spree_stripe 1.5.1 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 296413327864ba7d62dbcbe59c93f4b20bbe8ca0eaed1f0379ab30548da13412
-  data.tar.gz: 58bb81757cc9097d009fc3d0cb3733455ab0e22c5012a0310ca9e583da7bb744
+  metadata.gz: 1b3cc636d33d9aa8152aba43d60a15a1d3c44dca2feeafcd30c215cec823c028
+  data.tar.gz: 82cf337690f6c7f03d4770e2001e4d4dc3a273d4b84887f079e664a02788edd6
 SHA512:
-  metadata.gz: 4aca196555667bc988d69382638bd235450deb8a66da6680915476e771c3c745d32f0ce2300ba737863998ec012d8929144cd8792d8c1c121d92fdbf065fef80
-  data.tar.gz: 5ad609bed31583b62956e3be2517fc7b42a4a99beec2067cc4993ee4f771f38d2cb5040d477154cc0cc6132ea1a85ddddb200279ce404f6ec83de2ca56974b24
+  metadata.gz: 0ddd1b76f5c7991a636f78751fc43c8bc5eac6b952a91621ad928eaa66823f0b2bfa42a21ba7ba2942934c9146eb362841ad8ef7cc74f63b1422f8a2fbdf23ec
+  data.tar.gz: 9b9d768391f1e41ff1444dcf9f6faad7bab6c73c25e9712f0628171d770c3d00ef9b71d38f8be1ab471a21e979e9d5d8bd03e2b3cb8d0c68623e4d717d0f87b1

data/Rakefile

@@ -21,5 +21,7 @@ task :test_app do
     install_storefront: true,
     install_admin: true
   )
+  system({ 'BUNDLE_GEMFILE' => File.expand_path('Gemfile', __dir__) }, 'rails g spree_posts:install')
   system({ 'BUNDLE_GEMFILE' => File.expand_path('Gemfile', __dir__) }, 'rails g spree_legacy_api_v2:install')
+  system({ 'BUNDLE_GEMFILE' => File.expand_path('Gemfile', __dir__) }, 'rails g spree_legacy_product_properties:install')
 end

data/app/jobs/spree_stripe/complete_order_from_session_job.rb

@@ -0,0 +1,12 @@
+module SpreeStripe
+  class CompleteOrderFromSessionJob < BaseJob
+    def perform(payment_session_id)
+      payment_session = Spree::PaymentSessions::Stripe.find(payment_session_id)
+
+      # PaymentSessions::Stripe duck-types as PaymentIntent
+      SpreeStripe::CompleteOrder.new(payment_intent: payment_session).call
+
+      payment_session.complete unless payment_session.completed?
+    end
+  end
+end

data/app/models/spree/payment_sessions/stripe.rb

@@ -0,0 +1,54 @@
+module Spree
+  class PaymentSessions::Stripe < PaymentSession
+    delegate :api_options, to: :payment_method
+
+    # Duck-type interface matching SpreeStripe::PaymentIntent
+    # This allows reuse of CompleteOrder and CreatePayment services
+    def stripe_id
+      external_id
+    end
+
+    def client_secret
+      external_data&.dig('client_secret')
+    end
+
+    def ephemeral_key_secret
+      external_data&.dig('ephemeral_key_secret')
+    end
+
+    def stripe_payment_intent
+      @stripe_payment_intent ||= payment_method.retrieve_payment_intent(external_id)
+    end
+
+    def stripe_charge
+      @stripe_charge ||= begin
+        latest_charge = stripe_payment_intent.latest_charge
+        latest_charge.present? ? payment_method.retrieve_charge(latest_charge) : nil
+      end
+    end
+
+    def accepted?
+      payment_method.payment_intent_accepted?(stripe_payment_intent)
+    end
+
+    def successful?
+      stripe_payment_intent.status == 'succeeded'
+    end
+
+    def charge_not_required?
+      payment_method.payment_intent_charge_not_required?(stripe_payment_intent)
+    end
+
+    def find_or_create_payment!(metadata = {})
+      return unless persisted?
+      return payment if payment.present?
+
+      SpreeStripe::CreatePayment.new(
+        order: order,
+        payment_intent: self,
+        gateway: payment_method,
+        amount: amount
+      ).call
+    end
+  end
+end

data/app/models/spree_stripe/custom_domain_decorator.rb

@@ -15,4 +15,6 @@ module SpreeStripe
   end
 end
 
-Spree::CustomDomain.prepend(SpreeStripe::CustomDomainDecorator)
+if defined?(Spree::CustomDomain)
+  Spree::CustomDomain.prepend(SpreeStripe::CustomDomainDecorator)
+end

data/app/models/spree_stripe/gateway/payment_intents.rb

@@ -0,0 +1,138 @@
+module SpreeStripe
+  class Gateway < ::Spree::Gateway
+    module PaymentIntents
+      extend ActiveSupport::Concern
+
+      DELAYED_NOTIFICATION_PAYMENT_METHOD_TYPES = %w[sepa_debit us_bank_account].freeze
+      BANK_PAYMENT_METHOD_TYPES = %w[customer_balance us_bank_account].freeze
+
+      included do
+        has_many :payment_intents, class_name: 'SpreeStripe::PaymentIntent', foreign_key: 'payment_method_id', dependent: :delete_all
+      end
+
+      def payment_intent_accepted?(payment_intent)
+        payment_intent.status.in?(payment_intent_accepted_statuses(payment_intent))
+      end
+
+      def payment_intent_delayed_notification?(payment_intent)
+        payment_method = payment_intent.payment_method
+        return false unless payment_method.respond_to?(:type)
+
+        payment_intent.payment_method.type.in?(DELAYED_NOTIFICATION_PAYMENT_METHOD_TYPES)
+      end
+
+      def payment_intent_charge_not_required?(payment_intent)
+        payment_intent_bank_payment_method?(payment_intent)
+      end
+
+      def payment_intent_bank_payment_method?(payment_intent)
+        payment_method = payment_intent.payment_method
+        return false unless payment_method.respond_to?(:type)
+
+        payment_intent.payment_method.type.in?(BANK_PAYMENT_METHOD_TYPES)
+      end
+
+      # Creates a Stripe payment intent for the order
+      #
+      # @param amount_in_cents [Integer] the amount in cents
+      # @param order [Spree::Order] the order to create a payment intent for
+      # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
+      # @param off_session [Boolean] whether the payment intent is off session
+      # @param customer_profile_id [String] Stripe customer profile id to use, eg.  cus_123
+      # @return [Spree::PaymentResponse] the response from the payment intent creation
+      def create_payment_intent(amount_in_cents, order, payment_method_id: nil, off_session: false, customer_profile_id: nil)
+        payload = SpreeStripe::PaymentIntentPresenter.new(
+          amount: amount_in_cents,
+          order: order,
+          customer: customer_profile_id || fetch_or_create_customer(order: order)&.profile_id,
+          payment_method_id: payment_method_id,
+          off_session: off_session
+        ).call
+
+        protect_from_error do
+          response = send_request { |opts| Stripe::PaymentIntent.create(payload, opts) }
+
+          success(response.id, response)
+        end
+      end
+
+      # Updates a Stripe payment intent for the order
+      #
+      # @param payment_intent_id [String] Stripe payment intent id
+      # @param amount_in_cents [Integer] the amount in cents
+      # @param order [Spree::Order] the order to update the payment intent for
+      # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
+      # @return [Spree::PaymentResponse] the response from the payment intent update
+      def update_payment_intent(payment_intent_id, amount_in_cents, order, payment_method_id = nil)
+        protect_from_error do
+          payload = SpreeStripe::PaymentIntentPresenter.new(
+            amount: amount_in_cents,
+            order: order,
+            customer: fetch_or_create_customer(order: order)&.profile_id,
+            payment_method_id: payment_method_id
+          ).call.slice(:amount, :currency, :payment_method, :shipping, :customer)
+
+          response = send_request { |opts| Stripe::PaymentIntent.update(payment_intent_id, payload, opts) }
+
+          success(response.id, response)
+        end
+      end
+
+      def retrieve_payment_intent(payment_intent_id)
+        send_request { |opts| Stripe::PaymentIntent.retrieve({ id: payment_intent_id, expand: ['payment_method'] }, opts) }
+      end
+
+      def confirm_payment_intent(payment_intent_id)
+        send_request { |opts| Stripe::PaymentIntent.confirm(payment_intent_id, {}, opts) }
+      end
+
+      def capture_payment_intent(payment_intent_id, amount_in_cents)
+        send_request { |opts| Stripe::PaymentIntent.capture(payment_intent_id, { amount_to_capture: amount_in_cents }, opts) }
+      end
+
+      # Cancels a Stripe payment intent
+      #
+      # @param payment_intent_id [String] Stripe payment intent ID, eg. pi_123
+      def cancel_payment_intent(payment_intent_id)
+        send_request { |opts| Stripe::PaymentIntent.cancel(payment_intent_id, {}, opts) }
+      end
+
+      # Ensures a Stripe payment intent exists for Spree payment
+      #
+      # @param payment [Spree::Payment] the payment to ensure a payment intent exists for
+      # @param amount_in_cents [Integer] the amount in cents
+      # @param payment_source [Spree::CreditCard | Spree::PaymentSource] the payment source to use
+      # @return [Spree::Payment] the payment with the payment intent
+      def ensure_payment_intent_exists_for_payment(payment, amount_in_cents = nil, payment_source = nil)
+        return payment if payment.response_code.present?
+
+        amount_in_cents ||= payment.display_amount.cents
+        payment_source ||= payment.source
+
+        response = create_payment_intent(
+          amount_in_cents,
+          payment.order,
+          payment_method_id: payment_source.gateway_payment_profile_id,
+          off_session: true,
+          customer_profile_id: payment_source.gateway_customer_profile_id
+        )
+
+        payment.update_columns(
+          response_code: response.authorization,
+          updated_at: Time.current
+        )
+
+        payment
+      end
+
+      private
+
+      def payment_intent_accepted_statuses(payment_intent)
+        statuses = %w[succeeded]
+        statuses << 'processing' if payment_intent_delayed_notification?(payment_intent)
+        statuses << 'requires_action' if payment_intent_charge_not_required?(payment_intent)
+        statuses
+      end
+    end
+  end
+end

data/app/models/spree_stripe/gateway/payment_sessions.rb

@@ -0,0 +1,177 @@
+module SpreeStripe
+  class Gateway < ::Spree::Gateway
+    module PaymentSessions
+      extend ActiveSupport::Concern
+
+      def session_required?
+        !SpreeStripe::Config[:use_legacy_payment_intents]
+      end
+
+      def payment_session_class
+        Spree::PaymentSessions::Stripe
+      end
+
+      def create_payment_session(order:, amount: nil, external_data: {})
+        total = amount.presence || order.total_minus_store_credits
+        amount_in_cents = Spree::Money.new(total, currency: order.currency).cents
+
+        return nil if amount_in_cents.zero?
+
+        customer = fetch_or_create_customer(order: order)
+        stripe_pm_id = external_data[:stripe_payment_method_id] || external_data['stripe_payment_method_id']
+
+        response = create_payment_intent(
+          amount_in_cents, order,
+          payment_method_id: stripe_pm_id,
+          customer_profile_id: customer&.profile_id
+        )
+
+        ephemeral_key_response = create_ephemeral_key(customer.profile_id) if customer.present?
+        ephemeral_key_secret = ephemeral_key_response&.params&.dig('secret')
+
+        payment_session_class.create!(
+          order: order,
+          payment_method: self,
+          amount: total,
+          currency: order.currency,
+          status: 'pending',
+          external_id: response.authorization,
+          customer: order.user,
+          customer_external_id: customer&.profile_id,
+          external_data: {
+            'client_secret' => response.params['client_secret'],
+            'ephemeral_key_secret' => ephemeral_key_secret,
+            'stripe_payment_method_id' => stripe_pm_id
+          }.compact
+        )
+      end
+
+      def update_payment_session(payment_session:, amount: nil, external_data: {})
+        attrs = {}
+        amount_in_cents = nil
+
+        if amount.present?
+          attrs[:amount] = amount
+          amount_in_cents = Spree::Money.new(amount, currency: payment_session.currency).cents
+        end
+
+        stripe_pm_id = external_data[:stripe_payment_method_id] || external_data['stripe_payment_method_id']
+
+        update_payment_intent(
+          payment_session.external_id,
+          amount_in_cents || payment_session.amount_in_cents,
+          payment_session.order,
+          stripe_pm_id
+        )
+
+        if external_data.present?
+          attrs[:external_data] = (payment_session.external_data || {}).merge(external_data.stringify_keys)
+        end
+
+        payment_session.update!(attrs) if attrs.any?
+      end
+
+      # Completes a payment session by verifying with Stripe, creating the
+      # Payment record, and patching wallet address data.
+      #
+      # Does NOT complete the order — that is handled by Carts::Complete
+      # (called by the storefront or by the webhook handler).
+      def complete_payment_session(payment_session:, params: {})
+        stripe_pi = retrieve_payment_intent(payment_session.external_id)
+
+        if payment_intent_accepted?(stripe_pi)
+          payment_session.process if payment_session.can_process?
+
+          charge = payment_session.stripe_charge
+
+          # Patch wallet billing address (Apple Pay, Google Pay)
+          patch_wallet_address(payment_session.order, charge) if charge.present?
+
+          # Create the Payment record
+          payment_session.find_or_create_payment!
+
+          # Process the payment state
+          payment = payment_session.payment
+          if payment.present? && !payment.completed?
+            if payment_intent_successful?(stripe_pi)
+              payment.process!
+            else
+              payment.authorize!
+            end
+          end
+
+          payment_session.complete unless payment_session.completed?
+        else
+          payment_session.fail if payment_session.can_fail?
+        end
+      end
+
+      private
+
+      def payment_intent_successful?(stripe_pi)
+        stripe_pi.status == 'succeeded'
+      end
+
+      # Patches the order's billing address with data from the Stripe charge.
+      # Needed for quick checkout (Apple Pay/Google Pay) where the storefront
+      # doesn't have the billing address before payment confirmation.
+      def patch_wallet_address(order, charge)
+        return if charge.blank?
+
+        billing_details = charge.billing_details
+        address = billing_details.address
+
+        order.email ||= billing_details.email
+        order.save! if order.email_changed?
+
+        # Skip if billing address is already valid
+        return if order.bill_address.present? && order.bill_address.valid?
+
+        country_iso = address.country
+        country = Spree::Country.find_by(iso: country_iso) || Spree::Country.default
+
+        order.bill_address ||= Spree::Address.new(country: country, user: order.user)
+        order.bill_address.quick_checkout = true
+
+        first_name = billing_details.name&.split(' ')&.first || order.ship_address&.first_name || order.user&.first_name
+        last_name = billing_details.name&.split(' ')&.last || order.ship_address&.last_name || order.user&.last_name
+
+        order.bill_address.first_name ||= first_name
+        order.bill_address.last_name ||= last_name
+        order.bill_address.phone ||= billing_details.phone
+        order.bill_address.address1 ||= address.line1
+        order.bill_address.address2 ||= address.line2
+        order.bill_address.city ||= address.city
+        order.bill_address.zipcode ||= address.postal_code
+
+        state_name = address.state
+        if country.states_required?
+          order.bill_address.state = country.states.find_all_by_name_or_abbr(state_name)&.first
+        else
+          order.bill_address.state_name = state_name
+        end
+        order.bill_address.state_name ||= state_name
+
+        if order.bill_address.invalid?
+          return if order.ship_address.blank?
+
+          order.bill_address = order.ship_address
+        end
+
+        order.bill_address.save! if order.bill_address&.changed?
+        order.save!
+
+        copy_bill_info_to_user(order) if order.user.present?
+      end
+
+      def copy_bill_info_to_user(order)
+        user = order.user
+        user.first_name ||= order.bill_address.first_name
+        user.last_name ||= order.bill_address.last_name
+        user.phone ||= order.bill_address.phone
+        user.bill_address_id ||= order.bill_address.id
+        user.save! if user.changed?
+      end
+    end
+  end
+end

data/app/models/spree_stripe/gateway.rb

@@ -1,10 +1,9 @@
 module SpreeStripe
   class Gateway < ::Spree::Gateway
+    include SpreeStripe::Gateway::PaymentIntents
+    include SpreeStripe::Gateway::PaymentSessions
     include SpreeStripe::Gateway::Tax if defined?(SpreeStripe::Gateway::Tax)
 
-    DELAYED_NOTIFICATION_PAYMENT_METHOD_TYPES = %w[sepa_debit us_bank_account].freeze
-    BANK_PAYMENT_METHOD_TYPES = %w[customer_balance us_bank_account].freeze
-
     preference :publishable_key, :password
     preference :secret_key, :password
 
@@ -16,36 +15,38 @@ module SpreeStripe
     after_commit :create_webhook_endpoint_async, on: %i[create update]
     after_commit :register_domain, on: :create
 
-    has_many :payment_intents, class_name: 'SpreeStripe::PaymentIntent', foreign_key: 'payment_method_id', dependent: :delete_all
-
     def webhook_url
-      StripeEvent::Engine.routes.url_helpers.root_url(host: stores.first.url, protocol: 'https')
-    end
-
-    def provider_class
-      self.class
-    end
+      store = stores.first
+      return nil unless store
 
-    def payment_intent_accepted?(payment_intent)
-      payment_intent.status.in?(payment_intent_accepted_statuses(payment_intent))
+      if SpreeStripe::Config[:use_legacy_webhook_handlers]
+        StripeEvent::Engine.routes.url_helpers.root_url(host: store.url, protocol: 'https')
+      else
+        "#{store.formatted_url}/api/v3/webhooks/payments/#{prefixed_id}"
+      end
     end
 
-    def payment_intent_delayed_notification?(payment_intent)
-      payment_method = payment_intent.payment_method
-      return false unless payment_method.respond_to?(:type)
-
-      payment_intent.payment_method.type.in?(DELAYED_NOTIFICATION_PAYMENT_METHOD_TYPES)
-    end
+    def parse_webhook_event(raw_body, headers)
+      event = verify_webhook_signature(raw_body, headers)
 
-    def payment_intent_charge_not_required?(payment_intent)
-      payment_intent_bank_payment_method?(payment_intent)
+      payment_session = Spree::PaymentSessions::Stripe.find_by(
+        payment_method: self,
+        external_id: event.data.object[:id]
+      )
+      return nil unless payment_session
+
+      case event.type
+      when 'payment_intent.succeeded'
+        { action: :captured, payment_session: payment_session, metadata: { stripe_event: event } }
+      when 'payment_intent.payment_failed'
+        { action: :failed, payment_session: payment_session, metadata: { stripe_event: event } }
+      else
+        nil
+      end
     end
 
-    def payment_intent_bank_payment_method?(payment_intent)
-      payment_method = payment_intent.payment_method
-      return false unless payment_method.respond_to?(:type)
-
-      payment_intent.payment_method.type.in?(BANK_PAYMENT_METHOD_TYPES)
+    def provider_class
+      self.class
     end
 
     # @param amount_in_cents [Integer] the amount in cents to capture
@@ -188,99 +189,6 @@ module SpreeStripe
       send_request { |opts| Stripe::Customer.update(customer.profile_id, payload, opts) }
     end
 
-    # Creates a Stripe payment intent for the order
-    #
-    # @param amount_in_cents [Integer] the amount in cents
-    # @param order [Spree::Order] the order to create a payment intent for
-    # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
-    # @param off_session [Boolean] whether the payment intent is off session
-    # @param customer_profile_id [String] Stripe customer profile id to use, eg.  cus_123
-    # @return [ActiveMerchant::Billing::Response] the response from the payment intent creation
-    def create_payment_intent(amount_in_cents, order, payment_method_id: nil, off_session: false, customer_profile_id: nil)
-      payload = SpreeStripe::PaymentIntentPresenter.new(
-        amount: amount_in_cents,
-        order: order,
-        customer: customer_profile_id || fetch_or_create_customer(order: order)&.profile_id,
-        payment_method_id: payment_method_id,
-        off_session: off_session
-      ).call
-
-      protect_from_error do
-        response = send_request { |opts| Stripe::PaymentIntent.create(payload, opts) }
-
-        success(response.id, response)
-      end
-    end
-
-    # Updates a Stripe payment intent for the order
-    #
-    # @param payment_intent_id [String] Stripe payment intent id
-    # @param amount_in_cents [Integer] the amount in cents
-    # @param order [Spree::Order] the order to update the payment intent for
-    # @param payment_method_id [String] Stripe payment method id to use, eg. a card token
-    # @return [ActiveMerchant::Billing::Response] the response from the payment intent update
-    def update_payment_intent(payment_intent_id, amount_in_cents, order, payment_method_id = nil)
-      protect_from_error do
-        payload = SpreeStripe::PaymentIntentPresenter.new(
-          amount: amount_in_cents,
-          order: order,
-          customer: fetch_or_create_customer(order: order)&.profile_id,
-          payment_method_id: payment_method_id
-        ).call.slice(:amount, :currency, :payment_method, :shipping, :customer)
-
-        response = send_request { |opts| Stripe::PaymentIntent.update(payment_intent_id, payload, opts) }
-
-        success(response.id, response)
-      end
-    end
-
-    def retrieve_payment_intent(payment_intent_id)
-      send_request { |opts| Stripe::PaymentIntent.retrieve({ id: payment_intent_id, expand: ['payment_method'] }, opts) }
-    end
-
-    def confirm_payment_intent(payment_intent_id)
-      send_request { |opts| Stripe::PaymentIntent.confirm(payment_intent_id, {}, opts) }
-    end
-
-    def capture_payment_intent(payment_intent_id, amount_in_cents)
-      send_request { |opts| Stripe::PaymentIntent.capture(payment_intent_id, { amount_to_capture: amount_in_cents }, opts) }
-    end
-
-    # Cancels a Stripe payment intent
-    #
-    # @param payment_intent_id [String] Stripe payment intent ID, eg. pi_123
-    def cancel_payment_intent(payment_intent_id)
-      send_request { |opts| Stripe::PaymentIntent.cancel(payment_intent_id, {}, opts) }
-    end
-
-    # Ensures a Stripe payment intent exists for Spree payment
-    #
-    # @param payment [Spree::Payment] the payment to ensure a payment intent exists for
-    # @param amount_in_cents [Integer] the amount in cents
-    # @param payment_source [Spree::CreditCard | Spree::PaymentSource] the payment source to use
-    # @return [Spree::Payment] the payment with the payment intent
-    def ensure_payment_intent_exists_for_payment(payment, amount_in_cents = nil, payment_source = nil)
-      return payment if payment.response_code.present?
-
-      amount_in_cents ||= payment.display_amount.cents
-      payment_source ||= payment.source
-
-      response = create_payment_intent(
-        amount_in_cents,
-        payment.order,
-        payment_method_id: payment_source.gateway_payment_profile_id,
-        off_session: true,
-        customer_profile_id: payment_source.gateway_customer_profile_id
-      )
-
-      payment.update_columns(
-        response_code: response.authorization,
-        updated_at: Time.current
-      )
-
-      payment
-    end
-
     def retrieve_charge(charge_id)
       send_request { |opts| Stripe::Charge.retrieve(charge_id, opts) }
     end
@@ -407,11 +315,11 @@ module SpreeStripe
     end
 
     def success(authorization, full_response)
-      ActiveMerchant::Billing::Response.new(true, nil, full_response.as_json, authorization: authorization)
+      Spree::PaymentResponse.new(true, nil, full_response.as_json, authorization: authorization)
     end
 
     def failure(error = nil)
-      ActiveMerchant::Billing::Response.new(false, error)
+      Spree::PaymentResponse.new(false, error)
     end
 
     def protect_from_error
@@ -430,6 +338,8 @@ module SpreeStripe
       stores.each do |store|
         RegisterDomainJob.perform_later(store.id, 'store')
 
+        next unless defined?(Spree::CustomDomain)
+
         store.custom_domains.each do |custom_domain|
           RegisterDomainJob.perform_later(custom_domain.id, 'custom_domain')
         end
@@ -445,11 +355,28 @@ module SpreeStripe
       SpreeStripe::CustomerPresenter.new(name: name, email: email, address: address).call
     end
 
-    def payment_intent_accepted_statuses(payment_intent)
-      statuses = %w[succeeded]
-      statuses << 'processing' if payment_intent_delayed_notification?(payment_intent)
-      statuses << 'requires_action' if payment_intent_charge_not_required?(payment_intent)
-      statuses
+    def verify_webhook_signature(raw_body, headers)
+      signature = headers['HTTP_STRIPE_SIGNATURE']
+      signing_secrets = webhook_signing_secrets
+
+      signing_secrets.each do |secret|
+        return Stripe::Webhook.construct_event(raw_body, signature, secret)
+      rescue Stripe::SignatureVerificationError
+        next
+      end
+
+      raise Spree::PaymentMethod::WebhookSignatureError, 'Invalid webhook signature'
+    end
+
+    def webhook_signing_secrets
+      secrets = SpreeStripe::WebhookKey
+        .joins(:payment_methods_webhook_keys)
+        .where(payment_methods_webhook_keys: { payment_method_id: id })
+        .pluck(:signing_secret)
+        .compact
+
+      secrets << ENV['STRIPE_SIGNING_SECRET'] if ENV['STRIPE_SIGNING_SECRET'].present?
+      secrets
     end
   end
 end

data/app/presenters/spree_stripe/statement_descriptor_suffix_presenter.rb

@@ -24,7 +24,7 @@ module SpreeStripe
 
     def stripped_order_description
       @stripped_order_description ||= begin
-        AnyAscii.transliterate(order_description)
+        I18n.transliterate(order_description)
                 .gsub(STATEMENT_DESCRIPTOR_NOT_ALLOWED_CHARS, '')
                 .strip
                 .upcase[0...STATEMENT_DESCRIPTOR_MAX_CHARS]

data/app/services/spree_stripe/create_payment_intent.rb

@@ -11,8 +11,7 @@ module SpreeStripe
 
       return payment_intent if payment_intent.present?
 
-      # response is an ActiveMerchant::Billing::Response object
-      # https://github.com/activemerchant/active_merchant/blob/master/lib/active_merchant/billing/response.rb
+      # response is a Spree::PaymentResponse object
       response = gateway.create_payment_intent(
         amount,
         order,

data/app/services/spree_stripe/create_source.rb

@@ -37,7 +37,7 @@ module SpreeStripe
       when 'customer_balance', 'us_bank_account'
         SpreeStripe::PaymentSources::BankTransfer.create!(source_params)
       else
-        raise "[STRIPE] Unknown payment method #{stripe_payment_method_details.type}"
+        Spree::PaymentSource.create!(source_params)
       end
     end
 

data/app/services/spree_stripe/register_domain.rb

@@ -8,7 +8,7 @@ module SpreeStripe
       attributes_to_update = { stripe_apple_pay_domain_id: payment_method_domain.id }
 
       tld_length = model.url.split('.').length
-      if tld_length > 2 && model.is_a?(Spree::CustomDomain)
+      if tld_length > 2 && defined?(Spree::CustomDomain) && model.is_a?(Spree::CustomDomain)
         top_level_domain_name = model.url.split('.').last(tld_length - 1).join('.')
         top_level_domain = gateway.send_request { |opts| Stripe::PaymentMethodDomain.create({ domain_name: top_level_domain_name }, opts) }
         attributes_to_update[:stripe_top_level_domain_id] = top_level_domain.id

data/app/services/spree_stripe/webhook_handlers/payment_intent_payment_failed.rb

@@ -2,7 +2,19 @@ module SpreeStripe
   module WebhookHandlers
     class PaymentIntentPaymentFailed
       def call(event)
-        payment_intent = SpreeStripe::PaymentIntent.find_by(stripe_id: event.data.object.id)
+        stripe_id = event.data.object.id
+
+        # New system: PaymentSession
+        payment_session = Spree::PaymentSessions::Stripe.find_by(external_id: stripe_id)
+        if payment_session.present?
+          payment_session.fail if payment_session.can_fail?
+          order = payment_session.order
+          order.cancel! if !order.canceled? && order.can_cancel?
+          return
+        end
+
+        # Legacy system: PaymentIntent
+        payment_intent = SpreeStripe::PaymentIntent.find_by(stripe_id: stripe_id)
         return if payment_intent.nil?
 
         order = payment_intent.order

data/app/services/spree_stripe/webhook_handlers/payment_intent_succeeded.rb

@@ -2,8 +2,17 @@ module SpreeStripe
   module WebhookHandlers
     class PaymentIntentSucceeded
       def call(event)
-        payment_intent_data = event.data.object
-        payment_intent = SpreeStripe::PaymentIntent.find_by(stripe_id: payment_intent_data[:id])
+        stripe_id = event.data.object[:id]
+
+        # New system: PaymentSession
+        payment_session = Spree::PaymentSessions::Stripe.find_by(external_id: stripe_id)
+        if payment_session.present?
+          SpreeStripe::CompleteOrderFromSessionJob.set(wait: 10.seconds).perform_later(payment_session.id)
+          return
+        end
+
+        # Legacy system: PaymentIntent
+        payment_intent = SpreeStripe::PaymentIntent.find_by(stripe_id: stripe_id)
         return if payment_intent.nil?
 
         SpreeStripe::CompleteOrderJob.set(wait: 10.seconds).perform_later(payment_intent.id)

data/config/routes.rb

@@ -10,15 +10,17 @@ Spree::Core::Engine.add_routes do
   # Stripe webhooks
   mount StripeEvent::Engine, at: '/stripe'
 
-  # Storefront API
-  namespace :api, defaults: { format: 'json' } do
-    namespace :v2 do
-      namespace :storefront do
-        namespace :stripe do
-          resources :setup_intents, only: %i[create]
-          resources :payment_intents, only: %i[show create update] do
-            member do
-              patch :confirm
+  # Storefront API (only when spree_legacy_api_v2 gem is available)
+  if defined?(SpreeLegacyApiV2::Engine)
+    namespace :api, defaults: { format: 'json' } do
+      namespace :v2 do
+        namespace :storefront do
+          namespace :stripe do
+            resources :setup_intents, only: %i[create]
+            resources :payment_intents, only: %i[show create update] do
+              member do
+                patch :confirm
+              end
             end
           end
         end

data/lib/spree_stripe/configuration.rb

@@ -1,5 +1,7 @@
 module SpreeStripe
   class Configuration < Spree::Preferences::Configuration
     preference :supported_webhook_events, :array, default: %w[payment_intent.payment_failed payment_intent.succeeded setup_intent.succeeded]
+    preference :use_legacy_payment_intents, :boolean, default: false
+    preference :use_legacy_webhook_handlers, :boolean, default: false
   end
 end

data/lib/spree_stripe/engine.rb

@@ -7,6 +7,12 @@ module SpreeStripe
     # Add app/subscribers to autoload paths
     config.paths.add 'app/subscribers', eager_load: true
 
+    # Only load API controllers and serializers when spree_legacy_api_v2 gem is available
+    if defined?(SpreeLegacyApiV2::Engine)
+      config.autoload_paths << root.join('lib', 'spree_api_v2')
+      config.eager_load_paths << root.join('lib', 'spree_api_v2')
+    end
+
     # use rspec for tests
     config.generators do |g|
       g.test_framework :rspec
@@ -33,8 +39,13 @@ module SpreeStripe
     end
 
     def self.activate
-      Dir.glob(File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')) do |c|
-        Rails.configuration.cache_classes ? require(c) : load(c)
+      glob_paths = [File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')]
+      glob_paths << File.join(File.dirname(__FILE__), '../../lib/spree_api_v2/**/*_decorator*.rb') if defined?(SpreeLegacyApiV2::Engine)
+
+      glob_paths.each do |glob_path|
+        Dir.glob(glob_path) do |c|
+          Rails.configuration.cache_classes ? require(c) : load(c)
+        end
       end
     end
 

data/lib/spree_stripe/testing_support/factories/stripe_payment_session_factory.rb

@@ -0,0 +1,33 @@
+FactoryBot.define do
+  factory :stripe_payment_session, class: 'Spree::PaymentSessions::Stripe' do
+    order { create(:order_with_line_items) }
+    payment_method { create(:stripe_gateway, stores: [order.store]) }
+    amount { order.total }
+    currency { order.currency }
+    status { 'pending' }
+    type { 'Spree::PaymentSessions::Stripe' }
+    external_id { "pi_test_#{SecureRandom.hex(12)}" }
+    external_data { { 'client_secret' => "pi_secret_#{SecureRandom.hex(8)}" } }
+
+    trait :with_customer do
+      customer { order.user || create(:user) }
+      customer_external_id { "cus_#{SecureRandom.hex(8)}" }
+    end
+
+    trait :with_ephemeral_key do
+      external_data { { 'client_secret' => "pi_secret_#{SecureRandom.hex(8)}", 'ephemeral_key_secret' => "ek_test_#{SecureRandom.hex(8)}" } }
+    end
+
+    trait :processing do
+      status { 'processing' }
+    end
+
+    trait :completed do
+      status { 'completed' }
+    end
+
+    trait :failed do
+      status { 'failed' }
+    end
+  end
+end

data/lib/spree_stripe/version.rb

@@ -1,5 +1,5 @@
 module SpreeStripe
-  VERSION = '1.5.1'.freeze
+  VERSION = '1.6.0'.freeze
 
   def gem_version
     Gem::Version.new(VERSION)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_stripe
 version: !ruby/object:Gem::Version
-  version: 1.5.1
+  version: 1.6.0
 platform: ruby
 authors:
 - Vendo Connect Inc., Vendo Sp. z o.o.
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.4.0.beta
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.4.0.beta
 - !ruby/object:Gem::Dependency
   name: spree_admin
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.4.0.beta
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.3.0
+        version: 5.4.0.beta
 - !ruby/object:Gem::Dependency
   name: stripe
   requirement: !ruby/object:Gem::Requirement
@@ -166,9 +166,6 @@ files:
 - app/assets/images/payment_icons/banktransfer.svg
 - app/assets/images/payment_icons/link.svg
 - app/assets/images/payment_icons/sepadebit.svg
-- app/controllers/spree/api/v2/storefront/stripe/base_controller.rb
-- app/controllers/spree/api/v2/storefront/stripe/payment_intents_controller.rb
-- app/controllers/spree/api/v2/storefront/stripe/setup_intents_controller.rb
 - app/controllers/spree_stripe/apple_pay_domain_verification_controller.rb
 - app/controllers/spree_stripe/payment_intents_controller.rb
 - app/controllers/spree_stripe/store_controller_decorator.rb
@@ -180,16 +177,20 @@ files:
 - app/javascript/spree_stripe/controllers/stripe_controller.js
 - app/jobs/spree_stripe/attach_customer_to_credit_card_job.rb
 - app/jobs/spree_stripe/base_job.rb
+- app/jobs/spree_stripe/complete_order_from_session_job.rb
 - app/jobs/spree_stripe/complete_order_job.rb
 - app/jobs/spree_stripe/create_tax_transaction_job.rb
 - app/jobs/spree_stripe/create_webhook_endpoint_job.rb
 - app/jobs/spree_stripe/register_domain_job.rb
 - app/jobs/spree_stripe/update_customer_job.rb
+- app/models/spree/payment_sessions/stripe.rb
 - app/models/spree_stripe/base.rb
 - app/models/spree_stripe/calculators/stripe_tax.rb
 - app/models/spree_stripe/credit_card_decorator.rb
 - app/models/spree_stripe/custom_domain_decorator.rb
 - app/models/spree_stripe/gateway.rb
+- app/models/spree_stripe/gateway/payment_intents.rb
+- app/models/spree_stripe/gateway/payment_sessions.rb
 - app/models/spree_stripe/gateway_customer_decorator.rb
 - app/models/spree_stripe/order_decorator.rb
 - app/models/spree_stripe/payment_decorator.rb
@@ -214,24 +215,6 @@ files:
 - app/presenters/spree_stripe/payment_intent_presenter.rb
 - app/presenters/spree_stripe/statement_descriptor_suffix_presenter.rb
 - app/presenters/spree_stripe/tax_presenter.rb
-- app/serializers/spree/api/v2/platform/affirm_serializer.rb
-- app/serializers/spree/api/v2/platform/after_pay_serializer.rb
-- app/serializers/spree/api/v2/platform/alipay_serializer.rb
-- app/serializers/spree/api/v2/platform/ideal_serializer.rb
-- app/serializers/spree/api/v2/platform/klarna_serializer.rb
-- app/serializers/spree/api/v2/platform/link_serializer.rb
-- app/serializers/spree/api/v2/platform/przelewy24_serializer.rb
-- app/serializers/spree/api/v2/platform/sepa_debit_serializer.rb
-- app/serializers/spree/v2/storefront/affirm_serializer.rb
-- app/serializers/spree/v2/storefront/after_pay_serializer.rb
-- app/serializers/spree/v2/storefront/alipay_serializer.rb
-- app/serializers/spree/v2/storefront/ideal_serializer.rb
-- app/serializers/spree/v2/storefront/klarna_serializer.rb
-- app/serializers/spree/v2/storefront/link_serializer.rb
-- app/serializers/spree/v2/storefront/payment_intent_serializer.rb
-- app/serializers/spree/v2/storefront/przelewy24_serializer.rb
-- app/serializers/spree/v2/storefront/sepa_debit_serializer.rb
-- app/serializers/spree_stripe/v2/storefront/payment_method_serializer_decorator.rb
 - app/services/spree_stripe/complete_order.rb
 - app/services/spree_stripe/create_gateway_webhooks.rb
 - app/services/spree_stripe/create_payment.rb
@@ -258,6 +241,27 @@ files:
 - config/routes.rb
 - db/migrate/20250310152812_setup_spree_stripe_models.rb
 - lib/generators/spree_stripe/install/install_generator.rb
+- lib/spree_api_v2/spree/api/v2/platform/affirm_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/after_pay_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/alipay_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/ideal_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/klarna_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/link_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/przelewy24_serializer.rb
+- lib/spree_api_v2/spree/api/v2/platform/sepa_debit_serializer.rb
+- lib/spree_api_v2/spree/api/v2/storefront/stripe/base_controller.rb
+- lib/spree_api_v2/spree/api/v2/storefront/stripe/payment_intents_controller.rb
+- lib/spree_api_v2/spree/api/v2/storefront/stripe/setup_intents_controller.rb
+- lib/spree_api_v2/spree/v2/storefront/affirm_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/after_pay_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/alipay_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/ideal_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/klarna_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/link_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/payment_intent_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/przelewy24_serializer.rb
+- lib/spree_api_v2/spree/v2/storefront/sepa_debit_serializer.rb
+- lib/spree_api_v2/spree_stripe/v2/storefront/payment_method_serializer_decorator.rb
 - lib/spree_stripe.rb
 - lib/spree_stripe/configuration.rb
 - lib/spree_stripe/engine.rb
@@ -271,6 +275,7 @@ files:
 - lib/spree_stripe/testing_support/factories/payment_intent_factory.rb
 - lib/spree_stripe/testing_support/factories/przelewy24_payment_source_factory.rb
 - lib/spree_stripe/testing_support/factories/sepa_debit_payment_source_factory.rb
+- lib/spree_stripe/testing_support/factories/stripe_payment_session_factory.rb
 - lib/spree_stripe/testing_support/factories/webhook_key_factory.rb
 - lib/spree_stripe/version.rb
 - vendor/javascript/@stripe--stripe-js--dist--pure.esm.js.js
@@ -279,9 +284,9 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/spree/spree_stripe/issues
-  changelog_uri: https://github.com/spree/spree_stripe/releases/tag/v1.5.1
+  changelog_uri: https://github.com/spree/spree_stripe/releases/tag/v1.6.0
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree_stripe/tree/v1.5.1
+  source_code_uri: https://github.com/spree/spree_stripe/tree/v1.6.0
 rdoc_options: []
 require_paths:
 - lib
@@ -289,7 +294,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.0'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="