krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-14 13:17:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix issue where subs would be applied multiple times

Browse Source
This commit is contained in:
Phillip Thelen
2022-11-02 16:36:09 +01:00
committed by Phillip Thelen
parent cf75d941fa
commit 0dd25b6431
2 changed files with 68 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
test/api/unit/libs/payments/apple.test.js
View File

@@ -415,26 +415,72 @@ describe('Apple Payments', () => {
} }
}); });
it('errors when a user is using the same subscription', async () => { describe('does not apply multiple times', async () => {
payments.createSubscription.restore(); it('errors when a user is using the same subscription', async () => {
iap.getPurchaseData.restore(); payments.createSubscription.restore();
iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData') iap.getPurchaseData.restore();
.returns([{ iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
expirationDate: moment.utc().add({ day: 1 }).toDate(), .returns([{
productId: sku, expirationDate: moment.utc().add({ day: 1 }).toDate(),
transactionId: token, productId: sku,
originalTransactionId: token, transactionId: token,
}]); originalTransactionId: token,
}]);
await applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing);
await expect(applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing))
.to.eventually.be.rejected.and.to.eql({
httpCode: 401,
name: 'NotAuthorized',
message: applePayments.constants.RESPONSE_ALREADY_USED,
});
});
await applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing); it('errors when a user is using a rebill of the same subscription', async () => {
payments.createSubscription.restore();
iap.getPurchaseData.restore();
iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
.returns([{
expirationDate: moment.utc().add({ day: 1 }).toDate(),
productId: sku,
transactionId: token + 'renew',
originalTransactionId: token,
}]);
await expect(applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing)) await applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing);
.to.eventually.be.rejected.and.to.eql({
httpCode: 401, await expect(applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing))
name: 'NotAuthorized', .to.eventually.be.rejected.and.to.eql({
message: applePayments.constants.RESPONSE_ALREADY_USED, httpCode: 401,
}); name: 'NotAuthorized',
message: applePayments.constants.RESPONSE_ALREADY_USED,
});
});
it('errors when a different user is using the subscription', async () => {
payments.createSubscription.restore();
iap.getPurchaseData.restore();
iapGetPurchaseDataStub = sinon.stub(iap, 'getPurchaseData')
.returns([{
expirationDate: moment.utc().add({ day: 1 }).toDate(),
productId: sku,
transactionId: token,
originalTransactionId: token,
}]);
await applePayments.subscribe(sku, user, receipt, headers, nextPaymentProcessing);
const secondUser = new User();
await expect(applePayments.subscribe(sku, secondUser, receipt, headers, nextPaymentProcessing))
.to.eventually.be.rejected.and.to.eql({
httpCode: 401,
name: 'NotAuthorized',
message: applePayments.constants.RESPONSE_ALREADY_USED,
});
});
}); });
}); });
describe('cancelSubscribe ', () => { describe('cancelSubscribe ', () => {

6
website/server/libs/payments/apple.js
View File

@@ -124,12 +124,16 @@ api.subscribe = async function subscribe (sku, user, receipt, headers, nextPayme
throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED); throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED);
} }
existingSub = shared.content.subscriptionBlocks[user.purchased.plan.planId]; existingSub = shared.content.subscriptionBlocks[user.purchased.plan.planId];
if (existingSub === sub) {
throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED);
}
} }
const existingUser = await User.findOne({ const existingUser = await User.findOne({
'purchased.plan.customerId': originalTransactionId, 'purchased.plan.customerId': originalTransactionId,
}).exec(); }).exec();
if (existingUser if (existingUser
&& (originalTransactionId === newTransactionId || existingUser._id !== user._id)) { && (originalTransactionId === newTransactionId
|| existingUser._id !== user._id)) {
throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED); throw new NotAuthorized(this.constants.RESPONSE_ALREADY_USED);
} }