solidus_afterpay 0.1.0

data/Rakefile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'solidus_dev_support/rake_tasks'
+SolidusDevSupport::RakeTasks.install
+
+task default: 'extension:specs'

data/app/assets/javascripts/solidus_afterpay/afterpay_checkout.js

@@ -0,0 +1,131 @@
+$(function () {
+  function enableSubmit() {
+    /* If we're using jquery-ujs on the frontend, it will automatically disable
+     * the submit button, but do so in a setTimeout here:
+     * https://github.com/rails/jquery-rails/blob/master/vendor/assets/javascripts/jquery_ujs.js#L517
+     * The only way we can re-enable it is by delaying longer than that timeout
+     * or stopping propagation so their submit handler doesn't run. */
+    if ($.rails && typeof $.rails.enableFormElement !== "undefined") {
+      setTimeout(function () {
+        $.rails.enableFormElement($submitButton);
+        $submitButton
+          .attr("disabled", false)
+          .removeClass("disabled")
+          .addClass("primary");
+      }, 100);
+    } else if (
+      typeof Rails !== "undefined" &&
+      typeof Rails.enableElement !== "undefined"
+    ) {
+      /* Indicates that we have rails-ujs instead of jquery-ujs. Rails-ujs was added to rails
+       * core in Rails 5.1.0 */
+      setTimeout(function () {
+        Rails.enableElement($submitButton[0]);
+        $submitButton
+          .attr("disabled", false)
+          .removeClass("disabled")
+          .addClass("primary");
+      }, 100);
+    } else {
+      $submitButton
+        .attr("disabled", false)
+        .removeClass("disabled")
+        .addClass("primary");
+    }
+  }
+
+  function disableSubmit() {
+    $submitButton
+      .attr("disabled", true)
+      .removeClass("primary")
+      .addClass("disabled");
+  }
+
+  function addFormHook() {
+    $paymentForm.on("submit", function (event) {
+      var selectedPaymentMethodId = parseInt(
+        $("#payment-method-fields input[type='radio']:checked").val()
+      );
+
+      if (paymentMethodId === selectedPaymentMethodId) {
+        event.preventDefault();
+        disableSubmit();
+
+        Spree.ajax({
+          method: "POST",
+          url: "/solidus_afterpay/checkouts.json",
+          data: {
+            order_number: orderNumber,
+            payment_method_id: paymentMethodId,
+          },
+        })
+          .success(function (response) {
+            onSuccess(response);
+          })
+          .error(function (response) {
+            onError(response);
+          });
+      }
+    });
+  }
+
+  function onSuccess(response) {
+    AfterPay.initialize({ countryCode: "US" });
+    if (popupWindow) {
+      openAfterpayPopup(response);
+    } else {
+      AfterPay.redirect({ token: response.token });
+    }
+  }
+
+  function onError(response) {
+    enableSubmit();
+  }
+
+  function openAfterpayPopup(response) {
+    AfterPay.onComplete = function (event) {
+      if (event.data.status == "SUCCESS") {
+        onAfterpaySuccess(event);
+      } else {
+        onAfterpayCancel(event);
+      }
+    };
+    AfterPay.open();
+    AfterPay.transfer({ token: response.token });
+  }
+
+  function onAfterpaySuccess(event) {
+    Spree.ajax({
+      method: "POST",
+      url: "/solidus_afterpay/callbacks/confirm.json",
+      data: {
+        order_number: orderNumber,
+        payment_method_id: paymentMethodId,
+        order_token: event.data.orderToken,
+      },
+    })
+      .success(function (response) {
+        window.location.href = response.redirect_url;
+      })
+      .error(function (response) {
+        enableSubmit();
+      });
+  }
+
+  function onAfterpayCancel(event) {
+    enableSubmit();
+  }
+
+  if ($("#afterpay_checkout_payload").length > 0) {
+    var $paymentForm = $("#checkout_form_payment");
+    var $submitButton = $("input[type='submit']", $paymentForm);
+
+    var paymentMethodId = $("#afterpay_checkout_payload").data(
+      "payment-method-id"
+    );
+    var orderNumber = $("#afterpay_checkout_payload").data("order-number");
+    var popupWindow = $("#afterpay_checkout_payload").data("popup-window");
+
+    addFormHook();
+  }
+});

data/app/assets/javascripts/spree/backend/solidus_afterpay.js

@@ -0,0 +1,2 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/backend/all.js'

data/app/assets/javascripts/spree/frontend/solidus_afterpay.js

@@ -0,0 +1,4 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/frontend/all.js'
+
+//= require solidus_afterpay/afterpay_checkout

data/app/assets/stylesheets/spree/backend/solidus_afterpay.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/backend/all.css'
+*/

data/app/assets/stylesheets/spree/frontend/solidus_afterpay.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/frontend/all.css'
+*/

data/app/controllers/solidus_afterpay/base_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  class BaseController < ::Spree::BaseController
+    protect_from_forgery unless: -> { request.format.json? }
+
+    rescue_from ::ActiveRecord::RecordNotFound, with: :resource_not_found
+    rescue_from ::CanCan::AccessDenied, with: :unauthorized
+
+    private
+
+    def order_token
+      cookies.signed[:guest_token]
+    end
+
+    def resource_not_found
+      respond_to do |format|
+        format.html { redirect_to spree.cart_path, notice: I18n.t('solidus_afterpay.resource_not_found') }
+        format.json { render json: { error: I18n.t('solidus_afterpay.resource_not_found') }, status: :not_found }
+      end
+    end
+
+    def unauthorized
+      respond_to do |format|
+        format.html { redirect_to spree.cart_path, notice: I18n.t('solidus_afterpay.unauthorized') }
+        format.json { render json: { error: I18n.t('solidus_afterpay.unauthorized') }, status: :unauthorized }
+      end
+    end
+  end
+end

data/app/controllers/solidus_afterpay/callbacks_controller.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  class CallbacksController < SolidusAfterpay::BaseController
+    before_action :ensure_afterpay_order_token_presence, only: :confirm
+    before_action :ensure_order_not_completed, only: :confirm
+
+    def confirm
+      authorize! :update, order, order_token
+
+      if ::Spree::OrderUpdateAttributes.new(order, update_params, request_env: request.headers.env).apply
+        order.next
+      end
+
+      respond_to do |format|
+        format.html { redirect_to checkout_state_path(order.state) }
+        format.json { render json: { redirect_url: checkout_state_url(order.state) } }
+      end
+    end
+
+    def cancel
+      redirect_to checkout_state_path(order.state)
+    end
+
+    private
+
+    def update_params
+      {
+        payments_attributes: [{
+          payment_method: payment_method,
+          amount: order.total,
+          source_attributes: {
+            token: afterpay_order_token
+          }
+        }]
+      }
+    end
+
+    def order
+      @order ||= ::Spree::Order.find_by!(number: params[:order_number])
+    end
+
+    def payment_method
+      @payment_method ||= SolidusAfterpay::PaymentMethod.active.find(params[:payment_method_id])
+    end
+
+    def afterpay_order_token
+      params[:orderToken] || params[:order_token]
+    end
+
+    def ensure_afterpay_order_token_presence
+      return if afterpay_order_token
+
+      respond_to do |format|
+        format.html {
+          redirect_to checkout_state_path(order.state), notice: I18n.t('solidus_afterpay.order_token_not_found')
+        }
+        format.json { render json: { error: I18n.t('solidus_afterpay.order_token_not_found') }, status: :not_found }
+      end
+    end
+
+    def ensure_order_not_completed
+      return unless order.complete?
+
+      respond_to do |format|
+        format.html { redirect_to spree.order_path(order), notice: I18n.t('spree.order_already_completed') }
+        format.json { render json: { error: I18n.t('spree.order_already_completed') }, status: :unprocessable_entity }
+      end
+    end
+  end
+end

data/app/controllers/solidus_afterpay/checkouts_controller.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  class CheckoutsController < SolidusAfterpay.api_base_controller_parent_class
+    def create
+      authorize! :update, order, order_token
+
+      response = payment_method.gateway.create_checkout(
+        order,
+        redirect_confirm_url: redirect_confirm_url,
+        redirect_cancel_url: redirect_cancel_url
+      )
+
+      if response.success?
+        render json: {
+          token: response.params['token'],
+          expires: response.params['expires'],
+          redirectCheckoutUrl: response.params['redirectCheckoutUrl']
+        }, status: :created
+      else
+        render json: { error: response.message, errorCode: response.error_code }, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def order
+      @order ||= ::Spree::Order.find_by!(number: params[:order_number])
+    end
+
+    def payment_method
+      @payment_method ||= SolidusAfterpay::PaymentMethod.active.find(params[:payment_method_id])
+    end
+
+    def redirect_confirm_url
+      params[:redirect_confirm_url] || solidus_afterpay.callbacks_confirm_url(
+        order_number: order.number, payment_method_id: payment_method.id
+      )
+    end
+
+    def redirect_cancel_url
+      params[:redirect_cancel_url] || solidus_afterpay.callbacks_cancel_url(
+        order_number: order.number, payment_method_id: payment_method.id
+      )
+    end
+  end
+end

data/app/decorators/controllers/solidus_afterpay/spree/checkout_controller_decorator.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  module Spree
+    module CheckoutControllerDecorator
+      def self.prepended(base)
+        base.helper ::SolidusAfterpay::AfterpayHelper
+      end
+
+      ::Spree::CheckoutController.prepend(self) if SolidusSupport.frontend_available?
+    end
+  end
+end

data/app/decorators/models/solidus_afterpay/spree/order_decorator.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  module Spree
+    module OrderDecorator
+      def available_payment_methods
+        @available_payment_methods ||= super.select do |payment_method|
+          !payment_method.respond_to?(:available_for_order?) || payment_method.available_for_order?(self)
+        end
+      end
+
+      ::Spree::Order.prepend self
+    end
+  end
+end

data/app/helpers/solidus_afterpay/afterpay_helper.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module SolidusAfterpay
+  module AfterpayHelper
+    def include_afterpay_js(test_mode: false)
+      afterpay_js_url = if test_mode
+                          'https://portal.sandbox.afterpay.com/afterpay.js'
+                        else
+                          'https://portal.afterpay.com/afterpay.js'
+                        end
+
+      javascript_include_tag afterpay_js_url
+    end
+  end
+end

data/app/models/solidus_afterpay/gateway.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+require 'afterpay'
+
+module SolidusAfterpay
+  class Gateway
+    VOIDABLE_STATUSES = ['AUTH_APPROVED', 'PARTIALLY_CAPTURED'].freeze
+
+    def initialize(options)
+      ::Afterpay.configure do |config|
+        config.merchant_id = options[:merchant_id]
+        config.secret_key = options[:secret_key]
+        config.server = 'https://global-api-sandbox.afterpay.com/' if options[:test_mode]
+        config.user_agent = SolidusAfterpay::UserAgentGenerator.new(merchant_id: options[:merchant_id]).generate
+      end
+    end
+
+    def authorize(_amount, payment_source, _gateway_options)
+      result = {}
+
+      if payment_source.payment_method.preferred_deferred
+        response = ::Afterpay::API::Payment::Auth.call(
+          payment: ::Afterpay::Components::Payment.new(token: payment_source.token)
+        )
+        result = response.body
+      end
+
+      ActiveMerchant::Billing::Response.new(true, 'Transaction approved', result, authorization: result[:id])
+    rescue ::Afterpay::BaseError => e
+      message = e.message
+      error_code = e.error_code
+      if message == 'Afterpay::PaymentRequiredError'
+        message = I18n.t('solidus_afterpay.payment_declined')
+        error_code = 'payment_declined'
+      end
+      ActiveMerchant::Billing::Response.new(false, message, {}, error_code: error_code)
+    end
+
+    def capture(amount, response_code, gateway_options)
+      payment_method = gateway_options[:originator].payment_method
+
+      response = if payment_method.preferred_deferred
+                   deferred_capture(amount, response_code, gateway_options)
+                 else
+                   immediate_capture(amount, response_code, gateway_options)
+                 end
+      result = response.body
+
+      if result.status != 'APPROVED'
+        raise ::Afterpay::BaseError.new('payment_declined'), I18n.t('solidus_afterpay.payment_declined')
+      end
+
+      ActiveMerchant::Billing::Response.new(true, 'Transaction captured', result, authorization: result.id)
+    rescue ::Afterpay::BaseError => e
+      ActiveMerchant::Billing::Response.new(false, e.message, {}, error_code: e.error_code)
+    end
+
+    def purchase(amount, payment_source, gateway_options)
+      result = authorize(amount, payment_source, gateway_options)
+      return result unless result.success?
+
+      capture(amount, result.authorization, gateway_options)
+    end
+
+    def credit(amount, response_code, gateway_options)
+      response = ::Afterpay::API::Payment::Refund.call(
+        order_id: response_code,
+        refund: ::Afterpay::Components::Refund.new(
+          amount: ::Afterpay::Components::Money.new(
+            amount: Money.from_cents(amount).amount.to_s,
+            currency: gateway_options[:originator].payment.currency
+          ),
+          merchant_reference: gateway_options[:originator].payment.id
+        )
+      )
+      result = response.body
+
+      ActiveMerchant::Billing::Response.new(true, "Transaction Credited with #{amount}", result,
+        authorization: result.refundId)
+    rescue ::Afterpay::BaseError => e
+      ActiveMerchant::Billing::Response.new(false, e.message, {}, error_code: e.error_code)
+    end
+
+    def void(response_code, gateway_options)
+      payment_method = gateway_options[:originator].payment_method
+
+      unless payment_method.preferred_deferred
+        return ActiveMerchant::Billing::Response.new(false, "Transaction can't be voided", {},
+          error_code: 'void_not_allowed')
+      end
+
+      response = ::Afterpay::API::Payment::Void.call(
+        order_id: response_code,
+        payment: ::Afterpay::Components::Payment.new(
+          amount: ::Afterpay::Components::Money.new(
+            amount: gateway_options[:originator].amount.to_s,
+            currency: gateway_options[:currency]
+          )
+        )
+      )
+      result = response.body
+
+      ActiveMerchant::Billing::Response.new(true, 'Transaction voided', result, authorization: result.id)
+    rescue ::Afterpay::BaseError => e
+      ActiveMerchant::Billing::Response.new(false, e.message, {}, error_code: e.error_code)
+    end
+
+    def create_checkout(order, gateway_options)
+      response = ::Afterpay::API::Order::Create.call(
+        order: SolidusAfterpay::OrderComponentBuilder.new(
+          order: order,
+          redirect_confirm_url: gateway_options[:redirect_confirm_url],
+          redirect_cancel_url: gateway_options[:redirect_cancel_url]
+        ).call
+      )
+      result = response.body
+
+      ActiveMerchant::Billing::Response.new(true, 'Checkout created', result)
+    rescue ::Afterpay::BaseError => e
+      ActiveMerchant::Billing::Response.new(false, e.message, {}, error_code: e.error_code)
+    end
+
+    def find_payment(order_id:)
+      ::Afterpay::API::Payment::Find.call(order_id: order_id).body
+    rescue ::Afterpay::BaseError
+      nil
+    end
+
+    def retrieve_configuration
+      ::Afterpay::API::Configuration::Retrieve.call.body
+    rescue ::Afterpay::BaseError
+      nil
+    end
+
+    private
+
+    def immediate_capture(_amount, _response_code, gateway_options)
+      payment_source = gateway_options[:originator].payment_source
+
+      ::Afterpay::API::Payment::Capture.call(
+        payment: ::Afterpay::Components::Payment.new(token: payment_source.token)
+      )
+    end
+
+    def deferred_capture(amount, response_code, gateway_options)
+      ::Afterpay::API::Payment::DeferredCapture.call(
+        order_id: response_code,
+        payment: ::Afterpay::Components::Payment.new(
+          amount: ::Afterpay::Components::Money.new(
+            amount: Money.from_cents(amount).amount.to_s,
+            currency: gateway_options[:currency]
+          )
+        )
+      )
+    end
+  end
+end