diff --git a/test/api/v3/unit/libs/stripePayments.test.js b/test/api/v3/unit/libs/stripePayments.test.js index 6d1cc31a86..62d010202c 100644 --- a/test/api/v3/unit/libs/stripePayments.test.js +++ b/test/api/v3/unit/libs/stripePayments.test.js @@ -10,6 +10,8 @@ import { model as Coupon } from '../../../../../website/server/models/coupon'; import stripePayments from '../../../../../website/server/libs/stripePayments'; import payments from '../../../../../website/server/libs/payments'; import common from '../../../../../website/common'; +import logger from '../../../../../website/server/libs/logger'; +import { v4 as uuid } from 'uuid'; const i18n = common.i18n; @@ -759,4 +761,238 @@ describe('Stripe Payments', () => { expect(updatedGroup.purchased.plan.quantity).to.eql(4); }); }); + + describe('handleWebhooks', () => { + describe('all events', () => { + const eventType = 'account.updated'; + const event = {id: 123}; + const eventRetrieved = {type: eventType}; + + beforeEach(() => { + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved); + sinon.stub(logger, 'error'); + }); + + afterEach(() => { + stripe.events.retrieve.restore(); + logger.error.restore(); + }); + + it('logs an error if an unsupported webhook event is passed', async () => { + const error = new Error(`Missing handler for Stripe webhook ${eventType}`); + await stripePayments.handleWebhooks({requestBody: event}, stripe); + expect(logger.error).to.have.been.called.once; + expect(logger.error).to.have.been.calledWith(error, {event: eventRetrieved}); + }); + + it('retrieves and validates the event from Stripe', async () => { + await stripePayments.handleWebhooks({requestBody: event}, stripe); + expect(stripe.events.retrieve).to.have.been.called.once; + expect(stripe.events.retrieve).to.have.been.calledWith(event.id); + }); + }); + + describe('customer.subscription.deleted', () => { + const eventType = 'customer.subscription.deleted'; + + beforeEach(() => { + sinon.stub(stripe.customers, 'del').returnsPromise().resolves({}); + sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({}); + }); + + afterEach(() => { + stripe.customers.del.restore(); + payments.cancelSubscription.restore(); + }); + + it('does not do anything if event.request is null (subscription cancelled manually)', async () => { + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + request: null, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.events.retrieve).to.have.been.called.once; + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + stripe.events.retrieve.restore(); + }); + + describe('user subscription', () => { + it('throws an error if the user is not found', async () => { + const customerId = 456; + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'basic_earned', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('userNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => { + const customerId = '456'; + + let subscriber = new User(); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'basic_earned', + }, + customer: customerId, + }, + }, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.customers.del).to.have.been.calledOnce; + expect(stripe.customers.del).to.have.been.calledWith(customerId); + expect(payments.cancelSubscription).to.have.been.calledOnce; + + let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0]; + expect(cancelSubscriptionOpts.user._id).to.equal(subscriber._id); + expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe'); + expect(cancelSubscriptionOpts.groupId).to.be.undefined; + + stripe.events.retrieve.restore(); + }); + }); + + describe('group plan subscription', () => { + it('throws an error if the group is not found', async () => { + const customerId = 456; + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('groupNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('throws an error if the group leader is not found', async () => { + const customerId = 456; + + let subscriber = generateGroup({ + name: 'test group', + type: 'guild', + privacy: 'public', + leader: uuid(), + }); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('userNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => { + const customerId = '456'; + + let leader = new User(); + await leader.save(); + + let subscriber = generateGroup({ + name: 'test group', + type: 'guild', + privacy: 'public', + leader: leader._id, + }); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.customers.del).to.have.been.calledOnce; + expect(stripe.customers.del).to.have.been.calledWith(customerId); + expect(payments.cancelSubscription).to.have.been.calledOnce; + + let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0]; + expect(cancelSubscriptionOpts.user._id).to.equal(leader._id); + expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe'); + expect(cancelSubscriptionOpts.groupId).to.equal(subscriber._id); + + stripe.events.retrieve.restore(); + }); + }); + }); + }); }); diff --git a/website/common/script/content/subscriptionBlocks.js b/website/common/script/content/subscriptionBlocks.js index 77d5bae437..f3131cb5a5 100644 --- a/website/common/script/content/subscriptionBlocks.js +++ b/website/common/script/content/subscriptionBlocks.js @@ -3,35 +3,47 @@ import each from 'lodash/each'; let subscriptionBlocks = { basic_earned: { + target: 'user', + canSubscribe: true, months: 1, price: 5, }, basic_3mo: { + target: 'user', + canSubscribe: true, months: 3, price: 15, }, basic_6mo: { + target: 'user', + canSubscribe: true, months: 6, price: 30, }, google_6mo: { + target: 'user', + canSubscribe: true, months: 6, price: 24, discount: true, original: 30, }, basic_12mo: { + target: 'user', + canSubscribe: true, months: 12, price: 48, }, group_monthly: { - type: 'group', + target: 'group', + canSubscribe: true, months: 1, price: 9, quantity: 3, // Default quantity for Stripe - The same as having 3 user subscriptions }, group_plan_auto: { - type: 'group', + target: 'user', + canSubscribe: false, months: 0, price: 0, quantity: 1, diff --git a/website/server/controllers/top-level/payments/stripe.js b/website/server/controllers/top-level/payments/stripe.js index 7ec1fdd5ef..b684b20c91 100644 --- a/website/server/controllers/top-level/payments/stripe.js +++ b/website/server/controllers/top-level/payments/stripe.js @@ -87,4 +87,14 @@ api.subscribeCancel = { }, }; +api.handleWebhooks = { + method: 'POST', + url: '/stripe/webhooks', + async handler (req, res) { + await stripePayments.handleWebhooks({requestBody: req.body}); + + return res.respond(200, {}); + }, +}; + module.exports = api; diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index 4f8b96aa47..eacd2f143b 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -2,7 +2,7 @@ import stripeModule from 'stripe'; import nconf from 'nconf'; import cc from 'coupon-code'; import moment from 'moment'; - +import logger from './logger'; import { BadRequest, NotAuthorized, @@ -270,4 +270,73 @@ api.chargeForAdditionalGroupMember = async function chargeForAdditionalGroupMemb group.purchased.plan.quantity = group.memberCount + plan.quantity - 1; }; +/** + * Handle webhooks from stripes + * + * @param options + * @param options.user The user object who is purchasing + * @param options.groupId The id of the group purchasing a subscription + * + * @return undefined + */ +api.handleWebhooks = async function handleWebhooks (options, stripeInc) { + let {requestBody} = options; + + // @TODO: We need to mock this, but curently we don't have correct Dependency Injection. And the Stripe Api doesn't seem to be a singleton? + let stripeApi = stripe; + if (stripeInc) stripeApi = stripeInc; + + // Verify the event by fetching it from Stripe + const event = await stripeApi.events.retrieve(requestBody.id); + + switch (event.type) { + case 'customer.subscription.deleted': { + // event.request === null means that the user itself cancelled the subscrioption, + // the cancellation on our side has been already handled + if (event.request === null) break; + + const subscription = event.data.object; + const customerId = subscription.customer; + const isGroupSub = shared.content.subscriptionBlocks[subscription.plan.id].target === 'group'; + + let user; + let groupId; + + if (isGroupSub) { + let groupFields = basicGroupFields.concat(' purchased'); + let group = await Group.findOne({ + 'purchased.plan.customerId': customerId, + 'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD, + }).select(groupFields).exec(); + + if (!group) throw new NotFound(i18n.t('groupNotFound')); + groupId = group._id; + + user = await User.findById(group.leader).exec(); + } else { + user = await User.findOne({ + 'purchased.plan.customerId': customerId, + 'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD, + }).exec(); + } + + if (!user) throw new NotFound(i18n.t('userNotFound')); + + await stripeApi.customers.del(customerId); + + await payments.cancelSubscription({ + user, + groupId, + paymentMethod: this.constants.PAYMENT_METHOD, + }); + + break; + } + default: { + logger.error(new Error(`Missing handler for Stripe webhook ${event.type}`), {event}); + } + } +}; + + module.exports = api; diff --git a/website/views/options/settings/subscription.jade b/website/views/options/settings/subscription.jade index b810700551..ed06f1ac6e 100644 --- a/website/views/options/settings/subscription.jade +++ b/website/views/options/settings/subscription.jade @@ -31,7 +31,7 @@ script(id='partials/options.settings.subscription.html',type='text/ng-template', div(ng-if='!user.purchased.plan.customerId || (user.purchased.plan.customerId && user.purchased.plan.dateTerminated)') h4(ng-if='(user.purchased.plan.customerId && user.purchased.plan.dateTerminated)')= env.t("resubscribe") .form-group.reduce-top-margin - .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.type !== 'group'") + .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.target !== 'group' && block.canSubscribe === true") label input(type="radio", name="subRadio", ng-value="block.key", ng-model='_subscription.key') span(ng-show='block.original')