spree_gateway 3.8.0 → 3.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '015491170e10b6b22d98da98f5b8e466ae2df12474e5029bff6bd8926d86732e'
-  data.tar.gz: 39713d557a03b1170dc36f4fcf4a6ec2e4fecb45b3a80376b00a23fd396c200b
+  metadata.gz: c0f581ca4a050e9c3bc878e37aedafd1ccd53c12297669d09574d5934a704e50
+  data.tar.gz: 73f289990e676a949d16e70529b0f97f0121a748b4be13d996678dd6587c1140
 SHA512:
-  metadata.gz: c9d5003e95dc31701dbea5239a10dc587300d27659f29ea6deba81a309df2d24729ec3259d253d99f4c327c7f8889bc52b28dc8015d785fbde376a128d05a6f1
-  data.tar.gz: 11a5083fba9163eabd567cef8173d949d6f6ac5b86a97f3c65281671d3fd82f6ed93d2f4626c2ac39e7ae71d16cc559735a9d5eb4024960041a1ba2128997ba8
+  metadata.gz: b9e8ad6df9dc8a0f595a20257b023f9269b70ce2f420dafa8cbc41b00220be5baaa1d3aa8db7eab69bc18e5b560d792cb4c4bb53a57e7421f7f894bf31d0f558
+  data.tar.gz: 6293ad5f7ddf84fd1a643637c2f3a2c18cb9e11a102d00aba665649c7738a4ff695a5bf9a9bb430fa5dc5f3e37a77fc5b6a705a23cb2e80deb7535ffc4d568fd

data/app/models/spree/checkout_controller_decorator.rb

@@ -0,0 +1,19 @@
+module Spree
+  module CheckoutControllerDecorator
+    def self.prepended(base)
+      base.before_action :process_payments_and_set_keys, only: :edit, if: proc { params[:state] == 'payment_confirm' }
+    end
+
+    def process_payments_and_set_keys
+      @order.tap do |order|
+        order.process_payments!
+        order.reload.payments.valid.where.not(intent_client_key: nil).last.tap do |payment|
+          @client_secret = payment.intent_client_key
+          @pk_key = payment.payment_method.preferred_publishable_key
+        end
+      end
+    end
+  end
+end
+
+::Spree::CheckoutController.prepend Spree::CheckoutControllerDecorator

data/app/models/spree/gateway/stripe_elements_gateway.rb

@@ -1,7 +1,57 @@
 module Spree
   class Gateway::StripeElementsGateway < Gateway::StripeGateway
+    preference :intents, :boolean, default: true
+
     def method_type
       'stripe_elements'
     end
+
+    def provider_class
+      if get_preference(:intents)
+        ActiveMerchant::Billing::StripePaymentIntentsGateway
+      else
+        ActiveMerchant::Billing::StripeGateway
+      end
+    end
+
+    def create_profile(payment)
+      return unless payment.source.gateway_customer_profile_id.nil?
+
+      options = {
+        email: payment.order.email,
+        login: preferred_secret_key
+      }.merge! address_for(payment)
+
+      source = update_source!(payment.source)
+      creditcard = source.gateway_payment_profile_id.present? ? source.gateway_payment_profile_id : source
+      response = provider.store(creditcard, options)
+      if response.success?
+        if get_preference(:intents)
+          payment.source.update!(
+            cc_type: payment.source.cc_type,
+            gateway_customer_profile_id: response.params['id'],
+            gateway_payment_profile_id: response.params['sources']['data'].first['id']
+          )
+        else
+          response_cc_type = response.params['sources']['data'].first['brand']
+          cc_type = CARD_TYPE_MAPPING.include?(response_cc_type) ? CARD_TYPE_MAPPING[response_cc_type] : payment.source.cc_type
+          payment.source.update!({
+            cc_type: cc_type, # side-effect of update_source!
+            gateway_customer_profile_id: response.params['id'],
+            gateway_payment_profile_id: response.params['default_source'] || response.params['default_card']
+          })
+        end
+      else
+        payment.send(:gateway_error, response.message)
+      end
+    end
+
+    private
+
+    def options_for_purchase_or_auth(money, creditcard, gateway_options)
+      money, creditcard, options = super
+      options[:execute_threed] = get_preference(:intents)
+      return money, creditcard, options
+    end
   end
 end

data/app/models/spree/gateway/stripe_gateway.rb

@@ -54,6 +54,7 @@ module Spree
 
     def create_profile(payment)
       return unless payment.source.gateway_customer_profile_id.nil?
+
       options = {
         email: payment.order.email,
         login: preferred_secret_key,

data/app/models/spree/order_decorator.rb

@@ -0,0 +1,28 @@
+module Spree
+  module OrderDecorator
+    def self.prepended(base)
+      return if base.checkout_steps.key?(:payment_confirm)
+
+      base.insert_checkout_step(
+        :payment_confirm,
+        before: :complete,
+        if: ->(order) { order.intents? }
+      )
+    end
+
+    def process_payments!
+      # Payments are processed in confirm_payment step where after successful
+      # 3D Secure authentication `intent_client_key` is saved for payment.
+      # In case authentication is unsuccessful, `intent_client_key` is removed.
+      return if intents? && payments.valid.last.intent_client_key.present?
+
+      super
+    end
+
+    def intents?
+      payments.valid.map { |p| p.payment_method&.has_preference?(:intents) && p.payment_method&.get_preference(:intents) }.any?
+    end
+  end
+end
+
+Spree::Order.prepend(Spree::OrderDecorator)

data/app/models/spree/payment_decorator.rb

@@ -1,5 +1,10 @@
 module Spree
   module PaymentDecorator
+    def handle_response(response, success_state, failure_state)
+      self.intent_client_key = response.params['client_secret'] if response.params['client_secret'] && response.success?
+      super
+    end
+
     def verify!(**options)
       process_verification(options)
     end
@@ -26,4 +31,4 @@ module Spree
   end
 end
 
-Spree::Payment.prepend Spree::PaymentDecorator
+Spree::Payment.prepend(Spree::PaymentDecorator)

data/app/views/spree/checkout/_payment_confirm.html.erb

@@ -0,0 +1,34 @@
+<div id='errorBox' class='errorExplanation alert alert-danger' style='display:none'></div>
+<div id='successBox' class='alert alert-success' style='display:none'></div>
+<div id='infoBox' class='alert alert-info'><%= t('spree.please_wait_for_confirmation_popup') %></div>
+
+<% if @client_secret.present? && @pk_key.present? %>
+  <script type="text/javascript" src="https://js.stripe.com/v3/"></script>
+  <script>
+    var form = document.getElementById('checkout_form_payment_confirm');
+
+    function confirmCardPaymentResponseHandler(response) {
+      $.post("/api/v2/storefront/intents/handle_response", { response: response, order_token: "<%= @order.token %>" }).done(function (result) {
+        form.elements["commit"].disabled = false;
+        $('#successBox').html(result.message);
+        $('#successBox').show();
+        form.submit();
+      }).fail(function(result) {
+        form.elements["commit"].disabled = false;
+        $('#errorBox').html(result.responseJSON.error);
+        $('#errorBox').show();
+      });
+    }
+
+    var stripeElements = Stripe("<%= @pk_key %>");
+    stripeElements.confirmCardPayment("<%= @client_secret %>").then(function(result) {
+      $('#infoBox').hide();
+      confirmCardPaymentResponseHandler(result);
+    });
+
+    document.addEventListener('DOMContentLoaded', function(){
+      form.elements["commit"].value = "continue"
+      form.elements["commit"].disabled = true
+    });
+  </script>
+<% end %>

data/config/locales/en.yml

@@ -10,6 +10,10 @@ en:
   spree:
     check: Check
     payment_has_been_cancelled: The payment has been cancelled.
+    please_wait_for_confirmation_popup: Please wait for payment confirmation popup to appear.
+    payment_successfully_authorized: The payment was successfully authorized.
+    order_state:
+      payment_confirm: Verify payment
     log_entry:
       braintree:
         message: Message

data/config/routes.rb

@@ -4,3 +4,15 @@
 Rails.application.routes.draw do
   get '/.well-known/apple-developer-merchantid-domain-association' => 'spree/apple_pay_domain_verification#show'
 end
+
+Spree::Core::Engine.add_routes do
+  namespace :api, defaults: { format: 'json' } do
+    namespace :v2 do
+      namespace :storefront do
+        namespace :intents do
+          post :handle_response
+        end
+      end
+    end
+  end
+end

data/db/migrate/20200422114908_add_intent_key_to_payment.rb

@@ -0,0 +1,5 @@
+class AddIntentKeyToPayment < ActiveRecord::Migration[4.2]
+  def change
+    add_column :spree_payments, :intent_client_key, :string
+  end
+end

data/lib/controllers/spree/api/v2/storefront/intents_controller.rb

@@ -0,0 +1,27 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class IntentsController < ::Spree::Api::V2::BaseController
+          include Spree::Api::V2::Storefront::OrderConcern
+
+          def handle_response
+            if params['response']['error']
+              invalidate_payment
+              render_error_payload(params['response']['error']['message'])
+            else
+              render_serialized_payload { { message: I18n.t('spree.payment_successfully_authorized') } }
+            end
+          end
+
+          private
+
+          def invalidate_payment
+            payment = spree_current_order.payments.find_by!(response_code: params['response']['error']['payment_intent']['id'])
+            payment.update(state: 'failed', intent_client_key: nil)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spree_gateway.rb

@@ -2,3 +2,4 @@ require 'spree_core'
 require 'spree_gateway/engine'
 require 'spree_gateway/version'
 require 'spree_extension'
+require 'deface'

data/lib/spree_gateway/version.rb

@@ -1,5 +1,5 @@
 module SpreeGateway
   def self.version
-    '3.8.0'
+    '3.9.0'
   end
 end

data/lib/views/frontend/spree/checkout/payment/_stripe_elements.html.erb

@@ -103,7 +103,8 @@
       }
     });
   };
-  
+
 </script>
 
 <%= render 'spree/checkout/payment/stripe_additional_info' %>
+

data/spec/features/stripe_elements_3ds_checkout_spec.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Stripe Elements 3ds checkout', type: :feature, js: true do
+  let!(:product) { create(:product, name: 'RoR Mug') }
+  let!(:stripe_payment_method) do
+    Spree::Gateway::StripeElementsGateway.create!(
+      name: 'Stripe',
+      preferred_secret_key: 'sk_test_VCZnDv3GLU15TRvn8i2EsaAN',
+      preferred_publishable_key: 'pk_test_Cuf0PNtiAkkMpTVC2gwYDMIg',
+      preferred_intents: preferred_intents
+    )
+  end
+
+  before do
+    user = create(:user)
+    order = OrderWalkthrough.up_to(:confirm)
+    expect(order).to receive(:confirmation_required?).and_return(true).at_least(:once)
+
+    order.reload
+    order.user = user
+    payment = order.payments.first
+    payment.source = create(:credit_card, number: card_number)
+    payment.save!
+
+    allow_any_instance_of(Spree::CheckoutController).to receive_messages(current_order: order)
+    allow_any_instance_of(Spree::CheckoutController).to receive_messages(try_spree_current_user: user)
+    allow_any_instance_of(Spree::CheckoutController).to receive_messages(skip_state_validation?: true)
+    allow_any_instance_of(Spree::OrdersController).to receive_messages(try_spree_current_user: user)
+
+    add_to_cart(product)
+    click_link 'checkout'
+    click_button 'Place Order'
+  end
+
+  describe 'when intents are disabled' do
+    let(:preferred_intents) { false }
+
+    context 'and credit card does not require 3ds authentication' do
+      let(:card_number) { '4242424242424242' }
+
+      it 'should place order without 3ds authentication' do
+        expect(page).to have_content('Order placed successfully')
+        order = Spree::Order.complete.last
+        expect(page.current_url).to include("/orders/#{order.number}")
+        expect(page).to have_content(order.number)
+      end
+    end
+
+    context 'and credit card does require 3ds authentication' do
+      let(:card_number) { '4000000000003220' }
+
+      it 'should not place the order' do
+        expect(page).to have_content('Your card was declined. This transaction requires authentication.')
+        expect(Spree::Order.complete.last).to be_nil
+      end
+    end
+  end
+
+  describe 'when intents are enabled' do
+    let(:preferred_intents) { true }
+
+    context 'and credit card does not require 3ds authentication' do
+      let(:card_number) { '4242424242424242' }
+
+      it 'should successfully place order without 3ds authentication' do
+        expect(page).to have_content('Order placed successfully')
+        order = Spree::Order.complete.last
+        expect(page.current_url).to include("/orders/#{order.number}")
+        expect(page).to have_content(order.number)
+      end
+    end
+
+    context 'when credit card does require 3ds authentication' do
+      let(:card_number) { '4000000000003220' }
+
+      context 'and authentication is successful' do
+        it 'should place order after 3ds authentication' do
+          within_stripe_3ds_popup do
+            click_button('Complete')
+          end
+
+          expect(page).to have_content('Order placed successfully')
+          order = Spree::Order.complete.last
+          expect(page.current_url).to include("/orders/#{order.number}")
+          expect(page).to have_content(order.number)
+        end
+      end
+
+      context 'and authentication is unsuccessful' do
+        it 'should not place order after 3ds authentication' do
+          within_stripe_3ds_popup do
+            click_button('Fail')
+          end
+
+          expect(page).to_not have_content('Order placed successfully')
+          expect(page).to have_content('We are unable to authenticate your payment method.')
+          expect(page).to have_content('Please choose a different payment method and try again.')
+          expect(Spree::Order.complete.last).to be_nil
+        end
+      end
+    end
+  end
+end

data/spec/models/gateway/stripe_ach_gateway_spec.rb

@@ -175,7 +175,8 @@ describe Spree::Gateway::StripeAchGateway do
              success?: true,
              authorization: '123',
              avs_result: { 'code' => 'avs-code' },
-             cvv_result: { 'code' => 'cvv-code', 'message' => 'CVV Result' })
+             cvv_result: { 'code' => 'cvv-code', 'message' => 'CVV Result' },
+             params: {})
     end
 
     it 'gets correct amount' do

data/spec/models/gateway/stripe_gateway_spec.rb

@@ -182,6 +182,7 @@ describe Spree::Gateway::StripeGateway do
 
     let!(:success_response) do
       double('success_response', :success? => true,
+                               :params => {},
                                :authorization => '123',
                                :avs_result => { 'code' => 'avs-code' },
                                :cvv_result => { 'code' => 'cvv-code', 'message' => "CVV Result"})

data/spec/support/within_stripe_3ds_popup.rb

@@ -0,0 +1,10 @@
+def within_stripe_3ds_popup
+  using_wait_time(10) do
+    within_frame 0 do
+      within_frame 0 do
+        expect(page).to have_text('3D Secure 2 Test Page', normalize_ws: true)
+        yield
+      end
+    end
+  end
+end

data/spree_gateway.gemspec

@@ -21,11 +21,12 @@ Gem::Specification.new do |s|
   s.require_path = 'lib'
   s.requirements << 'none'
 
-  spree_version = '>= 3.1.0', '< 5.0'
+  spree_version = '>= 3.7.0', '< 5.0'
   s.add_dependency 'spree_core', spree_version
   s.add_dependency 'spree_extension'
+  s.add_dependency 'deface'
 
-  s.add_development_dependency 'braintree'
+  s.add_development_dependency 'braintree', '~>2.78'
   s.add_development_dependency 'rspec-activemodel-mocks'
   s.add_development_dependency 'spree_dev_tools'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_gateway
 version: !ruby/object:Gem::Version
-  version: 3.8.0
+  version: 3.9.0
 platform: ruby
 authors:
 - Spree Commerce
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-07 00:00:00.000000000 Z
+date: 2020-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.7.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.7.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -45,19 +45,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: braintree
+  name: deface
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: braintree
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.78'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.78'
 - !ruby/object:Gem::Dependency
   name: rspec-activemodel-mocks
   requirement: !ruby/object:Gem::Requirement
@@ -105,6 +119,7 @@ files:
 - app/models/spree/apple_pay_payment_decorator.rb
 - app/models/spree/billing_integration.rb
 - app/models/spree/check.rb
+- app/models/spree/checkout_controller_decorator.rb
 - app/models/spree/gateway/authorize_net.rb
 - app/models/spree/gateway/authorize_net_cim.rb
 - app/models/spree/gateway/balanced_gateway.rb
@@ -135,7 +150,9 @@ files:
 - app/models/spree/gateway/stripe_gateway.rb
 - app/models/spree/gateway/usa_epay_transaction.rb
 - app/models/spree/gateway/worldpay.rb
+- app/models/spree/order_decorator.rb
 - app/models/spree/payment_decorator.rb
+- app/views/spree/checkout/_payment_confirm.html.erb
 - config/initializers/inflections.rb
 - config/initializers/spree_permitted_attributes.rb
 - config/locales/bg.yml
@@ -149,10 +166,12 @@ files:
 - db/migrate/20131008221012_update_paypal_payment_method_type.rb
 - db/migrate/20131112133401_migrate_stripe_preferences.rb
 - db/migrate/20200317135551_add_spree_check_payment_source.rb
+- db/migrate/20200422114908_add_intent_key_to_payment.rb
 - gemfiles/spree_4_1.gemfile
 - gemfiles/spree_4_2.gemfile
 - gemfiles/spree_master.gemfile
 - lib/active_merchant/billing/stripe_gateway_decorator.rb
+- lib/controllers/spree/api/v2/storefront/intents_controller.rb
 - lib/controllers/spree/apple_pay_domain_verification_controller.rb
 - lib/generators/spree_gateway/install/install_generator.rb
 - lib/spree_gateway.rb
@@ -179,6 +198,7 @@ files:
 - spec/factories/check_factory.rb
 - spec/features/admin/stripe_elements_payment_spec.rb
 - spec/features/stripe_checkout_spec.rb
+- spec/features/stripe_elements_3ds_checkout_spec.rb
 - spec/models/gateway/authorize_net_cim_spec.rb
 - spec/models/gateway/authorize_net_spec.rb
 - spec/models/gateway/balanced_gateway_spec.rb
@@ -209,12 +229,13 @@ files:
 - spec/requests/apple_pay_domain_verification.rb
 - spec/spec_helper.rb
 - spec/support/wait_for_stripe.rb
+- spec/support/within_stripe_3ds_popup.rb
 - spree_gateway.gemspec
 homepage: https://spreecommerce.org
 licenses:
 - BSD-3-Clause
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -231,13 +252,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - none
 rubygems_version: 3.1.2
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Additional Payment Gateways for Spree Commerce
 test_files:
 - spec/factories/check_factory.rb
 - spec/features/admin/stripe_elements_payment_spec.rb
 - spec/features/stripe_checkout_spec.rb
+- spec/features/stripe_elements_3ds_checkout_spec.rb
 - spec/models/gateway/authorize_net_cim_spec.rb
 - spec/models/gateway/authorize_net_spec.rb
 - spec/models/gateway/balanced_gateway_spec.rb
@@ -268,3 +290,4 @@ test_files:
 - spec/requests/apple_pay_domain_verification.rb
 - spec/spec_helper.rb
 - spec/support/wait_for_stripe.rb
+- spec/support/within_stripe_3ds_popup.rb