try again.  Error Message: #{e.message}"
+        redirect_to (declined_redirect_url.presence || effective_orders.cart_path).gsub(':id', @order.id.to_s)
+      end
+    end
+
+    def order_declined(details = nil, redirect_url = nil)
+      @order.decline!(details) rescue nil
+
+      flash[:danger] = "Unable to process your order.  Your Cart items have been restored."
+
+      redirect_to (redirect_url.presence || effective_orders.order_declined_path(@order)).gsub(':id', @order.id.to_s)
+    end
+
+    private
+
+    # StrongParameters
+    def order_params
+      begin
+        params.require(:effective_order).permit(
+          :save_billing_address, :save_shipping_address, :shipping_address_same_as_billing,
+          :billing_address => [:full_name, :address1, :address2, :city, :country_code, :state_code, :postal_code],
+          :shipping_address => [:full_name, :address1, :address2, :city, :country_code, :state_code, :postal_code],
+          :user_attributes => (EffectiveOrders.collect_user_fields || []),
+          :order_items_attributes => [:stripe_coupon_id, :class, :id]
+        )
+      rescue => e
+        params[:effective_order] || {}
+      end
+    end
+
+    def set_page_title
+      @page_title ||= case params[:action]
+        when 'my_purchases' ; 'Order History'
+        when 'my_sales'     ; 'Sales History'
+        when 'purchased'    ; 'Thank You'
+        when 'declined'     ; 'Unable to process payment'
+        when 'show'         ; 'Order Receipt'
+        else 'Checkout'
+      end
+    end
+
+  end
+end

data/app/controllers/effective/providers/moneris.rb

@@ -0,0 +1,94 @@
+module Effective
+  module Providers
+    module Moneris
+      extend ActiveSupport::Concern
+
+      included do
+        prepend_before_filter :find_authenticity_token_from_moneris, :only => [:moneris_postback]
+      end
+
+      def moneris_postback
+        @order ||= Effective::Order.find(params[:response_order_id].to_i - EffectiveOrders.moneris[:order_nudge].to_i)
+
+        EffectiveOrders.authorized?(self, :update, @order)
+
+        # Store the Order Nudge if present, so we can have this information in our order_purchased hash
+        params[:order_nudge] = EffectiveOrders.moneris[:order_nudge] if EffectiveOrders.moneris[:order_nudge].to_i > 0
+
+        # Delete the Purchased and Declined Redirect URLs
+        purchased_redirect_url = params.delete(:rvar_purchased_redirect_url)
+        declined_redirect_url = params.delete(:rvar_declined_redirect_url)
+
+        if params[:result].to_s == '1' && params[:transactionKey].present?
+          verify_params = parse_moneris_response(send_moneris_verify_request(params[:transactionKey])) || {}
+
+          response_code = verify_params[:response_code].to_i # Sometimes moneris sends us the string 'null'
+
+          if response_code > 0 && response_code < 50  # Less than 50 means a successful validation
+            order_purchased(params.merge(verify_params), purchased_redirect_url)
+          else
+            order_declined(params.merge(verify_params), declined_redirect_url)
+          end
+        else
+          order_declined(params, declined_redirect_url)
+        end
+      end
+
+      private
+
+      def parse_moneris_response(text)
+        text.split("<br>").inject(Hash.new()) { |h, i| h[i.split(' ').first.to_sym] = i.split(' ').last ; h } rescue {:response => text}
+      end
+
+      def send_moneris_verify_request(verify_key)
+        `curl -F ps_store_id='#{EffectiveOrders.moneris[:ps_store_id]}' -F hpp_key='#{EffectiveOrders.moneris[:hpp_key]}' -F transactionKey='#{verify_key}' --referer #{effective_orders.moneris_postback_url} #{EffectiveOrders.moneris[:verify_url]}`
+      end
+
+      def find_authenticity_token_from_moneris
+        params[:authenticity_token] = params.delete(:rvar_authenticity_token)
+      end
+
+    end
+  end
+end
+
+
+# Instructions to set up a Test Moneris Store
+
+# https://esqa.moneris.com/mpg/index.php
+
+# demouser
+# store2
+# password
+
+# Click on the ADMIN -> hosted config
+
+# Generate a Version3 Configuration
+
+# This should bring us to a "hosted Paypage Configuration"
+
+# == Basic Configuration ==
+# - Transaction Type: Purchase
+# - Response Method Sent to your server as a POST
+# - Approved URL:  http://ourwebsite.com/orders/moneris_postback
+# - Declined URL:  http://ourwebsite.com/orders/moneris_postback
+
+# == Appearance ==
+# - Display item details
+# - Display customer details
+# - Display billing address details
+# - Display merchant name
+# - Cancel Button Text: Cancel Transaction
+# - Cancel Button URL  http://ourwebsite.com
+
+# == Response Fields ==
+# - Ignore, leave blank, the asynchronous data post
+# - Do not Perform an asynchronous data post.  Leave Async Response URL blank
+
+# == Security ==
+# Add a URL http://ourwebsite.com/orders/new
+# Click YES Enable Transaction Verification
+# Sent to your server as a POST
+# Response URL:  http://ourwebsite.com/orders/moneris_postback
+
+# Displayed as key/value pairs on our server. ????

data/app/controllers/effective/providers/paypal.rb

@@ -0,0 +1,29 @@
+module Effective
+  module Providers
+    module Paypal
+      extend ActiveSupport::Concern
+
+      included do
+        skip_before_filter :verify_authenticity_token, :only => [:paypal_postback]
+      end
+
+      def paypal_postback
+        @order ||= Effective::Order.where(:id => params[:invoice].to_i).first
+
+        EffectiveOrders.authorized?(self, :update, @order)
+
+        if @order.present?
+          if params[:payment_status] == 'Completed' && params[:custom] == EffectiveOrders.paypal[:secret]
+            order_purchased(params)
+          else
+            order_declined(params)
+          end
+        end
+
+        head(:ok)
+      end
+
+
+    end
+  end
+end