solidus_braintree 1.2.0 → 3.0.0

data/spec/support/solidus_braintree/factories.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  # Define your Spree extensions Factories within this file to enable applications,
+  # and other extensions to use and override them.
+  #
+  # Example adding this to your spec_helper will load these Factories for use:
+  # require 'solidus_braintree/factories'
+
+  factory :solidus_braintree_payment_method, class: SolidusBraintree::Gateway do
+    name { 'Solidus Braintree Gateway' }
+    active { true }
+  end
+
+  factory :solidus_braintree_source, class: SolidusBraintree::Source do
+    association(:payment_method, factory: :solidus_braintree_payment_method)
+    user
+
+    trait :credit_card do
+      payment_type { SolidusBraintree::Source::CREDIT_CARD }
+    end
+
+    trait :paypal do
+      payment_type { SolidusBraintree::Source::PAYPAL }
+    end
+
+    trait :apple_pay do
+      payment_type { SolidusBraintree::Source::APPLE_PAY }
+    end
+  end
+
+  factory :solidus_braintree_address, parent: :address do
+    trait :with_fixed_zipcode do
+      # The Solidus address factory randomizes the zipcode. The OrderWalkThrough
+      # we use in the credit card checkout spec uses this factory for the user
+      # addresses. For credit card payments we transmit the billing address to
+      # braintree, for paypal payments the shipping address. As we match the
+      # body in our VCR settings VCR can not match the request anymore and
+      # therefore cannot replay existing cassettes.
+
+      zipcode { '21088-0255' }
+    end
+
+    if SolidusSupport.combined_first_and_last_name_in_address?
+      trait :with_first_and_last_name do
+        transient do
+          firstname { "John" }
+          lastname { "Doe" }
+        end
+
+        name { "#{firstname} #{lastname}" }
+      end
+    end
+  end
+end

data/spec/support/solidus_braintree/gateway_helpers.rb

@@ -0,0 +1,29 @@
+module SolidusBraintree
+  module GatewayHelpers
+    def new_gateway(opts = {})
+      SolidusBraintree::Gateway.new({
+        name: "Braintree",
+        preferences: {
+          environment: 'sandbox',
+          public_key: ENV.fetch('BRAINTREE_PUBLIC_KEY', 'dummy_public_key'),
+          private_key: ENV.fetch('BRAINTREE_PRIVATE_KEY', 'dummy_private_key'),
+          merchant_id: ENV.fetch('BRAINTREE_MERCHANT_ID', 'dummy_merchant_id'),
+          merchant_currency_map: {
+            'EUR' => 'stembolt_EUR'
+          },
+          paypal_payee_email_map: {
+            'EUR' => ENV.fetch('BRAINTREE_PAYPAL_PAYEE_EMAIL', 'paypal+europe@example.com')
+          }
+        }
+      }.merge(opts))
+    end
+
+    def create_gateway(opts = {})
+      new_gateway(opts).tap(&:save!)
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include SolidusBraintree::GatewayHelpers
+end

data/spec/support/solidus_braintree/order_ready_for_payment.rb

@@ -0,0 +1,44 @@
+RSpec.shared_context 'when order is ready for payment' do
+  let!(:country) { create :country }
+
+  let(:user) { create :user }
+
+  let(:address) do
+    create :solidus_braintree_address,
+      :with_first_and_last_name,
+      zipcode: "90210",
+      lastname: "Doe",
+      country: country
+  end
+
+  before do
+    create :shipping_method, cost: 5
+  end
+
+  let(:gateway) do
+    new_gateway(auto_capture: true)
+  end
+
+  let(:order) do
+    order = Spree::Order.create!(
+      line_items: [create(:line_item, price: 50)],
+      email: 'test@example.com',
+      bill_address: address,
+      ship_address: address,
+      user: user
+    )
+    order.recalculate
+
+    expect(order.state).to eq "cart"
+
+    # push through cart, address and delivery
+    # its sadly unsafe to use any reasonable factory here accross
+    # supported solidus versions
+    order.next!
+    order.next!
+    order.next!
+
+    expect(order.state).to eq "payment"
+    order
+  end
+end

data/spec/support/solidus_braintree/order_walkthrough.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module SolidusBraintree
+  class OrderWalkthrough
+    def self.up_to(state, user: nil)
+      new.up_to(state, user: user)
+    end
+
+    def up_to(state, user: nil)
+      # Need to create a valid zone too...
+      @zone = ::FactoryBot.create(:zone)
+      @country = ::FactoryBot.create(:country)
+      @state = ::FactoryBot.create(:state, country: @country)
+
+      @zone.members << ::Spree::ZoneMember.create(zoneable: @country)
+
+      # A shipping method must exist for rates to be displayed on checkout page
+      ::FactoryBot.create(:shipping_method, zones: [@zone]).tap do |sm|
+        sm.calculator.preferred_amount = 10
+        sm.calculator.preferred_currency = ::Spree::Config[:currency]
+        sm.calculator.save
+      end
+
+      order = ::Spree::Order.create!(
+        user: user,
+        email: "solidus@example.com",
+        store: ::Spree::Store.first || ::FactoryBot.create(:store)
+      )
+      add_line_item!(order)
+      order.next!
+
+      states_to_process = if state == :complete
+                            states
+                          else
+                            end_state_position = states.index(state.to_sym)
+                            states[..end_state_position]
+                          end
+
+      states_to_process.each do |state_to_process|
+        send(state_to_process, order)
+      end
+
+      order
+    end
+
+    private
+
+    def add_line_item!(order)
+      ::FactoryBot.create(:line_item, order: order)
+      order.reload
+    end
+
+    def address(order)
+      order.bill_address =
+        ::FactoryBot.create(:solidus_braintree_address, :with_fixed_zipcode, country: @country, state: @state)
+
+      order.ship_address =
+        ::FactoryBot.create(:solidus_braintree_address, :with_fixed_zipcode, country: @country, state: @state)
+
+      order.next!
+    end
+
+    def delivery(order)
+      order.next!
+    end
+
+    def payment(order)
+      credit_card = ::FactoryBot.create(:credit_card, user: order.user)
+      order.payments.create!(payment_method: credit_card.payment_method, amount: order.total, source: credit_card)
+      # TODO: maybe look at some way of making this payment_state change automatic
+      order.payment_state = 'paid'
+      order.next!
+    end
+
+    def confirm(order)
+      order.complete!
+    end
+
+    def complete(order)
+      # noop?
+    end
+
+    def states
+      [:address, :delivery, :payment, :confirm]
+    end
+  end
+end

data/spec/support/solidus_braintree/vcr.rb

@@ -0,0 +1,42 @@
+require 'vcr'
+require 'webmock'
+
+VCR.configure do |c|
+  c.cassette_library_dir = "spec/fixtures/cassettes"
+  c.hook_into :webmock
+  c.configure_rspec_metadata!
+  c.default_cassette_options = {
+    match_requests_on: [:method, :uri, :body]
+  }
+  c.allow_http_connections_when_no_cassette = false
+  c.ignore_localhost = true
+  c.ignore_hosts 'chromedriver.storage.googleapis.com'
+
+  # client token used for the fronted JS lib cannot be mocked:
+  # it contains a cryptographically signed string containing the merchant id
+  # that's sent back to braintree's server by the JS lib
+  c.ignore_request do |request|
+    !(request.uri =~ %r{/merchants/\w+/client_token\z}).nil?
+  end
+
+  # match a request to Braintree sandbox APIs by ignoring the merchant ID
+  # in the request URI
+  c.register_request_matcher :braintree_uri do |request1, request2|
+    extract_url_resource = lambda do |uri|
+      uri_match_pattern =
+        %r{\Ahttps://api\.sandbox\.braintreegateway\.com/merchants/\w+(/.*)\z}
+
+      if match = uri.match(uri_match_pattern)
+        match.captures.first
+      end
+    end
+    r1_resource = extract_url_resource.call(request1.uri)
+    r2_resource = extract_url_resource.call(request2.uri)
+
+    !r1_resource.nil? && r1_resource == r2_resource
+  end
+
+  # https://github.com/titusfortner/webdrivers/wiki/Using-with-VCR-or-WebMock
+  driver_hosts = Webdrivers::Common.subclasses.map { |driver| URI(driver.base_url).host }
+  c.ignore_hosts(*driver_hosts)
+end

data/spec/support/solidus_braintree/with_prepended_view_fixtures.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+RSpec.shared_context 'with prepended view fixtures' do
+  let(:view_fixtures_path) { 'spec/fixtures/views' }
+
+  before do
+    ApplicationController.prepend_view_path view_fixtures_path
+  end
+
+  after do
+    view_paths = ApplicationController.view_paths.to_a
+
+    view_paths.delete_if do |view_path|
+      view_path.to_path.match?(/#{view_fixtures_path}$/)
+    end
+
+    ApplicationController.view_paths = view_paths
+  end
+end

data/spec/system/backend/configuration_spec.rb

@@ -0,0 +1,23 @@
+require 'solidus_braintree_helper'
+
+RSpec.describe "viewing the configuration interface", type: :feature do
+  stub_authorization!
+
+  # Regression to ensure this page still renders on old versions of solidus
+  it "doesn't raise any errors due to unavailable route helpers" do
+    visit "/solidus_braintree/configurations/list"
+    expect(page).to have_content("Braintree Configurations")
+  end
+
+  # Regression to ensure this page renders on Solidus 2.4
+  it "doesn't raise any errors due to unavailable preference field partial" do
+    Rails.application.config.spree.payment_methods << SolidusBraintree::Gateway
+    Spree::PaymentMethod.create!(
+      type: 'SolidusBraintree::Gateway',
+      name: 'Braintree Payments'
+    )
+    visit '/admin/payment_methods'
+    page.find('a[title="Edit"]').click
+    expect(page).to have_field 'Name', with: 'Braintree Payments'
+  end
+end

data/spec/system/backend/new_payment_spec.rb

@@ -0,0 +1,136 @@
+require 'solidus_braintree_helper'
+
+RSpec.shared_context "with backend checkout setup" do
+  let(:braintree) { new_gateway(active: true) }
+  let!(:gateway) { create :payment_method }
+  let(:order) { create(:completed_order_with_totals, number: 'R9999999') }
+  let(:pending_case_insensitive) { /pending/i }
+  let(:expiration) { "02/#{Date.current.year.next}" }
+
+  before do
+    braintree.save!
+    create(:store, payment_methods: [gateway, braintree]).tap do |store|
+      store.braintree_configuration.update!(credit_card: true)
+    end
+
+    allow_any_instance_of(SolidusBraintree::Source).to receive(:nonce).and_return("fake-valid-nonce")
+
+    # Order and payment numbers must be identical between runs to re-use the VCR
+    # cassette
+    allow_any_instance_of(Spree::Payment).to receive(:number).and_return("123ABC")
+  end
+
+  around do |example|
+    Capybara.using_wait_time(20) { example.run }
+  end
+end
+
+RSpec.describe 'creating a new payment', type: :feature, js: true do
+  stub_authorization!
+
+  context "with valid credit card data", vcr: {
+    cassette_name: 'admin/valid_credit_card',
+    match_requests_on: [:braintree_uri]
+  } do
+    include_context "with backend checkout setup"
+
+    it "checks out successfully" do
+      visit "/admin/orders/#{order.number}/payments/new"
+      choose('Braintree')
+      expect(page).to have_selector("#payment_method_#{braintree.id}", visible: :visible)
+      expect(page).to have_selector("iframe#braintree-hosted-field-number")
+
+      within_frame("braintree-hosted-field-number") do
+        fill_in("credit-card-number", with: "4111111111111111")
+      end
+      within_frame("braintree-hosted-field-expirationDate") do
+        fill_in("expiration", with: expiration)
+      end
+      within_frame("braintree-hosted-field-cvv") do
+        fill_in("cvv", with: "123")
+      end
+
+      click_button("Update")
+
+      within('table#payments') do
+        expect(page).to have_content('Braintree')
+        expect(page).to have_content(pending_case_insensitive)
+      end
+
+      click_icon(:capture)
+
+      expect(page).not_to have_content('Cannot perform requested operation')
+      expect(page).to have_content('Payment Updated')
+    end
+  end
+
+  context "with invalid credit card data" do
+    include_context "with backend checkout setup"
+
+    # Attempt to submit an invalid form once
+    before do
+      visit "/admin/orders/#{order.number}/payments/new"
+      choose('Braintree')
+
+      within_frame("braintree-hosted-field-number") do
+        fill_in("credit-card-number", with: "1111111111111111")
+      end
+      within_frame("braintree-hosted-field-expirationDate") do
+        fill_in("expiration", with: expiration)
+      end
+      within_frame("braintree-hosted-field-cvv") do
+        fill_in("cvv", with: "123")
+      end
+
+      click_button "Update"
+    end
+
+    it "displays a meaningful error message" do
+      expect(page).to have_text(
+        "BraintreeError: Some payment input fields are invalid. Cannot tokenize invalid card fields."
+      )
+    end
+
+    # Same error should be produced when submitting an empty form again
+    context "when user tries to resubmit another invalid form", vcr: {
+      cassette_name: "admin/invalid_credit_card",
+      match_requests_on: [:braintree_uri]
+    } do
+      it "displays a meaningful error message" do
+        click_button "Update"
+        expect(page).to have_text(
+          "BraintreeError: Some payment input fields are invalid. Cannot tokenize invalid card fields."
+        )
+      end
+    end
+
+    # User should be able to checkout after submit fails once
+    context "when user enters valid data", vcr: {
+      cassette_name: "admin/resubmit_credit_card",
+      match_requests_on: [:braintree_uri]
+    } do
+      it "creates the payment successfully" do
+        within_frame("braintree-hosted-field-number") do
+          fill_in("credit-card-number", with: "4111111111111111")
+        end
+        within_frame("braintree-hosted-field-expirationDate") do
+          fill_in("expiration", with: expiration)
+        end
+        within_frame("braintree-hosted-field-cvv") do
+          fill_in("cvv", with: "123")
+        end
+        click_button("Update")
+
+        within('table#payments') do
+          expect(page).to have_content('Braintree')
+          expect(page).to have_content(pending_case_insensitive)
+        end
+
+        click_icon(:capture)
+
+        expect(page).not_to have_content('Cannot perform requested operation')
+        expect(page).to have_content('Payment Updated')
+      end
+    end
+  end
+end

data/spec/system/frontend/braintree_credit_card_checkout_spec.rb

@@ -0,0 +1,199 @@
+require 'solidus_braintree_helper'
+
+RSpec.shared_context "with frontend checkout setup" do
+  let(:braintree) { new_gateway(active: true) }
+  let!(:gateway) { create :payment_method }
+  let(:three_d_secure_enabled) { false }
+  let(:venmo_enabled) { false }
+  let(:card_number) { "4111111111111111" }
+  let(:card_expiration) { "01/#{Time.now.utc.year + 3}" }
+
+  before do
+    braintree.save!
+
+    create(:store, payment_methods: [gateway, braintree]).tap do |store|
+      store.braintree_configuration.update!(
+        credit_card: true,
+        three_d_secure: three_d_secure_enabled,
+        venmo: venmo_enabled
+      )
+
+      braintree.update(
+        preferred_credit_card_fields_style: { input: { 'font-size': '30px' } },
+        preferred_placeholder_text: { number: "Enter Your Card Number" }
+      )
+    end
+
+    order = if Spree.solidus_gem_version >= Gem::Version.new('2.6.0')
+              SolidusBraintree::OrderWalkthrough.up_to(:delivery)
+            else
+              OrderWalkthrough.up_to(:delivery)
+            end
+
+    user = create(:user)
+    order.user = user
+    order.number = "R9999999"
+    order.recalculate
+
+    allow_any_instance_of(CheckoutsController).to receive_messages(current_order: order)
+    allow_any_instance_of(CheckoutsController).to receive_messages(try_spree_current_user: user)
+    allow_any_instance_of(CheckoutsController).to receive_messages(spree_current_user: user)
+    allow_any_instance_of(Spree::Payment).to receive(:number).and_return("123ABC")
+    allow_any_instance_of(SolidusBraintree::Source).to receive(:nonce).and_return("fake-valid-nonce")
+
+    visit checkout_state_path(:delivery)
+    click_button "Save and Continue"
+    choose("Braintree")
+  end
+
+  around do |example|
+    Capybara.using_wait_time(20) { example.run }
+  end
+end
+
+RSpec.describe 'entering credit card details', type: :feature, js: true do
+  context 'when page loads' do
+    include_context "with frontend checkout setup"
+
+    it "selectors display correctly" do
+      expect(page).to have_selector("fieldset[name='payment-method-#{braintree.id}']", visible: :visible)
+      expect(page).to have_selector("iframe#braintree-hosted-field-number")
+      expect(page).to have_selector("iframe[type='number']")
+    end
+
+    it "credit card field style variable is set" do
+      within_frame("braintree-hosted-field-number") do
+        expect(find("#credit-card-number").style("font-size")).to eq({ "font-size" => "30px" })
+      end
+    end
+
+    it "sets the placeholder text correctly" do
+      within_frame("braintree-hosted-field-number") do
+        expect(find("#credit-card-number")['placeholder']).to eq("Enter Your Card Number")
+      end
+    end
+  end
+
+  context "with valid credit card data", vcr: {
+    cassette_name: 'checkout/valid_credit_card',
+    match_requests_on: [:braintree_uri]
+  } do
+    include_context "with frontend checkout setup"
+    # To ensure Venmo inputs do not conflict with checkout
+    let(:venmo_enabled) { true }
+
+    before do
+      within_frame("braintree-hosted-field-number") do
+        fill_in("credit-card-number", with: card_number)
+      end
+      within_frame("braintree-hosted-field-expirationDate") do
+        fill_in("expiration", with: card_expiration)
+      end
+      within_frame("braintree-hosted-field-cvv") do
+        fill_in("cvv", with: "123")
+      end
+
+      click_button("Save and Continue")
+    end
+
+    it "checks out successfully" do
+      within(".confirm-step") do
+        expect(page).to have_content("CONFIRM")
+      end
+
+      check('accept_terms_and_conditions')
+
+      click_button("Place Order")
+      expect(page).to have_content("Your order has been processed successfully")
+    end
+
+    context 'with 3D secure enabled' do
+      let(:three_d_secure_enabled) { true }
+
+      it 'checks out successfully' do
+        authenticate_3ds
+
+        within(".confirm-step") do
+          expect(page).to have_content("CONFIRM")
+        end
+
+        check('accept_terms_and_conditions')
+
+        click_button("Place Order")
+        expect(page).to have_content("Your order has been processed successfully")
+      end
+
+      context 'with 3ds authentication error' do
+        let(:card_number) { "4000000000001125" }
+
+        it 'shows a 3ds authentication error' do
+          authenticate_3ds
+          expect(page).to have_content(
+            "3D Secure authentication failed. Please try again using a different payment method."
+          )
+        end
+      end
+    end
+  end
+
+  context "with invalid credit card data" do
+    include_context "with frontend checkout setup"
+
+    # Attempt to submit an empty form once
+    before do
+      click_button "Save and Continue"
+    end
+
+    it "displays an alert with a meaningful error message" do
+      expect(page).to have_text I18n.t("solidus_braintree.errors.empty_fields")
+      expect(page).to have_selector("[type='submit']:enabled")
+    end
+
+    # Same error should be produced when submitting an empty form again
+    context "when user tries to resubmit an empty form", vcr: { cassette_name: "checkout/invalid_credit_card" } do
+      it "displays an alert with a meaningful error message" do
+        expect(page).to have_selector("[type='submit']:enabled")
+
+        click_button "Save and Continue"
+        expect(page).to have_text I18n.t("solidus_braintree.errors.empty_fields")
+      end
+    end
+
+    # User should be able to checkout after submit fails once
+    context "when user enters valid data", vcr: {
+      cassette_name: "checkout/resubmit_credit_card",
+      match_requests_on: [:braintree_uri]
+    } do
+      it "allows them to resubmit and complete the purchase" do
+        within_frame("braintree-hosted-field-number") do
+          fill_in("credit-card-number", with: "4111111111111111")
+        end
+        within_frame("braintree-hosted-field-expirationDate") do
+          fill_in("expiration", with: card_expiration)
+        end
+        within_frame("braintree-hosted-field-cvv") do
+          fill_in("cvv", with: "123")
+        end
+        click_button("Save and Continue")
+
+        within(".confirm-step") do
+          expect(page).to have_content("CONFIRM")
+        end
+
+        check('accept_terms_and_conditions')
+
+        click_button("Place Order")
+        expect(page).to have_content("Your order has been processed successfully")
+      end
+    end
+  end
+
+  def authenticate_3ds
+    within_frame("Cardinal-CCA-IFrame") do
+      fill_in("challengeDataEntry", with: "1234")
+      continue_button = find_button("SUBMIT")
+      continue_button.scroll_to(continue_button)
+      continue_button.click
+    end
+  end
+end