effective_orders 2.2.4 → 3.0.0

data/app/controllers/effective/providers/app_checkout.rb

@@ -6,10 +6,12 @@ module Effective
       included do
       end
 
+      # TODO: Make app checkout work with admin checkout workflow
+
       def app_checkout
         @order = Order.find(params[:id])
 
-        (EffectiveOrders.authorized?(self, :update, @order) rescue false)
+        (EffectiveOrders.authorize!(self, :update, @order) rescue false)
 
         checkout = EffectiveOrders.app_checkout[:service].call(order: @order)
         if checkout.success?

data/app/controllers/effective/providers/ccbill.rb

@@ -4,18 +4,16 @@ module Effective
       extend ActiveSupport::Concern
 
       included do
-        if respond_to?(:skip_before_action)
-          skip_before_action :verify_authenticity_token, only: [:ccbill_postback]
-        else
-          skip_before_filter :verify_authenticity_token, only: [:ccbill_postback]
-        end
+        skip_before_action :verify_authenticity_token, only: [:ccbill_postback]
       end
 
+      # TODO: Make ccbill work with admin checkout workflow
+
       def ccbill_postback
         postback = Effective::Providers::CcbillPostback.new(params)
         @order ||= Effective::Order.find(postback.order_id)
 
-        (EffectiveOrders.authorized?(self, :update, @order) rescue false)
+        (EffectiveOrders.authorize!(self, :update, @order) rescue false)
 
         if @order.present? && postback.verified?
           if @order.purchased?

data/app/controllers/effective/providers/cheque.rb

@@ -5,25 +5,34 @@ module Effective
 
       def pay_by_cheque
         @order ||= Order.find(params[:id])
+        @page_title = 'Payment Required'
+
+        EffectiveOrders.authorize!(self, :update, @order)
 
         @order.purchase_state = EffectiveOrders::PENDING
         @order.payment_provider = 'cheque'
 
-        EffectiveOrders.authorized?(self, :update, @order)
+        begin
+          @order.save!
+          @order.send_pending_order_invoice_to_buyer!
 
-        @page_title = 'Payment Required'
+          Effective::Cart.where(user_id: @order.user_id).destroy_all
 
-        if @order.save
-          @order.send_pending_order_invoice_to_buyer!
-          current_cart.try(:destroy)
-          flash.now[:success] = 'Successfully indicated order will be payed by cheque.'
-        else
+          message = "Successfully indicated order will be payed by cheque. A pending order invoice has been sent to #{@order.user.email}"
+
+          # When posted from admin form, there will be a redirect url
+          if params[:purchased_url].present?
+            flash[:success] = message
+            redirect_to params[:purchased_url].gsub(':id', @order.to_param.to_s)
+          else
+            # Otherwise this is the user flow
+            flash.now[:success] = message
+            render 'effective/orders/cheque/pay_by_cheque'
+          end
+        rescue => e
           flash[:danger] = "Unable to save your order: #{@order.errors.full_messages.to_sentence}. Please try again."
-          redirect_to effective_orders.order_path(@order)
-          return
+          redirect_to params[:declined_url].presence || effective_orders.order_path(@order)
         end
-
-        render 'effective/orders/cheque/pay_by_cheque'
       end
     end
   end

data/app/controllers/effective/providers/free.rb

@@ -0,0 +1,33 @@
+module Effective
+  module Providers
+    module Free
+      extend ActiveSupport::Concern
+
+      def free
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+
+        unless @order.free?
+          flash[:danger] = 'Unable to process free order with a non-zero total'
+          redirect_to effective_orders.order_path(@order)
+          return
+        end
+
+        order_purchased(
+          details: 'free order. no payment required.',
+          provider: 'free',
+          card: 'none',
+          purchased_url: params[:purchased_url],
+          declined_url: params[:declined_url],
+          email: false
+        )
+      end
+
+      def free_params
+        params.require(:effective_order).permit(:purchased_url, :declined_url)
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/mark_as_paid.rb

@@ -0,0 +1,33 @@
+module Effective
+  module Providers
+    module MarkAsPaid
+      extend ActiveSupport::Concern
+
+      def mark_as_paid
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+        EffectiveOrders.authorize!(self, :admin, :effective_orders)
+
+        @order.assign_attributes(mark_as_paid_params.except(:payment, :payment_provider, :payment_card))
+
+        order_purchased(
+          details: mark_as_paid_params[:payment],
+          provider: mark_as_paid_params[:payment_provider],
+          card: mark_as_paid_params[:payment_card],
+          email: @order.send_mark_as_paid_email_to_buyer?,
+          skip_buyer_validations: true,
+          purchased_url: params[:purchased_url].presence || effective_orders.admin_order_path(@order),
+          declined_url: params[:declined_url].presence || effective_orders.admin_order_path(@order)
+        )
+      end
+
+      def mark_as_paid_params
+        params.require(:effective_order).permit(
+          :payment, :payment_provider, :payment_card, :note_to_buyer, :send_mark_as_paid_email_to_buyer
+        )
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/moneris.rb

@@ -4,24 +4,20 @@ module Effective
       extend ActiveSupport::Concern
 
       included do
-        if respond_to?(:prepend_before_action)
-          prepend_before_action :find_authenticity_token_from_moneris, only: [:moneris_postback]
-        else
-          prepend_before_filter :find_authenticity_token_from_moneris, only: [:moneris_postback]
-        end
+        skip_before_action :verify_authenticity_token, only: [:moneris_postback]
       end
 
       def moneris_postback
         @order ||= Effective::Order.find(params[:response_order_id])
 
-        (EffectiveOrders.authorized?(self, :update, @order) rescue false)
+        (EffectiveOrders.authorize!(self, :update, @order) rescue false)
 
         # Delete the Purchased and Declined Redirect URLs
-        purchased_redirect_url = params.delete(:rvar_purchased_redirect_url)
-        declined_redirect_url = params.delete(:rvar_declined_redirect_url)
+        purchased_url = params.delete(:rvar_purchased_url)
+        declined_url = params.delete(:rvar_declined_url)
 
         if @order.purchased?  # Fallback to a success condition of the Order is already purchased
-          order_purchased(details: params, provider: 'moneris', card: params[:card], redirect_url: purchased_redirect_url)
+          order_purchased(details: params, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
           return
         end
 
@@ -31,12 +27,12 @@ module Effective
           response_code = verify_params[:response_code].to_i # Sometimes moneris sends us the string 'null'
 
           if response_code > 0 && response_code < 50  # Less than 50 means a successful validation
-            order_purchased(details: params.merge(verify_params), provider: 'moneris', card: params[:card], redirect_url: purchased_redirect_url)
+            order_purchased(details: params.merge(verify_params), provider: 'moneris', card: params[:card], purchased_url: purchased_url)
           else
-            order_declined(details: params.merge(verify_params), provider: 'moneris', card: params[:card], redirect_url: declined_redirect_url)
+            order_declined(details: params.merge(verify_params), provider: 'moneris', card: params[:card], declined_url: declined_url)
           end
         else
-          order_declined(details: params, provider: 'moneris', card: params[:card], redirect_url: declined_redirect_url)
+          order_declined(details: params, provider: 'moneris', card: params[:card], declined_url: declined_url)
         end
       end
 
@@ -47,11 +43,7 @@ module Effective
       end
 
       def send_moneris_verify_request(verify_key)
-        `curl -F ps_store_id='#{EffectiveOrders.moneris[:ps_store_id]}' -F hpp_key='#{EffectiveOrders.moneris[:hpp_key]}' -F transactionKey='#{verify_key}' --referer #{effective_orders.moneris_postback_url} #{EffectiveOrders.moneris[:verify_url]}`
-      end
-
-      def find_authenticity_token_from_moneris
-        params[:authenticity_token] = params.delete(:rvar_authenticity_token)
+        `curl -F ps_store_id='#{EffectiveOrders.moneris[:ps_store_id]}' -F hpp_key='#{EffectiveOrders.moneris[:hpp_key]}' -F transactionKey='#{verify_key}' --referer #{effective_orders.moneris_postback_orders_url} #{EffectiveOrders.moneris[:verify_url]}`
       end
 
     end

data/app/controllers/effective/providers/paypal.rb

@@ -4,17 +4,15 @@ module Effective
       extend ActiveSupport::Concern
 
       included do
-        if respond_to?(:skip_before_action)
-          skip_before_action :verify_authenticity_token, :only => [:paypal_postback]
-        else
-          skip_before_filter :verify_authenticity_token, :only => [:paypal_postback]
-        end
+        skip_before_action :verify_authenticity_token, only: [:paypal_postback]
       end
 
+      # TODO: Make paypal postback work with admin checkout workflow
+
       def paypal_postback
         @order ||= Effective::Order.where(id: (params[:invoice].to_i rescue 0)).first
 
-        (EffectiveOrders.authorized?(self, :update, @order) rescue false)
+        (EffectiveOrders.authorize!(self, :update, @order) rescue false)
 
         if @order.present?
           if @order.purchased?

data/app/controllers/effective/providers/pretend.rb

@@ -3,17 +3,17 @@ module Effective
     module Pretend
       extend ActiveSupport::Concern
 
-      def pretend_purchase
+      def pretend
         @order ||= Order.find(params[:id])
 
-        EffectiveOrders.authorized?(self, :update, @order)
+        EffectiveOrders.authorize!(self, :update, @order)
 
         order_purchased(
           details: 'for pretend',
           provider: 'pretend',
           card: 'none',
-          redirect_url: params[:purchased_redirect_url],
-          declined_redirect_url: params[:declined_redirect_url]
+          purchased_url: params[:purchased_url],
+          declined_url: params[:declined_url]
         )
       end
 

data/app/controllers/effective/providers/refund.rb

@@ -0,0 +1,39 @@
+module Effective
+  module Providers
+    module Refund
+      extend ActiveSupport::Concern
+
+      def refund
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+        EffectiveOrders.authorize!(self, :admin, :effective_orders)
+
+        unless @order.refund?
+          flash[:danger] = 'Unable to process refund with a non-negative total'
+          redirect_to effective_orders.admin_order_path(@order)
+          return
+        end
+
+        @order.assign_attributes(refund_params.except(:payment, :payment_provider, :payment_card))
+
+        order_purchased(
+          details: refund_params[:payment],
+          provider: refund_params[:payment_provider],
+          card: refund_params[:payment_card],
+          email: @order.send_mark_as_paid_email_to_buyer?,
+          skip_buyer_validations: true,
+          purchased_url: params[:purchased_url].presence || effective_orders.admin_order_path(@order),
+          declined_url: params[:declined_url].presence || effective_orders.admin_order_path(@order)
+        )
+      end
+
+      def refund_params
+        params.require(:effective_order).permit(
+          :payment, :payment_provider, :payment_card, :note_to_buyer, :send_mark_as_paid_email_to_buyer
+        )
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/stripe.rb

@@ -3,23 +3,26 @@ module Effective
     module Stripe
       extend ActiveSupport::Concern
 
+      # TODO: Make stripe charge work with admin checkout workflow, purchased_url and declined_url
+      # Make it save the customer and not require typing in a CC every time.
+
       def stripe_charge
         @order ||= Effective::Order.find(stripe_charge_params[:effective_order_id])
         @stripe_charge = Effective::Providers::StripeCharge.new(stripe_charge_params)
         @stripe_charge.order = @order
 
-        EffectiveOrders.authorized?(self, :update, @order)
+        EffectiveOrders.authorize!(self, :update, @order)
 
         if @stripe_charge.valid? && (response = process_stripe_charge(@stripe_charge)) != false
           order_purchased(
             details: response,
             provider: (EffectiveOrders.stripe_connect_enabled ? 'stripe_connect' : 'stripe'),
-            card: (response['charge']['card']['brand'] rescue nil)
+            card: (response[:charge]['source']['brand'] rescue nil)
           )
         else
           @page_title = 'Checkout'
           flash.now[:danger] = @stripe_charge.errors.full_messages.to_sentence
-          render :checkout_step2
+          render :show
         end
       end
 
@@ -28,16 +31,16 @@ module Effective
       def process_stripe_charge(charge)
         Effective::Order.transaction do
           begin
-            @buyer = Effective::Customer.for_user(charge.order.user)
-            @buyer.update_card!(charge.token)
+            subscripter = Effective::Subscripter.new(user: charge.order.user, stripe_token: charge.stripe_token)
+            subscripter.save!
 
             if EffectiveOrders.stripe_connect_enabled
-              return charge_with_stripe_connect(charge, @buyer)
+              return charge_with_stripe_connect(charge, subscripter.customer)
             else
-              return charge_with_stripe(charge, @buyer)
+              return charge_with_stripe(charge, subscripter.customer)
             end
           rescue => e
-            charge.errors.add(:base, "Unable to process order with Stripe.  Your credit card has not been charged.  Message: \"#{e.message}\".")
+            charge.errors.add(:base, "Unable to process order with Stripe. Your credit card has not been charged. Message: \"#{e.message}\".")
             raise ActiveRecord::Rollback
           end
         end
@@ -45,35 +48,15 @@ module Effective
         false
       end
 
-      def charge_with_stripe(charge, buyer)
-        results = {subscriptions: {}, charge: nil}
-
-        # Process subscriptions.
-        charge.subscriptions.each do |subscription|
-          next if subscription.stripe_plan_id.blank?
-
-          stripe_subscription = if subscription.stripe_coupon_id.present?
-            buyer.stripe_customer.subscriptions.create({plan: subscription.stripe_plan_id, coupon: subscription.stripe_coupon_id})
-          else
-            buyer.stripe_customer.subscriptions.create({plan: subscription.stripe_plan.id})
-          end
-
-          subscription.stripe_subscription_id = stripe_subscription.id
-          subscription.save!
+      def charge_with_stripe(charge, customer)
+        results = { charge: nil }
 
-          results[:subscriptions][subscription.stripe_plan_id] = JSON.parse(stripe_subscription.to_json)
-        end
-
-        # Process regular order_items.
-        amount = charge.order_items.map { |oi| oi.total }.sum # A positive integer in cents representing how much to charge the card. The minimum amount is 50 cents.
-        description = "Charge for Order ##{charge.order.to_param}"
-
-        if amount > 0
+        if charge.order.total > 0
           results[:charge] = JSON.parse(::Stripe::Charge.create(
-            amount: amount,
+            amount: charge.order.total,
             currency: EffectiveOrders.stripe[:currency],
-            customer: buyer.stripe_customer.id,
-            description: description
+            customer: customer.stripe_customer.id,
+            description: "Charge for Order ##{charge.order.to_param}"
           ).to_json)
         end
 
@@ -82,7 +65,7 @@ module Effective
 
       def charge_with_stripe_connect(charge, buyer)
         # Go through and create Stripe::Tokens for each seller
-        items = charge.order_items.group_by(&:seller)
+        items = charge.order_items.group_by { |oi| oi.seller }
         results = {}
 
         # We do all these Tokens first, so if one throws an exception no charges are made
@@ -113,11 +96,7 @@ module Effective
 
       # StrongParameters
       def stripe_charge_params
-        begin
-          params.require(:effective_providers_stripe_charge).permit(:token, :effective_order_id)
-        rescue => e
-          params[:effective_providers_stripe_charge]
-        end
+        params.require(:effective_providers_stripe_charge).permit(:stripe_token, :effective_order_id)
       end
 
     end

data/app/controllers/effective/providers/stripe_connect.rb

@@ -4,11 +4,7 @@ module Effective
       extend ActiveSupport::Concern
 
       included do
-        if respond_to?(:prepend_before_action)
-          prepend_before_action :set_stripe_connect_state_params, :only => [:stripe_connect_redirect_uri]
-        else
-          prepend_before_filter :set_stripe_connect_state_params, :only => [:stripe_connect_redirect_uri]
-        end
+        prepend_before_action :set_stripe_connect_state_params, only: [:stripe_connect_redirect_uri]
       end
 
       # So this is the postback after Stripe does its oAuth authentication
@@ -18,7 +14,7 @@ module Effective
           customer = Effective::Customer.for_user(current_user)
 
           if token_params['access_token'].present? && customer.present?
-            if customer.update_attributes(:stripe_connect_access_token => token_params['access_token'])
+            if customer.update_attributes(stripe_connect_access_token: token_params['access_token'])
               flash[:success] = 'Successfully Connected with Stripe Connect'
             else
               flash[:danger] = "Unable to update customer: #{customer.errors[:base].first}"

data/app/controllers/effective/webhooks_controller.rb

@@ -3,115 +3,64 @@ module Effective
     protect_from_forgery except: [:stripe]
     skip_authorization_check if defined?(CanCan)
 
-    # Webhook from stripe
     def stripe
-      (head(:ok) && return) if (params[:livemode] == false && Rails.env.production?) || params[:object] != 'event' || params[:id].blank?
+      @event = (Stripe::Webhook.construct_event(request.body.read, request.env['HTTP_STRIPE_SIGNATURE'], EffectiveOrders.subscription[:webhook_secret]) rescue nil)
+      (head(:bad_request) and return) if !@event || (params[:livemode] == false && Rails.env.production?)
 
-      # Dont trust the POST, and instead request the actual event from Stripe
-      @event = Stripe::Event.retrieve(params[:id]) rescue (head(:ok) && return)
+      Rails.logger.info "STRIPE WEBHOOK: #{@event.type}"
 
       Effective::Customer.transaction do
-        begin
-          case @event.type
-          when 'customer.created' then stripe_customer_created(@event)
-          when 'customer.deleted' then stripe_customer_deleted(@event)
-          when 'customer.subscription.created' then stripe_subscription_created(@event)
-          when 'customer.subscription.deleted' then stripe_subscription_deleted(@event)
-          when 'invoice.payment_succeeded' then invoice_payment_succeeded(@event)
-          end
-        rescue => e
-          Rails.logger.info "Stripe Webhook Error: #{e.message}"
-          raise ActiveRecord::Rollback
+        case @event.type
+        # when 'customer.created'
+        # when 'customer.updated'
+        # when 'customer.source.created'
+        # when 'customer.source.deleted'
+        # when 'customer.subscription.created'
+        # when 'customer.subscription.updated'
+        # when 'invoice.created'
+        # when 'invoice.payment_succeeded'
+        # when 'invoiceitem.created'
+        # when 'invoiceitem.updated'
+        # when 'charge.succeeded'
+        # when 'charge.failed' # Card declined. 4000 0000 0000 0341
+
+        when 'invoice.payment_succeeded'
+          customer = Effective::Customer.where(stripe_customer_id: @event.data.object.customer).first!
+          customer.update_attributes!(status: 'active')
+
+          send_email(:subscription_payment_succeeded, customer)
+        when 'invoice.payment_failed'
+          customer = Effective::Customer.where(stripe_customer_id: @event.data.object.customer).first!
+          customer.update_attributes!(status: 'past_due')
+
+          send_email(:subscription_payment_failed, customer)
+        when 'customer.subscription.deleted'
+          customer = Effective::Customer.where(stripe_customer_id: @event.data.object.customer).first!
+          Effective::Subscription.where(customer: customer).destroy_all
+          customer.update_attributes!(stripe_subscription_id: nil, status: nil, active_card: nil)
+
+          send_email(:subscription_canceled, customer)
+        else
+          Rails.logger.info "[STRIPE WEBHOOK] Unhandled event type #{@event.type}"
         end
       end
 
-      head :ok  # Always return success
+      head(:ok)
     end
 
     private
 
-    def stripe_customer_created(event)
-      stripe_customer = event.data.object
-      user = ::User.where(email: stripe_customer.email).first
-
-      if user.present?
-        customer = Effective::Customer.for_user(user)  # This is a first_or_create
-        customer.stripe_customer_id = stripe_customer.id
-        customer.save!
-      end
-    end
-
-    def stripe_customer_deleted(event)
-      stripe_customer = event.data.object
-      user = ::User.where(email: stripe_customer.email).first
-
-      if user.present?
-        customer = Effective::Customer.where(user_id: user.id).first
-        customer.destroy! if customer
-      end
-    end
-
-    def stripe_subscription_created(event)
-      stripe_subscription = event.data.object
-      @customer = Effective::Customer.where(stripe_customer_id: stripe_subscription.customer).first
-
-      if @customer.present?
-        subscription = @customer.subscriptions.where(stripe_plan_id: stripe_subscription.plan.id).first_or_initialize
-
-        subscription.stripe_subscription_id = stripe_subscription.id
-        subscription.stripe_plan_id = (stripe_subscription.plan.id rescue nil)
-        subscription.stripe_coupon_id = stripe_subscription.discount.coupon.id if (stripe_subscription.discount.present? rescue false)
-
-        subscription.save!
-
-        unless subscription.purchased?
-          # Now we have to purchase it
-          @order = Effective::Order.new(subscription, user: @customer.user)
-          @order.purchase!(details: "Webhook #{event.id}", provider: 'stripe', validate: false)
-        end
-
-      end
-    end
-
-    def stripe_subscription_deleted(event)
-      stripe_subscription = event.data.object
-      @customer = Effective::Customer.where(stripe_customer_id: stripe_subscription.customer).first
-
-      if @customer.present?
-        @customer.subscriptions.find { |subscription| subscription.stripe_plan_id == stripe_subscription.plan.id }.try(:destroy)
-        subscription_deleted_callback(event)
+    def send_email(email, *mailer_args)
+      if EffectiveOrders.mailer[:delayed_job_deliver] && EffectiveOrders.mailer[:deliver_method] == :deliver_later
+        Effective::OrdersMailer.delay.public_send(email, *mailer_args)
+      elsif EffectiveOrders.mailer[:deliver_method].present?
+        Effective::OrdersMailer.public_send(email, *mailer_args).public_send(EffectiveOrders.mailer[:deliver_method])
+      else
+        Effective::OrdersMailer.public_send(email, *mailer_args).deliver_now
       end
-    end
 
-    def invoice_payment_succeeded(event)
-      @customer = Effective::Customer.where(stripe_customer_id: event.data.object.customer).first
-
-      check_for_subscription_renewal(event) if @customer.present?
+      true
     end
 
-    def check_for_subscription_renewal(event)
-      invoice_payment = event.data.object
-      subscription_payments = invoice_payment.lines.select { |line_item| line_item.type == 'subscription' }
-
-      if subscription_payments.present?
-        customer = Stripe::Customer.retrieve(invoice_payment.customer)
-        subscription_payments.each do |subscription_payment|
-          subscription_renewed_callback(event) if stripe_subscription_renewed?(customer, subscription_payment)
-        end
-      end
-    end
-
-    def stripe_subscription_renewed?(customer, subscription_payment)
-      subscription = customer.subscriptions.retrieve(subscription_payment.id) rescue nil  # API client raises error when object not found
-      subscription.present? && subscription.status == 'active' && subscription.start < (subscription_payment.period.start - 1.day)
-    end
-
-    def subscription_deleted_callback(_event)
-      # Can be overridden in Effective::WebhooksController within a Rails application
-    end
-
-    def subscription_renewed_callback(_event)
-      # Can be overridden in Effective::WebhooksController within a Rails application
-    end
   end
 end