solidus_stripe 2.0.0 → 3.2.1

data/app/assets/javascripts/spree/frontend/solidus_stripe/stripe-init.js

@@ -0,0 +1,20 @@
+$(function() {
+  var stripeV3Api = $('[data-v3-api]').data('v3-api');
+
+  if (stripeV3Api) {
+    $.getScript('https://js.stripe.com/v3/')
+      .done(function() {
+        switch (stripeV3Api) {
+          case 'elements':
+            new SolidusStripe.Elements().init();
+            break;
+          case 'payment-intents':
+            new SolidusStripe.PaymentIntents().init();
+            break;
+          case 'payment-request-button':
+            new SolidusStripe.CartPageCheckout().init();
+            break;
+        }
+    });
+  }
+});

data/app/assets/javascripts/spree/frontend/solidus_stripe/stripe-payment-intents.js

@@ -0,0 +1,84 @@
+SolidusStripe.PaymentIntents = function() {
+  SolidusStripe.Elements.call(this);
+};
+
+SolidusStripe.PaymentIntents.prototype = Object.create(SolidusStripe.Elements.prototype);
+Object.defineProperty(SolidusStripe.PaymentIntents.prototype, 'constructor', {
+  value: SolidusStripe.PaymentIntents,
+  enumerable: false,
+  writable: true
+});
+
+SolidusStripe.PaymentIntents.prototype.init = function() {
+  this.setUpPaymentRequest();
+  this.initElements();
+};
+
+SolidusStripe.PaymentIntents.prototype.onPrPayment = function(payment) {
+  if (payment.error) {
+    this.showError(payment.error.message);
+  } else {
+    var that = this;
+
+    this.elementsTokenHandler(payment.paymentMethod);
+    fetch('/stripe/confirm_intents', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        form_data: this.form.serialize(),
+        spree_payment_method_id: this.config.id,
+        stripe_payment_method_id: payment.paymentMethod.id,
+        authenticity_token: this.authToken
+      })
+    }).then(function(response) {
+      response.json().then(function(json) {
+        that.handleServerResponse(json, payment);
+      })
+    });
+  }
+};
+
+SolidusStripe.PaymentIntents.prototype.onFormSubmit = function(event) {
+  if (this.element.is(':visible')) {
+    event.preventDefault();
+
+    this.errorElement.text('').hide();
+
+    this.stripe.createPaymentMethod(
+      'card',
+      this.cardNumber
+    ).then(this.onIntentsPayment.bind(this));
+  }
+};
+
+SolidusStripe.PaymentIntents.prototype.submitPayment = function(_payment) {
+  this.form.unbind('submit').submit();
+};
+
+SolidusStripe.PaymentIntents.prototype.onIntentsPayment = function(payment) {
+  if (payment.error) {
+    this.showError(payment.error.message);
+  } else {
+    var that = this;
+
+    this.elementsTokenHandler(payment.paymentMethod);
+    fetch('/stripe/confirm_intents', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        form_data: this.form.serialize(),
+        spree_payment_method_id: this.config.id,
+        stripe_payment_method_id: payment.paymentMethod.id,
+        authenticity_token: this.authToken
+      })
+    }).then(function(response) {
+      response.json().then(function(json) {
+        that.handleServerResponse(json, payment);
+      })
+    });
+  }
+};

data/app/assets/javascripts/spree/frontend/solidus_stripe/stripe-payment-request-button-shared.js

@@ -0,0 +1,123 @@
+// Shared code between Payment Intents and Payment Request Button on cart page
+
+(function() {
+  var PaymentRequestButtonShared;
+
+  PaymentRequestButtonShared = {
+    authToken: $('meta[name="csrf-token"]').attr('content'),
+
+    setUpPaymentRequest: function(opts) {
+      var opts = opts || {};
+      var config = this.config.payment_request;
+
+      if (config) {
+        config.requestShipping = opts.requestShipping || false;
+
+        var paymentRequest = this.stripe.paymentRequest({
+          country: config.country,
+          currency: config.currency,
+          total: {
+            label: config.label,
+            amount: config.amount
+          },
+          requestPayerName: true,
+          requestPayerEmail: true,
+          requestShipping: config.requestShipping,
+          shippingOptions: []
+        });
+
+        var prButton = this.elements.create('paymentRequestButton', {
+          paymentRequest: paymentRequest
+        });
+
+        var onButtonMount = function(result) {
+          var id = 'payment-request-button';
+
+          if (result) {
+            prButton.mount('#' + id);
+          } else {
+            document.getElementById(id).style.display = 'none';
+          }
+          if (typeof this.onPrButtonMounted === 'function') {
+            this.onPrButtonMounted(id, result);
+          }
+        }
+        paymentRequest.canMakePayment().then(onButtonMount.bind(this));
+
+        var onPrPaymentMethod = function(result) {
+          this.errorElement.text('').hide();
+          this.onPrPayment(result);
+        };
+        paymentRequest.on('paymentmethod', onPrPaymentMethod.bind(this));
+
+        onShippingAddressChange = function(ev) {
+          var showError = this.showError.bind(this);
+
+          fetch('/stripe/shipping_rates', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              authenticity_token: this.authToken,
+              shipping_address: ev.shippingAddress
+            })
+          }).then(function(response) {
+            return response.json();
+          }).then(function(result) {
+            if (result.error) {
+              showError(result.error);
+              return false;
+            } else {
+              ev.updateWith({
+                status: 'success',
+                shippingOptions: result.shipping_rates
+              });
+            }
+          });
+        };
+        paymentRequest.on('shippingaddresschange', onShippingAddressChange.bind(this));
+      }
+    },
+
+    handleServerResponse: function(response, payment) {
+      if (response.error) {
+        this.showError(response.error);
+        this.completePaymentRequest(payment, 'fail');
+      } else if (response.requires_action) {
+        this.stripe.handleCardAction(
+          response.stripe_payment_intent_client_secret
+        ).then(this.onIntentsClientSecret.bind(this));
+      } else {
+        this.completePaymentRequest(payment, 'success');
+        this.submitPayment(payment);
+      }
+    },
+
+    onIntentsClientSecret: function(result) {
+      if (result.error) {
+        this.showError(result.error);
+      } else {
+        fetch('/stripe/confirm_intents', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            form_data: this.form.serialize(),
+            spree_payment_method_id: this.config.id,
+            stripe_payment_intent_id: result.paymentIntent.id,
+            authenticity_token: this.authToken
+          })
+        }).then(function(confirmResult) {
+          return confirmResult.json();
+        }).then(this.handleServerResponse.bind(this));
+      }
+    },
+
+    completePaymentRequest: function(payment, state) {
+      if (payment && typeof payment.complete === 'function') {
+        payment.complete(state);
+      }
+    }
+  };
+
+  Object.assign(SolidusStripe.PaymentIntents.prototype, PaymentRequestButtonShared);
+  Object.assign(SolidusStripe.CartPageCheckout.prototype, PaymentRequestButtonShared);
+})()

data/app/assets/javascripts/spree/frontend/solidus_stripe/stripe-payment.js

@@ -0,0 +1,16 @@
+window.SolidusStripe = window.SolidusStripe || {};
+
+SolidusStripe.Payment = function() {
+  this.config = $('[data-stripe-config]').data('stripe-config');
+  this.element = $('#payment_method_' + this.config.id);
+  this.authToken = $('meta[name="csrf-token"]').attr('content');
+
+  this.stripe = Stripe(this.config.publishable_key);
+  this.elements = this.stripe.elements(this.elementsBaseOptions());
+};
+
+SolidusStripe.Payment.prototype.elementsBaseOptions = function () {
+  return {
+    locale: 'en'
+  };
+};

data/app/controllers/solidus_stripe/intents_controller.rb

@@ -6,25 +6,19 @@ module SolidusStripe
 
     def confirm
       begin
-        if params[:stripe_payment_method_id].present?
-          intent = stripe.create_intent(
-            (current_order.total * 100).to_i,
-            params[:stripe_payment_method_id],
-            currency: current_order.currency,
-            confirmation_method: 'manual',
-            confirm: true,
-            setup_future_usage: 'on_session',
-            metadata: { order_id: current_order.id }
-          )
-        elsif params[:stripe_payment_intent_id].present?
-          intent = stripe.confirm_intent(params[:stripe_payment_intent_id], nil)
+        @intent = begin
+          if params[:stripe_payment_method_id].present?
+            create_intent
+          elsif params[:stripe_payment_intent_id].present?
+            stripe.confirm_intent(params[:stripe_payment_intent_id], nil)
+          end
         end
       rescue Stripe::CardError => e
         render json: { error: e.message }, status: 500
         return
       end
 
-      generate_payment_response(intent)
+      generate_payment_response
     end
 
     private
@@ -33,20 +27,35 @@ module SolidusStripe
       @stripe ||= Spree::PaymentMethod::StripeCreditCard.find(params[:spree_payment_method_id])
     end
 
-    def generate_payment_response(intent)
-      response = intent.params
+    def generate_payment_response
+      response = @intent.params
       # Note that if your API version is before 2019-02-11, 'requires_action'
       # appears as 'requires_source_action'.
       if %w[requires_source_action requires_action].include?(response['status']) && response['next_action']['type'] == 'use_stripe_sdk'
-          render json: {
-            requires_action: true,
-            stripe_payment_intent_client_secret: response['client_secret']
-          }
-      elsif response['status'] == 'succeeded'
+        render json: {
+          requires_action: true,
+          stripe_payment_intent_client_secret: response['client_secret']
+        }
+      elsif response['status'] == 'requires_capture'
+        SolidusStripe::CreateIntentsOrderService.new(@intent, stripe, self).call
         render json: { success: true }
       else
         render json: { error: response['error']['message'] }, status: 500
       end
     end
+
+    def create_intent
+      stripe.create_intent(
+        (current_order.total * 100).to_i,
+        params[:stripe_payment_method_id],
+        description: "Solidus Order ID: #{current_order.number} (pending)",
+        currency: current_order.currency,
+        confirmation_method: 'manual',
+        capture_method: 'manual',
+        confirm: true,
+        setup_future_usage: 'off_session',
+        metadata: { order_id: current_order.id }
+      )
+    end
   end
 end

data/app/decorators/models/spree/order_update_attributes_decorator.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Spree
+  module OrderUpdateAttributesDecorator
+    def assign_payments_attributes
+      return if payments_attributes.empty?
+      return if adding_new_stripe_payment_intents_card?
+
+      stripe_intents_pending_payments.each(&:void_transaction!)
+
+      super
+    end
+
+    private
+
+    def adding_new_stripe_payment_intents_card?
+      paying_with_stripe_intents? && stripe_intents_pending_payments.any?
+    end
+
+    def stripe_intents_pending_payments
+      @stripe_intents_pending_payments ||= order.payments.valid.select do |payment|
+        payment_method = payment.payment_method
+        payment.pending? && stripe_intents?(payment_method)
+      end
+    end
+
+    def paying_with_stripe_intents?
+      if id = payments_attributes.first&.dig(:payment_method_id)
+        stripe_intents?(Spree::PaymentMethod.find(id))
+      end
+    end
+
+    def stripe_intents?(payment_method)
+      payment_method.respond_to?(:v3_intents?) && payment_method.v3_intents?
+    end
+
+    ::Spree::OrderUpdateAttributes.prepend(self)
+  end
+end

data/app/decorators/models/spree/payment_decorator.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Spree
+  module PaymentDecorator
+    def gateway_order_identifier
+      gateway_order_id
+    end
+
+    ::Spree::Payment.prepend(self)
+  end
+end

data/app/models/solidus_stripe/create_intents_order_service.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module SolidusStripe
+  class CreateIntentsOrderService
+    attr_reader :intent, :stripe, :controller
+
+    delegate :request, :current_order, :params, to: :controller
+
+    def initialize(intent, stripe, controller)
+      @intent, @stripe, @controller = intent, stripe, controller
+    end
+
+    def call
+      invalidate_previous_payment_intents_payments
+      payment = create_payment
+      description = "Solidus Order ID: #{payment.gateway_order_identifier}"
+      stripe.update_intent(nil, response['id'], nil, description: description)
+    end
+
+    private
+
+    def invalidate_previous_payment_intents_payments
+      if stripe.v3_intents?
+        current_order.payments.pending.where(payment_method: stripe).each(&:void_transaction!)
+      end
+    end
+
+    def create_payment
+      Spree::OrderUpdateAttributes.new(
+        current_order,
+        payment_params,
+        request_env: request.headers.env
+      ).apply
+
+      Spree::Payment.find_by(response_code: response['id']).tap do |payment|
+        payment.update!(state: :pending)
+      end
+    end
+
+    def payment_params
+      card = response['charges']['data'][0]['payment_method_details']['card']
+      address_attributes = form_data['payment_source'][stripe.id.to_s]['address_attributes']
+
+      {
+        payments_attributes: [{
+          payment_method_id: stripe.id,
+          amount: current_order.total,
+          response_code: response['id'],
+          source_attributes: {
+            month: card['exp_month'],
+            year: card['exp_year'],
+            cc_type: card['brand'],
+            gateway_payment_profile_id: response['payment_method'],
+            last_digits: card['last4'],
+            name: current_order.bill_address.full_name,
+            address_attributes: address_attributes
+          }
+        }]
+      }
+    end
+
+    def response
+      intent.params
+    end
+
+    def form_data
+      Rack::Utils.parse_nested_query(params[:form_data])
+    end
+  end
+end

data/app/models/spree/payment_method/stripe_credit_card.rb

@@ -15,6 +15,8 @@ module Spree
         'Visa' => 'visa'
       }
 
+      delegate :create_intent, :update_intent, :confirm_intent, to: :gateway
+
       def stripe_config(order)
         {
           id: id,
@@ -59,14 +61,6 @@ module Spree
         true
       end
 
-      def create_intent(*args)
-        gateway.create_intent(*args)
-      end
-
-      def confirm_intent(*args)
-        gateway.confirm_intent(*args)
-      end
-
       def purchase(money, creditcard, transaction_options)
         gateway.purchase(*options_for_purchase_or_auth(money, creditcard, transaction_options))
       end
@@ -140,8 +134,9 @@ module Spree
 
       def options_for_purchase_or_auth(money, creditcard, transaction_options)
         options = {}
-        options[:description] = "Spree Order ID: #{transaction_options[:order_id]}"
+        options[:description] = "Solidus Order ID: #{transaction_options[:order_id]}"
         options[:currency] = transaction_options[:currency]
+        options[:off_session] = true if v3_intents?
 
         if customer = creditcard.gateway_customer_profile_id
           options[:customer] = customer