solidus_six_saferpay 0.1.5 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8848c45b0e022027642158af899f3b1c9d577c2e996f9fefece9f18b98d9d23f
-  data.tar.gz: 6d58c5b848c8afa2b29f3ed61e3af5d59d2972fb4092b91e749ddb9e049fa745
+  metadata.gz: 6a50764caa3e856291be76ef3516ec267c44b056b8824aad3970cb7ba227454e
+  data.tar.gz: d0e1a19041a511d2485415d32efba781ff2558a0d75088e32f1fc20b90ece359
 SHA512:
-  metadata.gz: 858c40016a86e47f86b804b58b1196ff9ede4207123923d0a4bb4b2f6ea479eca58eac3d1dc7360ddeedeebe4c058f772a7be09f25b2035f7465d3da14db0cb6
-  data.tar.gz: ef2cff8cdb39f534a610358ba3d66f53261ebd48f7c394e1deb06d379b313db8fa9d375d932fbb0d606a2538d4f8dfd1ef7207a1ee287a5db934273cb331e11c
+  metadata.gz: c5e7411ccb2307f1ddd9f0cb4b94a38e8e0ec5702a7a78387dd35593197febb77a684067e6b6e879babc34611de359ec3b38fd79ecc9ac34995ffdf7dbc14b3a
+  data.tar.gz: cd0b224c254e21bb70a3c17576474ab46b2e5b4f8d9ecc9e8a90c3c28e6a1866bdbe596254e6f377bd332954b5a9e9e35a02c60916dce7fc78149abcd1db86e3

data/.circleci/config.yml

@@ -0,0 +1,35 @@
+version: 2.1
+
+orbs:
+  # Always take the latest version of the orb, this allows us to
+  # run specs against Solidus supported versions only without the need
+  # to change this configuration every time a Solidus version is released
+  # or goes EOL.
+  solidusio_extensions: solidusio/extensions@volatile
+
+jobs:
+  run-specs-with-postgres:
+    executor: solidusio_extensions/postgres
+    steps:
+      - solidusio_extensions/run-tests
+  run-specs-with-mysql:
+    executor: solidusio_extensions/mysql
+    steps:
+      - solidusio_extensions/run-tests
+
+workflows:
+  "Run specs on supported Solidus versions":
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql
+  "Weekly run specs against master":
+    triggers:
+      - schedule:
+          cron: "0 0 * * 4" # every Thursday
+          filters:
+            branches:
+              only:
+                - master
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql

data/.gem_release.yml

@@ -0,0 +1,5 @@
+bump:
+  recurse: false
+  file: 'lib/solidus_six_saferpay/version.rb'
+  message: Bump SolidusSixSaferpay to %{version}
+  tag: true

data/.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+\#*
+*~
+.#*
+.DS_Store
+.idea
+.project
+.sass-cache
+coverage
+Gemfile.lock
+tmp
+nbproject
+pkg
+*.swp
+spec/dummy
+spec/examples.txt
+
+sandbox

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,2 @@
+require:
+  - solidus_dev_support/rubocop

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+rvm:
+- 2.5.1
+before_install:
+- gem install bundler -v 2.0.1
+script:
+- bin/rake extension:test_app
+- bin/rake extension:specs
+notifications:
+  slack:
+    secure: Vpuu/JENlZAiH67DU5bFmyKlKNmhiAZ0wSd6mjFyzcFAXaEbFIt9xkMigoEwLfQh/ZMUvKQcv3oQ6s9j5FkYImRZ0gfs1me7z/H8NTXMF5eOu7aS/gRHMGq8x2nvDBqNhSVtffqLfF3aydjZPJvGz8cvAQtqw4b+qOSIuxs2BOpcMMgEZEXW7Py6AthY2p1jxByyiqGB7NcvKsQedVtgdrnK4j+jcwK6Q9/DTOMivhWLEWAvn6VJ5zMomM5FdOFfH86uhHASGYB72ufpmKUwmFASSNHBM3CNQhZ0O/LS+a1dOlaW1BhU5q6KS/q6vgEYHyjdqcD7HhKFdlaVm6W/N1lbX+MFFcFT++l6CN8Aa3xmYpy/zWO5wwBRZw0zhYT/7P4BRoCll1D7RetnGcIV6KJyC0ydn2u/pi1kKBOgzuwbgQ+pH/lPH9+HuZzlhynRBdz2v45ctXf6AFQZmfJvFEBNwb38Q08zzGcCru0+Lu4uhFFLEwi2oMCWtpUsk0PfUJf/cUfp0hluh8wZsQWe+VQOS1NjmL8/yxjijFGzmS8WmMTb+fw7bRXFir0ecdntbP9aAhJxBN4PaMfYEFzBjCbc1e2gmwXk0VBV/0IH9hxxzIorUSmGydrWLDWiap0yDC2bm+gndodxKawT4+O45qB9jI5aYXG6JlHzrTn8QU4=
+  email: false

data/Gemfile

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem 'solidus', github: 'solidusio/solidus', branch: branch
+
+# Needed to help Bundler figure out how to resolve dependencies,
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
+
+# Provides basic authentication functionality for testing parts of your engine
+gem 'solidus_auth_devise'
+
+case ENV['DB']
+when 'mysql'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
+else
+  gem 'sqlite3'
+end
+
+gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g. pry-byebug.
+#
+# We use `send` instead of calling `eval_gemfile` to work around an issue with
+# how Dependabot parses projects: https://github.com/dependabot/dependabot-core/issues/1658.
+send(:eval_gemfile, 'Gemfile-local') if File.exist? 'Gemfile-local'

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2020 [name of plugin creator]
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Solidus nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -1,33 +1,26 @@
 # SolidusSixSaferpay
+
 The `solidus_six_saferpay` engine adds checkout options for the Saferpay Payment Page ([Integration Guide](https://saferpay.github.io/sndbx/Integration_PP.html), [JSON API documentation](http://saferpay.github.io/jsonapi/#ChapterPaymentPage)) and the Saferpay Transaction ([Integration Guide](https://saferpay.github.io/sndbx/Integration_trx.html), [JSON API documentation](https://saferpay.github.io/sndbx/Integration_trx.html)).
 
+### Disclaimer
+This gem is built to be a general-purpose integration of the Six Saferpay payment interface. However due to lack of resources and because we are (as far as we know) the only users of this gem, we are only testing our use cases (PaymentPage). Therefore we can not guarantee that this will work in any other solidus shop. If you consider using this gem, please test everything thoroughly.
+
 ## Status
 Travis CI status: [![Build Status](https://travis-ci.org/fadendaten/solidus_six_saferpay.svg?branch=master)](https://travis-ci.org/fadendaten/solidus_six_saferpay)
 
-
 ## Installation
-Add this line to your application's Gemfile:
+
+Add solidus_six_saferpay to your Gemfile:
 
 ```ruby
 gem 'solidus_six_saferpay'
 ```
 
-And then execute:
-
-```bash
-$ bundle
-```
-
-Or install it yourself as:
+Bundle your dependencies and run the installation generator:
 
-```bash
-$ gem install solidus_six_saferpay
-```
-
-After installing the gem, copy the migrations to your host application and migrate:
-
-```bash
-$ bundle exec rails g solidus_six_saferpay:install
+```shell
+bundle
+bundle exec rails g solidus_six_saferpay:install
 ```
 
 Add the following javascript to your `application.js` manifest file below the `//= require spree` line:
@@ -60,7 +53,6 @@ Spree::Core::Engine.routes.default_url_options { 'http://localhost:3000' }
 Spree::Core::Engine.routes.default_url_options { 'https://url-to-your-solidus-shop.tld' }
 ```
 
-
 ## Configuration and Usage
 After adding the `solidus_six_saferpay` gem to your Solidus Rails app, you can create new payment methods `Saferpay Payment Page` and `Saferpay Transaction` in the admin backend under "Settings" > "Payment". When adding a new Saferpay payment method, you can configure the payment method with the information you have received from SIX when creating a new test account.
 
@@ -212,9 +204,33 @@ When the user confirms the purchase in the checkout process, the saferpay paymen
 #### Checkout: Payment Cancel
 When a user cancels a payment, the `CheckoutController` receives a `fail` request and handles this request in the `#fail` action. The result is that the user is shown an error message stating that the payment was aborted.
 
+
+## Testing
+
+First bundle your dependencies, then run `rake`. `rake` will default to building the dummy app if it does not exist, then it will run specs, and [Rubocop](https://github.com/bbatsov/rubocop) static code analysis. The dummy app can be regenerated by using `rake test_app`.
+
+```shell
+bundle
+bin/rake
+```
+
+When testing your application's integration with this extension you may use its factories.
+Simply add this require statement to your spec_helper:
+
+```ruby
+require 'solidus_six_saferpay/factories'
+```
+
 ## Contributing
 This gem is available for everyone to use, however chances are that its implementation is still tailored towards our custom solidus-based shop.
 If you see improvements to be made, feel free to fork the gem and submit pull requests. All incoming pull requests will be discussed, but it's possible that we will reject pull requests that break functionality for our use case.
 
-## License
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+## Releasing
+
+Your new extension version can be released using `gem-release` like this:
+
+```shell
+bundle exec gem bump -v VERSION --tag --push --remote upstream && gem release
+```
+
+Copyright (c) 2020 fadendaten GmbH, released under the New BSD License

data/Rakefile

@@ -1,56 +1,6 @@
-# begin
-#   require 'bundler/setup'
-# rescue LoadError
-#   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-# end
+# frozen_string_literal: true
 
-# require 'rdoc/task'
+require 'solidus_dev_support/rake_tasks'
+SolidusDevSupport::RakeTasks.install
 
-# RDoc::Task.new(:rdoc) do |rdoc|
-#   rdoc.rdoc_dir = 'rdoc'
-#   rdoc.title    = 'SolidusSixSaferpay'
-#   rdoc.options << '--line-numbers'
-#   rdoc.rdoc_files.include('README.md')
-#   rdoc.rdoc_files.include('lib/**/*.rb')
-# end
-
-# APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
-# load 'rails/tasks/engine.rake'
-
-# load 'rails/tasks/statistics.rake'
-
-# require 'bundler/gem_tasks'
-
-# require 'rspec/core/rake_task'
-# RSpec::Core::RakeTask.new(:spec)
-
-# task default: :spec
-
-require 'bundler'
-
-Bundler::GemHelper.install_tasks
-
-begin
-  require 'spree/testing_support/extension_rake'
-  require 'rspec/core/rake_task'
-
-  RSpec::Core::RakeTask.new(:spec)
-
-  # task default: %i(first_run spec)
-  task default: %i(first_run spec)
-rescue LoadError
-  # no rspec available
-end
-
-task :first_run do
-  if Dir['spec/dummy'].empty?
-    Rake::Task[:test_app].invoke
-    Dir.chdir('../../')
-  end
-end
-
-desc 'Generates a dummy app for testing'
-task :test_app do
-  ENV['LIB_NAME'] = 'solidus_six_saferpay'
-  Rake::Task['extension:test_app'].invoke
-end
+task default: 'extension:specs'

data/app/assets/config/solidus_six_saferpay_manifest.js

@@ -1,2 +1,3 @@
+//= link_tree ../images
 //= link_directory ../javascripts/solidus_six_saferpay .js
 //= link_directory ../stylesheets/solidus_six_saferpay .css

data/app/assets/javascripts/solidus_six_saferpay/saferpay_payment.js

@@ -18,7 +18,10 @@ let SaferpayPayment = {
       },
 
       error: function(xhr) {
-        console.error(xhr.responseText);
+        // We have no other option for displaying this message, so to inform
+        // the user we must alert
+        alert(xhr.responseJSON.errors);
+        window.location.replace(xhr.responseJSON.redirect_url);
         return false;
       },
     })

data/app/assets/javascripts/spree/backend/solidus_six_saferpay.js

@@ -0,0 +1,2 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/backend/all.js'

data/app/assets/javascripts/spree/frontend/solidus_six_saferpay.js

@@ -0,0 +1,2 @@
+// Placeholder manifest file.
+// the installer will append this file to the app vendored assets here: vendor/assets/javascripts/spree/frontend/all.js'

data/app/assets/stylesheets/spree/backend/solidus_six_saferpay.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/backend/all.css'
+*/

data/app/assets/stylesheets/spree/frontend/solidus_six_saferpay.css

@@ -0,0 +1,4 @@
+/*
+Placeholder manifest file.
+the installer will append this file to the app vendored assets here: 'vendor/assets/stylesheets/spree/frontend/all.css'
+*/

data/app/controllers/spree/solidus_six_saferpay/checkout_controller.rb

@@ -2,11 +2,27 @@ module Spree
   module SolidusSixSaferpay
     class CheckoutController < StoreController
 
-      before_action :load_order
-
-      after_action :allow_embed, only: [:success, :fail]
-
       def init
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
+        # We must make sure that the order for which the user requests a
+        # payment is still their `current_order`.
+        # This can be false if the user tries to add something to the cart
+        # after getting to the payment checkout step, and then switches back to
+        # the payment step and starts the payment process by selecting a
+        # payment method.
+        # In that case, we redirect to the checkout path so the user needs to
+        # go through the checkout process again to ensure that the real
+        # `current_order` contains all necessary information.
+        if @order.nil? || @order != current_order
+          render json: {
+            redirect_url: spree.cart_path,
+            errors: t('.order_was_modified_after_confirmation')
+          }, status: 422
+          return
+        end
+
         payment_method = Spree::PaymentMethod.find(params[:payment_method_id])
         initialized_payment = initialize_payment(@order, payment_method)
 
@@ -14,17 +30,49 @@ module Spree
           redirect_url = initialized_payment.redirect_url
           render json: { redirect_url: redirect_url }
         else
-          render json: { errors: t('.checkout_not_initialized') }, status: 422
+          render json: {
+            redirect_url: spree.cart_path,
+            errors: t('.checkout_not_initialized')
+          }, status: 422
         end
       end
 
       def success
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
+        if @order.nil?
+          handle_order_not_found(order_number)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
+        end
+
         saferpay_payment = Spree::SixSaferpayPayment.where(order_id: @order.id).order(:created_at).last
 
         if saferpay_payment.nil?
-          raise Spree::Core::GatewayError, t('.payment_source_not_created')
+          handle_payment_not_found(@order)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
         end
 
+        # ensure that completed orders don't try to reprocess the
+        # authorization. This could happen if a user presses the back button
+        # after completing an order.
+        # There is no error handling because it should look like you are simply
+        # redirected to the cart page.
+        if @order.completed?
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
+        end
+
+
         # NOTE: PaymentPage payments are authorized directly. Instead, we
         # perform an ASSERT here to gather the necessary details.
         # This might be confusing at first, but doing it this way makes sense
@@ -40,7 +88,7 @@ module Spree
 
           processed_authorization = process_authorization(saferpay_payment)
           if processed_authorization.success?
-            @order.next! if @order.payment?
+            handle_payment_processing_success
           else
             flash[:error] = processed_authorization.user_message
           end
@@ -50,27 +98,44 @@ module Spree
           flash[:error] = payment_inquiry.user_message
         end
 
-        @redirect_path = order_checkout_path(@order.state)
+        @redirect_path ||= order_checkout_path(@order.state)
         render :iframe_breakout_redirect, layout: false
       end
 
       def fail
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
+        if @order.nil?
+          handle_order_not_found(order_number)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
+        end
+
         saferpay_payment = Spree::SixSaferpayPayment.where(order_id: @order.id).order(:created_at).last
 
+        if saferpay_payment.nil?
+          handle_payment_not_found(@order)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
+        end
+
+
         payment_inquiry = inquire_payment(saferpay_payment)
+        flash[:error] = payment_inquiry.user_message
 
         @redirect_path = order_checkout_path(:payment)
-        flash[:error] = payment_inquiry.user_message
         render :iframe_breakout_redirect, layout: false
       end
 
       private
 
-      def allow_embed
-        # allow response to be embedded in iFrame
-        response.headers.except! 'X-Frame-Options'
-      end
-
       def initialize_payment(order, payment_method)
         raise NotImplementedError, "Must be implemented in PaymentPageCheckoutController or TransactionCheckoutController"
       end
@@ -87,9 +152,60 @@ module Spree
         raise NotImplementedError, "Must be implemented in PaymentPageCheckoutController or TransactionCheckoutController"
       end
 
-      def load_order
-        @order = current_order
-        redirect_to(spree.cart_path) && return unless @order
+      # Allows overriding of success behaviour in host application by setting
+      # SolidusSixSaferpay.config.payment_processing_order_not_found_handler
+      # 
+      # If not overridden, it will call the configured error handler without actually raising any errors
+      #
+      # Example
+      # config.payment_processing_order_not_found_handler = Proc.new do |context, order_number|
+      #   puts "No solidus order with this number: #{order_number}!"
+      # end
+      #
+      def handle_order_not_found(order_number)
+        if order_not_found_handler = ::SolidusSixSaferpay.config.payment_processing_order_not_found_handler.presence
+          order_not_found_handler.call(self, order_number)
+        else
+        ::SolidusSixSaferpay::ErrorHandler.handle(
+          StandardError.new("No solidus order could be found for number #{order_number}"),
+          level: :error
+        )
+        end
+      end
+
+      # Allows overriding of success behaviour in host application by setting
+      # SolidusSixSaferpay.config.payment_processing_payment_not_found_handler
+      # 
+      # If not overridden, it will call the configured error handler without actually raising any errors
+      #
+      # Example
+      # config.payment_processing_payment_not_found_handler = Proc.new { |context, order| puts "No saferpay payment found for #{order}!" }
+      #
+      def handle_payment_not_found(order)
+        if payment_not_found_handler = ::SolidusSixSaferpay.config.payment_processing_payment_not_found_handler.presence
+          payment_not_found_handler.call(self, order)
+        else
+          ::SolidusSixSaferpay::ErrorHandler.handle(
+            StandardError.new("No Saferpay Payment found for order #{order.number}"),
+            level: :error
+          )
+        end
+      end
+
+      # Allows overriding of success behaviour in host application by setting
+      # SolidusSixSaferpay.config.payment_processing_success_handler
+      # 
+      # If not overridden, it will ensure that the order state is no longer "payment"
+      #
+      # Example
+      # config.payment_processing_success_handler = Proc.new { |context, order| puts "Order #{order} has been successfully paid!" }
+      #
+      def handle_payment_processing_success
+        if success_handler = ::SolidusSixSaferpay.config.payment_processing_success_handler.presence
+          success_handler.call(self, @order)
+        else
+          @order.next! if @order.payment?
+        end
       end
 
       def order_checkout_path(state)