spree_stripe 1.0.2

data/app/models/spree_stripe/gateway.rb

@@ -0,0 +1,366 @@
+module SpreeStripe
+  class Gateway < ::Spree::Gateway
+    include SpreeStripe::Gateway::Tax if defined?(SpreeStripe::Gateway::Tax)
+
+    preference :publishable_key, :password
+    preference :secret_key, :password
+
+    has_one_attached :apple_developer_merchantid_domain_association, service: Spree.private_storage_service_name
+
+    validates :preferred_secret_key, :preferred_publishable_key, presence: true
+    validate :validate_secret_key, unless: -> { Rails.env.test? }, if: -> { preferred_secret_key.present? }
+
+    after_commit :create_webhook_endpoint_async, on: %i[create update]
+    after_commit :register_domain, on: :create
+
+    has_many :payment_intents, class_name: 'SpreeStripe::PaymentIntent', foreign_key: 'payment_method_id', dependent: :delete_all
+
+    def self.webhook_url
+      "https://#{Rails.application.routes.default_url_options[:host]}/stripe"
+    end
+
+    def provider_class
+      self.class
+    end
+
+    # @param amount_in_cents [Integer] the amount in cents to capture
+    # @param payment_source [Spree::CreditCard | Spree::PaymentSource]
+    # @param gateway_options [Hash] this is an instance of Spree::Payment::GatewayOptions.to_hash
+    def authorize(amount_in_cents, payment_source, gateway_options = {})
+      handle_authorize_or_purchase(amount_in_cents, payment_source, gateway_options)
+    end
+
+    # @param amount_in_cents [Integer] the amount in cents to capture
+    # @param payment_source [Spree::CreditCard | Spree::PaymentSource]
+    # @param gateway_options [Hash] this is an instance of Spree::Payment::GatewayOptions.to_hash
+    def purchase(amount_in_cents, payment_source, gateway_options = {})
+      handle_authorize_or_purchase(amount_in_cents, payment_source, gateway_options)
+    end
+
+    # the behavior for authorize and purchase is the same, so we can use the same method to handle both
+    def handle_authorize_or_purchase(amount_in_cents, payment_source, gateway_options)
+      order_number, payment_number = gateway_options[:order_id].split('-')
+
+      return failure('Order number is invalid') if order_number.blank?
+      return failure('Payment number is invalid') if payment_number.blank?
+
+      order = Spree::Order.where(store_id: stores.ids).find_by(number: order_number)
+      payment = order.payments.find_by(number: payment_number)
+
+      protect_from_error do
+        # eg. payment created via admin
+        payment = ensure_payment_intent_exists_for_payment(payment, amount_in_cents, payment_source)
+        stripe_payment_intent = retrieve_payment_intent(payment.response_code)
+
+        response = if stripe_payment_intent.status == 'succeeded'
+                     # payment intent is already confirmed via Stripe JS SDK
+                     stripe_payment_intent
+                   else
+                     confirm_payment_intent(stripe_payment_intent.id)
+                   end
+
+        success(response.id, response)
+      end
+    end
+
+    def credit(amount_in_cents, _source, payment_intent_id, _gateway_options = {})
+      protect_from_error do
+        payload = {
+          amount: amount_in_cents,
+          payment_intent: payment_intent_id
+        }
+
+        response = send_request { Stripe::Refund.create(payload) }
+
+        success(response.id, response)
+      end
+    end
+
+    def capture(amount_in_cents, payment_intent_id, _gateway_options = {})
+      protect_from_error do
+        stripe_payment_intent = retrieve_payment_intent(payment_intent_id)
+
+        response = if stripe_payment_intent.status == 'requires_capture'
+                     capture_payment_intent(payment_intent_id, amount_in_cents)
+                   elsif stripe_payment_intent.status == 'succeeded'
+                     stripe_payment_intent
+                   else
+                     raise Spree::Core::GatewayError, "Payment intent status is #{stripe_payment_intent.status}"
+                   end
+
+        success(response.id, response)
+      end
+    end
+
+    def void(response_code, source, gateway_options)
+      raise NotImplementedError
+    end
+
+    def cancel(payment_intent_id, payment = nil)
+      protect_from_error do
+        if payment&.completed?
+          amount = payment.credit_allowed
+          return success(payment_intent_id, {}) if amount.zero?
+          # Don't create a refund if the payment is for a shipment, we will create a refund for the whole shipping cost instead
+          return success(payment_intent_id, {}) if payment.respond_to?(:for_shipment?) && payment.for_shipment?
+
+          refund = payment.refunds.create!(
+            amount: amount,
+            reason: Spree::RefundReason.order_canceled_reason,
+            refunder_id: payment.order.canceler_id
+          )
+
+          # Spree::Refund#response has the response from the `credit` action
+          # For the authorization ID we need to use the payment.response_code (the payment intent ID)
+          # Otherwise we'll overwrite the payment authorization with the refund ID
+          success(payment.response_code, refund.response.params)
+        else
+          response = cancel_payment_intent(payment_intent_id)
+          success(response.id, response)
+        end
+      end
+    end
+
+    def fetch_or_create_customer(order: nil, user: nil)
+      user ||= order&.user
+      return nil unless user
+
+      gateway_customers.find_by(user: user) || create_customer(order: order, user: user)
+    end
+
+    def create_customer(order: nil, user: nil)
+      user ||= order&.user
+      address = order&.bill_address || user&.bill_address
+      name = order&.name || user&.name
+      email = order&.email || user&.email
+
+      payload = SpreeStripe::CustomerPresenter.new(
+        name: name,
+        email: email,
+        address: address
+      ).call
+
+      response = send_request { Stripe::Customer.create(payload) }
+
+      customer = gateway_customers.build(user: user, profile_id: response.id)
+      customer.save! if user.present?
+      customer
+    end
+
+    # Creates a Stripe payment intent for the order
+    #
+    # @param amount_in_cents [Integer] the amount in cents
+    # @param order [Spree::Order] the order to create a payment intent for
+    # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
+    # @param off_session [Boolean] whether the payment intent is off session
+    # @param customer_profile_id [String] Stripe customer profile id to use, eg.  cus_123
+    # @return [ActiveMerchant::Billing::Response] the response from the payment intent creation
+    def create_payment_intent(amount_in_cents, order, payment_method_id: nil, off_session: false, customer_profile_id: nil)
+      payload = SpreeStripe::PaymentIntentPresenter.new(
+        amount: amount_in_cents,
+        order: order,
+        customer: customer_profile_id || fetch_or_create_customer(order: order)&.profile_id,
+        payment_method_id: payment_method_id,
+        off_session: off_session
+      ).call
+
+      protect_from_error do
+        response = send_request { Stripe::PaymentIntent.create(payload) }
+
+        success(response.id, response)
+      end
+    end
+
+    # Updates a Stripe payment intent for the order
+    #
+    # @param payment_intent_id [String] Stripe payment intent id
+    # @param amount_in_cents [Integer] the amount in cents
+    # @param order [Spree::Order] the order to update the payment intent for
+    # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
+    # @return [ActiveMerchant::Billing::Response] the response from the payment intent update
+    def update_payment_intent(payment_intent_id, amount_in_cents, order, payment_method_id = nil)
+      protect_from_error do
+        payload = SpreeStripe::PaymentIntentPresenter.new(
+          amount: amount_in_cents,
+          order: order,
+          customer: fetch_or_create_customer(order: order)&.profile_id,
+          payment_method_id: payment_method_id
+        ).call.slice(:amount, :currency, :payment_method, :shipping, :customer)
+
+        response = send_request { Stripe::PaymentIntent.update(payment_intent_id, payload) }
+
+        success(response.id, response)
+      end
+    end
+
+    def retrieve_payment_intent(payment_intent_id)
+      send_request { Stripe::PaymentIntent.retrieve(payment_intent_id) }
+    end
+
+    def confirm_payment_intent(payment_intent_id)
+      send_request { Stripe::PaymentIntent.confirm(payment_intent_id) }
+    end
+
+    def capture_payment_intent(payment_intent_id, amount_in_cents)
+      send_request { Stripe::PaymentIntent.capture(payment_intent_id, { amount_to_capture: amount_in_cents }) }
+    end
+
+    # Cancels a Stripe payment intent
+    #
+    # @param payment_intent_id [String] Stripe payment intent ID, eg. pi_123
+    def cancel_payment_intent(payment_intent_id)
+      send_request { Stripe::PaymentIntent.cancel(payment_intent_id) }
+    end
+
+    # Ensures a Stripe payment intent exists for Spree payment
+    #
+    # @param payment [Spree::Payment] the payment to ensure a payment intent exists for
+    # @param amount_in_cents [Integer] the amount in cents
+    # @param payment_source [Spree::CreditCard | Spree::PaymentSource] the payment source to use
+    # @return [Spree::Payment] the payment with the payment intent
+    def ensure_payment_intent_exists_for_payment(payment, amount_in_cents = nil, payment_source = nil)
+      return payment if payment.response_code.present?
+
+      amount_in_cents ||= payment.display_amount.cents
+      payment_source ||= payment.source
+
+      response = create_payment_intent(
+        amount_in_cents,
+        payment.order,
+        payment_method_id: payment_source.gateway_payment_profile_id,
+        off_session: true,
+        customer_profile_id: payment_source.gateway_customer_profile_id
+      )
+
+      payment.update_columns(
+        response_code: response.authorization,
+        updated_at: Time.current
+      )
+
+      payment
+    end
+
+    def retrieve_charge(charge_id)
+      send_request { Stripe::Charge.retrieve(charge_id) }
+    end
+
+    def create_ephemeral_key(customer_id)
+      protect_from_error do
+        response = send_request { Stripe::EphemeralKey.create({ customer: customer_id }, { stripe_version: Stripe.api_version }) }
+
+        success(response.secret, response)
+      end
+    end
+
+    def create_setup_intent(customer_id)
+      protect_from_error do
+        response = send_request { Stripe::SetupIntent.create({ customer: customer_id, automatic_payment_methods: { enabled: true } }) }
+
+        success(response.client_secret, response)
+      end
+    end
+
+    def apple_domain_association_file_content
+      @apple_domain_association_file_content ||= apple_developer_merchantid_domain_association&.download
+    end
+
+    def payment_profiles_supported?
+      true
+    end
+
+    def default_name
+      'Stripe'
+    end
+
+    def method_type
+      'spree_stripe'
+    end
+
+    def payment_icon_name
+      'stripe'
+    end
+
+    def description_partial_name
+      'spree_stripe'
+    end
+
+    def custom_form_fields_partial_name
+      'spree_stripe'
+    end
+
+    def configuration_guide_partial_name
+      'spree_stripe'
+    end
+
+    def gateway_dashboard_payment_url(payment)
+      return if payment.transaction_id.blank?
+
+      "https://dashboard.stripe.com/payments/#{payment.transaction_id}"
+    end
+
+    def create_webhook_endpoint
+      SpreeStripe::CreateGatewayWebhooks.new.call(payment_method: self)
+    end
+
+    def create_profile(payment)
+      customer = fetch_or_create_customer(order: payment.order)
+
+      payment.source.update(gateway_customer_profile_id: customer.profile_id) if payment.source.present? && customer.present?
+    end
+
+    def api_options
+      { api_key: preferred_secret_key, api_version: Stripe.api_version }
+    end
+
+    def send_request(&block)
+      result, _response = client.request(&block)
+      result
+    end
+
+    def client
+      @client ||= Stripe::StripeClient.new(api_options)
+    end
+
+    private
+
+    def validate_secret_key
+      Stripe::Refund.list({ limit: 0 }, api_options)
+    rescue Stripe::AuthenticationError
+      errors.add(:base, 'Secret key is invalid')
+    rescue Stripe::PermissionError => e
+      errors.add(:base, 'You have provided your publishable key instead of your secret key') if e.error&.code == 'secret_key_required'
+    rescue Stripe::StripeError
+      errors.add(:base, 'Something went wrong with Stripe. Try again later.')
+    end
+
+    def success(authorization, full_response)
+      ActiveMerchant::Billing::Response.new(true, nil, full_response.as_json, authorization: authorization)
+    end
+
+    def failure(error = nil)
+      ActiveMerchant::Billing::Response.new(false, error)
+    end
+
+    def protect_from_error
+      yield
+    rescue Stripe::StripeError => e
+      raise Spree::Core::GatewayError, e.message
+    end
+
+    def create_webhook_endpoint_async
+      return if webhook_keys.any?
+
+      SpreeStripe::CreateWebhookEndpointJob.perform_later(id)
+    end
+
+    def register_domain
+      stores.each do |store|
+        RegisterDomainJob.perform_later(store.id, 'store')
+
+        store.custom_domains.each do |custom_domain|
+          RegisterDomainJob.perform_later(custom_domain.id, 'custom_domain')
+        end
+      end
+    end
+  end
+end

data/app/models/spree_stripe/order_decorator.rb

@@ -0,0 +1,19 @@
+module SpreeStripe
+  module OrderDecorator
+    def self.prepended(base)
+      base.has_many :payment_intents, class_name: 'SpreeStripe::PaymentIntent', dependent: :destroy
+    end
+
+    def update_payment_intents
+      return if completed?
+      return unless total_minus_store_credits.positive?
+
+      payment_intents.each do |payment_intent|
+        payment_intent.update!(amount: total_minus_store_credits)
+      end
+    end
+  end
+end
+
+Spree::Order.prepend(SpreeStripe::OrderDecorator)
+Spree::Order.register_update_hook :update_payment_intents

data/app/models/spree_stripe/payment_decorator.rb

@@ -0,0 +1,46 @@
+module SpreeStripe
+  module PaymentDecorator
+    AVS_CODES = {
+      'pass' => {
+        'pass' => 'Y',
+        'fail' => 'A',
+        'unchecked' => 'B'
+      },
+      'fail' => {
+        'pass' => 'Z',
+        'fail' => 'N'
+      },
+      'unchecked' => {
+        'pass' => 'P',
+        'unchecked' => 'I'
+      }
+    }.freeze
+
+    CVV_CODES = {
+      'pass' => 'M',
+      'fail' => 'N',
+      'unchecked' => 'P'
+    }.freeze
+
+    def self.prepended(base)
+      base.store_accessor :private_metadata, :stripe_charge_id
+      base.store_accessor :private_metadata, :stripe_tax_transaction_id
+
+      base.before_save :set_cvv_and_avs_response_from_metadata, if: :credit_card_source?
+    end
+
+    def set_cvv_and_avs_response_from_metadata
+      checks = source.private_metadata[:checks]
+      return if checks.blank?
+
+      self.avs_response ||= AVS_CODES.dig(checks[:address_line1_check], checks[:address_postal_code_check])
+      self.cvv_response_code ||= CVV_CODES[checks[:cvc_check]]
+    end
+
+    def credit_card_source?
+      source.present? && source.is_a?(Spree::CreditCard)
+    end
+  end
+end
+
+Spree::Payment.prepend(SpreeStripe::PaymentDecorator)

data/app/models/spree_stripe/payment_intent.rb

@@ -0,0 +1,66 @@
+module SpreeStripe
+  class PaymentIntent < Base
+    #
+    # Associations
+    #
+    belongs_to :order, class_name: 'Spree::Order', foreign_key: 'order_id'
+    belongs_to :payment_method, class_name: 'Spree::PaymentMethod', foreign_key: 'payment_method_id'
+    has_one :payment, class_name: 'Spree::Payment', foreign_key: 'response_code', primary_key: 'stripe_id'
+
+    #
+    # Validations
+    #
+    validates :order, :payment_method, :client_secret, presence: true
+    validates :stripe_id, presence: true, uniqueness: { scope: :order_id }
+    validates :amount, presence: true, numericality: { greater_than: 0 }
+
+    #
+    # Callbacks
+    #
+    before_validation :set_amount_from_order
+    after_update :update_stripe_payment_intent, if: :amount_or_stripe_payment_method_id_changed?
+
+    #
+    # Delegations
+    #
+    delegate :api_options, to: :payment_method
+    delegate :store, :currency, to: :order
+
+    def stripe_payment_intent
+      @stripe_payment_intent ||= payment_method.retrieve_payment_intent(stripe_id)
+    end
+
+    def stripe_charge
+      @stripe_charge ||= payment_method.retrieve_charge(stripe_payment_intent.latest_charge)
+    end
+
+    # here we create a payment if it doesn't exist
+    # or we find it by the stripe_payment_intent_id
+    def find_or_create_payment!
+      return unless persisted?
+      return payment if payment.present?
+
+      SpreeStripe::CreatePayment.new(order: order, payment_intent: self, gateway: payment_method, amount: amount).call
+    end
+
+    def set_amount_from_order
+      self.amount = order&.total_minus_store_credits if order.present? && (amount.nil? || amount.zero?)
+    end
+
+    def update_stripe_payment_intent
+      payment_method.update_payment_intent(stripe_id, amount_in_cents, order, stripe_payment_method_id)
+    end
+
+    def amount_or_stripe_payment_method_id_changed?
+      amount_previously_changed? || stripe_payment_method_id_previously_changed?
+    end
+
+    def amount_in_cents
+      @amount_in_cents ||= money.cents
+    end
+
+    def money
+      @money ||= Spree::Money.new(amount, currency: currency)
+    end
+  end
+end

data/app/models/spree_stripe/payment_method_decorator.rb

@@ -0,0 +1,18 @@
+module SpreeStripe
+  module PaymentMethodDecorator
+    STRIPE_TYPE = 'SpreeStripe::Gateway'.freeze
+
+    def self.prepended(base)
+      base.has_many :payment_methods_webhook_keys, class_name: 'SpreeStripe::PaymentMethodsWebhookKey'
+      base.has_many :webhook_keys, through: :payment_methods_webhook_keys, class_name: 'SpreeStripe::WebhookKey'
+
+      base.scope :stripe, -> { where(type: STRIPE_TYPE) }
+    end
+
+    def stripe?
+      type == STRIPE_TYPE
+    end
+  end
+end
+
+Spree::PaymentMethod.prepend(SpreeStripe::PaymentMethodDecorator)

data/app/models/spree_stripe/payment_methods_webhook_key.rb

@@ -0,0 +1,8 @@
+module SpreeStripe
+  class PaymentMethodsWebhookKey < Base
+    belongs_to :payment_method, class_name: 'Spree::PaymentMethod'
+    belongs_to :webhook_key, class_name: 'SpreeStripe::WebhookKey'
+
+    validates :payment_method, presence: true, uniqueness: { scope: :webhook_key_id }
+  end
+end

data/app/models/spree_stripe/payment_source_decorator.rb

@@ -0,0 +1,9 @@
+module SpreeStripe
+  module PaymentSourceDecorator
+    def self.prepended(base)
+      base.attr_accessor :imported
+    end
+  end
+end
+
+Spree::PaymentSource.prepend(SpreeStripe::PaymentSourceDecorator)

data/app/models/spree_stripe/payment_sources/affirm.rb

@@ -0,0 +1,9 @@
+module SpreeStripe
+  module PaymentSources
+    class Affirm < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/after_pay.rb

@@ -0,0 +1,13 @@
+module SpreeStripe
+  module PaymentSources
+    class AfterPay < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+
+      def self.display_name
+        'Afterpay'
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/alipay.rb

@@ -0,0 +1,9 @@
+module SpreeStripe
+  module PaymentSources
+    class Alipay < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/ideal.rb

@@ -0,0 +1,15 @@
+module SpreeStripe
+  module PaymentSources
+    class Ideal < ::Spree::PaymentSource
+      store_accessor :public_metadata, :bank, :last4
+
+      def actions
+        %w[credit]
+      end
+
+      def self.display_name
+        'iDEAL'
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/klarna.rb

@@ -0,0 +1,9 @@
+module SpreeStripe
+  module PaymentSources
+    class Klarna < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/link.rb

@@ -0,0 +1,13 @@
+module SpreeStripe
+  module PaymentSources
+    class Link < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+
+      def self.display_name
+        'Link'
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/przelewy24.rb

@@ -0,0 +1,11 @@
+module SpreeStripe
+  module PaymentSources
+    class Przelewy24 < ::Spree::PaymentSource
+      store_accessor :public_metadata, :bank
+
+      def actions
+        %w[credit]
+      end
+    end
+  end
+end

data/app/models/spree_stripe/payment_sources/sepa_debit.rb

@@ -0,0 +1,13 @@
+module SpreeStripe
+  module PaymentSources
+    class SepaDebit < ::Spree::PaymentSource
+      def actions
+        %w[credit]
+      end
+
+      def self.display_name
+        'SEPA Debit'
+      end
+    end
+  end
+end

data/app/models/spree_stripe/store_decorator.rb

@@ -0,0 +1,24 @@
+module SpreeStripe
+  module StoreDecorator
+    def self.prepended(base)
+      base.store_accessor :private_metadata, :stripe_apple_pay_domain_id
+      base.store_accessor :private_metadata, :stripe_top_level_domain_id
+    end
+
+    def stripe_gateway
+      @stripe_gateway ||= payment_methods.stripe.active.last
+    end
+
+    def handle_code_changes
+      super
+
+      SpreeStripe::RegisterDomainJob.perform_later(id)
+    end
+
+    def billing_name
+      name
+    end
+  end
+end
+
+Spree::Store.prepend(SpreeStripe::StoreDecorator)

data/app/models/spree_stripe/webhook_key.rb

@@ -0,0 +1,14 @@
+module SpreeStripe
+  class WebhookKey < Base
+    validates :stripe_id, presence: true, uniqueness: true
+    validates :signing_secret, presence: true, uniqueness: true
+
+    has_many :payment_methods_webhook_keys, class_name: 'SpreeStripe::PaymentMethodsWebhookKey', dependent: :destroy
+    has_many :payment_methods, through: :payment_methods_webhook_keys, class_name: 'Spree::PaymentMethod', dependent: :destroy
+
+    if Rails.configuration.active_record.encryption.include?(:primary_key)
+      encrypts :stripe_id, deterministic: true
+      encrypts :signing_secret, deterministic: true
+    end
+  end
+end