solidus_six_saferpay 0.1.7 → 0.4.0

data/spec/support/shared_examples/checkout_controller.rb

@@ -0,0 +1,294 @@
+RSpec.shared_examples 'checkout_controller' do
+
+  routes { Spree::Core::Engine.routes }
+
+  subject { described_class.new }
+
+  let(:user) { create(:user) }
+  let(:order) { create(:order) }
+  let(:order_number) { order.number }
+  let(:payment_method) { create(:saferpay_payment_method_payment_page) }
+
+  before do
+    allow(controller).to receive_messages try_spree_current_user: user
+    allow(controller).to receive_messages current_order: order
+    allow(Spree::Order).to receive(:find_by).with(number: order_number).and_return(order)
+  end
+
+  describe 'GET init' do
+    let(:success) { false }
+    let(:redirect_url) { '/saferpay/redirect/url' }
+    let(:initialized_payment) { instance_double("Spree::SolidusSixSaferpay::InitializePayment", success?: success, redirect_url: redirect_url) }
+
+    context 'when the current order for this user is not the one for which payment is initialized' do
+      it 'returns an error and redirects to the cart page' do
+        allow(Spree::Order).to receive(:find_by).with(number: order_number).and_return(nil)
+
+        get :init, params: { order_number: order_number, payment_method_id: payment_method.id }
+
+        body = JSON.parse(response.body)
+        expect(body['errors']).to match(/modified/)
+        expect(body['redirect_url']).to eq('/cart')
+        expect(response.status).to eq(422)
+      end
+    end
+
+    it 'tries to initialize the saferpay payment' do
+      expect(initialize_payment_service_class).to receive(:call).with(order, payment_method).and_return(initialized_payment)
+
+      get :init, params: { order_number: order_number, payment_method_id: payment_method.id }
+    end
+
+
+    context 'when payment initialize succeeds' do
+      let(:success) { true }
+
+      before do
+        allow(initialize_payment_service_class).to receive(:call).with(order, payment_method).and_return(initialized_payment)
+      end
+
+      it 'returns the redirect_url' do
+        get :init, params: { order_number: order_number, payment_method_id: payment_method.id }
+
+        body = JSON.parse(response.body)
+        expect(body["redirect_url"]).to eq(redirect_url)
+      end
+    end
+
+    context 'when payment initialize fails' do
+      let(:success) { false }
+
+      before do
+        allow(initialize_payment_service_class).to receive(:call).with(order, payment_method).and_return(initialized_payment)
+      end
+
+
+      it 'returns an error and redirects to the cart page' do
+        get :init, params: { order_number: order_number, payment_method_id: payment_method.id }
+
+        body = JSON.parse(response.body)
+        expect(body['errors']).to match(/could not be initialized/)
+        expect(body['redirect_url']).to eq('/cart')
+        expect(response.status).to eq(422)
+      end
+    end
+
+  end
+
+
+  describe 'GET success' do
+    context 'when the order is not found' do
+      let(:order) { nil }
+      let(:order_number) { "not_found" }
+
+      it 'calls the relevant handler service' do
+        expect(Spree::SolidusSixSaferpay::OrderNotFoundHandler).to receive(:call).with(controller_context: @controller, order_number: order_number)
+
+        get :success, params: { order_number: order_number }
+      end
+
+      it 'redirects to the cart page via iframe breakout' do
+        get :success, params: { order_number: order_number }
+        expect(assigns(:redirect_path)).to eq(routes.cart_path)
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+
+    context 'when payment could not be created' do
+      # We are not creating a payment so there is none to be found in the
+      # controller action
+      let!(:payment) { nil }
+
+      it 'calls the relevant handler service' do
+        expect(Spree::SolidusSixSaferpay::PaymentNotFoundHandler).to receive(:call).with(controller_context: @controller, order: order)
+
+        get :success, params: { order_number: order_number }
+      end
+
+      it 'redirects to the cart page via iframe breakout' do
+        get :success, params: { order_number: order_number }
+        expect(assigns(:redirect_path)).to eq(routes.cart_path)
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+
+
+    context 'when the order is already completed' do
+      let(:order) { create(:order_ready_to_ship) }
+
+      it 'redirects to the cart page via iframe breakout' do
+        get :success, params: { order_number: order_number }
+        expect(assigns(:redirect_path)).to eq(routes.cart_path)
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+
+    context 'when payment create was successful' do
+      let!(:payment) { create(:six_saferpay_payment, order: order) }
+      let(:assert_success) { false }
+      let(:payment_assert) { instance_double("Spree::SolidusSixSaferpay::AssertPaymentPage", success?: assert_success) }
+      let(:payment_inquiry) { instance_double("Spree::SolidusSixSaferpay::InquirePaymentPagePayment", user_message: "payment inquiry message") }
+
+      it 'asserts the payment' do
+        expect(authorize_payment_service_class).to receive(:call).with(payment).and_return(payment_assert)
+        expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+
+        get :success, params: { order_number: order_number }
+      end
+
+      context 'when the payment assert is successful' do
+        let(:assert_success) { true }
+        let(:process_success) { false }
+        let(:processed_payment) { instance_double("Spree::SolidusSixSaferpay::ProcessPaymentPagePayment", success?: process_success, user_message: "payment processing message") }
+
+        before do
+          allow(authorize_payment_service_class).to receive(:call).with(payment).and_return(payment_assert)
+        end
+
+        it 'processes the asserted payment' do
+          expect(process_authorization_service_class).to receive(:call).with(payment).and_return(processed_payment)
+
+          get :success, params: { order_number: order_number }
+        end
+
+        context 'when the processing is successful' do
+          let(:process_success) { true }
+
+          before do
+            allow(process_authorization_service_class).to receive(:call).with(payment).and_return(processed_payment)
+          end
+
+          it 'calls the custom success processing handler' do
+            expect(Spree::SolidusSixSaferpay::PaymentProcessingSuccessHandler).to receive(:call).with(controller_context: @controller, order: order)
+
+            get :success, params: { order_number: order_number }
+          end
+
+
+          context 'when order is in payment state' do
+            let(:order) { create(:order, state: :payment) }
+
+            it 'moves order to next state' do
+              expect(order).to receive(:next!)
+
+              get :success, params: { order_number: order_number }
+            end
+          end
+
+          context 'when order is already in complete state' do
+            let(:order) { create(:order, state: :complete) }
+
+            it 'does not modify the order state' do
+              expect(order).not_to receive(:next!)
+
+              get :success, params: { order_number: order_number }
+            end
+          end
+        end
+
+        context 'when the processing fails' do
+          let(:process_success) { false }
+
+          before do
+            allow(process_authorization_service_class).to receive(:call).with(payment).and_return(processed_payment)
+          end
+
+          it 'displays an error message' do
+            get :success, params: { order_number: order_number }
+
+            expect(flash[:error]).to eq("payment processing message")
+          end
+        end
+
+      end
+
+      context 'when the payment assert fails' do
+        let(:assert_success) { false }
+
+        before do
+          allow(authorize_payment_service_class).to receive(:call).with(payment).and_return(payment_assert)
+        end
+
+        it 'inquires the payment' do
+          expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+
+          get :success, params: { order_number: order_number }
+        end
+
+        it 'displays an error message' do
+          expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+          get :success, params: { order_number: order_number }
+
+          expect(flash[:error]).to eq("payment inquiry message")
+        end
+      end
+    end
+  end
+
+  describe 'GET fail' do
+
+    context 'when the order is not found' do
+      let(:order) { nil }
+      let(:order_number) { "not_found" }
+
+
+      it 'calls the relevant handler service' do
+        expect(Spree::SolidusSixSaferpay::OrderNotFoundHandler).to receive(:call).with(controller_context: @controller, order_number: order_number)
+
+        get :fail, params: { order_number: order_number }
+      end
+
+      it 'redirects to the cart page via iframe breakout' do
+        get :fail, params: { order_number: order_number }
+        expect(assigns(:redirect_path)).to eq(routes.cart_path)
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+
+    context 'when payment could not be created' do
+      # We are not creating a payment so there is none to be found in the
+      # controller action
+      let!(:payment) { nil }
+
+      it 'calls the relevant handler service' do
+        expect(Spree::SolidusSixSaferpay::PaymentNotFoundHandler).to receive(:call).with(controller_context: @controller, order: order)
+
+        get :fail, params: { order_number: order_number }
+      end
+
+      it 'redirects to the cart page via iframe breakout' do
+        get :fail, params: { order_number: order_number }
+        expect(assigns(:redirect_path)).to eq(routes.cart_path)
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+
+    context 'when payment create was successful' do
+      let!(:payment) { create(:six_saferpay_payment, order: order) }
+      let(:payment_inquiry) { instance_double("Spree::SolidusSixSaferpay::InquirePaymentPagePayment", user_message: "payment inquiry message") }
+
+      it 'inquires the payment' do
+        expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+
+        get :fail, params: { order_number: order_number }
+      end
+
+      it 'displays an error message' do
+        expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+
+        get :fail, params: { order_number: order_number }
+
+        expect(flash[:error]).to eq("payment inquiry message")
+      end
+
+      it 'redirects to the cart page via iframe breakout' do
+        expect(inquire_payment_service_class).to receive(:call).with(payment).and_return(payment_inquiry)
+
+        get :fail, params: { order_number: order_number }
+
+        expect(assigns(:redirect_path)).to eq(routes.checkout_state_path(:payment))
+        expect(response).to render_template :iframe_breakout_redirect
+      end
+    end
+  end
+end

data/spec/support/shared_examples/inquire_payment.rb

@@ -0,0 +1,118 @@
+RSpec.shared_examples 'inquire_payment' do
+
+  before do
+    allow(subject).to receive(:gateway).and_return(double('gateway', inquire: gateway_response))
+  end
+
+  context 'when gateway response is not successful' do
+    let(:gateway_success) { false }
+    let(:error_behaviour) { "ABORT" }
+    let(:error_name) { "VALIDATION_FAILED" }
+    let(:error_message) { "Request validation failed" }
+    let(:api_response) { nil }
+    let(:translated_general_error) { "General Error" }
+    let(:translated_user_message) { "User Message" }
+
+    let(:gateway_response) do
+      ::SolidusSixSaferpay::GatewayResponse.new(
+        gateway_success,
+        "initialize success: #{gateway_success}",
+        api_response,
+        error_name: error_name,
+      )
+    end
+
+    it 'still indicates success' do
+      subject.call
+
+      expect(subject).to be_success
+    end
+
+    it 'adds the error message to the response hash' do
+      expect { subject.call }.to change { payment.response_hash }.from({}).to({error: error_name})
+    end
+
+    it 'sets the user message according to the api error code' do
+      expect(I18n).to receive(:t).with(:general_error, scope: [:solidus_six_saferpay, :errors]).once.and_return(translated_general_error)
+      expect(I18n).to receive(:t).with(error_name, scope: [:six_saferpay, :error_names]).once.and_return(translated_user_message)
+
+      subject.call
+
+      expect(subject.user_message).to eq("#{translated_general_error}: #{translated_user_message}")
+    end
+  end
+
+  context 'when gateway response is successful' do
+    let(:transaction_status) { "AUTHORIZED" }
+    let(:transaction_id) { "723n4MAjMdhjSAhAKEUdA8jtl9jb" }
+    let(:transaction_date) { "2015-01-30T12:45:22.258+01:00" }
+    let(:amount_value) { "100" }
+    let(:amount_currency) { "USD" }
+    let(:brand_name) { 'PaymentBrand' }
+    let(:display_text) { "xxxx xxxx xxxx 1234" }
+    let(:six_transaction_reference) { "0:0:3:723n4MAjMdhjSAhAKEUdA8jtl9jb" }
+
+    let(:payment_means) do
+      SixSaferpay::ResponsePaymentMeans.new(
+        brand: SixSaferpay::Brand.new(name: brand_name),
+        display_text: display_text
+      )
+    end
+
+    # https://saferpay.github.io/jsonapi/#Payment_v1_PaymentPage_Assert
+    # https://saferpay.github.io/jsonapi/#Payment_v1_Transaction_Authorize
+    let(:api_response) do
+      api_response_class.new(
+        response_header: SixSaferpay::ResponseHeader.new(request_id: 'test', spec_version: 'test'),
+        transaction: SixSaferpay::Transaction.new(
+          type: "PAYMENT",
+          status: transaction_status,
+          id: transaction_id,
+          date: transaction_date,
+          amount: SixSaferpay::Amount.new(value: amount_value, currency_code: amount_currency),
+          six_transaction_reference: six_transaction_reference,
+        ),
+        payment_means: payment_means
+      )
+    end
+
+    let(:gateway_success) { true }
+    let(:gateway_response) do
+      ::SolidusSixSaferpay::GatewayResponse.new(
+        gateway_success,
+        "initialize success: #{gateway_success}",
+        api_response
+      )
+    end
+
+    it 'updates the transaction_id' do
+      expect { subject.call }.to change { payment.transaction_id }.from(nil).to(transaction_id)
+    end
+
+    it 'updates the transaction status' do
+      expect { subject.call }.to change { payment.transaction_status }.from(nil).to(transaction_status)
+    end
+
+    it 'updates the transaction date' do
+      expect { subject.call }.to change { payment.transaction_date }.from(nil).to(DateTime.parse(transaction_date))
+    end
+
+    it 'updates the six_transaction_reference' do
+      expect { subject.call }.to change { payment.six_transaction_reference }.from(nil).to(six_transaction_reference)
+    end
+
+    it 'updates the display_text' do
+      expect { subject.call }.to change { payment.display_text }.from(nil).to(display_text)
+    end
+
+    it 'updates the response hash' do
+      expect { subject.call }.to change { payment.response_hash }.from(payment.response_hash).to(api_response.to_h)
+    end
+
+    it 'indicates success' do
+      subject.call
+
+      expect(subject).to be_success
+    end
+  end
+end

data/spec/support/shared_examples/process_authorized_payment.rb

@@ -0,0 +1,202 @@
+RSpec.shared_examples 'process_authorized_payment' do
+  before do
+    allow(subject).to receive(:gateway).and_return(double('gateway'))
+  end
+
+  context 'liability_shift check' do
+
+    before do
+      # ensure other methods don't modify outcome
+      allow(subject).to receive(:validate_payment!)
+      allow(subject).to receive(:cancel_old_solidus_payments)
+      allow(payment).to receive(:create_solidus_payment!)
+    end
+
+    context 'when liability shift is required' do
+      context 'and liability shift is not granted' do
+
+        let(:payment) { create(:six_saferpay_payment, :authorized, :without_liability_shift) }
+
+        it 'cancels the payment' do
+          expect(payment.payment_method.preferred_require_liability_shift).to be true
+          expect(payment.liability.liability_shift).to be false
+
+          expect(subject.gateway).to receive(:void).with(payment.transaction_id)
+
+          subject.call
+        end
+
+        it 'indicates failure' do
+          expect(payment.payment_method.preferred_require_liability_shift).to be true
+          expect(payment.liability.liability_shift).to be false
+
+          expect(subject.gateway).to receive(:void).with(payment.transaction_id)
+
+          subject.call
+
+          expect(subject).not_to be_success
+        end
+
+      end
+
+      context 'and liability shift is granted' do
+        it "doesn't cancel the payment" do
+          expect(payment.payment_method.preferred_require_liability_shift).to be true
+          expect(payment.liability.liability_shift).to be true
+
+          expect(subject.gateway).not_to receive(:void)
+
+          subject.call
+        end
+
+        it 'passes the liability shift check' do
+          expect(payment.payment_method.preferred_require_liability_shift).to be true
+          expect(payment.liability.liability_shift).to be true
+
+          subject.call
+
+          expect(subject).to be_success
+        end
+      end
+    end
+
+    context 'when liability shift is not required' do
+      let(:payment_method) { create(:saferpay_payment_method, :no_require_liability_shift) }
+
+      context 'and liability shift is not granted' do
+        let(:payment) { create(:six_saferpay_payment, :authorized, :without_liability_shift, payment_method: payment_method) }
+
+        it "doesn't cancel the payment" do
+          expect(payment.payment_method.preferred_require_liability_shift).to be false
+          expect(payment.liability.liability_shift).to be false
+
+          expect(subject.gateway).not_to receive(:void)
+
+          subject.call
+        end
+
+        it 'passes the liability shift check' do
+          expect(payment.payment_method.preferred_require_liability_shift).to be false
+          expect(payment.liability.liability_shift).to be false
+          subject.call
+
+          expect(subject).to be_success
+        end
+      end
+
+      context 'and liability shift is granted' do
+        let(:payment) { create(:six_saferpay_payment, :authorized, payment_method: payment_method) }
+        it "doesn't cancel the payment" do
+          expect(payment.payment_method.preferred_require_liability_shift).to be false
+          expect(payment.liability.liability_shift).to be true
+
+          expect(subject.gateway).not_to receive(:void)
+
+          subject.call
+        end
+
+        it 'passes the liability shift check' do
+          expect(payment.payment_method.preferred_require_liability_shift).to be false
+          expect(payment.liability.liability_shift).to be true
+          subject.call
+
+          expect(subject).to be_success
+        end
+      end
+    end
+  end
+
+  context 'payment validation' do
+    before do
+      allow(subject).to receive(:gateway).and_return(double('gateway'))
+
+
+      # ensure other methods don't modify outcome
+      allow(subject).to receive(:check_liability_shift_requirements!)
+      allow(subject).to receive(:cancel_old_solidus_payments)
+      allow(payment).to receive(:create_solidus_payment!)
+    end
+
+    it 'validates the payment' do
+      expect(Spree::SolidusSixSaferpay::PaymentValidator).to receive(:call).with(payment)
+      subject.call
+    end
+
+    context 'when the payment is invalid' do
+      it 'cancels the payment' do
+        expect(subject.gateway).to receive(:void).with(payment.transaction_id)
+
+        subject.call
+      end
+
+      it 'indicates failure' do
+        allow(subject.gateway).to receive(:void).with(payment.transaction_id)
+
+        subject.call
+
+        expect(subject).not_to be_success
+      end
+    end
+
+    context 'when the payment is valid' do
+      before do
+        allow(Spree::SolidusSixSaferpay::PaymentValidator).to receive(:call).with(payment).and_return(true)
+      end
+
+      it "doesn't cancel the payment" do
+        expect(subject.gateway).not_to receive(:void)
+
+        subject.call
+      end
+
+      it 'indicates success' do
+        subject.call
+
+        expect(subject).to be_success
+      end
+    end
+  end
+
+  context 'when the payment has passed all validations' do
+    before do
+      allow(subject).to receive(:check_liability_shift_requirements!).and_return(true)
+      allow(subject).to receive(:validate_payment!).and_return(true)
+    end
+
+    context 'when previous solidus payments exist for this order' do
+      let(:order) { payment.order }
+      let!(:previous_payment_invalid) { create(:payment_using_saferpay, order: order) }
+      let!(:previous_payment_checkout) { create(:payment_using_saferpay, order: order) }
+
+      before do
+        # This is bad practice because we mock which payments are invalidated here.
+        # The reason is that you can't stub methods on AR objects that
+        # are loaded from the DB and because #solidus_payments_to_cancel
+        # is just AR scopes, I prefer this test over using stuff like
+        # #expect_any_instance_of
+        allow(subject).to receive(:solidus_payments_to_cancel).and_return([previous_payment_checkout])
+      end
+
+      it 'cancels old solidus payments' do
+        expect(previous_payment_invalid).not_to receive(:cancel!)
+        expect(previous_payment_checkout).to receive(:cancel!)
+
+        subject.call
+      end
+    end
+
+    it 'creates a new solidus payment' do
+      expect(payment).to receive(:create_solidus_payment!)
+
+      subject.call
+    end
+
+    it 'indicates success' do
+      allow(payment).to receive(:create_solidus_payment!)
+
+      subject.call
+
+      expect(subject).to be_success
+    end
+  end
+end