spree_paypal_checkout 0.6.0 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e93096fd5f88baa021c6d077b03ec743036f7193f00410cee544c3c2662ab559
-  data.tar.gz: 354f5e005d1aabcab8709de1bef7f4298986bf3dbcbbb6089d096ede2f77bde3
+  metadata.gz: bfb11878efce5e64446b6e83c9f16a69b64203ff47ce9ca601f1404b6f0ed017
+  data.tar.gz: 86705e3ed5b1c0314c2518c793edc022d5149e64a32d710919455b0e3ef4fe42
 SHA512:
-  metadata.gz: 7df72e3c2201e90ae60a61ab37c30b84d00b074743ef63be0f6eb90ac60b454ff2dac778fb20a44730a56d5464ee42b6660e22cbb146ad85d3b3f7937d706776
-  data.tar.gz: a9552304abcfdf6ffd8899514c81efab45c90506cf6541f3004e96c4c212bffa08e08d3ed2118791ee3dff01c85894456f644e22a170773bcab9faf79cc6e714
+  metadata.gz: fb11160ee57ed3ab5275c2e32c8d13463b74149002ed2297cd95045f53dc3101c8a1f97fff3b8424c4d0ae6e5ba5003c623ad2d12d4226183dbb30aa8c5a4c95
+  data.tar.gz: 74a7e4a0cdd3f55e976bb948ee8bc8a9799b55ec076319c353720342ffb0b80e087f0229e1046e0fc6f4b74dae88ff019ad1231f6a8f127ddbdfff1cc73dba23

data/app/models/spree/payment_sessions/paypal_checkout.rb

@@ -0,0 +1,76 @@
+module Spree
+  class PaymentSessions::PaypalCheckout < PaymentSession
+    def paypal_order_id
+      external_id
+    end
+
+    def paypal_capture_id
+      external_data&.dig('purchase_units', 0, 'payments', 'captures', 0, 'id')
+    end
+
+    def paypal_payer
+      external_data&.dig('payer')
+    end
+
+    def paypal_payment_source
+      external_data&.dig('payment_source')
+    end
+
+    def accepted?
+      external_data&.dig('status') == 'COMPLETED'
+    end
+
+    def successful?
+      accepted?
+    end
+
+    # Creates or finds the Spree::Payment for this session.
+    # Defers creation until paypal_capture_id is present so response_code
+    # is always the capture ID (required for refunds via Gateway#credit).
+    def find_or_create_payment!(metadata = {})
+      return unless persisted?
+      return payment if payment.present?
+      return unless paypal_capture_id
+
+      order.with_lock do
+        existing_payment = order.payments.where(
+          payment_method: payment_method,
+          response_code: paypal_capture_id
+        ).first
+
+        return existing_payment if existing_payment.present?
+
+        source = create_payment_source!
+
+        order.payments.create!(
+          payment_method: payment_method,
+          amount: amount,
+          response_code: paypal_capture_id,
+          source: source,
+          skip_source_requirement: true,
+          private_metadata: metadata
+        )
+      end
+    end
+
+    private
+
+    def create_payment_source!
+      paypal_data = paypal_payment_source&.dig('paypal')
+      return nil unless paypal_data
+
+      source = SpreePaypalCheckout::PaymentSources::Paypal.find_or_initialize_by(
+        payment_method: payment_method,
+        gateway_payment_profile_id: paypal_data['account_id']
+      )
+      source.update!(
+        user: order.user,
+        email: paypal_data['email_address'],
+        name: "#{paypal_data.dig('name', 'given_name')} #{paypal_data.dig('name', 'surname')}".strip,
+        account_id: paypal_data['account_id'],
+        account_status: paypal_data['account_status']
+      )
+      source
+    end
+  end
+end

data/app/models/spree/payment_setup_sessions/paypal_checkout.rb

@@ -0,0 +1,22 @@
+module Spree
+  class PaymentSetupSessions::PaypalCheckout < PaymentSetupSession
+    # PayPal's Vault API uses setup tokens (temporary) that get exchanged for
+    # permanent payment tokens once the buyer approves on PayPal.
+    def paypal_setup_token_id
+      external_id
+    end
+
+    def paypal_payment_token_id
+      external_data&.dig('payment_token', 'id')
+    end
+
+    # The approve link the storefront redirects the buyer to.
+    def approve_link
+      Array(external_data&.dig('links')).find { |l| l['rel'] == 'approve' }&.dig('href')
+    end
+
+    def successful?
+      status == 'completed'
+    end
+  end
+end

data/app/models/spree_paypal_checkout/gateway/payment_sessions.rb

@@ -0,0 +1,204 @@
+require 'net/http'
+
+module SpreePaypalCheckout
+  class Gateway < ::Spree::Gateway
+    module PaymentSessions
+      extend ActiveSupport::Concern
+
+      def session_required?
+        !SpreePaypalCheckout::Config[:use_legacy_api]
+      end
+
+      def payment_session_class
+        Spree::PaymentSessions::PaypalCheckout
+      end
+
+      # Creates a PayPal order via the PayPal Orders API and persists
+      # a Spree::PaymentSessions::PaypalCheckout record.
+      def create_payment_session(order:, amount: nil, external_data: {})
+        total = amount.presence || order.total_minus_store_credits
+
+        return nil if total.zero?
+
+        protect_from_error do
+          order_presenter = SpreePaypalCheckout::OrderPresenter.new(order)
+          paypal_response = client.orders.create_order(order_presenter.to_json)
+
+          payment_session_class.create!(
+            order: order,
+            payment_method: self,
+            amount: total,
+            currency: order.currency,
+            status: 'pending',
+            external_id: paypal_response.data.id,
+            customer: order.user,
+            external_data: paypal_response.data.as_json
+          )
+        end
+      end
+
+      def update_payment_session(payment_session:, amount: nil, external_data: {})
+        attrs = {}
+        attrs[:amount] = amount if amount.present?
+
+        if external_data.present?
+          attrs[:external_data] = (payment_session.external_data || {}).merge(external_data.stringify_keys)
+        end
+
+        payment_session.update!(attrs) if attrs.any?
+      end
+
+      # Completes a payment session by capturing the PayPal order,
+      # creating the Payment record, and transitioning the session.
+      #
+      # Does NOT complete the order -- that is handled by Carts::Complete
+      # (called by the storefront or by the webhook handler).
+      def complete_payment_session(payment_session:, params: {})
+        paypal_order_id = payment_session.external_id
+
+        response = client.orders.capture_order({
+          'id' => paypal_order_id,
+          'prefer' => 'return=representation'
+        })
+
+        # Persist capture data outside the lock so it survives if post-capture bookkeeping fails
+        payment_session.update!(external_data: response.data.as_json)
+
+        payment_session.order.with_lock do
+          if response.data.status == 'COMPLETED'
+            payment_session.process if payment_session.can_process?
+
+            payment = payment_session.find_or_create_payment!
+
+            if payment.present? && !payment.completed?
+              payment.started_processing! if payment.checkout?
+              payment.complete! if payment.can_complete?
+            end
+
+            create_profile(payment) if payment&.source.present?
+
+            payment_session.complete unless payment_session.completed?
+          else
+            payment_session.fail if payment_session.can_fail?
+          end
+        end
+      rescue PaypalServerSdk::APIException => e
+        payment_session.fail if payment_session.can_fail?
+        raise Spree::Core::GatewayError, "PayPal API error: #{e.message}"
+      end
+
+      # Parses incoming PayPal webhook events.
+      def parse_webhook_event(raw_body, headers)
+        verify_webhook_signature!(raw_body, headers)
+
+        event = JSON.parse(raw_body).with_indifferent_access
+        event_type = event[:event_type]
+        resource = event[:resource] || {}
+
+        paypal_order_id = extract_order_id_from_webhook(event_type, resource)
+        return nil unless paypal_order_id
+
+        payment_session = Spree::PaymentSessions::PaypalCheckout.find_by(
+          payment_method: self,
+          external_id: paypal_order_id
+        )
+        return nil unless payment_session
+
+        case event_type
+        when 'CHECKOUT.ORDER.APPROVED'
+          { action: :authorized, payment_session: payment_session, metadata: { paypal_event: event } }
+        when 'PAYMENT.CAPTURE.COMPLETED'
+          { action: :captured, payment_session: payment_session, metadata: { paypal_event: event } }
+        when 'PAYMENT.CAPTURE.DENIED', 'PAYMENT.CAPTURE.DECLINED'
+          { action: :failed, payment_session: payment_session, metadata: { paypal_event: event } }
+        when 'PAYMENT.CAPTURE.REVERSED', 'PAYMENT.CAPTURE.REFUNDED'
+          { action: :canceled, payment_session: payment_session, metadata: { paypal_event: event } }
+        else
+          nil
+        end
+      end
+
+      private
+
+      def extract_order_id_from_webhook(event_type, resource)
+        case event_type
+        when /\ACHECKOUT\.ORDER\./
+          resource['id']
+        when /\APAYMENT\.CAPTURE\./
+          resource.dig('supplementary_data', 'related_ids', 'order_id')
+        end
+      end
+
+      def verify_webhook_signature!(raw_body, headers)
+        if preferred_webhook_secret.blank?
+          return if Rails.env.development? || Rails.env.test?
+
+          raise Spree::PaymentMethod::WebhookSignatureError,
+                'PayPal webhook_secret is not configured'
+        end
+
+        transmission_id = headers['HTTP_PAYPAL_TRANSMISSION_ID'] || headers['PAYPAL-TRANSMISSION-ID']
+        transmission_time = headers['HTTP_PAYPAL_TRANSMISSION_TIME'] || headers['PAYPAL-TRANSMISSION-TIME']
+        cert_url = headers['HTTP_PAYPAL_CERT_URL'] || headers['PAYPAL-CERT-URL']
+        auth_algo = headers['HTTP_PAYPAL_AUTH_ALGO'] || headers['PAYPAL-AUTH-ALGO']
+        transmission_sig = headers['HTTP_PAYPAL_TRANSMISSION_SIG'] || headers['PAYPAL-TRANSMISSION-SIG']
+
+        unless transmission_id && transmission_sig
+          raise Spree::PaymentMethod::WebhookSignatureError, 'Missing PayPal webhook headers'
+        end
+
+        token = obtain_access_token
+
+        api_base = preferred_test_mode ? 'https://api-m.sandbox.paypal.com' : 'https://api-m.paypal.com'
+        uri = URI("#{api_base}/v1/notifications/verify-webhook-signature")
+
+        payload = {
+          auth_algo: auth_algo,
+          cert_url: cert_url,
+          transmission_id: transmission_id,
+          transmission_sig: transmission_sig,
+          transmission_time: transmission_time,
+          webhook_id: preferred_webhook_secret,
+          webhook_event: JSON.parse(raw_body)
+        }
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        http.open_timeout = 5
+        http.read_timeout = 10
+        request = Net::HTTP::Post.new(uri.path, {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{token}"
+        })
+        request.body = payload.to_json
+
+        response = http.request(request)
+        result = JSON.parse(response.body)
+
+        unless result['verification_status'] == 'SUCCESS'
+          raise Spree::PaymentMethod::WebhookSignatureError, 'Invalid webhook signature'
+        end
+      rescue Spree::PaymentMethod::WebhookSignatureError
+        raise
+      rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, JSON::ParserError, Errno::ECONNREFUSED => e
+        raise Spree::PaymentMethod::WebhookSignatureError, "Webhook verification failed: #{e.message}"
+      end
+
+      def obtain_access_token
+        api_base = preferred_test_mode ? 'https://api-m.sandbox.paypal.com' : 'https://api-m.paypal.com'
+        uri = URI("#{api_base}/v1/oauth2/token")
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        http.open_timeout = 5
+        http.read_timeout = 10
+        request = Net::HTTP::Post.new(uri.path, { 'Content-Type' => 'application/x-www-form-urlencoded' })
+        request.basic_auth(preferred_client_id, preferred_client_secret)
+        request.body = 'grant_type=client_credentials'
+
+        response = http.request(request)
+        JSON.parse(response.body)['access_token']
+      end
+    end
+  end
+end

data/app/models/spree_paypal_checkout/gateway/payment_setup_sessions.rb

@@ -0,0 +1,116 @@
+module SpreePaypalCheckout
+  class Gateway < ::Spree::Gateway
+    module PaymentSetupSessions
+      extend ActiveSupport::Concern
+
+      def setup_session_supported?
+        true
+      end
+
+      def payment_setup_session_class
+        Spree::PaymentSetupSessions::PaypalCheckout
+      end
+
+      # Creates a PayPal Vault setup token (temporary, awaiting buyer approval)
+      # and persists a Spree::PaymentSetupSessions::PaypalCheckout record.
+      #
+      # @param customer [Spree::User] the customer to vault the PayPal account for
+      # @param external_data [Hash] optional :return_url and :cancel_url for the
+      #   PayPal redirect flow
+      # @return [Spree::PaymentSetupSessions::PaypalCheckout]
+      def create_payment_setup_session(customer:, external_data: {})
+        return_url = external_data[:return_url] || external_data['return_url'] || default_setup_return_url
+        cancel_url = external_data[:cancel_url] || external_data['cancel_url'] || default_setup_cancel_url
+
+        protect_from_error do
+          response = client.vault.create_setup_token(
+            SpreePaypalCheckout::SetupTokenPresenter.new(
+              customer: customer,
+              return_url: return_url,
+              cancel_url: cancel_url
+            ).to_h
+          )
+
+          payment_setup_session_class.create!(
+            customer: customer,
+            payment_method: self,
+            status: 'pending',
+            external_id: response.data.id,
+            external_data: response.data.as_json.merge(
+              'return_url' => return_url,
+              'cancel_url' => cancel_url
+            )
+          )
+        end
+      end
+
+      # Completes a setup session by exchanging the approved setup token for a
+      # permanent payment token, creates a Spree::PaymentSource representing the
+      # vaulted PayPal account, and transitions the session.
+      #
+      # @param setup_session [Spree::PaymentSetupSessions::PaypalCheckout]
+      # @param params [Hash] unused — PayPal needs no params beyond the setup_session
+      def complete_payment_setup_session(setup_session:, params: {})
+        protect_from_error do
+          response = client.vault.create_payment_token(
+            'body' => {
+              'payment_source' => {
+                'token' => {
+                  'id' => setup_session.external_id,
+                  'type' => 'SETUP_TOKEN'
+                }
+              }
+            }
+          )
+
+          payment_token = response.data
+
+          setup_session.payment_source = build_payment_source_from_token(setup_session, payment_token)
+          setup_session.update!(
+            external_data: setup_session.external_data.to_h.merge('payment_token' => payment_token.as_json)
+          )
+          setup_session.complete if setup_session.can_complete?
+        rescue PaypalServerSdk::APIException => e
+          setup_session.fail if setup_session.can_fail?
+          raise Spree::Core::GatewayError, "PayPal Vault error: #{e.message}"
+        end
+
+        setup_session
+      end
+
+      private
+
+      def build_payment_source_from_token(setup_session, payment_token)
+        paypal = payment_token.as_json.dig('payment_source', 'paypal') || {}
+        account_id = paypal['email_address'] || payment_token.id
+
+        source = SpreePaypalCheckout::PaymentSources::Paypal.find_or_initialize_by(
+          payment_method: self,
+          gateway_payment_profile_id: payment_token.id
+        )
+        source.update!(
+          user: setup_session.customer,
+          email: paypal['email_address'],
+          name: [paypal.dig('name', 'given_name'), paypal.dig('name', 'surname')].compact.join(' ').strip.presence,
+          account_id: account_id,
+          account_status: paypal['account_status']
+        )
+        source
+      end
+
+      def default_setup_return_url
+        store = stores.first
+        return nil unless store
+
+        "#{store.storefront_url}/paypal/payment_setup_sessions/return"
+      end
+
+      def default_setup_cancel_url
+        store = stores.first
+        return nil unless store
+
+        "#{store.storefront_url}/paypal/payment_setup_sessions/cancel"
+      end
+    end
+  end
+end

data/app/models/spree_paypal_checkout/gateway.rb

@@ -1,6 +1,7 @@
 module SpreePaypalCheckout
   class Gateway < ::Spree::Gateway
     include PaypalServerSdk
+    include PaymentSessions
 
     GatewayResponse = Struct.new(:success, :message, :params, :authorization) do
       alias_method :success?, :success
@@ -11,6 +12,7 @@ module SpreePaypalCheckout
     #
     preference :client_id, :password
     preference :client_secret, :password
+    preference :webhook_secret, :string
     preference :test_mode, :boolean, default: true
 
     #
@@ -54,6 +56,13 @@ module SpreePaypalCheckout
       'paypal_checkout'
     end
 
+    def webhook_url
+      store = stores.first
+      return nil unless store
+
+      "#{store.formatted_url}/api/v3/webhooks/payments/#{prefixed_id}"
+    end
+
     def create_profile(payment)
       user = payment.order.user
       return if user.blank?

data/app/models/spree_paypal_checkout/payment_sources/paypal.rb

@@ -1,7 +1,7 @@
 module SpreePaypalCheckout
   module PaymentSources
     class Paypal < ::Spree::PaymentSource
-      store_accessor :public_metadata, :email, :name, :account_status, :account_id
+      store_accessor :private_metadata, :email, :name, :account_status, :account_id
 
       def actions
         %w[credit void]

data/app/presenters/spree_paypal_checkout/setup_token_presenter.rb

@@ -0,0 +1,37 @@
+module SpreePaypalCheckout
+  # Builds the body of a PayPal Vault /v3/vault/setup-tokens request for tokenizing
+  # a buyer's PayPal account without an immediate purchase.
+  class SetupTokenPresenter
+    def initialize(customer:, return_url:, cancel_url:)
+      @customer = customer
+      @return_url = return_url
+      @cancel_url = cancel_url
+    end
+
+    def to_h
+      {
+        'body' => {
+          'payment_source' => {
+            'paypal' => {
+              'usage_type' => 'MERCHANT',
+              'experience_context' => {
+                'return_url' => return_url,
+                'cancel_url' => cancel_url
+              }
+            }
+          }
+        }.merge(customer_payload)
+      }
+    end
+
+    private
+
+    attr_reader :customer, :return_url, :cancel_url
+
+    def customer_payload
+      return {} unless customer&.id
+
+      { 'customer' => { 'id' => "customer_#{customer.id}" } }
+    end
+  end
+end

data/app/services/spree_paypal_checkout/create_source.rb

@@ -37,10 +37,10 @@ module SpreePaypalCheckout
     def create_paypal_source
       source = SpreePaypalCheckout::PaymentSources::Paypal.find_or_create_by!(
         payment_method: gateway,
-        user: user,
         gateway_payment_profile_id: paypal_payment_source['paypal']['account_id']
       )
       source.update!(
+        user: user,
         email: paypal_payment_source['paypal']['email_address'],
         name: "#{paypal_payment_source['paypal']['name']['given_name']} #{paypal_payment_source['paypal']['name']['surname']}".strip,
         account_id: paypal_payment_source['paypal']['account_id'],

data/app/views/spree/admin/payment_methods/configuration_guides/_spree_paypal_checkout.html.erb

@@ -1,6 +1,7 @@
 <div class="alert alert-info">
   <p class="mb-0">
     To find your <strong>Client ID</strong> and <strong>Client Secret</strong>, go to the 
-    <%= external_link_to 'PayPal dashboard', 'https://www.paypal.com/mep/merchantapps/setup/checkout/apicredentials', class: 'alert-link' %>
+    <%= external_link_to 'PayPal Developer Dashboard', 'https://developer.paypal.com/dashboard/', class: 'alert-link' %>.
+    For more information, see the <%= external_link_to 'PayPal REST API documentation', 'https://developer.paypal.com/api/rest/', class: 'alert-link' %>.
   </p>
 </div>

data/config/routes.rb

@@ -1,10 +1,13 @@
 Spree::Core::Engine.add_routes do
-  namespace :api, defaults: { format: 'json' } do
-    namespace :v2 do
-      namespace :storefront do
-        resources :paypal_orders, only: [:create] do
-          member do
-            put :capture
+  # Storefront API v2 (only when spree_legacy_api_v2 gem is available)
+  if defined?(SpreeLegacyApiV2::Engine)
+    namespace :api, defaults: { format: 'json' } do
+      namespace :v2 do
+        namespace :storefront do
+          resources :paypal_orders, only: [:create] do
+            member do
+              put :capture
+            end
           end
         end
       end

data/lib/spree_paypal_checkout/configuration.rb

@@ -1,13 +1,5 @@
 module SpreePaypalCheckout
   class Configuration < Spree::Preferences::Configuration
-
-   # Some example preferences are shown below, for more information visit:
-   # https://docs.spreecommerce.org/developer/contributing/creating-an-extension
-
-   # preference :enabled, :boolean, default: true
-   # preference :dark_chocolate, :boolean, default: true
-   # preference :color, :string, default: 'Red'
-   # preference :favorite_number, :integer
-   # preference :supported_locales, :array, default: [:en]
+    preference :use_legacy_api, :boolean, default: false
   end
 end

data/lib/spree_paypal_checkout/engine.rb

@@ -4,6 +4,12 @@ module SpreePaypalCheckout
     isolate_namespace Spree
     engine_name 'spree_paypal_checkout'
 
+    # Only load API v2 controllers and serializers when spree_legacy_api_v2 gem is available
+    if defined?(SpreeLegacyApiV2::Engine)
+      config.autoload_paths << root.join('lib', 'spree_api_v2')
+      config.eager_load_paths << root.join('lib', 'spree_api_v2')
+    end
+
     # use rspec for tests
     config.generators do |g|
       g.test_framework :rspec

data/lib/spree_paypal_checkout/factories.rb

@@ -20,6 +20,21 @@ FactoryBot.define do
     gateway_customer_profile_id { 'PAY-CUSTOMER-ID' }
   end
 
+  factory :paypal_checkout_payment_session, class: 'Spree::PaymentSessions::PaypalCheckout' do
+    association :order, factory: :order
+    association :payment_method, factory: :paypal_checkout_gateway
+    amount { order.total }
+    currency { order.currency }
+    status { 'pending' }
+    external_id { "PAYPAL-ORDER-#{SecureRandom.hex(8).upcase}" }
+    external_data { JSON.parse(File.read(SpreePaypalCheckout::Engine.root.join('spec', 'fixtures', 'paypal_order.json'))) }
+
+    factory :completed_paypal_checkout_payment_session do
+      status { 'completed' }
+      external_data { JSON.parse(File.read(SpreePaypalCheckout::Engine.root.join('spec', 'fixtures', 'captured_paypal_order.json'))) }
+    end
+  end
+
   factory :paypal_checkout_order, class: 'SpreePaypalCheckout::Order' do
     paypal_id { 'PAY-ORDER-ID' }
     order { create(:order) }

data/lib/spree_paypal_checkout/version.rb

@@ -1,5 +1,5 @@
 module SpreePaypalCheckout
-  VERSION = '0.6.0'.freeze
+  VERSION = '0.7.1'.freeze
 
   def gem_version
     Gem::Version.new(VERSION)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_paypal_checkout
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Vendo Connect Inc.
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.4.0
 - !ruby/object:Gem::Dependency
   name: spree_admin
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.4.0
 - !ruby/object:Gem::Dependency
   name: paypal-server-sdk
   requirement: !ruby/object:Gem::Requirement
@@ -116,20 +116,23 @@ files:
 - README.md
 - Rakefile
 - app/assets/config/spree_paypal_checkout_manifest.js
-- app/controllers/spree/api/v2/storefront/paypal_orders_controller.rb
 - app/controllers/spree_paypal_checkout/store_controller_decorator.rb
 - app/helpers/spree_paypal_checkout/base_helper.rb
 - app/javascript/spree_paypal_checkout/application.js
 - app/javascript/spree_paypal_checkout/controllers/checkout_paypal_controller.js
+- app/models/spree/payment_sessions/paypal_checkout.rb
+- app/models/spree/payment_setup_sessions/paypal_checkout.rb
 - app/models/spree_paypal_checkout/base.rb
 - app/models/spree_paypal_checkout/gateway.rb
+- app/models/spree_paypal_checkout/gateway/payment_sessions.rb
+- app/models/spree_paypal_checkout/gateway/payment_setup_sessions.rb
 - app/models/spree_paypal_checkout/order.rb
 - app/models/spree_paypal_checkout/order_decorator.rb
 - app/models/spree_paypal_checkout/payment_method_decorator.rb
 - app/models/spree_paypal_checkout/payment_sources/paypal.rb
 - app/models/spree_paypal_checkout/store_decorator.rb
 - app/presenters/spree_paypal_checkout/order_presenter.rb
-- app/serializers/spree/api/v2/storefront/paypal_order_serializer.rb
+- app/presenters/spree_paypal_checkout/setup_token_presenter.rb
 - app/services/spree_paypal_checkout/capture_order.rb
 - app/services/spree_paypal_checkout/create_payment.rb
 - app/services/spree_paypal_checkout/create_source.rb
@@ -145,6 +148,8 @@ files:
 - config/routes.rb
 - db/migrate/20250528095719_create_spree_paypal_checkout_orders.rb
 - lib/generators/spree_paypal_checkout/install/install_generator.rb
+- lib/spree_api_v2/spree/api/v2/storefront/paypal_order_serializer.rb
+- lib/spree_api_v2/spree/api/v2/storefront/paypal_orders_controller.rb
 - lib/spree_paypal_checkout.rb
 - lib/spree_paypal_checkout/configuration.rb
 - lib/spree_paypal_checkout/engine.rb
@@ -155,9 +160,9 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/spree/spree_paypal_checkout/issues
-  changelog_uri: https://github.com/spree/spree_paypal_checkout/releases/tag/v0.6.0
+  changelog_uri: https://github.com/spree/spree_paypal_checkout/releases/tag/v0.7.1
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree_paypal_checkout/tree/v0.6.0
+  source_code_uri: https://github.com/spree/spree_paypal_checkout/tree/v0.7.1
 rdoc_options: []
 require_paths:
 - lib