pay 2.1.2 → 2.3.0

data/lib/pay/paddle/charge.rb

@@ -0,0 +1,39 @@
+module Pay
+  module Paddle
+    module Charge
+      extend ActiveSupport::Concern
+
+      included do
+        scope :paddle, -> { where(processor: :paddle) }
+
+        store_accessor :data, :paddle_receipt_url
+      end
+
+      def paddle?
+        processor == "paddle"
+      end
+
+      def paddle_charge
+        return unless owner.subscription
+        payments = PaddlePay::Subscription::Payment.list({subscription_id: owner.subscription.processor_id})
+        charges = payments.select { |p| p[:id].to_s == processor_id }
+        charges.try(:first)
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+
+      def paddle_refund!(amount_to_refund)
+        return unless owner.subscription
+        payments = PaddlePay::Subscription::Payment.list({subscription_id: owner.subscription.processor_id, is_paid: 1})
+        if payments.count > 0
+          PaddlePay::Subscription::Payment.refund(payments.last[:id], {amount: amount_to_refund})
+          update(amount_refunded: amount_to_refund)
+        else
+          raise Error, "Payment not found"
+        end
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+    end
+  end
+end

data/lib/pay/paddle/subscription.rb

@@ -0,0 +1,59 @@
+module Pay
+  module Paddle
+    module Subscription
+      extend ActiveSupport::Concern
+
+      included do
+        scope :paddle, -> { where(processor: :paddle) }
+
+        store_accessor :data, :paddle_update_url
+        store_accessor :data, :paddle_cancel_url
+      end
+
+      def paddle?
+        processor == "paddle"
+      end
+
+      def paddle_cancel
+        subscription = processor_subscription
+        PaddlePay::Subscription::User.cancel(processor_id)
+        if on_trial?
+          update(status: :canceled, ends_at: trial_ends_at)
+        else
+          update(status: :canceled, ends_at: DateTime.parse(subscription.next_payment[:date]))
+        end
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+
+      def paddle_cancel_now!
+        PaddlePay::Subscription::User.cancel(processor_id)
+        update(status: :canceled, ends_at: Time.zone.now)
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+
+      def paddle_pause
+        attributes = {pause: true}
+        response = PaddlePay::Subscription::User.update(processor_id, attributes)
+        update(status: :paused, ends_at: DateTime.parse(response[:next_payment][:date]))
+      end
+
+      def paddle_resume
+        attributes = {pause: false}
+        PaddlePay::Subscription::User.update(processor_id, attributes)
+        update(status: :active, ends_at: nil)
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+
+      def paddle_swap(plan)
+        attributes = {plan_id: plan, prorate: prorate}
+        attributes[:quantity] = quantity if quantity?
+        PaddlePay::Subscription::User.update(processor_id, attributes)
+      rescue ::PaddlePay::PaddlePayError => e
+        raise Error, e.message
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks.rb

@@ -0,0 +1 @@
+Dir[File.join(__dir__, "webhooks", "**", "*.rb")].sort.each { |file| require file }

data/lib/pay/paddle/webhooks/signature_verifier.rb

@@ -0,0 +1,115 @@
+require "base64"
+require "json"
+require "openssl"
+
+module Pay
+  module Paddle
+    module Webhooks
+      class SignatureVerifier
+        def initialize(data)
+          @data = data
+          @public_key_base64 = Pay::Paddle.public_key_base64
+        end
+
+        def verify
+          data = @data
+          public_key = Base64.decode64(@public_key_base64) if @public_key_base64
+          return false unless data && data["p_signature"] && public_key
+
+          # 'data' represents all of the POST fields sent with the request.
+          # Get the p_signature parameter & base64 decode it.
+          signature = Base64.decode64(data["p_signature"])
+
+          # Remove the p_signature parameter
+          data.delete("p_signature")
+
+          # Ensure all the data fields are strings
+          data.each { |key, value| data[key] = String(value) }
+
+          # Sort the data
+          data_sorted = data.sort_by { |key, value| key }
+
+          # and serialize the fields
+          # serialization library is available here: https://github.com/jqr/php-serialize
+          data_serialized = serialize(data_sorted, true)
+
+          # verify the data
+          digest = OpenSSL::Digest.new("SHA1")
+          pub_key = OpenSSL::PKey::RSA.new(public_key)
+          pub_key.verify(digest, signature, data_serialized)
+        end
+
+        private
+
+        # https://github.com/jqr/php-serialize/blob/master/lib/php_serialize.rb
+        #
+        # Returns a string representing the argument in a form PHP.unserialize
+        # and PHP's unserialize() should both be able to load.
+        #
+        #   string = PHP.serialize(mixed var[, bool assoc])
+        #
+        # Array, Hash, Fixnum, Float, True/FalseClass, NilClass, String and Struct
+        # are supported; as are objects which support the to_assoc method, which
+        # returns an array of the form [['attr_name', 'value']..].  Anything else
+        # will raise a TypeError.
+        #
+        # If 'assoc' is specified, Array's who's first element is a two value
+        # array will be assumed to be an associative array, and will be serialized
+        # as a PHP associative array rather than a multidimensional array.
+        def serialize(var, assoc = false)
+          s = ""
+          case var
+            when Array
+              s << "a:#{var.size}:{"
+              if assoc && var.first.is_a?(Array) && (var.first.size == 2)
+                var.each do |k, v|
+                  s << serialize(k, assoc) << serialize(v, assoc)
+                end
+              else
+                var.each_with_index do |v, i|
+                  s << "i:#{i};#{serialize(v, assoc)}"
+                end
+              end
+              s << "}"
+            when Hash
+              s << "a:#{var.size}:{"
+              var.each do |k, v|
+                s << "#{serialize(k, assoc)}#{serialize(v, assoc)}"
+              end
+              s << "}"
+            when Struct
+              # encode as Object with same name
+              s << "O:#{var.class.to_s.bytesize}:\"#{var.class.to_s.downcase}\":#{var.members.length}:{"
+              var.members.each do |member|
+                s << "#{serialize(member, assoc)}#{serialize(var[member], assoc)}"
+              end
+              s << "}"
+            when String, Symbol
+              s << "s:#{var.to_s.bytesize}:\"#{var}\";"
+            when Integer
+              s << "i:#{var};"
+            when Float
+              s << "d:#{var};"
+            when NilClass
+              s << "N;"
+            when FalseClass, TrueClass
+              s << "b:#{var ? 1 : 0};"
+            else
+              if var.respond_to?(:to_assoc)
+                v = var.to_assoc
+                # encode as Object with same name
+                s << "O:#{var.class.to_s.bytesize}:\"#{var.class.to_s.downcase}\":#{v.length}:{"
+                v.each do |k, v|
+                  s << "#{serialize(k.to_s, assoc)}#{serialize(v, assoc)}"
+                end
+                s << "}"
+              else
+                raise TypeError, "Unable to serialize type #{var.class}"
+              end
+          end
+          s
+        end
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks/subscription_cancelled.rb

@@ -0,0 +1,18 @@
+module Pay
+  module Paddle
+    module Webhooks
+      class SubscriptionCancelled
+        def initialize(data)
+          subscription = Pay.subscription_model.find_by(processor: :paddle, processor_id: data["subscription_id"])
+
+          # We couldn't find the subscription for some reason, maybe it's from another service
+          return if subscription.nil?
+
+          # User canceled subscriptions have an ends_at
+          # Automatically canceled subscriptions need this value set
+          subscription.update!(ends_at: DateTime.parse(data["cancellation_effective_date"])) if subscription.ends_at.blank? && data["cancellation_effective_date"].present?
+        end
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks/subscription_created.rb

@@ -0,0 +1,59 @@
+module Pay
+  module Paddle
+    module Webhooks
+      class SubscriptionCreated
+        def initialize(data)
+          # We may already have the subscription in the database, so we can update that record
+          subscription = Pay.subscription_model.find_by(processor: :paddle, processor_id: data["subscription_id"])
+
+          # Create the subscription in the database if we don't have it already
+          if subscription.nil?
+
+            # The customer could already be in the database
+            owner = Pay.find_billable(processor: :paddle, processor_id: data["user_id"])
+
+            if owner.nil?
+              owner = owner_by_passtrough(data["passthrough"], data["subscription_plan_id"])
+              owner&.update!(processor: "paddle", processor_id: data["user_id"])
+            end
+
+            if owner.nil?
+              Rails.logger.error("[Pay] Unable to find Pay::Billable with owner: '#{data["passthrough"]}'. Searched these models: #{Pay.billable_models.join(", ")}")
+              return
+            end
+
+            subscription = Pay.subscription_model.new(owner: owner, name: "default", processor: "paddle", processor_id: data["subscription_id"], status: :active)
+          end
+
+          subscription.quantity = data["quantity"]
+          subscription.processor_plan = data["subscription_plan_id"]
+          subscription.paddle_update_url = data["update_url"]
+          subscription.paddle_cancel_url = data["cancel_url"]
+          subscription.trial_ends_at = Time.zone.parse(data["next_bill_date"]) if data["status"] == "trialing"
+
+          # If user was on trial, their subscription ends at the end of the trial
+          subscription.ends_at = if ["paused", "deleted"].include?(data["status"]) && subscription.on_trial?
+            subscription.trial_ends_at
+
+          # User wasn't on trial, so subscription ends at period end
+          elsif ["paused", "deleted"].include?(data["status"])
+            Time.zone.parse(data["next_bill_date"])
+
+            # Subscription isn't marked to cancel at period end
+          end
+
+          subscription.save!
+        end
+
+        private
+
+        def owner_by_passtrough(passthrough, product_id)
+          passthrough_json = JSON.parse(passthrough)
+          GlobalID::Locator.locate_signed(passthrough_json["owner_sgid"])
+        rescue JSON::ParserError
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks/subscription_payment_refunded.rb

@@ -0,0 +1,21 @@
+module Pay
+  module Paddle
+    module Webhooks
+      class SubscriptionPaymentRefunded
+        def initialize(data)
+          charge = Pay.charge_model.find_by(processor: :paddle, processor_id: data["subscription_payment_id"])
+          return unless charge.present?
+
+          charge.update(amount_refunded: Integer(data["gross_refund"].to_f * 100))
+          notify_user(charge.owner, charge)
+        end
+
+        def notify_user(user, charge)
+          if Pay.send_emails
+            Pay::UserMailer.refund(user, charge).deliver_later
+          end
+        end
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks/subscription_payment_succeeded.rb

@@ -0,0 +1,64 @@
+module Pay
+  module Paddle
+    module Webhooks
+      class SubscriptionPaymentSucceeded
+        def initialize(data)
+          billable = Pay.find_billable(processor: :paddle, processor_id: data["user_id"])
+          return unless billable.present?
+          return if billable.charges.where(processor_id: data["subscription_payment_id"]).any?
+
+          charge = create_charge(billable, data)
+          notify_user(billable, charge)
+        end
+
+        def create_charge(user, data)
+          charge = user.charges.find_or_initialize_by(
+            processor: :paddle,
+            processor_id: data["subscription_payment_id"]
+          )
+
+          params = {
+            amount: Integer(data["sale_gross"].to_f * 100),
+            card_type: data["payment_method"],
+            paddle_receipt_url: data["receipt_url"],
+            created_at: DateTime.parse(data["event_time"])
+          }.merge(payment_params(data["subscription_id"]))
+
+          charge.update(params)
+
+          charge
+        end
+
+        def notify_user(user, charge)
+          if Pay.send_emails && charge.respond_to?(:receipt)
+            Pay::UserMailer.receipt(user, charge).deliver_later
+          end
+        end
+
+        private
+
+        def payment_params(subscription_id)
+          subscription_user = PaddlePay::Subscription::User.list({subscription_id: subscription_id}).try(:first)
+          payment_information = subscription_user ? subscription_user[:payment_information] : nil
+          return {} if payment_information.nil?
+
+          case payment_information[:payment_method]
+          when "card"
+            {
+              card_type: payment_information[:card_type],
+              card_last4: payment_information[:last_four_digits],
+              card_exp_month: payment_information[:expiry_date].split("/").first,
+              card_exp_year: payment_information[:expiry_date].split("/").last
+            }
+          when "paypal"
+            {
+              card_type: "PayPal"
+            }
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/pay/paddle/webhooks/subscription_updated.rb

@@ -0,0 +1,34 @@
+module Pay
+  module Paddle
+    module Webhooks
+      class SubscriptionUpdated
+        def initialize(data)
+          subscription = Pay.subscription_model.find_by(processor: :paddle, processor_id: data["subscription_id"])
+
+          return if subscription.nil?
+
+          subscription.status = data["status"] == "deleted" ? "canceled" : data["status"]
+          subscription.quantity = data["new_quantity"]
+          subscription.processor_plan = data["subscription_plan_id"]
+          subscription.paddle_update_url = data["update_url"]
+          subscription.paddle_cancel_url = data["cancel_url"]
+
+          subscription.trial_ends_at = DateTime.parse(data["next_bill_date"]) if data["status"] == "trialing"
+
+          # If user was on trial, their subscription ends at the end of the trial
+          subscription.ends_at = if ["paused", "deleted"].include?(data["status"]) && subscription.on_trial?
+            subscription.trial_ends_at
+
+          # User wasn't on trial, so subscription ends at period end
+          elsif ["paused", "deleted"].include?(data["status"])
+            DateTime.parse(data["next_bill_date"])
+
+            # Subscription isn't marked to cancel at period end
+          end
+
+          subscription.save!
+        end
+      end
+    end
+  end
+end

data/lib/pay/stripe.rb

@@ -12,6 +12,7 @@ module Pay
 
     def setup
       ::Stripe.api_key = private_key
+      ::Stripe.api_version = "2020-08-27"
       ::StripeEvent.signing_secret = signing_secret
 
       Pay.charge_model.include Pay::Stripe::Charge

data/lib/pay/stripe/billable.rb

@@ -1,6 +1,12 @@
 module Pay
   module Stripe
     module Billable
+      extend ActiveSupport::Concern
+
+      included do
+        scope :stripe, -> { where(processor: :stripe) }
+      end
+
       # Handles Billable#customer
       #
       # Returns Stripe::Customer
@@ -48,17 +54,20 @@ module Pay
       #
       # Returns Pay::Subscription
       def create_stripe_subscription(name, plan, options = {})
+        quantity = options.delete(:quantity) || 1
         opts = {
           expand: ["pending_setup_intent", "latest_invoice.payment_intent"],
-          items: [plan: plan],
+          items: [plan: plan, quantity: quantity],
           off_session: true
         }.merge(options)
 
         # Inherit trial from plan unless trial override was specified
         opts[:trial_from_plan] = true unless opts[:trial_period_days]
 
-        stripe_sub = customer.subscriptions.create(opts)
-        subscription = create_subscription(stripe_sub, "stripe", name, plan, status: stripe_sub.status)
+        opts[:customer] = stripe_customer.id
+
+        stripe_sub = ::Stripe::Subscription.create(opts)
+        subscription = create_subscription(stripe_sub, "stripe", name, plan, status: stripe_sub.status, quantity: quantity)
 
         # No trial, card requires SCA
         if subscription.incomplete?
@@ -94,7 +103,7 @@ module Pay
       def update_stripe_email!
         customer = stripe_customer
         customer.email = email
-        customer.description = customer_name
+        customer.name = customer_name
         customer.save
       end
 
@@ -134,7 +143,7 @@ module Pay
       private
 
       def create_stripe_customer
-        customer = ::Stripe::Customer.create(email: email, description: customer_name)
+        customer = ::Stripe::Customer.create(email: email, name: customer_name)
         update(processor: "stripe", processor_id: customer.id)
 
         # Update the user's card on file if a token was passed in