pay 2.1.3 → 2.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 883c55bf9abc32584d98fe56c9a710e92906bebc5322b1ec9ed9dadf92fcd9dc
-  data.tar.gz: da1849f216e7d5e3a8365b3427a4bebf914d51e1c41e9736bc3b8df726f58ef7
+  metadata.gz: 938efc72579bf8d24477a0e55060280a8e2d2df139860cdfe84dcc715f0eeb23
+  data.tar.gz: 3f00c21f027beae9a68d9da5228d9fa0165eeb2153d62e48544702565e0834d7
 SHA512:
-  metadata.gz: ab3d62146de9a533a9598e0d87970a019f8b23646a92110c3d62ef64ec8385c2158c7435c7b255648faa4740360634f59d5b3a16f95c44347e7aeedc004f9674
-  data.tar.gz: 598d32db66f8fd5b43cfb27766826223d4a7dd80c73204e23e6a5bb36783775f8c521d8682e4c466f059e6f71541b8c799cfed5bab1330fc4992901c06cb62cc
+  metadata.gz: 5d2ef6252a25049649fe460553766aa61122c2d3541b7eb6b4197ca4614c9110bcf9243fd5aa08ab90d32b2a224317dcf2e9275a8cd918bee4c0b8146703fd37
+  data.tar.gz: '0992d392de15e633d5dcd190f9ed25bd356cf1a8da548e14b2560314aafa59593e5fcb64a68d70d16d5b58a6b6df0df55eba7259bb88c92166439bc61974af0e'

data/README.md

@@ -2,14 +2,15 @@
 
 ## Pay - Payments engine for Ruby on Rails
 
-[![Build Status](https://github.com/pay-rails/pay/workflows/Tests/badge.svg)](https://github.com/pay-rails/pay/actions)
+[![Build Status](https://github.com/pay-rails/pay/workflows/Tests/badge.svg)](https://github.com/pay-rails/pay/actions) [![Gem Version](https://badge.fury.io/rb/pay.svg)](https://badge.fury.io/rb/pay)
 
 Pay is a payments engine for Ruby on Rails 4.2 and higher.
 
 **Current Payment Providers**
 
-- Stripe ([supports SCA](https://stripe.com/docs/strong-customer-authentication), API version [2019-03-14](https://stripe.com/docs/upgrades#2019-03-14) or higher required)
+- Stripe ([supports SCA](https://stripe.com/docs/strong-customer-authentication) using API version `2020-08-27`)
 - Braintree
+- Paddle
 
 Want to add a new payment provider? Contributions are welcome and the instructions [are here](https://github.com/jasoncharnes/pay/wiki/New-Payment-Provider).
 
@@ -35,6 +36,9 @@ gem 'stripe_event', '~> 2.3'
 # To use Braintree + PayPal, also include:
 gem 'braintree', '< 3.0', '>= 2.92.0'
 
+# To use Paddle, also include:
+gem 'paddle_pay', '~> 0.0.1'
+
 # To use Receipts
 gem 'receipts', '~> 1.0.0'
 ```
@@ -78,6 +82,8 @@ class User < ActiveRecord::Base
 end
 ```
 
+An `email` attribute or method on your `Billable` model is required.
+
 To sync over customer names, your `Billable` model should respond to the `first_name` and `last_name` methods. Pay will sync these over to your Customer objects in Stripe and Braintree.
 
 ## Configuration
@@ -131,10 +137,15 @@ development:
     public_key: yyyy
     merchant_id: aaaa
     environment: sandbox
+  paddle:
+    vendor_id: xxxx
+    vendor_auth_code: yyyy
+    public_key_base64: MII...==
 ```
 
 For Stripe, you can also use the `STRIPE_PUBLIC_KEY`, `STRIPE_PRIVATE_KEY` and `STRIPE_SIGNING_SECRET` environment variables.
 For Braintree, you can also use `BRAINTREE_MERCHANT_ID`, `BRAINTREE_PUBLIC_KEY`, `BRAINTREE_PRIVATE_KEY`, and `BRAINTREE_ENVIRONMENT` environment variables.
+For Paddle, you can also use `PADDLE_VENDOR_ID`, `PADDLE_VENDOR_AUTH_CODE` and `PADDLE_PUBLIC_KEY_BASE64` environment variables.
 
 ### Generators
 
@@ -194,6 +205,8 @@ user.on_generic_trial? #=> true
 
 #### Creating a Charge
 
+##### Stripe and Braintree
+
 ```ruby
 user = User.find_by(email: 'michael@bluthcompany.co')
 
@@ -217,8 +230,23 @@ different currencies, etc.
 On failure, a `Pay::Error` will be raised with details about the payment
 failure.
 
+##### Paddle
+It is only possible to create immediate one-time charges on top of an existing subscription.
+
+```ruby
+user = User.find_by(email: 'michael@bluthcompany.co')
+
+user.processor = 'paddle'
+user.charge(1500, {charge_name: "Test"}) # $15.00 USD
+
+```
+
+An existing subscription and a charge name are required.
+
 #### Creating a Subscription
 
+##### Stripe and Braintree
+
 ```ruby
 user = User.find_by(email: 'michael@bluthcompany.co')
 
@@ -244,20 +272,53 @@ For example, you can pass the `quantity` option to subscribe to a plan with for
 user.subscribe(name: "default", plan: "default", quantity: 3)
 ```
 
-##### Name
+###### Name
 
 Name is an internally used name for the subscription.
 
-##### Plan
+###### Plan
 
-Plan is the plan ID from the payment processor.
+Plan is the plan ID or price ID from the payment processor. For example: `plan_xxxxx` or `price_xxxxx`
 
-##### Options
+###### Options
 
 By default, the trial specified on the subscription will be used.
 
 `trial_period_days: 30` can be set to override and a trial to the subscription. This works the same for Braintree and Stripe.
 
+##### Paddle
+It is currently not possible to create a subscription through the API. Instead the subscription in Pay is created by the Paddle Subscription Webhook. In order to be able to assign the subcription to the correct owner, the Paddle [passthrough parameter](https://developer.paddle.com/guides/how-tos/checkout/pass-parameters) has to be used for checkout.
+
+To ensure that the owner cannot be tampered with, Pay uses a Signed Global ID with a purpose. The purpose string consists of "paddle_" and the subscription plan id (or product id respectively).
+
+Javascript Checkout:
+```javascript
+Paddle.Checkout.open({
+	product: 12345,
+	passthrough: "<%= Pay::Paddle.passthrough(owner: current_user) %>"
+});
+```
+
+Paddle Button Checkout:
+```html
+<a href="#!" class="paddle_button" data-product="12345" data-email="<%= current_user.email %>" data-passthrough="<%= Pay::Paddle.passthrough(owner: current_user) %>"
+```
+
+###### Passthrough
+
+Pay providers a helper method for generating the passthrough JSON object to associate the purchase with the correct Rails model.
+
+```ruby
+Pay::Paddle.passthrough(owner: current_user, foo: :bar)
+#=> { owner_sgid: "xxxxxxxx", foo: "bar" }
+
+# To generate manually without the helper
+#=> { owner_sgid: current_user.to_sgid.to_s, foo: "bar" }.to_json
+```
+
+Pay parses the passthrough JSON string and verifies the `owner_sgid` hash to match the webhook with the correct billable record.
+The passthrough parameter `owner_sgid` is only required for creating a subscription.
+
 #### Retrieving a Subscription from the Database
 
 ```ruby
@@ -314,26 +375,45 @@ Plan is the plan ID from the payment processor.
 
 #### Retrieving a Payment Processor Account
 
+##### Stripe and Braintree
+
 ```ruby
 user = User.find_by(email: 'george.michael@bluthcompany.co')
 
 user.customer #> Stripe or Braintree customer account
 ```
 
+##### Paddle
+
+It is currently not possible to retrieve a payment processor account through the API.
+
 #### Updating a Customer's Credit Card
 
+##### Stripe and Braintree
+
 ```ruby
 user = User.find_by(email: 'tobias@bluthcompany.co')
 
 user.update_card('payment_method_id')
 ```
 
+##### Paddle
+
+Paddle provides a unique [Update URL](https://developer.paddle.com/guides/how-tos/subscriptions/update-payment-details) for each user, which allows them to update the payment method.
+```ruby
+user = User.find_by(email: 'tobias@bluthcompany.co')
+
+user.subscription.paddle_update_url
+```
+
+
+
 #### Retrieving a Customer's Subscription from the Processor
 
 ```ruby
 user = User.find_by(email: 'lucille@bluthcompany.co')
 
-user.processor_subscription(subscription_id) #=> Stripe or Braintree Subscription
+user.processor_subscription(subscription_id) #=> Stripe, Braintree or Paddle Subscription
 ```
 
 ## Subscription API
@@ -370,14 +450,31 @@ user = User.find_by(email: 'carl.weathers@bluthcompany.co')
 user.subscription.active? #=> true or false
 ```
 
+#### Checking to See If a Subscription Is Paused
+
+```ruby
+user = User.find_by(email: 'carl.weathers@bluthcompany.co')
+
+user.subscription.paused? #=> true or false
+```
+
 #### Cancel a Subscription (At End of Billing Cycle)
 
+##### Stripe, Braintree and Paddle
+
 ```ruby
 user = User.find_by(email: 'oscar@bluthcompany.co')
 
 user.subscription.cancel
 ```
 
+##### Paddle
+In addition to the API, Paddle provides a subscription [Cancel URL](https://developer.paddle.com/guides/how-tos/subscriptions/cancel-and-pause) that you can redirect customers to cancel their subscription.
+
+```ruby
+user.subscription.paddle_cancel_url
+```
+
 #### Cancel a Subscription Immediately
 
 ```ruby
@@ -386,6 +483,16 @@ user = User.find_by(email: 'annyong@bluthcompany.co')
 user.subscription.cancel_now!
 ```
 
+#### Pause a Subscription
+
+##### Paddle
+
+```ruby
+user = User.find_by(email: 'oscar@bluthcompany.co')
+
+user.subscription.pause
+```
+
 #### Swap a Subscription to another Plan
 
 ```ruby
@@ -394,7 +501,17 @@ user = User.find_by(email: 'steve.holt@bluthcompany.co')
 user.subscription.swap("yearly")
 ```
 
-#### Resume a Subscription on a Grace Period
+#### Resume a Subscription
+
+##### Stripe or Braintree Subscription (on Grace Period)
+
+```ruby
+user = User.find_by(email: 'steve.holt@bluthcompany.co')
+
+user.subscription.resume
+```
+
+##### Paddle (Paused)
 
 ```ruby
 user = User.find_by(email: 'steve.holt@bluthcompany.co')
@@ -471,8 +588,8 @@ config.routes_path = '/secret-webhook-path'
 
 ## Payment Providers
 
-We support both Stripe and Braintree and make our best attempt to
-standardize the two. They function differently so keep that in mind if
+We support Stripe, Braintree and Paddle and make our best attempt to
+standardize the three. They function differently so keep that in mind if
 you plan on doing more complex payments. It would be best to stick with
 a single payment provider in that case so you don't run into
 discrepancies.
@@ -487,7 +604,22 @@ development:
     merchant_id: zzzz
     environment: sandbox
 ```
+#### Paddle
+
+```yaml
+  paddle:
+    vendor_id: xxxx
+    vendor_auth_code: yyyy
+    public_key_base64: MII...==
+```
+
+Paddle receipts can be retrieved by a charge receipt URL.
+```ruby
+user = User.find_by(email: 'annyong@bluthcompany.co')
 
+charge = user.charges.first
+charge.paddle_receipt_url
+```
 #### Stripe
 
 You'll need to add your private Stripe API key to your Rails secrets `config/secrets.yml`, credentials `rails credentials:edit`
@@ -504,6 +636,20 @@ You can also use the `STRIPE_PRIVATE_KEY` and `STRIPE_SIGNING_SECRET` environmen
 
 **To see how to use Stripe Elements JS & Devise, [click here](https://github.com/jasoncharnes/pay/wiki/Using-Stripe-Elements-and-Devise).**
 
+You need the following event types to trigger the webhook:
+
+```
+customer.subscription.updated
+customer.subscription.deleted
+customer.subscription.created
+payment_method.updated
+invoice.payment_action_required
+customer.updated
+customer.deleted
+charge.succeeded
+charge.refunded
+```
+
 ##### Strong Customer Authentication (SCA)
 
 Our Stripe integration **requires** the use of Payment Method objects to correctly support Strong Customer Authentication with Stripe. If you've previously been using card tokens, you'll need to upgrade your Javascript integration.
@@ -518,9 +664,7 @@ correctly for SCA payments.
 stripe listen --forward-to localhost:3000/pay/webhooks/stripe
 ```
 
-You should use `stripe.handleCardSetup` on the client to collect card information anytime you want to save the card and charge them later (adding a card, then charging them on the next page for example). Use `stripe.handleCardPayment` if you'd like to charge the customer immediately (think checking out of a shopping cart).
-
-The Javascript will now need to use createPaymentMethod instead of createToken. https://stripe.com/docs/js/payment_intents/create_payment_method
+You should use `stripe.confirmCardSetup` on the client to collect card information anytime you want to save the card and charge them later (adding a card, then charging them on the next page for example). Use `stripe.confirmCardPayment` if you'd like to charge the customer immediately (think checking out of a shopping cart).
 
 The Javascript also needs to have a PaymentIntent or SetupIntent created server-side and the ID passed into the Javascript to do this. That way it knows how to safely handle the card tokenization if it meets the SCA requirements.
 
@@ -552,7 +696,10 @@ If you have an issue you'd like to submit, please do so using the issue tracker
 
 If you'd like to open a PR please make sure the following things pass:
 
-- `rake test`
+```ruby
+bin/rails db:test:prepare
+bin/rails test
+```
 
 ## License
 

data/Rakefile

@@ -4,6 +4,8 @@ rescue LoadError
   puts "You must `gem install bundler` and `bundle install` to run rake tasks"
 end
 
+require "bundler/gem_tasks"
+
 require "rdoc/task"
 
 RDoc::Task.new(:rdoc) do |rdoc|
@@ -19,10 +21,6 @@ load "rails/tasks/engine.rake"
 
 load "rails/tasks/statistics.rake"
 
-unless Rails.env.test?
-  require "bundler/gem_tasks"
-end
-
 require "rake/testtask"
 
 Rake::TestTask.new(:test) do |t|

data/app/controllers/pay/payments_controller.rb

@@ -1,6 +1,9 @@
 module Pay
   class PaymentsController < ApplicationController
+    layout "pay/application"
+
     def show
+      @redirect_to = params[:back].presence || root_path
       @payment = Payment.from_id(params[:id])
     end
   end

data/app/controllers/pay/webhooks/paddle_controller.rb

@@ -0,0 +1,36 @@
+module Pay
+  module Webhooks
+    class PaddleController < Pay::ApplicationController
+      if Rails.application.config.action_controller.default_protect_from_forgery
+        skip_before_action :verify_authenticity_token
+      end
+
+      def create
+        verifier = Pay::Paddle::Webhooks::SignatureVerifier.new(check_params.as_json)
+        if verifier.verify
+          case params["alert_name"]
+          when "subscription_created"
+            Pay::Paddle::Webhooks::SubscriptionCreated.new(check_params.as_json)
+          when "subscription_updated"
+            Pay::Paddle::Webhooks::SubscriptionUpdated.new(check_params.as_json)
+          when "subscription_cancelled"
+            Pay::Paddle::Webhooks::SubscriptionCancelled.new(check_params.as_json)
+          when "subscription_payment_succeeded"
+            Pay::Paddle::Webhooks::SubscriptionPaymentSucceeded.new(check_params.as_json)
+          when "subscription_payment_refunded"
+            Pay::Paddle::Webhooks::SubscriptionPaymentRefunded.new(check_params.as_json)
+          end
+          render json: {success: true}, status: :ok
+        else
+          head :ok
+        end
+      end
+
+      private
+
+      def check_params
+        params.except(:action, :controller).permit!
+      end
+    end
+  end
+end

data/app/mailers/pay/user_mailer.rb

@@ -37,7 +37,7 @@ module Pay
 
       mail(
         to: to(user),
-        subject: Pay.payment_action_required_subject
+        subject: Pay.email_action_required_subject
       )
     end
 

data/app/models/pay/application_record.rb

@@ -1,5 +1,10 @@
 module Pay
-  class ApplicationRecord < ActiveRecord::Base
+  class ApplicationRecord < Pay.model_parent_class.constantize
     self.abstract_class = true
+
+    def self.json_column?(name)
+      return unless connected? && table_exists?
+      [:json, :jsonb].include?(attribute_types[name].type)
+    end
   end
 end

data/app/models/pay/charge.rb

@@ -2,6 +2,9 @@ module Pay
   class Charge < ApplicationRecord
     self.table_name = Pay.chargeable_table
 
+    # Only serialize for non-json columns
+    serialize :data unless json_column?("data")
+
     # Associations
     belongs_to :owner, polymorphic: true
 
@@ -39,5 +42,9 @@ module Pay
     def paypal?
       braintree? && card_type == "PayPal"
     end
+
+    def paddle?
+      processor == "paddle"
+    end
   end
 end