Allow providing an existing payment during the checkout#4909
Conversation
github-actions
Bot
added
the
changelog:solidus_core
Codecov Report
@@ Coverage Diff @@
## master #4909 +/- ##
=======================================
Coverage 86.69% 86.70%
=======================================
Files 578 578
Lines 14673 14679 +6
=======================================
+ Hits 12721 12727 +6
Misses 1952 1952
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
waiting-for-dev
left a comment
waiting-for-dev
left a comment
There was a problem hiding this comment.
Thanks for tackling the improvement of the payment system, @elia. That's not an easy task! 🙂
I left a couple of minor comments. However, I'm concerned about the security repercusions of this change. If I understand well, the payment id could come from the attributes submitted by the user. I see that they are scoped from the payments belonging to the order. At the very least, we should add a test for that, ensuring that no other existent payment can be used. However, do you think it could create some mess in the case a user provides the id for a failed payment, or any other edge case that could be exploited?
elia
force-pushed
the
elia/existing-payment-support
branch
2 times, most recently
from
49d3d91 to
cabfa3f
Compare
Yes, this is mainly a tool for payment methods to create the payment before (or while) the payment page is shown.
I'll add one 👍
Currently Solidus allows completing an order even with a payment with a status of I think being able to provide existing payments associated to the order shouldn't change much, except not creating a new one, since the existing payments are already associated and count toward the balance. |
| # * :source_attributes Attributes used to build the source of this payment. Usually a {CreditCard} | ||
| # * :wallet_payment_source_id (Integer): The id of a {WalletPaymentSource} to use | ||
| # @param request_env [Hash] rack env of user creating the payment | ||
| # @param payment [Payment] Internal use only. Instead of making a new payment, change the attributes for an existing one. |
There was a problem hiding this comment.
If this is deprecated now, we should mark it as such in the YARD documentation
|
|
||
| # @param order [Order] The order for the new payment | ||
| # @param attributes [Hash,ActionController::Parameters] attributes which are assigned to the new payment | ||
| # * :payment_method_id Id of payment method used for this payment |
There was a problem hiding this comment.
What about adding documentation for the new id attribute, required in case we want to use an existing payment?
| end | ||
| end | ||
|
|
||
| context 'with an unknown payment' do |
There was a problem hiding this comment.
What if we add a test of a payment coming from another order as well?
| @order = order | ||
| @payment = payment | ||
|
|
||
| if payment != PAYMENT_NOT_PROVIDED |
There was a problem hiding this comment.
Why not just if payment.present? here?
It's not being used anywhere in solidus, despite the inline comments saying it's for internal use.
elia
force-pushed
the
elia/existing-payment-support
branch
from
cabfa3f to
99483d4
Compare
github-actions
Bot
added
the
changelog:solidus_api
This allows modern payment methods (relying on tokens and frontend confirmation) to have a record on solidus' side that can track events and the payment status. Creating a payment before or during the payment step of the checkout was already possible, but resulted in an additional payment to be created before transitioning to the confirm step and invalidating all previous payments. This way it can simply be provided via its id, and fetched from the payments currently associated with the order. If payment methods will handle their own payment creation in the future we can distance ourselves from the credit-card coupled code and have a generic payment interface that can better serve modern payment methods.
elia
force-pushed
the
elia/existing-payment-support
branch
from
99483d4 to
c53e2ab
Compare
For payments `checkout` is the initial state before any attempt at paying is done, so the `checkout` state should not be considered as "valid". Although we're not providing an official HTML frontend with the main gem we're still providing a REST API interface.
elia
force-pushed
the
elia/existing-payment-support
branch
from
c53e2ab to
76f9d30
Compare
|
Was split into other PRs |
3 participants
Summary
This allows modern payment methods (relying on tokens and frontend confirmation) to have a record on solidus' side that can track events and the payment status.
Creating a payment before or during the payment step of the checkout was already possible, but resulted in an additional payment to be created before transitioning to the confirm step and invalidating all previous payments.
This way it can simply be provided via its id, and fetched from the payments currently associated with the order.
If payment methods will handle their own payment creation in the future we can distance ourselves from the credit-card coupled code and have a generic payment interface that can better serve modern payment methods.
Related:
Checklist
Check out our PR guidelines for more details.
The following are mandatory for all PRs:
The following are not always needed: