solidus_bolt 0.0.1

data/spec/models/solidus_bolt/gateway_spec.rb

@@ -0,0 +1,130 @@
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::Gateway, type: :model do
+  let(:order) { create(:order_with_line_items) }
+  let(:amount) { (order.total * 100).to_i }
+  let(:payment_method) { create(:bolt_payment_method) }
+  let(:payment_source) { create(:bolt_payment_source, payment_method: payment_method) }
+  let(:payment) {
+    create(:payment, order: order, source_id: payment_source.id, source_type: SolidusBolt::PaymentSource,
+      payment_method: payment_method)
+  }
+  let(:gateway_options) {
+    {
+      order_id: "#{order.number}-123456",
+      originator: payment
+    }
+  }
+
+  describe '#authorize' do
+    subject(:authorize) { described_class.new.authorize(nil, payment_source, gateway_options) }
+
+    let(:response) { { 'transaction' => { 'reference' => 'fakereference', 'from_credit_card' => { 'id' => '1234' } } } }
+
+    before { allow(SolidusBolt::Transactions::AuthorizeService).to receive(:call).and_return(response) }
+
+    it 'updates the card_id of the payment_source' do
+      authorize
+      expect(payment_source.reload.card_id).to eq('1234')
+    end
+
+    it 'returns an active merchant billing response' do
+      expect(authorize).to be_an_instance_of(ActiveMerchant::Billing::Response)
+    end
+
+    it 'stores the transaction reference as response code' do
+      expect(authorize.authorization).to eq('fakereference')
+    end
+  end
+
+  describe '#capture' do
+    subject(:capture) { described_class.new.capture(amount, response_code, gateway_options) }
+
+    let(:response_code) { 'the_amazing_spiderman' }
+    let(:response) {
+      { 'reference' => response_code }
+    }
+
+    before do
+      allow(SolidusBolt::Transactions::CaptureService).to receive(:call).and_return(response)
+    end
+
+    it 'returns an active merchant billing response' do
+      expect(capture).to be_an_instance_of(ActiveMerchant::Billing::Response)
+    end
+
+    it 'stores the transaction reference as response code' do
+      expect(capture.authorization).to eq response_code
+    end
+  end
+
+  describe '#void' do
+    subject(:void) { described_class.new.void(response_code, gateway_options) }
+
+    let(:response_code) { 'the_amazing_spiderman' }
+
+    let(:response) {
+      { 'id' => "id-#{response_code}", 'reference' => response_code }
+    }
+
+    before do
+      allow(SolidusBolt::Transactions::VoidService).to receive(:call).and_return(response)
+    end
+
+    it 'returns an active merchant billing response' do
+      expect(void).to be_an_instance_of(ActiveMerchant::Billing::Response)
+    end
+
+    it 'stores the transaction reference as response code' do
+      expect(void.authorization).to eq response_code
+    end
+  end
+
+  describe '#credit' do
+    subject(:credit) { described_class.new.credit(amount, response_code, gateway_options) }
+
+    let(:gateway_options) { { originator: Spree::Refund.new(payment_id: payment.id, amount: payment.amount) } }
+    let(:response_code) { 'the_amazing_spiderman' }
+
+    # Since reference returned by Refund API Call is different
+    # from the reference for the original transaction, the refernce has been
+    # randomised in the response here
+    let(:response) {
+      { 'reference' => SecureRandom.hex }
+    }
+
+    before do
+      allow(SolidusBolt::Transactions::RefundService).to receive(:call).and_return(response)
+      payment.update(response_code: response_code)
+    end
+
+    it 'returns an active merchant billing response' do
+      expect(credit).to be_an_instance_of(ActiveMerchant::Billing::Response)
+    end
+
+    it 'stores the transaction reference as response code' do
+      expect(credit.authorization).to eq response['reference']
+    end
+  end
+
+  describe '#purchase' do
+    subject(:purchase) { described_class.new.purchase(nil, payment_source, gateway_options) }
+
+    let(:response) { { 'transaction' => { 'reference' => 'fakereference', 'from_credit_card' => { 'id' => '1234' } } } }
+
+    before { allow(SolidusBolt::Transactions::AuthorizeService).to receive(:call).and_return(response) }
+
+    it 'updates the card_id of the payment_source' do
+      purchase
+      expect(payment_source.reload.card_id).to eq('1234')
+    end
+
+    it 'returns an active merchant billing response' do
+      expect(purchase).to be_an_instance_of(ActiveMerchant::Billing::Response)
+    end
+
+    it 'stores the transaction reference as response code' do
+      expect(purchase.authorization).to eq('fakereference')
+    end
+  end
+end

data/spec/models/solidus_bolt/payment_method_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::PaymentMethod, type: :model do
+  describe '#gateway_class' do
+    it 'has correct gateway class' do
+      expect(described_class.new.gateway_class).to eq SolidusBolt::Gateway
+    end
+  end
+
+  describe '#payment_source_class' do
+    it 'has correct payment_source class' do
+      expect(described_class.new.payment_source_class).to eq SolidusBolt::PaymentSource
+    end
+  end
+
+  describe '#partial_name' do
+    it 'has correct partial name' do
+      expect(described_class.new.partial_name).to eq 'bolt'
+    end
+  end
+end

data/spec/models/solidus_bolt/payment_source_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::PaymentSource, type: :model do
+  let(:payment_source) { build(:bolt_payment_source) }
+
+  describe 'validations' do
+    context 'with payment_method_id present' do
+      it 'is valid' do
+        expect(payment_source.valid?).to be(true)
+      end
+    end
+
+    context 'with payment_method_id absent' do
+      before { payment_source.payment_method_id = nil }
+
+      it 'is invalid' do
+        expect(payment_source.valid?).to be(false)
+        expect(payment_source.errors.messages.first.to_a).to eq([:payment_method_id, ["can't be blank"]])
+      end
+    end
+  end
+end

data/spec/requests/solidus_bolt/accounts_controller_spec.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::AccountsController, type: :request do
+  describe '#create' do
+    subject(:call) do
+      post '/api/accounts/bolt', params: params, headers: { 'X-Bolt-Hmac-Sha256' => bolt_hash }, as: :json
+    end
+
+    let(:user) { create(:user, email: 'user@bolt.com') }
+    let(:params) { { account: { email: user.email } } }
+
+    before { call }
+
+    context 'when valid' do
+      let(:bolt_hash) { "+mDzzN0xsvB0UzO0NoAyMJYx/byPs++cccpR4tiEN0c=" }
+
+      it 'has http status ok' do
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    context 'when not valid' do
+      let(:bolt_hash) { "CaAA/XZsO4wl6q/G7cyWY9KVcaWvieH7UWM6XoFcsmU=" }
+      let(:params) { { account: { email: 'fake@email.com' } } }
+
+      it 'has http status not found' do
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    context 'when not bolt request' do
+      let(:bolt_hash) { 'notBoltHash' }
+
+      it 'has http status unauthorized' do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+end

data/spec/requests/solidus_bolt/webhooks_controller_spec.rb

@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::WebhooksController, type: :request do
+  describe '#update' do
+    subject(:endpoint_call) do
+      post '/webhooks/bolt', params: params, headers: { 'X-Bolt-Hmac-Sha256' => bolt_hash }, as: :json
+    end
+
+    let(:bolt_hash) { "IvjuqQlACvmK3zaBqfMZI+9rf8ukq7VT2Sgjo+nVwl4=" }
+    let(:params) { { webhook: {} } }
+    let(:payment) { create(:bolt_payment, response_code: 'V2YW-NYNR-2MYM') }
+
+    context 'when valid' do
+      let(:expected_params) { ActionController::Parameters.new({}) }
+
+      before do
+        allow(::SolidusBolt::Sorter).to receive(:call)
+        endpoint_call
+      end
+
+      it 'has http status success' do
+        expect(response).to have_http_status(:success)
+      end
+
+      it 'calls the webhook sorter with the correct params' do
+        expect(SolidusBolt::Sorter).to have_received(:call).with(expected_params)
+      end
+    end
+
+    context 'when webhook type is `capture`' do
+      let(:params) do
+        {
+          webhook: {
+            type: 'capture',
+            data: { reference: payment.response_code, captures: [{ amount: { amount: 1000 } }] }
+          }
+        }
+      end
+      let(:bolt_hash) { "UlgQupKN61uY+5G126Ue0CvOPLtuHux36GZrAA1LKyo=" }
+
+      before do
+        allow(SolidusBolt::Payments::CaptureSyncService).to receive(:call).with(payment: payment, capture_amount: 1000)
+        endpoint_call
+      end
+
+      it 'calls the Sorter, which calls the CaptureHandler, which calls the CaptureSyncService with params' do
+        expect(SolidusBolt::Payments::CaptureSyncService).to have_received(:call).with(
+          payment: payment, capture_amount: 1000
+        )
+      end
+    end
+
+    context 'when webhook type is `void`' do
+      let(:params) { { webhook: { type: 'void', data: { reference: payment.response_code } } } }
+      let(:bolt_hash) { "W4+7RvJLQaBkLdddmCnAy59QFPrF3No2olkTcfdNmVE=" }
+
+      before do
+        allow(SolidusBolt::Payments::VoidSyncService).to receive(:call).with(payment: payment)
+        endpoint_call
+      end
+
+      it 'calls the Sorter, which calls the VoidHandler, which calls the VoidSyncService with params' do
+        expect(SolidusBolt::Payments::VoidSyncService).to have_received(:call).with(payment: payment)
+      end
+    end
+
+    context 'when webhook type is `credit`' do
+      let(:transaction_id) { 'AAAA-BBBB-CCCC' }
+      let(:params) do
+        {
+          webhook: {
+            type: 'credit',
+            data: {
+              reference: transaction_id,
+              source_transaction: { reference: payment.response_code },
+              requested_refund_amount: { amount: 1000 }
+            }
+          }
+        }
+      end
+      let(:bolt_hash) { "My7opJkmglzXpNi1rn/UDmPeaeDHoSm2ebuWwBYJrW0=" }
+
+      before do
+        allow(SolidusBolt::Payments::CreditSyncService).to receive(:call).with(
+          payment: payment, amount: 1000, transaction_id: transaction_id
+        )
+        endpoint_call
+      end
+
+      it 'calls the Sorter, which calls the CreditHandler, which calls the CreditSyncService with params' do
+        expect(SolidusBolt::Payments::CreditSyncService).to have_received(:call).with(
+          payment: payment, amount: 1000, transaction_id: transaction_id
+        )
+      end
+    end
+
+    context 'when not valid' do
+      before do
+        allow(::SolidusBolt::Sorter).to receive(:call).and_raise(StandardError)
+        endpoint_call
+      end
+
+      it 'has http status unprocessable entity' do
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+
+    context 'when not bolt request' do
+      let(:bolt_hash) { 'notBoltHash' }
+
+      before do
+        endpoint_call
+      end
+
+      it 'has http status unauthorized' do
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+end

data/spec/requests/spree/admin/bolt_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+RSpec.describe "Spree::Admin::Bolts", type: :request do
+  stub_authorization!
+
+  let(:bolt_configuration_params) {
+    {
+      bearer_token: SecureRandom.hex,
+      environment: 'sandbox',
+      merchant_public_id: SecureRandom.hex,
+      division_public_id: SecureRandom.hex,
+      api_key: SecureRandom.hex,
+      signing_secret: SecureRandom.hex,
+      publishable_key: SecureRandom.hex
+    }
+  }
+
+  describe "GET /show" do
+    it 'returns a successful response' do
+      get '/admin/bolt'
+      expect(response.status).to eq 200
+    end
+
+    it 'creates a new SolidusBolt::BoltConfiguration record if no records are present' do
+      expect { get '/admin/bolt' }.to change { SolidusBolt::BoltConfiguration.count }.by(1)
+    end
+  end
+
+  describe "GET /edit" do
+    let(:bolt_configuration) { create(:bolt_configuration) }
+
+    it 'returns a successful response' do
+      get '/admin/bolt/edit'
+      expect(response.status).to eq 200
+    end
+  end
+
+  describe "PUT /update" do
+    subject(:request) {
+      put '/admin/bolt', params: { solidus_bolt_bolt_configuration: bolt_configuration_params }
+    }
+
+    let(:bolt_configuration) { create(:bolt_configuration) }
+
+    it 'successfully redirects' do
+      request
+      expect(response.status).to eq 302
+    end
+
+    it 'redirects to index' do
+      request
+      expect(response).to redirect_to '/admin/bolt'
+    end
+
+    it 'successfully updates the bolt configuration' do
+      request
+
+      updated_attributes = SolidusBolt::BoltConfiguration.fetch.attributes.slice(
+        'bearer_token',
+        'environment',
+        'merchant_public_id',
+        'division_public_id',
+        'api_key',
+        'signing_secret',
+        'publishable_key'
+      )
+
+      expect(updated_attributes).to eq(bolt_configuration_params.deep_stringify_keys)
+    end
+  end
+end

data/spec/requests/spree/admin/bolt_webhook_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+RSpec.describe "Spree::Admin::BoltWebhooks", type: :request do
+  stub_authorization!
+
+  describe "GET /new" do
+    it 'returns a successful response' do
+      get '/admin/bolt_webhook/new'
+      expect(response.status).to eq 200
+    end
+  end
+
+  describe "POST /create" do
+    subject(:request) {
+      post '/admin/bolt_webhook', params: { bolt_webhook: params }
+    }
+
+    let(:params) { { event: 'all', webhook_url: 'https://solidus-test.com/webhook' } }
+
+    before do
+      allow(SolidusBolt::Webhooks::CreateService).to receive(:call).and_return({ 'webhook_id' => 'BOLT_WEBHOOK_ID' })
+    end
+
+    it 'calls the correct service' do
+      request
+      expect(
+        SolidusBolt::Webhooks::CreateService
+      )
+        .to have_received(:call)
+        .with(
+          { event: 'all', url: 'https://solidus-test.com/webhook' }
+        )
+    end
+  end
+end

data/spec/requests/spree/checkout_controller_spec.rb

@@ -0,0 +1,117 @@
+require 'spec_helper'
+
+RSpec.describe "Spree::CheckoutController", type: :request do
+  stub_authorization!
+
+  let(:user) { create(:user_with_addresses) }
+
+  before do
+    # rubocop:disable RSpec/AnyInstance
+    allow_any_instance_of(Spree::CheckoutController).to receive(:current_order).and_return(order)
+    allow_any_instance_of(Spree::CheckoutController).to receive(:spree_current_user).and_return(user)
+    allow_any_instance_of(SolidusBolt::BoltConfiguration).to(
+      receive(:embed_js).and_return('https://connect-sandbox.bolt.com/embed.js')
+    )
+    # rubocop:enable RSpec/AnyInstance
+  end
+
+  describe "GET /checkout/address" do
+    let(:order) { Spree::TestingSupport::OrderWalkthrough.up_to(:address) }
+
+    before { allow(SolidusBolt::Users::SyncAddressesService).to receive(:call) }
+
+    it 'returns a successful response' do
+      get '/checkout/address'
+
+      expect(response.status).to eq 200
+    end
+
+    it 'calls the service to sync addresses' do
+      get '/checkout/address'
+
+      expect(SolidusBolt::Users::SyncAddressesService).to have_received(:call)
+    end
+  end
+
+  describe "GET /checkout/payment" do
+    let(:order) { Spree::TestingSupport::OrderWalkthrough.up_to(:payment) }
+
+    before { allow(SolidusBolt::Users::SyncPaymentSourcesService).to receive(:call) }
+
+    it 'returns a successful response' do
+      get '/checkout/payment'
+
+      expect(response.status).to eq 200
+    end
+
+    it 'calls the service to sync payment sources' do
+      get '/checkout/payment'
+
+      expect(SolidusBolt::Users::SyncPaymentSourcesService).to have_received(:call)
+    end
+  end
+
+  describe 'PATCH /checkout/update/confirm' do
+    subject(:confirm_order) { patch '/checkout/update/confirm' }
+
+    let(:order) { FactoryBot.create(:order_with_totals) }
+    let(:payment) { create(:payment, amount: order.total, order: order) }
+    let(:session) { { bolt_access_token: access_token } }
+    let(:access_token) { nil }
+
+    before do
+      # use test preparation from solidusio/solidus/frontend/spec/controllers/spree/checkout_controller_spec.rb
+      # because Spree::TestingSupport::OrderWalkthrough.up_to(:confirm) doesn't work
+      order.update! user: user
+      order.update(state: 'confirm')
+      payment
+      order.create_proposed_shipments
+      order.payments.reload
+
+      # request calls Gateway#authorize - need to stub it to test our action
+      allow(SolidusBolt::Transactions::AuthorizeService).to(receive(:call).and_return({
+        'transaction' => { 'from_credit_card' => { 'id' => 'CreditCardId' } }
+      }))
+
+      # rubocop:disable RSpec/AnyInstance
+      allow_any_instance_of(ActionDispatch::Request).to receive(:session).and_return(session)
+      # rubocop:enable RSpec/AnyInstance
+    end
+
+    it 'redirects to completion route' do
+      confirm_order
+      expect(response).to redirect_to spree.order_path(order)
+    end
+
+    context 'with logged in Bolt user and Bolt payment' do
+      let(:access_token) { 'accesstoken' }
+      let(:payment) { create(:bolt_payment, amount: order.total, order: order) }
+
+      before { allow(SolidusBolt::Users::RefreshAccessTokenService).to receive(:call).and_return(access_token) }
+
+      it 'calls the job to add addresses' do
+        expect { confirm_order }.to(have_enqueued_job(SolidusBolt::AddAddressJob).twice.with { |hash|
+          expect(hash[:order]).to eq(order)
+          expect(hash[:access_token]).to eq(access_token)
+          expect(user.addresses).to include(hash[:address])
+        })
+      end
+    end
+
+    context 'with logged in Bolt user' do
+      let(:access_token) { 'accesstoken' }
+
+      it 'skips the job call to add addresses' do
+        expect { confirm_order }.not_to have_enqueued_job(SolidusBolt::AddAddressJob)
+      end
+    end
+
+    context 'with Bolt payment' do
+      let(:payment) { create(:bolt_payment, amount: order.total, order: order) }
+
+      it 'skips the job call to add addresses' do
+        expect { confirm_order }.not_to have_enqueued_job(SolidusBolt::AddAddressJob)
+      end
+    end
+  end
+end

data/spec/services/solidus_bolt/accounts/add_address_service_spec.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::Accounts::AddAddressService, :vcr, :bolt_configuration do
+  describe '#call', vcr: true do
+    subject(:add_address) { described_class.call(access_token: access_token, order: order, address: address) }
+
+    let(:order) { build(:order) }
+    let(:address) { order.bill_address }
+
+    context 'with wrong access_token' do
+      let(:access_token) { 'Bolt Access Token' }
+
+      it 'gives an error' do
+        expect{ add_address }.to raise_error(SolidusBolt::ServerError, 'This action is forbidden.')
+      end
+    end
+
+    context 'with correct access_token' do
+      let(:access_token) { ENV['BOLT_ACCESS_TOKEN'] }
+      let(:address) { build(:address, address1: '6420') }
+
+      it 'receives a successful response' do
+        expect(add_address).to match hash_including('id')
+        expect(add_address['street_address1']).to eq(address.address1)
+      end
+    end
+
+    context 'with existing address' do
+      let(:access_token) { ENV['BOLT_ACCESS_TOKEN'] }
+
+      let(:address) { build(:address, address1: 'PO Box 1337', zipcode: '10001') }
+
+      it 'skips the add_address call' do
+        expect(add_address).to be(nil)
+      end
+    end
+  end
+end
+
+# This spec depends on the bolt_access_token that needs to be generated manually
+# and added to the environment variable BOLT_ACCESS_TOKEN.
+# Generate a new access token by logging into an existing user bolt account on
+# development environment and copying the token from the session['bolt_access_token'] key.

data/spec/services/solidus_bolt/accounts/add_payment_method_service_spec.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::Accounts::AddPaymentMethodService, :vcr, :bolt_configuration do
+  describe '#call', vcr: true do
+    subject(:add_payment_method) do
+      described_class.call(
+        access_token: access_token, credit_card: credit_card_payload, address: address, email: 'example@email.com'
+      )
+    end
+
+    let(:address) { build(:address) }
+    let(:card_number) { '4111111111111004' }
+    let(:credit_card_payload) do
+      tokenize_credit_card(credit_card_number: card_number, cvv: '111')
+        .merge(
+          number: card_number,
+          expiration: (Time.current + 1.year).strftime('%Y-%m'),
+          token_type: 'bolt',
+          postal_code: address.zipcode
+        )
+    end
+
+    context 'with wrong access_token' do
+      let(:access_token) { 'Bolt Access Token' }
+
+      it 'gives an error' do
+        expect{ add_payment_method }.to raise_error(SolidusBolt::ServerError, 'This action is forbidden.')
+      end
+    end
+
+    context 'with correct access_token' do
+      let(:access_token) { ENV['BOLT_ACCESS_TOKEN'] }
+
+      it 'receives a successful response' do
+        expect(add_payment_method).to match hash_including('id')
+        expect(add_payment_method['last4']).to eq('1004')
+      end
+    end
+  end
+end
+
+# This spec depends on the bolt_access_token that needs to be generated manually
+# and added to the environment variable BOLT_ACCESS_TOKEN.
+# Generate a new access token by logging into an existing user bolt account on
+# development environment and copying the token from the session['bolt_access_token'] key.

data/spec/services/solidus_bolt/accounts/detail_service_spec.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusBolt::Accounts::DetailService, :vcr, :bolt_configuration do
+  describe '#call', vcr: true do
+    subject(:detail) { described_class.call(access_token: access_token) }
+
+    context 'with wrong access_token' do
+      let(:access_token) { 'Bolt Access Token' }
+
+      it 'gives an error' do
+        expect{ detail }.to raise_error(SolidusBolt::ServerError, 'This action is forbidden.')
+      end
+    end
+
+    context 'with correct access_token' do
+      let(:access_token) { ENV['BOLT_ACCESS_TOKEN'] }
+
+      it 'receives a successful response' do
+        expect(detail).to match hash_including('profile')
+        expect(detail).to match hash_including('addresses')
+        expect(detail).to match hash_including('payment_methods')
+      end
+    end
+  end
+end
+
+# This spec depends on the bolt_access_token that needs to be generated manually
+# and added to the environment variable BOLT_ACCESS_TOKEN.
+# Generate a new access token by logging into an existing user bolt account on
+# development environment and copying the token from the session['bolt_access_token'] key.