From 0648f5d412166ddc81cb3b007b83a2a34745e890 Mon Sep 17 00:00:00 2001
From: Phillip Thelen <viirus@pherth.net>
Date: Tue, 11 Feb 2020 19:58:11 +0100
Subject: [PATCH] Prevent server from cancelling still active subs (#11795)

* Prevent server from cancelling still active subs

* Allow subs to be cancelled before end date

* fix test

* fix test
---
 test/api/unit/libs/payments/google.test.js | 13 -------------
 website/server/libs/payments/google.js     |  5 +++--
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/test/api/unit/libs/payments/google.test.js b/test/api/unit/libs/payments/google.test.js
index c8383fa828..7b290f1106 100644
--- a/test/api/unit/libs/payments/google.test.js
+++ b/test/api/unit/libs/payments/google.test.js
@@ -278,19 +278,6 @@ describe('Google Payments', () => {
         });
     });
 
-    it('should throw an error if subscription is still valid', async () => {
-      iap.getPurchaseData.restore();
-      iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
-        .returns([{ expirationDate: expirationDate.add({ day: 1 }).toDate() }]);
-
-      await expect(googlePayments.cancelSubscribe(user, headers))
-        .to.eventually.be.rejected.and.to.eql({
-          httpCode: 401,
-          name: 'NotAuthorized',
-          message: googlePayments.constants.RESPONSE_STILL_VALID,
-        });
-    });
-
     it('should throw an error if receipt is invalid', async () => {
       iap.isValidated.restore();
       iapIsValidatedStub = sinon.stub(iap, 'isValidated')
diff --git a/website/server/libs/payments/google.js b/website/server/libs/payments/google.js
index 1ee218220f..eb7f6d790c 100644
--- a/website/server/libs/payments/google.js
+++ b/website/server/libs/payments/google.js
@@ -234,6 +234,9 @@ api.cancelSubscribe = async function cancelSubscribe (user, headers) {
     const purchases = iap.getPurchaseData(googleRes);
     if (purchases.length === 0) throw new NotAuthorized(this.constants.RESPONSE_INVALID_RECEIPT);
     const subscriptionData = purchases[0];
+    // Check to make sure the sub isn't active anymore.
+    if (subscriptionData.autoRenews) return;
+
     dateTerminated = new Date(Number(subscriptionData.expirationDate));
   } catch (err) {
     // Status:410 means that the subsctiption isn't active anymore and we can safely delete it
@@ -244,8 +247,6 @@ api.cancelSubscribe = async function cancelSubscribe (user, headers) {
     }
   }
 
-  if (dateTerminated > new Date()) throw new NotAuthorized(this.constants.RESPONSE_STILL_VALID);
-
   await payments.cancelSubscription({
     user,
     nextBill: dateTerminated,