solidus_six_saferpay 0.1.8 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 96b400cf874bdda08cfb33f3030d266f58444ec30e8e002ece965b5cb3ae83e3
-  data.tar.gz: c1b05c8a67b4399814684d412c0fed4f60903a62d102bbda5d2929ba5ac81a4d
+  metadata.gz: 2bf3c36e740b9b6d5735b4ab0a9d9e2a3166c832cc25539f8df4af656b772ea9
+  data.tar.gz: 664c704fe719d59044d8f4566cfcbb48320cc2c5bfbc7619fff4de70c4639495
 SHA512:
-  metadata.gz: dc50f1d3e2be9d70f340b78a9f12f9fbd2cd7b531862fa56c0fbe1c9717cf44e067d1b74f31899532988bea30280ad7e25688348534e02c4712e4634cada9b0b
-  data.tar.gz: 545277b46dbb2bb516e04c90903b3b8878b031a0a741f29361bd1af71c9d9395e055035d512c4c2f1207c58a5416dc831b0ee3f0ccb459cf6a7b12c1317d72f4
+  metadata.gz: 9236e3a2555bfbcc2934d556cf1cfcdacc1f7735b04f9452b5de7826fd5839c073c016b996acb47c9a3f93bacb33b62fad7077180c7ecdb63b6e7c99a8ea9cc2
+  data.tar.gz: '01816590075677c47c4d4c0c9b0bd24e81115acc4437a231f54a57da60db1a26d0c38e0283b1d0da3a8bafbd2a5c6c319156f43b426505cf70a4fcc2af0a0c23'

data/.ruby-version

@@ -0,0 +1 @@
+2.7.2

data/README.md

@@ -2,6 +2,9 @@
 
 The `solidus_six_saferpay` engine adds checkout options for the Saferpay Payment Page ([Integration Guide](https://saferpay.github.io/sndbx/Integration_PP.html), [JSON API documentation](http://saferpay.github.io/jsonapi/#ChapterPaymentPage)) and the Saferpay Transaction ([Integration Guide](https://saferpay.github.io/sndbx/Integration_trx.html), [JSON API documentation](https://saferpay.github.io/sndbx/Integration_trx.html)).
 
+### Disclaimer
+This gem is built to be a general-purpose integration of the Six Saferpay payment interface. However due to lack of resources and because we are (as far as we know) the only users of this gem, we are only testing our use cases (PaymentPage). Therefore we can not guarantee that this will work in any other solidus shop. If you consider using this gem, please test everything thoroughly.
+
 ## Status
 Travis CI status: [![Build Status](https://travis-ci.org/fadendaten/solidus_six_saferpay.svg?branch=master)](https://travis-ci.org/fadendaten/solidus_six_saferpay)
 

data/app/assets/javascripts/solidus_six_saferpay/saferpay_payment.js

@@ -18,7 +18,10 @@ let SaferpayPayment = {
       },
 
       error: function(xhr) {
-        console.error(xhr.responseText);
+        // We have no other option for displaying this message, so to inform
+        // the user we must alert
+        alert(xhr.responseJSON.errors);
+        window.location.replace(xhr.responseJSON.redirect_url);
         return false;
       },
     })

data/app/controllers/spree/solidus_six_saferpay/checkout_controller.rb

@@ -3,11 +3,25 @@ module Spree
     class CheckoutController < StoreController
 
       def init
-        # loading the order is not shared between actions because the success
-        # action must break out of the iframe
-        @order = current_order
-        redirect_to(spree.cart_path) && return unless @order
-
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
+        # We must make sure that the order for which the user requests a
+        # payment is still their `current_order`.
+        # This can be false if the user tries to add something to the cart
+        # after getting to the payment checkout step, and then switches back to
+        # the payment step and starts the payment process by selecting a
+        # payment method.
+        # In that case, we redirect to the checkout path so the user needs to
+        # go through the checkout process again to ensure that the real
+        # `current_order` contains all necessary information.
+        if @order.nil? || @order != current_order
+          render json: {
+            redirect_url: spree.cart_path,
+            errors: t('.order_was_modified_after_confirmation')
+          }, status: 422
+          return
+        end
 
         payment_method = Spree::PaymentMethod.find(params[:payment_method_id])
         initialized_payment = initialize_payment(@order, payment_method)
@@ -16,16 +30,35 @@ module Spree
           redirect_url = initialized_payment.redirect_url
           render json: { redirect_url: redirect_url }
         else
-          render json: { errors: t('.checkout_not_initialized') }, status: 422
+          render json: {
+            redirect_url: spree.cart_path,
+            errors: t('.checkout_not_initialized')
+          }, status: 422
         end
       end
 
       def success
-        # loading the order is not shared between actions because the success
-        # action must break out of the iframe
-        @order = current_order
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
         if @order.nil?
-          @redirect_path = spree.cart_path
+          OrderNotFoundHandler.call(controller_context: self, order_number: order_number)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path ||= spree.cart_path
+
+          render :iframe_breakout_redirect, layout: false
+          return
+        end
+
+        saferpay_payment = Spree::SixSaferpayPayment.where(order_id: @order.id).order(:created_at).last
+
+        if saferpay_payment.nil?
+          PaymentNotFoundHandler.call(controller_context: self, order: @order)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path ||= spree.cart_path
+
           render :iframe_breakout_redirect, layout: false
           return
         end
@@ -33,17 +66,14 @@ module Spree
         # ensure that completed orders don't try to reprocess the
         # authorization. This could happen if a user presses the back button
         # after completing an order.
+        # There is no error handling because it should look like you are simply
+        # redirected to the cart page.
         if @order.completed?
           @redirect_path = spree.cart_path
           render :iframe_breakout_redirect, layout: false
           return
         end
 
-        saferpay_payment = Spree::SixSaferpayPayment.where(order_id: @order.id).order(:created_at).last
-
-        if saferpay_payment.nil?
-          raise Spree::Core::GatewayError, t('.saferpay_payment_not_found')
-        end
 
         # NOTE: PaymentPage payments are authorized directly. Instead, we
         # perform an ASSERT here to gather the necessary details.
@@ -60,7 +90,7 @@ module Spree
 
           processed_authorization = process_authorization(saferpay_payment)
           if processed_authorization.success?
-            handle_payment_processing_success
+            PaymentProcessingSuccessHandler.call(controller_context: self, order: @order)
           else
             flash[:error] = processed_authorization.user_message
           end
@@ -75,24 +105,34 @@ module Spree
       end
 
       def fail
-        # loading the order is not shared between actions because the success
-        # action must break out of the iframe
-        @order = current_order
+        order_number = params[:order_number]
+        @order = Spree::Order.find_by(number: order_number)
+
         if @order.nil?
-          @redirect_path = spree.cart_path
+          OrderNotFoundHandler.call(controller_context: self, order_number: order_number)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path ||= spree.cart_path
+
           render :iframe_breakout_redirect, layout: false
           return
         end
 
         saferpay_payment = Spree::SixSaferpayPayment.where(order_id: @order.id).order(:created_at).last
 
-        if saferpay_payment
-          payment_inquiry = inquire_payment(saferpay_payment)
-          flash[:error] = payment_inquiry.user_message
-        else
-          flash[:error] = I18n.t(:general_error, scope: [:solidus_six_saferpay, :errors])
+        if saferpay_payment.nil?
+          PaymentNotFoundHandler.call(controller_context: self, order: @order)
+
+          flash[:error] = t('.error_while_processing_payment')
+          @redirect_path = spree.cart_path
+          render :iframe_breakout_redirect, layout: false
+          return
         end
 
+
+        payment_inquiry = inquire_payment(saferpay_payment)
+        flash[:error] = payment_inquiry.user_message
+
         @redirect_path = order_checkout_path(:payment)
         render :iframe_breakout_redirect, layout: false
       end
@@ -115,22 +155,6 @@ module Spree
         raise NotImplementedError, "Must be implemented in PaymentPageCheckoutController or TransactionCheckoutController"
       end
 
-      # Allows overriding of success behaviour in host application by setting
-      # SolidusSixSaferpay.config.payment_processing_success_handler
-      # 
-      # By default, it will ensure that the order state is no longer "payment"
-      #
-      # Example
-      # config.payment_processing_success_handler = Proc.new { |order| puts "Order #{order} has been successfully paid!" }
-      #
-      def handle_payment_processing_success
-        if success_handler = ::SolidusSixSaferpay.config.payment_processing_success_handler.presence
-          success_handler.call(self, @order)
-        else
-          @order.next! if @order.payment?
-        end
-      end
-
       def order_checkout_path(state)
         Spree::Core::Engine.routes.url_helpers.checkout_state_path(state)
       end

data/app/controllers/spree/solidus_six_saferpay/transaction/checkout_controller.rb

@@ -1,7 +1,7 @@
 module Spree
   module SolidusSixSaferpay
-    # explicit parent must be stated, otherwise Spree::CheckoutController has precendence
     module Transaction
+    # explicit parent must be stated, otherwise Spree::CheckoutController has precendence
       class CheckoutController < SolidusSixSaferpay::CheckoutController
 
         private

data/app/models/spree/payment_method/saferpay_payment_method.rb

@@ -39,7 +39,7 @@ module Spree
       'saferpay_payment'
     end
 
-    def init_path
+    def init_path(order)
       raise NotImplementedError, "Must be implemented in SaferpayPaymentPage or SaferpayTransaction"
     end
   end

data/app/models/spree/payment_method/saferpay_payment_page.rb

@@ -6,8 +6,8 @@ module Spree
       ::SolidusSixSaferpay::PaymentPageGateway
     end
 
-    def init_path
-      url_helpers.solidus_six_saferpay_payment_page_init_path
+    def init_path(order)
+      url_helpers.solidus_six_saferpay_payment_page_init_path(order.number)
     end
   end
 end

data/app/models/spree/payment_method/saferpay_transaction.rb

@@ -5,8 +5,8 @@ module Spree
       ::SolidusSixSaferpay::TransactionGateway
     end
 
-    def init_path
-      url_helpers.solidus_six_saferpay_transaction_init_path
+    def init_path(order)
+      url_helpers.solidus_six_saferpay_transaction_init_path(order.number)
     end
   end
 end

data/app/services/spree/solidus_six_saferpay/cancel_authorized_payment.rb

@@ -0,0 +1,33 @@
+module Spree
+  module SolidusSixSaferpay
+    class CancelAuthorizedPayment
+
+      attr_reader :saferpay_payment
+
+      def self.call(saferpay_payment)
+        new(saferpay_payment).call
+      end
+
+      def initialize(saferpay_payment)
+        @saferpay_payment = saferpay_payment
+      end
+
+      def call
+        if transaction_id = saferpay_payment.transaction_id
+          gateway.void(saferpay_payment.transaction_id)
+        else
+          ::SolidusSixSaferpay::ErrorHandler.handle(
+            ::SolidusSixSaferpay::InvalidSaferpayPayment.new(
+              details: "Can not cancel payment #{saferpay_payment.id} because it has no transaction ID.")
+          )
+        end
+      end
+
+      private
+
+      def gateway
+        ::SolidusSixSaferpay::Gateway.new
+      end
+    end
+  end
+end

data/app/services/spree/solidus_six_saferpay/initialize_payment.rb

@@ -1,6 +1,5 @@
 module Spree
   module SolidusSixSaferpay
-
     class InitializePayment
 
       attr_reader :order, :payment_method, :redirect_url, :success

data/app/services/spree/solidus_six_saferpay/initialize_transaction.rb

@@ -1,6 +1,5 @@
 module Spree
   module SolidusSixSaferpay
-
     class InitializeTransaction < InitializePayment
       include UseTransactionGateway
 

data/app/services/spree/solidus_six_saferpay/inquire_payment.rb

@@ -19,8 +19,9 @@ module Spree
         inquiry = gateway.inquire(saferpay_payment)
 
         if inquiry.success?
-          saferpay_payment.update_attributes(response_hash: inquiry.api_response.to_h)
+          saferpay_payment.update_attributes(saferpay_payment_attributes(inquiry.api_response))
         else
+          saferpay_payment.update_attributes(response_hash: saferpay_payment.response_hash.merge(error: "#{inquiry.error_name}"))
           general_error = I18n.t(:general_error, scope: [:solidus_six_saferpay, :errors])
           specific_error = I18n.t(inquiry.error_name, scope: [:six_saferpay, :error_names])
           @user_message = "#{general_error}: #{specific_error}"
@@ -38,6 +39,31 @@ module Spree
       def gateway
         raise NotImplementedError, "Must be implemented in AssertPaymentPage or AuthorizeTransaction with UsePaymentPageGateway or UseTransactionGateway"
       end
+
+      private
+
+      def saferpay_payment_attributes(saferpay_response)
+        payment_means = saferpay_response.payment_means
+        brand = payment_means.brand
+        card = payment_means.card
+
+        attributes = {
+          transaction_id: saferpay_response.transaction.id,
+          transaction_status: saferpay_response.transaction.status,
+          transaction_date: DateTime.parse(saferpay_response.transaction.date),
+          six_transaction_reference: saferpay_response.transaction.six_transaction_reference,
+          display_text: saferpay_response.payment_means.display_text,
+          response_hash: saferpay_response.to_h
+        }
+
+        if card
+          attributes[:masked_number] = card.masked_number
+          attributes[:expiration_year] = card.exp_year
+          attributes[:expiration_month] = card.exp_month
+        end
+
+        attributes
+      end
     end
   end
 end

data/app/services/spree/solidus_six_saferpay/order_not_found_handler.rb

@@ -0,0 +1,28 @@
+module Spree
+  module SolidusSixSaferpay
+
+    # This handler can be overridden by host applications to manage control
+    # flow if no order can be found when SIX Saferpay performs the callback
+    # request after the user submits a payment.
+    # If not overridden, the handler will simply trigger an error.
+    class OrderNotFoundHandler
+
+      attr_reader :controller_context, :order_number
+
+      def self.call(controller_context:, order_number:)
+        new(controller_context: controller_context, order_number: order_number).call
+      end
+
+      def initialize(controller_context:, order_number:)
+        @controller_context = controller_context
+        @order_number = order_number
+      end
+
+      def call
+        ::SolidusSixSaferpay::ErrorHandler.handle(
+          StandardError.new("No solidus order could be found for number #{order_number}")
+        )
+      end
+    end
+  end
+end

data/app/services/spree/solidus_six_saferpay/payment_not_found_handler.rb

@@ -0,0 +1,28 @@
+module Spree
+  module SolidusSixSaferpay
+
+    # This handler can be overridden by host applications to manage control
+    # flow if no payment can be found when SIX Saferpay performs the callback
+    # request after the user submits a payment. 
+    # If not overridden, the handler will simply trigger an error.
+    class PaymentNotFoundHandler
+
+      attr_reader :controller_context, :order
+
+      def self.call(controller_context:, order:)
+        new(controller_context: controller_context, order: order).call
+      end
+
+      def initialize(controller_context:, order:)
+        @controller_context = controller_context
+        @order = order
+      end
+
+      def call
+        ::SolidusSixSaferpay::ErrorHandler.handle(
+          StandardError.new("No Saferpay Payment found for order #{order.number}")
+        )
+      end
+    end
+  end
+end

data/app/services/spree/solidus_six_saferpay/payment_processing_success_handler.rb

@@ -0,0 +1,26 @@
+module Spree
+  module SolidusSixSaferpay
+
+    # This handler can be overridden by host applications to manage control
+    # flow after the payment authorization was successful and the payment was verified.
+    # If not overridden, the handler will simply ensure that the order has
+    # moved from the "payment" state to the next state.
+    class PaymentProcessingSuccessHandler
+
+      attr_reader :controller_context, :order
+
+      def self.call(controller_context:, order:)
+        new(controller_context: controller_context, order: order).call
+      end
+
+      def initialize(controller_context:, order:)
+        @controller_context = controller_context
+        @order = order
+      end
+
+      def call
+        order.next! if order.payment?
+      end
+    end
+  end
+end

data/app/views/spree/checkout/payment/_saferpay_payment.html.erb

@@ -3,10 +3,10 @@
   <iframe class="saferpay-iframe" width='100%' height='550px' id="<%= payment_container_id %>" src="" frameborder="0">
   </iframe>
   <script charset="utf-8">
-    SaferpayPayment.registerIframePaymentMethod({id: "<%= payment_method.id %>", initUrl: "<%= payment_method.init_path %>", containerId: "#<%= payment_container_id %>"})
+    SaferpayPayment.registerIframePaymentMethod({id: "<%= payment_method.id %>", initUrl: "<%= payment_method.init_path(@order) %>", containerId: "#<%= payment_container_id %>"})
   </script>
 <% else %>
   <script charset="utf-8">
-    SaferpayPayment.registerExternalRedirectPaymentMethod({id: "<%= payment_method.id %>", initUrl: "<%= payment_method.init_path %>"})
+    SaferpayPayment.registerExternalRedirectPaymentMethod({id: "<%= payment_method.id %>", initUrl: "<%= payment_method.init_path(@order) %>"})
   </script>
 <% end %>