Skip to content
This repository was archived by the owner on Apr 14, 2023. It is now read-only.

Set source payment_type in cc hosted fields #79

Closed
wants to merge 3 commits into from
Closed

Set source payment_type in cc hosted fields #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3618d86
Pending spec for setting credit card payment_type
tvdeyen May 3, 2017
fcd37c8
Set source payment_type in cc hosted fields
tvdeyen May 3, 2017
c6f5ec7
Validate payment_type on source
tvdeyen May 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/models/solidus_paypal_braintree/source.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ class Source < ApplicationRecord

belongs_to :customer, class_name: "SolidusPaypalBraintree::Customer"

validates :payment_type, inclusion: [PAYPAL, APPLE_PAY, CREDIT_CARD]

scope(:with_payment_profile, -> { joins(:customer) })
scope(:credit_card, -> { where(payment_type: CREDIT_CARD) })

Expand Down
1 change: 1 addition & 0 deletions app/views/spree/shared/_braintree_hosted_fields.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,6 @@
</div>

<div class="clear"></div>
<input type="hidden" name="<%= prefix %>[payment_type]" value="<%= SolidusPaypalBraintree::Source::CREDIT_CARD %>">
<input type="hidden" id="payment_method_nonce" name="<%= prefix %>[nonce]">
</div>
11 changes: 11 additions & 0 deletions db/migrate/20170508085402_add_not_null_constraint_to_sources_payment_type.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
class AddNotNullConstraintToSourcesPaymentType < ActiveRecord::Migration
def change
reversible do |dir|
dir.up do
SolidusPaypalBraintree::Source.where(payment_type: nil).
update_all(payment_type: 'CreditCard')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't accurate. Is there a scenario that generated nil payment_types in the past?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. All credit card payments. PayPal and ApplePay payments have this value set via JS tailored params.

Although this isn't accurate it's the only thing we can do about, besides not doing this at all of course.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, fair point.

end
end
change_column_null(:solidus_paypal_braintree_sources, :payment_type, false)
end
end
2 changes: 1 addition & 1 deletion lib/solidus_paypal_braintree/engine.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ class Engine < Rails::Engine

initializer "register_solidus_paypal_braintree_gateway", after: "spree.register.payment_methods" do |app|
app.config.spree.payment_methods << SolidusPaypalBraintree::Gateway
Spree::PermittedAttributes.source_attributes << :nonce
Spree::PermittedAttributes.source_attributes.concat [:nonce, :payment_type]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value isn't whitelisted and can be modified by users. Further if we know the payment type in advance, we should probably avoid requiring it to be set in the form.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value isn't whitelisted and can be modified by users.

I need to whitelist it, otherwise I can not pass it into the controller from the view where the value needs top be set, as we don't know the type upfront.

Further if we know the payment type in advance, we should probably avoid requiring it to be set in the form.

We don't know the type upfront. I didn't find any code that guarantees this. Maybe you can point me to?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to whitelist it, otherwise I can not pass it into the controller from the view where the value needs top be set, as we don't know the type upfront.

I meant that the value isn't whitelisted. I can insert "lol" into this field and it would save correctly. We should probably add an inclusion validation to the model to prevent this.

We don't know the type upfront. I didn't find any code that guarantees this. Maybe you can point me to?

Once we have the token, payment_method.braintree.payment_method.find(source.token).is_a?(Braintree::PaypalAccount)

As we only use this for display purposes, I no longer think that's worth doing though.

end

def self.activate
Expand Down
2 changes: 1 addition & 1 deletion spec/controllers/solidus_paypal_braintree/checkouts_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
"payment_method_id" => payment_method.id,
"source_attributes" => {
"nonce" => "fake-paypal-future-nonce",
"payment_type" => "PayPal"
"payment_type" => SolidusPaypalBraintree::Source::PAYPAL
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion spec/controllers/solidus_paypal_braintree/transactions_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
{
transaction: {
nonce: "fake-valid-nonce",
payment_type: "MonopolyMoney",
payment_type: SolidusPaypalBraintree::Source::PAYPAL,
phone: "1112223333",
email: "[email protected]",
address_attributes: {
Expand Down
211 changes: 111 additions & 100 deletions spec/fixtures/cassettes/checkout/resubmit_credit_card.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading