solidus_stripe 1.0.0 → 1.1.0

data/README.md

@@ -13,7 +13,7 @@ Installation
 In your Gemfile:
 
 ```ruby
-gem "solidus_stripe", github: "solidusio/solidus_stripe"
+gem 'solidus_stripe', '~> 1.0.0'
 ```
 
 Then run from the command line:
@@ -54,7 +54,9 @@ Spree.config do |config|
     'stripe_env_credentials',
     secret_key: ENV['STRIPE_SECRET_KEY'],
     publishable_key: ENV['STRIPE_PUBLISHABLE_KEY'],
+    stripe_country: 'US',
     v3_elements: false,
+    v3_intents: false,
     server: Rails.env.production? ? 'production' : 'test',
     test_mode: !Rails.env.production?
   )
@@ -67,6 +69,61 @@ your  application will start using the static configuration to process
 Stripe payments.
 
 
+Using Stripe Payment Intents API
+--------------------------------
+
+If you want to use the new SCA-ready Stripe Payment Intents API you need
+to change the `v3_intents` preference from the code above to true and,
+if you want to allow also Apple Pay and Google Pay payments, set the
+`stripe_country` preference, which represents the two-letter country
+code of your Stripe account:
+
+
+```ruby
+Spree.config do |config|
+  # ...
+
+  config.static_model_preferences.add(
+    Spree::PaymentMethod::StripeCreditCard,
+    'stripe_env_credentials',
+    secret_key: ENV['STRIPE_SECRET_KEY'],
+    publishable_key: ENV['STRIPE_PUBLISHABLE_KEY'],
+    stripe_country: 'US',
+    v3_elements: false,
+    v3_intents: true,
+    server: Rails.env.production? ? 'production' : 'test',
+    test_mode: !Rails.env.production?
+  )
+end
+```
+
+Apple Pay and Google Pay
+-----------------------
+
+The Payment Intents API now supports also Apple Pay and Google Pay via
+the [payment request button API](https://stripe.com/docs/stripe-js/elements/payment-request-button).
+Check the Payment Intents section for setup details. Also, please
+refer to the official Stripe documentation for configuring your
+Stripe account to receive payments via Apple Pay.
+
+It's possible to pay with Apple Pay and Google Pay directly from the cart
+page. The functionality is self-contained in the view partial
+`_stripe_payment_request_button.html.erb`. In order to use it, you need
+to load that partial in the `orders#edit` frontend page, and pass it the
+payment method configured for Stripe via the local variable
+`cart_checkout_payment_method`, for example using `deface`:
+
+```ruby
+# app/overrides/spree/orders/edit/add_payment_request_button.html.erb.deface
+
+<!-- insert_after '[data-hook="cart_container"]' -->
+<%= render 'stripe_payment_request_button', cart_checkout_payment_method: Spree::PaymentMethod::StripeCreditCard.first %>
+```
+
+Of course, rules stated in the paragraph above (remember to add the stripe country
+config value, for example) apply also for this payment method.
+
+
 Migrating from solidus_gateway
 ------------------------------
 

data/Rakefile

@@ -1,23 +1,6 @@
 # frozen_string_literal: true
 
-require 'bundler'
-Bundler::GemHelper.install_tasks
+require 'solidus_dev_support/rake_tasks'
+SolidusDevSupport::RakeTasks.install
 
-require 'rspec/core/rake_task'
-require 'spree/testing_support/common_rake'
-
-RSpec::Core::RakeTask.new
-
-task :default do
-  if Dir["spec/dummy"].empty?
-    Rake::Task[:test_app].invoke
-    Dir.chdir("../../")
-  end
-  Rake::Task[:spec].invoke
-end
-
-desc "Generates a dummy app for testing"
-task :test_app do
-  ENV['LIB_NAME'] = 'solidus_stripe'
-  Rake::Task['common:test_app'].invoke
-end
+task default: %w[extension:test_app extension:specs]

data/app/assets/javascripts/solidus_stripe/stripe-init.js

@@ -0,0 +1 @@
+//= require ./stripe-init/base

data/app/assets/javascripts/solidus_stripe/stripe-init/base.js

@@ -0,0 +1,180 @@
+window.SolidusStripe = window.SolidusStripe || {};
+
+SolidusStripe.paymentMethod = {
+  config: $('[data-stripe-config').data('stripe-config'),
+  requestShipping: false
+}
+
+var authToken = $('meta[name="csrf-token"]').attr('content');
+
+var stripe = Stripe(SolidusStripe.paymentMethod.config.publishable_key)
+var elements = stripe.elements({locale: 'en'});
+
+var element = $('#payment_method_' + SolidusStripe.paymentMethod.config.id);
+var form = element.parents('form');
+var errorElement = form.find('#card-errors');
+var submitButton = form.find('input[type="submit"]');
+
+function stripeTokenHandler(token) {
+  var baseSelector = `<input type='hidden' class='stripeToken' name='payment_source[${SolidusStripe.paymentMethod.config.id}]`;
+
+  element.append(`${baseSelector}[gateway_payment_profile_id]' value='${token.id}'/>`);
+  element.append(`${baseSelector}[last_digits]' value='${token.card.last4}'/>`);
+  element.append(`${baseSelector}[month]' value='${token.card.exp_month}'/>`);
+  element.append(`${baseSelector}[year]' value='${token.card.exp_year}'/>`);
+  form.find('input#cc_type').val(mapCC(token.card.brand || token.card.type));
+};
+
+function initElements() {
+  var style = {
+    base: {
+      color: 'black',
+      fontFamily: '"Helvetica Neue", Helvetica, sans-serif',
+      fontSmoothing: 'antialiased',
+      fontSize: '14px',
+      '::placeholder': {
+        color: 'silver'
+      }
+    },
+    invalid: {
+      color: 'red',
+      iconColor: 'red'
+    }
+  };
+
+  elements.create('cardExpiry', {style: style}).mount('#card_expiry');
+  elements.create('cardCvc', {style: style}).mount('#card_cvc');
+
+  var cardNumber = elements.create('cardNumber', {style: style});
+  cardNumber.mount('#card_number');
+
+  return cardNumber;
+}
+
+function setUpPaymentRequest(config, onPrButtonMounted) {
+  if (typeof config !== 'undefined') {
+    var paymentRequest = stripe.paymentRequest({
+      country: config.country,
+      currency: config.currency,
+      total: {
+        label: config.label,
+        amount: config.amount
+      },
+      requestPayerName: true,
+      requestPayerEmail: true,
+      requestShipping: config.requestShipping,
+      shippingOptions: [
+      ]
+    });
+
+    var prButton = elements.create('paymentRequestButton', {
+      paymentRequest: paymentRequest
+    });
+
+    paymentRequest.canMakePayment().then(function(result) {
+      var id = 'payment-request-button';
+
+      if (result) {
+        prButton.mount('#' + id);
+      } else {
+        document.getElementById(id).style.display = 'none';
+      }
+      if (typeof onPrButtonMounted === 'function') {
+        onPrButtonMounted(id, result);
+      }
+    });
+
+    paymentRequest.on('paymentmethod', function(result) {
+      errorElement.text('').hide();
+      handlePayment(result);
+    });
+
+    paymentRequest.on('shippingaddresschange', function(ev) {
+      fetch('/stripe/shipping_rates', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          authenticity_token: authToken,
+          shipping_address: ev.shippingAddress
+        })
+      }).then(function(response) {
+        return response.json();
+      }).then(function(result) {
+        if (result.error) {
+          showError(result.error);
+          return false;
+        } else {
+          ev.updateWith({
+            status: 'success',
+            shippingOptions: result.shipping_rates
+          });
+        }
+      });
+    });
+
+    return paymentRequest;
+  }
+};
+
+function handleServerResponse(response, payment) {
+  if (response.error) {
+      showError(response.error);
+      completePaymentRequest(payment, 'fail');
+  } else if (response.requires_action) {
+    stripe.handleCardAction(
+      response.stripe_payment_intent_client_secret
+    ).then(function(result) {
+      if (result.error) {
+        showError(result.error.message);
+      } else {
+        fetch('/stripe/confirm_intents', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            spree_payment_method_id: SolidusStripe.paymentMethod.config.id,
+            stripe_payment_intent_id: result.paymentIntent.id,
+            authenticity_token: authToken
+          })
+        }).then(function(confirmResult) {
+          return confirmResult.json();
+        }).then(handleServerResponse);
+      }
+    });
+  } else {
+    completePaymentRequest(payment, 'success');
+    submitPayment(payment);
+  }
+}
+
+function completePaymentRequest(payment, state) {
+  if (payment && typeof payment.complete === 'function') {
+    payment.complete(state);
+  }
+}
+
+function showError(error) {
+  errorElement.text(error).show();
+
+  if (submitButton.length) {
+    setTimeout(function() {
+      $.rails.enableElement(submitButton[0]);
+      submitButton.removeAttr('disabled').removeClass('disabled');
+    }, 100);
+  }
+};
+
+function mapCC(ccType) {
+  if (ccType === 'MasterCard') {
+    return 'mastercard';
+  } else if (ccType === 'Visa') {
+    return 'visa';
+  } else if (ccType === 'American Express') {
+    return 'amex';
+  } else if (ccType === 'Discover') {
+    return 'discover';
+  } else if (ccType === 'Diners Club') {
+    return 'dinersclub';
+  } else if (ccType === 'JCB') {
+    return 'jcb';
+  }
+};

data/app/controllers/solidus_stripe/intents_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module SolidusStripe
+  class IntentsController < Spree::BaseController
+    include Spree::Core::ControllerHelpers::Order
+
+    def confirm
+      begin
+        if params[:stripe_payment_method_id].present?
+          intent = stripe.create_intent(
+            (current_order.total * 100).to_i,
+            params[:stripe_payment_method_id],
+            currency: current_order.currency,
+            confirmation_method: 'manual',
+            confirm: true,
+            setup_future_usage: 'on_session',
+            metadata: { order_id: current_order.id }
+          )
+        elsif params[:stripe_payment_intent_id].present?
+          intent = stripe.confirm_intent(params[:stripe_payment_intent_id], nil)
+        end
+      rescue Stripe::CardError => e
+        render json: { error: e.message }, status: 500
+        return
+      end
+
+      generate_payment_response(intent)
+    end
+
+    private
+
+    def stripe
+      @stripe ||= Spree::PaymentMethod::StripeCreditCard.find(params[:spree_payment_method_id])
+    end
+
+    def generate_payment_response(intent)
+      response = intent.params
+      # Note that if your API version is before 2019-02-11, 'requires_action'
+      # appears as 'requires_source_action'.
+      if %w[requires_source_action requires_action].include?(response['status']) && response['next_action']['type'] == 'use_stripe_sdk'
+          render json: {
+            requires_action: true,
+            stripe_payment_intent_client_secret: response['client_secret']
+          }
+      elsif response['status'] == 'succeeded'
+        render json: { success: true }
+      else
+        render json: { error: response['error']['message'] }, status: 500
+      end
+    end
+  end
+end

data/app/controllers/solidus_stripe/payment_request_controller.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module SolidusStripe
+  class PaymentRequestController < Spree::BaseController
+    include Spree::Core::ControllerHelpers::Order
+
+    def shipping_rates
+      rates = SolidusStripe::ShippingRatesService.new(
+        current_order,
+        spree_current_user,
+        params[:shipping_address]
+      ).call
+
+      if rates.any?
+        render json: { success: true, shipping_rates: rates }
+      else
+        render json: { success: false, error: 'No shipping method available for that address' }, status: 500
+      end
+    end
+
+    def update_order
+      current_order.restart_checkout_flow
+
+      address = SolidusStripe::AddressFromParamsService.new(
+        params[:shipping_address],
+        spree_current_user
+      ).call
+
+      if address.valid?
+        SolidusStripe::PrepareOrderForPaymentService.new(address, self).call
+
+        if current_order.payment?
+          render json: { success: true }
+        else
+          render json: { success: false, error: 'Order not ready for payment. Try manual checkout.' }, status: 500
+        end
+      else
+        render json: { success: false, error: address.errors.full_messages.to_sentence }, status: 500
+      end
+    end
+  end
+end

data/app/controllers/spree/stripe_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Spree
+  class StripeController < SolidusStripe::IntentsController
+    include Core::ControllerHelpers::Order
+
+    def confirm_payment
+      Deprecation.warn "please use SolidusStripe::IntentsController#confirm"
+
+      confirm
+    end
+  end
+end

data/app/models/solidus_stripe/address_from_params_service.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module SolidusStripe
+  class AddressFromParamsService
+    attr_reader :address_params, :user
+
+    def initialize(address_params, user)
+      @address_params, @user = address_params, user
+    end
+
+    def call
+      if user
+        user.addresses.find_or_initialize_by(attributes)
+      else
+        Spree::Address.new(attributes)
+      end
+    end
+
+    private
+
+    def attributes
+      @attributes ||= begin
+        default_attributes.tap do |attributes|
+          # possibly anonymized attributes:
+          phone = address_params[:phone]
+          lines = address_params[:addressLine]
+          names = address_params[:recipient].split(' ')
+
+          attributes.merge!(
+            state_id: state&.id,
+            firstname: names.first,
+            lastname: names.last,
+            phone: phone,
+            address1: lines.first,
+            address2: lines.second
+          ).reject! { |_, value| value.blank? }
+        end
+      end
+    end
+
+    def country
+      @country ||= Spree::Country.find_by_iso(address_params[:country])
+    end
+
+    def state
+      @state ||= country.states.find_by_abbr(address_params[:region])
+    end
+
+    def default_attributes
+      {
+        country_id: country.id,
+        city: address_params[:city],
+        zipcode: address_params[:postalCode]
+      }
+    end
+  end
+end