effective_orders 4.2.7 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0bd383b484e3db946b0a7bb199f7afb8d7d8600019dcfad46b00bf6ddb3d798
-  data.tar.gz: 16db4fd12e60d5995ec3dbc9003a720dacc8e9c95b761c622ac7c7db294ea77b
+  metadata.gz: 78fe7109ba11df3b289f3fe0180f8d0b2696115899428f38b7862d509e0f9f90
+  data.tar.gz: 5681ed2fce8ede2be574c640e04f782af4ddabaab054df96b67273011416acc0
 SHA512:
-  metadata.gz: 19022b230c19a97bc5c1c9a203df1407c86be04b802f01b157929ba6204e8bf60ba9dd3967e32c992fa95a6bbf75aa30ac8781b79fb789f4b2dd37117b002541
-  data.tar.gz: 2808d79b39ecae2b23bf2fd17cc9ed36085f11103d8d217eba454fa1508207d81331c4241a25e8a92c03ba604a18f93197028d9e7adad74d018be7a8d2fabd48
+  metadata.gz: b967a19a627fe54a542887483ca2868ff56cca6fb7fdf59a10efcb4979b1d3a9e6beaa055a655fca8a4af6480b111eee5b3fafa57af0b6ee9760903ab5e5b9ca
+  data.tar.gz: 125899ef092719eda6cda5f22b02a1d2eb4e56a31c6812b80eabb66a603ba1b918aa72ae7ebae10ce4f18f6cbbf19d986ac6ce755c1c531959befd477e2e212f

data/app/assets/javascripts/effective_orders/providers/stripe.js

@@ -0,0 +1,97 @@
+class StripeForm {
+  initialize() {
+    let $form = $('form[data-stripe-form]').first();
+    if ($form.length == 0) { return false; }
+
+    this.$form = $form;
+    this.$paymentIntentId = this.$form.find("input[name$='[payment_intent_id]']").first();
+
+    this.data = $form.data('stripe-form');
+    this.stripe = Stripe(this.data.key);
+    this.card = this.stripe.elements().create("card", { style: this.style() });
+
+    this.mount();
+  }
+
+  mount() {
+    this.card.mount("#stripe-card-element");
+
+    this.card.addEventListener('change', function ({ error }) {
+      if (error) {
+        $('#stripe-card-errors').text(error.message);
+      } else {
+        $('#stripe-card-errors').text('');
+      }
+    });
+
+    this.$form.on('click', '[type=submit]', (event) => { this.submit(event) });
+  }
+
+  shouldUseNewCard() {
+    let $newCardForm = this.$form.children('.collapse.show')
+
+    return (
+      this.$form.get(0).checkValidity() &&
+      (this.data.token_required || $newCardForm.length > 0) &&
+      this.$paymentIntentId.val().length == 0
+    )
+  }
+
+  submit(event) {
+    event.preventDefault();
+
+    let payment = this.shouldUseNewCard() ? this.useNewCard() : this.useExistingCard();
+
+    payment.then((result) => {
+      if (result.error) {
+        this.errorPayment(result.error)
+      } else if (result.paymentIntent.status == 'succeeded') {
+        this.submitPayment(result.paymentIntent);
+      }
+    });
+  }
+
+  useExistingCard() {
+    return this.stripe.confirmCardPayment(this.data.client_secret, {
+      payment_method: this.data.payment_method
+    });
+  }
+
+  useNewCard() {
+    return this.stripe.confirmCardPayment(this.data.client_secret, {
+      payment_method: {
+        card: this.card,
+        billing_details: {
+          email: this.data.email
+        }
+      },
+      setup_future_usage: 'off_session'
+    });
+  }
+
+  errorPayment(error) {
+    $('#stripe-card-errors').text(error.message);
+    EffectiveForm.invalidate(this.$form);
+  }
+
+  submitPayment(payment) {
+    this.$paymentIntentId.val('' + payment['id']);
+    this.$form.submit();
+  }
+
+  style() {
+    return {
+      base: {
+        color: "#32325d",
+        fontSize: "16px",
+      },
+      invalid: {
+        color: "#dc3545",
+        iconColor: "#dc3545"
+      }
+    };
+  }
+
+}
+
+$(document).ready(function () { new StripeForm().initialize(); });

data/app/controllers/effective/providers/pretend.rb

@@ -12,11 +12,15 @@ module Effective
           payment: 'for pretend',
           provider: 'pretend',
           card: 'none',
-          purchased_url: params[:purchased_url],
-          declined_url: params[:declined_url]
+          purchased_url: pretend_params[:purchased_url],
+          declined_url: pretend_params[:declined_url]
         )
       end
 
+      def pretend_params
+        params.require(:pretend).permit(:purchased_url, :declined_url)
+      end
+
     end
   end
 end

data/app/controllers/effective/providers/stripe.rb

@@ -3,65 +3,68 @@ module Effective
     module Stripe
       extend ActiveSupport::Concern
 
-      # TODO: Make stripe charge work with admin checkout workflow, purchased_url and declined_url
-      # Make it save the customer and not require typing in a CC every time.
-
-      def stripe_charge
-        @order ||= Effective::Order.find(stripe_charge_params[:effective_order_id])
-        @stripe_charge = Effective::Providers::StripeCharge.new(stripe_charge_params)
-        @stripe_charge.order = @order
+      def stripe
+        @order = Order.find(params[:id])
+        @customer = Effective::Customer.for_user(@order.user)
 
         EffectiveOrders.authorize!(self, :update, @order)
 
-        if @stripe_charge.valid? && (response = process_stripe_charge(@stripe_charge)) != false
-          order_purchased(
-            payment: response,
-            provider: 'stripe',
-            card: (response[:charge]['source']['brand'] rescue nil)
-          )
-        else
-          @page_title = 'Checkout'
-          flash.now[:danger] = @stripe_charge.errors.full_messages.to_sentence
-          render :show
+        payment = validate_stripe_payment(stripe_params[:payment_intent_id])
+
+        if payment.blank? || !payment.kind_of?(Hash)
+          return order_declined(payment: payment, provider: 'stripe', declined_url: stripe_params[:declined_url])
+        end
+
+        # Update the customer payment fields
+        if payment[:payment_method_id].present?
+          @customer.update!(payment.slice(:payment_method_id, :active_card))
         end
+
+        order_purchased(
+          payment: payment,
+          provider: 'stripe',
+          card: payment[:card],
+          purchased_url: stripe_params[:purchased_url],
+          declined_url: stripe_params[:declined_url]
+        )
       end
 
       private
 
-      def process_stripe_charge(charge)
-        Effective::Order.transaction do
-          begin
-            subscripter = Effective::Subscripter.new(user: charge.order.user, stripe_token: charge.stripe_token)
-            subscripter.save!
-
-            return charge_with_stripe(charge, subscripter.customer)
-          rescue => e
-            charge.errors.add(:base, "Unable to process order with Stripe. Your credit card has not been charged. Message: \"#{e.message}\".")
-            raise ActiveRecord::Rollback
-          end
-        end
-
-        false
+      def stripe_params
+        params.require(:stripe).permit(:payment_intent_id, :purchased_url, :declined_url)
       end
 
-      def charge_with_stripe(charge, customer)
-        results = { charge: nil }
+      def validate_stripe_payment(payment_intent_id)
+        begin
+          intent = ::Stripe::PaymentIntent.retrieve(payment_intent_id)
+          raise('status is not succeeded') unless intent.status == 'succeeded'
+          raise('charges are not present') unless intent.charges.present?
 
-        if charge.order.total > 0
-          results[:charge] = JSON.parse(::Stripe::Charge.create(
-            amount: charge.order.total,
-            currency: EffectiveOrders.stripe[:currency],
-            customer: customer.stripe_customer.id,
-            description: "Charge for Order ##{charge.order.to_param}"
-          ).to_json)
-        end
+          charge = intent.charges.data.first
+          raise('charge not succeeded') unless charge.status == 'succeeded'
 
-        results
-      end
+          card = charge.payment_method_details.try(:card) || {}
+          active_card = "**** **** **** #{card['last4']} #{card['brand']} #{card['exp_month']}/#{card['exp_year']}" if card.present?
+
+          {
+            charge_id: charge.id,
+            payment_method_id: charge.payment_method,
+            payment_intent_id: intent.id,
 
-      # StrongParameters
-      def stripe_charge_params
-        params.require(:effective_providers_stripe_charge).permit(:stripe_token, :effective_order_id)
+            active_card: active_card,
+            card: card['brand'],
+
+            amount: charge.amount,
+            created: charge.created,
+            currency: charge.currency,
+            customer: charge.customer,
+            status: charge.status
+          }.compact
+
+        rescue => e
+          e.message
+        end
       end
 
     end

data/app/helpers/effective_stripe_helper.rb

@@ -45,17 +45,41 @@ module EffectiveStripeHelper
     "#{order.num_items} items (#{price_to_currency(order.total)})"
   end
 
-  def stripe_charge_data(order)
-    {
-      stripe: {
-        key: EffectiveOrders.stripe[:publishable_key],
-        name: EffectiveOrders.stripe[:site_title],
-        image: stripe_site_image_url,
-        email: order.user.email,
-        amount: order.total,
-        description: stripe_order_description(order)
-      }.to_json
+  def stripe_payment_intent(order)
+    customer = Effective::Customer.for_user(order.user)
+    customer.create_stripe_customer! # Only creates if customer not already present
+
+    payment = {
+      amount: order.total,
+      currency: EffectiveOrders.stripe[:currency],
+      customer: customer.stripe_customer_id,
+      payment_method: customer.payment_method_id.presence,
+      description: stripe_order_description(order),
+      metadata: { order_id: order.id },
+    }
+
+    token_required = customer.token_required?
+
+    intent = begin
+      Rails.logger.info "[STRIPE] create payment intent : #{payment}"
+      Stripe::PaymentIntent.create(payment)
+    rescue Stripe::CardError => e
+      token_required = true
+      Rails.logger.info "[STRIPE] (error) get payment intent : #{e.error.payment_intent.id}"
+      Stripe::PaymentIntent.retrieve(e.error.payment_intent.id)
+    end
+
+    payload = {
+      key: EffectiveOrders.stripe[:publishable_key],
+      client_secret: intent.client_secret,
+      payment_method: intent.payment_method,
+
+      active_card: customer.active_card,
+      email: customer.email,
+      token_required: token_required
     }
+
+    payload
   end
 
 end

data/app/models/effective/customer.rb

@@ -10,6 +10,7 @@ module Effective
 
     # Attributes
     # stripe_customer_id            :string  # cus_xja7acoa03
+    # payment_method_id             :string  # Last payment method used
     # active_card                   :string  # **** **** **** 4242 Visa 05/12
 
     # timestamps
@@ -31,6 +32,18 @@ module Effective
       user.email if user
     end
 
+    def create_stripe_customer!
+      return if stripe_customer.present?
+      raise('expected a user') unless user.present?
+
+      Rails.logger.info "[STRIPE] create customer: #{user.email}"
+
+      self.stripe_customer = Stripe::Customer.create(email: user.email, description: user.to_s, metadata: { user_id: user.id })
+      self.stripe_customer_id = stripe_customer.id
+
+      save!
+    end
+
     def stripe_customer
       @stripe_customer ||= if stripe_customer_id.present?
         Rails.logger.info "[STRIPE] get customer: #{stripe_customer_id}"

data/app/models/effective/subscripter.rb

@@ -79,12 +79,7 @@ module Effective
     protected
 
     def create_customer!
-      return if customer.stripe_customer.present?
-
-      Rails.logger.info "[STRIPE] create customer: #{user.email}"
-      customer.stripe_customer = Stripe::Customer.create(email: user.email, description: user.to_s, metadata: { user_id: user.id })
-      customer.stripe_customer_id = customer.stripe_customer.id
-      customer.save!
+      customer.create_stripe_customer!
     end
 
     # Update stripe customer card

data/app/views/effective/orders/_checkout_step2.html.haml

@@ -5,33 +5,32 @@
     = link_to 'Change Addresses', effective_orders.edit_order_path(order), rel: :nofollow, class: 'btn btn-secondary'
 
 .effective-order-purchase-actions
-  .form-actions.form-actions-bordered.justify-content-end
-    - provider_locals = { order: order, purchased_url: purchased_url, declined_url: declined_url }
+  - provider_locals = { order: order, purchased_url: purchased_url, declined_url: declined_url }
 
-    - if EffectiveOrders.free? && order.free?
-      = render partial: '/effective/orders/free/form', locals: provider_locals
+  - if EffectiveOrders.free? && order.free?
+    = render partial: '/effective/orders/free/form', locals: provider_locals
 
-    - elsif EffectiveOrders.refunds? && order.refund?
-      -# Nothing
+  - elsif EffectiveOrders.refunds? && order.refund?
+    -# Nothing
 
-    - else
-      - if EffectiveOrders.pretend?
-        = render partial: '/effective/orders/pretend/form', locals: provider_locals
+  - else
+    - if EffectiveOrders.pretend? && EffectiveOrders.pretend_message.present?
+      %p.text-right= EffectiveOrders.pretend_message
 
-      - if EffectiveOrders.moneris?
-        = render partial: '/effective/orders/moneris/form', locals: provider_locals
+    - if EffectiveOrders.pretend?
+      = render partial: '/effective/orders/pretend/form', locals: provider_locals
 
-      - if EffectiveOrders.paypal?
-        = render partial: '/effective/orders/paypal/form', locals: provider_locals
+    - if EffectiveOrders.moneris?
+      = render partial: '/effective/orders/moneris/form', locals: provider_locals
 
-      - if EffectiveOrders.stripe?
-        = render partial: '/effective/orders/stripe/form', locals: provider_locals
+    - if EffectiveOrders.paypal?
+      = render partial: '/effective/orders/paypal/form', locals: provider_locals
 
-      - if EffectiveOrders.cheque? && order.user == current_user
-        = render partial: '/effective/orders/cheque/form', locals: provider_locals
+    - if EffectiveOrders.stripe?
+      = render partial: '/effective/orders/stripe/form', locals: provider_locals
 
-  - if EffectiveOrders.pretend? && EffectiveOrders.pretend_message.present?
-    %p.text-right= EffectiveOrders.pretend_message
+    - if EffectiveOrders.cheque? && order.user == current_user
+      = render partial: '/effective/orders/cheque/form', locals: provider_locals
 
   - if EffectiveOrders.authorized?(controller, :admin, :effective_orders) && order.user != current_user
     - if EffectiveOrders.refunds? && order.refund?

data/app/views/effective/orders/pretend/_form.html.haml

@@ -1,2 +1,5 @@
-= effective_form_with(scope: :pretend, url: effective_orders.pretend_order_path(order, purchased_url: purchased_url, declined_url: declined_url), method: :post) do |f|
+= effective_form_with(scope: :pretend, url: effective_orders.pretend_order_path(order), method: :post) do |f|
+  = f.hidden_field :purchased_url, value: purchased_url
+  = f.hidden_field :declined_url, value: declined_url
+
   = f.submit order_checkout_label(:pretend), border: false

data/app/views/effective/orders/stripe/_element.html.haml

@@ -0,0 +1,8 @@
+.row
+  .col
+    %label Card
+  .col.text-right.mx-2
+    %label Details
+
+#stripe-card-element
+#stripe-card-errors

data/app/views/effective/orders/stripe/_form.html.haml

@@ -1,8 +1,31 @@
-= javascript_include_tag 'https://checkout.stripe.com/checkout.js'
+= javascript_include_tag 'https://js.stripe.com/v3/'
 
-#effective-orders-new-charge-form{data: stripe_charge_data(order) }
-  = effective_form_with(model: @stripe_charge || Effective::Providers::StripeCharge.new(order: order), url: effective_orders.stripe_charge_orders_path) do |f|
-    = f.hidden_field :stripe_token
-    = f.hidden_field :effective_order_id
+- stripe = stripe_payment_intent(order)
 
-    = f.submit order_checkout_label(:stripe), border: false
+.card
+  .card-body
+    %h3= order_checkout_label(:stripe)
+    %p
+      %em This checkout is powered by stripe.
+
+    .my-4.text-center
+      = link_to(image_tag('effective_orders/stripe.png'), 'https://www.stripe.com', target: '_blank')
+
+    = effective_form_with(scope: :stripe, url: effective_orders.stripe_order_path(order), data: { 'stripe-form': stripe.to_json }) do |f|
+      = f.hidden_field :purchased_url, value: purchased_url
+      = f.hidden_field :declined_url, value: declined_url
+
+      -# This is set by the stripe.js javascript
+      = f.hidden_field :payment_intent_id
+
+      - if stripe[:token_required]
+        %p Please enter your credit card information.
+        = render('effective/orders/stripe/element')
+      - else
+        %p Your existing card <strong>#{stripe[:active_card]}</strong> will be charged.
+
+        = collapse('Use this card instead...', class: 'update-stripe-payment-method') do
+          = render('effective/orders/stripe/element')
+
+      .mt-4
+        = f.submit 'Pay Now', center: true, border: false

data/config/routes.rb

@@ -11,6 +11,7 @@ EffectiveOrders::Engine.routes.draw do
         post :pay_by_cheque if EffectiveOrders.cheque?
         post :pretend if EffectiveOrders.pretend?
         post :refund if EffectiveOrders.refunds?
+        post :stripe if EffectiveOrders.stripe?
       end
 
       collection do
@@ -18,7 +19,6 @@ EffectiveOrders::Engine.routes.draw do
 
         post :moneris_postback if EffectiveOrders.moneris?
         post :paypal_postback if EffectiveOrders.paypal?
-        post :stripe_charge if EffectiveOrders.stripe?
       end
     end
 

data/db/migrate/01_create_effective_orders.rb.erb

@@ -72,6 +72,7 @@ class CreateEffectiveOrders < ActiveRecord::Migration[4.2]
       t.integer   :user_id
 
       t.string    :stripe_customer_id
+      t.string    :payment_method_id
       t.string    :active_card
       t.string    :status
 

data/lib/effective_orders/engine.rb

@@ -23,6 +23,10 @@ module EffectiveOrders
       )
     end
 
+    initializer "effective_orders.append_precompiled_assets" do |app|
+      Rails.application.config.assets.precompile += ['effective_orders/*']
+    end
+
     initializer 'effective_orders.stripe', after: :load_config_initializers do
       if EffectiveOrders.stripe?
         begin

data/lib/effective_orders/version.rb

@@ -1,3 +1,3 @@
 module EffectiveOrders
-  VERSION = '4.2.7'.freeze
+  VERSION = '4.3.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_orders
 version: !ruby/object:Gem::Version
-  version: 4.2.7
+  version: 4.3.0
 platform: ruby
 authors:
 - Code and Effect
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-03 00:00:00.000000000 Z
+date: 2020-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -118,9 +118,10 @@ extra_rdoc_files: []
 files:
 - MIT-LICENSE
 - README.md
+- app/assets/images/effective_orders/stripe.png
 - app/assets/javascripts/effective_orders.js
 - app/assets/javascripts/effective_orders/customers.js.coffee
-- app/assets/javascripts/effective_orders/providers/stripe.js.coffee
+- app/assets/javascripts/effective_orders/providers/stripe.js
 - app/assets/javascripts/effective_orders/subscriptions.js.coffee
 - app/assets/stylesheets/effective_orders.scss
 - app/assets/stylesheets/effective_orders/_cart.scss
@@ -217,6 +218,7 @@ files:
 - app/views/effective/orders/purchased.html.haml
 - app/views/effective/orders/refund/_form.html.haml
 - app/views/effective/orders/show.html.haml
+- app/views/effective/orders/stripe/_element.html.haml
 - app/views/effective/orders/stripe/_form.html.haml
 - app/views/effective/orders_mailer/order_error.html.haml
 - app/views/effective/orders_mailer/order_receipt_to_admin.html.haml

data/app/assets/javascripts/effective_orders/providers/stripe.js.coffee

@@ -1,26 +0,0 @@
-stripeCheckoutHandler = (key, form) ->
-  StripeCheckout.configure
-    key: key
-    closed: -> EffectiveBootstrap.reset(form) unless form.hasClass('stripe-success')
-    token: (token, args) ->
-      if token.error
-        alert("An error ocurred when contacting Stripe. Your card has not been charged. Please refresh the page and try again. #{token.error.message}")
-      else
-        form.find("input[name$='[stripe_token]']").val('' + token['id'])
-        form.addClass('stripe-success').submit()
-
-$(document).on 'click', "#effective-orders-new-charge-form form [type='submit']", (event) ->
-  event.preventDefault()
-
-  obj = $('#effective-orders-new-charge-form')
-  $form = obj.find('form').first()
-  stripe = obj.data('stripe')
-
-  EffectiveForm.submitting($form)
-
-  stripeCheckoutHandler(stripe.key, $form).open
-    image: stripe.image
-    name: stripe.name
-    description: stripe.description
-    email: stripe.email
-    amount: stripe.amount