From 207e3476e6379c6706dcbbb1e45f061678d70629 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sun, 19 Mar 2017 20:05:50 +0100 Subject: [PATCH 1/7] add stripe webhook to handle cancelled subscriptions --- .../script/content/subscriptionBlocks.js | 16 ++++- .../controllers/top-level/payments/stripe.js | 10 +++ website/server/libs/stripePayments.js | 72 ++++++++++++++++++- .../views/options/settings/subscription.jade | 2 +- 4 files changed, 96 insertions(+), 4 deletions(-) diff --git a/website/common/script/content/subscriptionBlocks.js b/website/common/script/content/subscriptionBlocks.js index 77d5bae437..f3131cb5a5 100644 --- a/website/common/script/content/subscriptionBlocks.js +++ b/website/common/script/content/subscriptionBlocks.js @@ -3,35 +3,47 @@ import each from 'lodash/each'; let subscriptionBlocks = { basic_earned: { + target: 'user', + canSubscribe: true, months: 1, price: 5, }, basic_3mo: { + target: 'user', + canSubscribe: true, months: 3, price: 15, }, basic_6mo: { + target: 'user', + canSubscribe: true, months: 6, price: 30, }, google_6mo: { + target: 'user', + canSubscribe: true, months: 6, price: 24, discount: true, original: 30, }, basic_12mo: { + target: 'user', + canSubscribe: true, months: 12, price: 48, }, group_monthly: { - type: 'group', + target: 'group', + canSubscribe: true, months: 1, price: 9, quantity: 3, // Default quantity for Stripe - The same as having 3 user subscriptions }, group_plan_auto: { - type: 'group', + target: 'user', + canSubscribe: false, months: 0, price: 0, quantity: 1, diff --git a/website/server/controllers/top-level/payments/stripe.js b/website/server/controllers/top-level/payments/stripe.js index 7ec1fdd5ef..a79992a2e2 100644 --- a/website/server/controllers/top-level/payments/stripe.js +++ b/website/server/controllers/top-level/payments/stripe.js @@ -87,4 +87,14 @@ api.subscribeCancel = { }, }; +api.handleWebhooks = { + method: 'POST', + url: '/stripe/webhook', + async handler (req, res) { + await stripePayments.handleWebhooks({requestBody: req.body}); + + return res.respond(200, {}); + }, +}; + module.exports = api; diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index 4f8b96aa47..64555318fe 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -2,7 +2,7 @@ import stripeModule from 'stripe'; import nconf from 'nconf'; import cc from 'coupon-code'; import moment from 'moment'; - +import logger from './logger'; import { BadRequest, NotAuthorized, @@ -270,4 +270,74 @@ api.chargeForAdditionalGroupMember = async function chargeForAdditionalGroupMemb group.purchased.plan.quantity = group.memberCount + plan.quantity - 1; }; +/** + * Handle webhooks from stripes + * + * @param options + * @param options.user The user object who is purchasing + * @param options.groupId The id of the group purchasing a subscription + * + * @return undefined + */ +api.handleWebhooks = async function handleWebhooks (options, stripeInc) { + let {requestBody} = options; + + // @TODO: We need to mock this, but curently we don't have correct Dependency Injection. And the Stripe Api doesn't seem to be a singleton? + let stripeApi = stripe; + if (stripeInc) stripeApi = stripeInc; + + const eventJSON = JSON.parse(requestBody); + + // Verify the event by fetching it from Stripe + const event = await stripeApi.events.retrieve(eventJSON.id); + + switch (event.type) { + case 'customer.subscription.deleted': { + // event.request === null means that the user itself cancelled the subscrioption, + // the cancellation on our side has been already handled + if (event.request === null) break; + + const subscription = event.data.object; + const customerId = subscription.customer; + const isGroupSub = shared.content.subscriptionBlocks[subscription.plan.id].target === 'group'; + + let user; + let groupId; + + if (isGroupSub) { + let groupFields = basicGroupFields.concat(' purchased'); + let group = await Group.findOne({ + 'purchased.plan.customerId': customerId, + paymentMethod: this.constants.PAYMENT_METHOD, + }).select(groupFields).exec(); + + if (!group) throw new NotFound(i18n.t('groupNotFound')); + groupId = group._id; + + user = await User.findById(group.leader).exec(); + } else { + user = await User.findOne({ + 'purchased.plan.customerId': customerId, + paymentMethod: this.constants.PAYMENT_METHOD, + }).exec(); + } + + if (!user) throw new NotFound(i18n.t('groupNotFound')); + + await stripeApi.customers.del(customerId); + + await payments.cancelSubscription({ + user, + groupId, + paymentMethod: this.constants.PAYMENT_METHOD, + }); + break; + } + default: { + logger.error(new Error(`Missing handler for Stripe webhook ${event.type}`), {eventJSON}); + } + } +}; + + module.exports = api; diff --git a/website/views/options/settings/subscription.jade b/website/views/options/settings/subscription.jade index b810700551..ed06f1ac6e 100644 --- a/website/views/options/settings/subscription.jade +++ b/website/views/options/settings/subscription.jade @@ -31,7 +31,7 @@ script(id='partials/options.settings.subscription.html',type='text/ng-template', div(ng-if='!user.purchased.plan.customerId || (user.purchased.plan.customerId && user.purchased.plan.dateTerminated)') h4(ng-if='(user.purchased.plan.customerId && user.purchased.plan.dateTerminated)')= env.t("resubscribe") .form-group.reduce-top-margin - .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.type !== 'group'") + .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.target !== 'group' && block.canSubscribe === true") label input(type="radio", name="subRadio", ng-value="block.key", ng-model='_subscription.key') span(ng-show='block.original') From f3fab88f0bc0ea6ee29e9c4911547702a819ae37 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sun, 19 Mar 2017 20:08:14 +0100 Subject: [PATCH 2/7] add console.log statements for debugging --- website/server/libs/stripePayments.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index 64555318fe..476c2d6e7f 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -287,9 +287,11 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { if (stripeInc) stripeApi = stripeInc; const eventJSON = JSON.parse(requestBody); + console.log(eventJSON); // Verify the event by fetching it from Stripe const event = await stripeApi.events.retrieve(eventJSON.id); + console.log(event); switch (event.type) { case 'customer.subscription.deleted': { @@ -305,6 +307,7 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { let groupId; if (isGroupSub) { + console.log('is group sub'); let groupFields = basicGroupFields.concat(' purchased'); let group = await Group.findOne({ 'purchased.plan.customerId': customerId, @@ -316,6 +319,7 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { user = await User.findById(group.leader).exec(); } else { + console.log('is not group sub'); user = await User.findOne({ 'purchased.plan.customerId': customerId, paymentMethod: this.constants.PAYMENT_METHOD, @@ -324,13 +328,21 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { if (!user) throw new NotFound(i18n.t('groupNotFound')); + console.log('groupId', groupId); + console.log('userId', user._id); + await stripeApi.customers.del(customerId); + console.log('deleted stripe customer'); + await payments.cancelSubscription({ user, groupId, paymentMethod: this.constants.PAYMENT_METHOD, }); + + console.log('cancelled subscription'); + break; } default: { From 771d8f492ac2bd5c87bd3162559ccf2791da115f Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sun, 19 Mar 2017 20:20:05 +0100 Subject: [PATCH 3/7] update stripe webhooks url --- website/server/controllers/top-level/payments/stripe.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/server/controllers/top-level/payments/stripe.js b/website/server/controllers/top-level/payments/stripe.js index a79992a2e2..b684b20c91 100644 --- a/website/server/controllers/top-level/payments/stripe.js +++ b/website/server/controllers/top-level/payments/stripe.js @@ -89,7 +89,7 @@ api.subscribeCancel = { api.handleWebhooks = { method: 'POST', - url: '/stripe/webhook', + url: '/stripe/webhooks', async handler (req, res) { await stripePayments.handleWebhooks({requestBody: req.body}); From 9d456e934c16169fd652e2e7d70e49b932e11558 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sun, 19 Mar 2017 21:31:06 +0100 Subject: [PATCH 4/7] remove un-necessary JSON.parse --- website/server/libs/stripePayments.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index 476c2d6e7f..a5ac73ae8b 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -286,11 +286,8 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { let stripeApi = stripe; if (stripeInc) stripeApi = stripeInc; - const eventJSON = JSON.parse(requestBody); - console.log(eventJSON); - // Verify the event by fetching it from Stripe - const event = await stripeApi.events.retrieve(eventJSON.id); + const event = await stripeApi.events.retrieve(requestBody.id); console.log(event); switch (event.type) { From 625077fc1aed638709000637ce7b9a9acbb15e06 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sat, 25 Mar 2017 17:22:28 +0100 Subject: [PATCH 5/7] add tests and fix bugs --- test/api/v3/unit/libs/stripePayments.test.js | 236 +++++++++++++++++++ website/server/libs/stripePayments.js | 8 +- 2 files changed, 240 insertions(+), 4 deletions(-) diff --git a/test/api/v3/unit/libs/stripePayments.test.js b/test/api/v3/unit/libs/stripePayments.test.js index 6d1cc31a86..62d010202c 100644 --- a/test/api/v3/unit/libs/stripePayments.test.js +++ b/test/api/v3/unit/libs/stripePayments.test.js @@ -10,6 +10,8 @@ import { model as Coupon } from '../../../../../website/server/models/coupon'; import stripePayments from '../../../../../website/server/libs/stripePayments'; import payments from '../../../../../website/server/libs/payments'; import common from '../../../../../website/common'; +import logger from '../../../../../website/server/libs/logger'; +import { v4 as uuid } from 'uuid'; const i18n = common.i18n; @@ -759,4 +761,238 @@ describe('Stripe Payments', () => { expect(updatedGroup.purchased.plan.quantity).to.eql(4); }); }); + + describe('handleWebhooks', () => { + describe('all events', () => { + const eventType = 'account.updated'; + const event = {id: 123}; + const eventRetrieved = {type: eventType}; + + beforeEach(() => { + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved); + sinon.stub(logger, 'error'); + }); + + afterEach(() => { + stripe.events.retrieve.restore(); + logger.error.restore(); + }); + + it('logs an error if an unsupported webhook event is passed', async () => { + const error = new Error(`Missing handler for Stripe webhook ${eventType}`); + await stripePayments.handleWebhooks({requestBody: event}, stripe); + expect(logger.error).to.have.been.called.once; + expect(logger.error).to.have.been.calledWith(error, {event: eventRetrieved}); + }); + + it('retrieves and validates the event from Stripe', async () => { + await stripePayments.handleWebhooks({requestBody: event}, stripe); + expect(stripe.events.retrieve).to.have.been.called.once; + expect(stripe.events.retrieve).to.have.been.calledWith(event.id); + }); + }); + + describe('customer.subscription.deleted', () => { + const eventType = 'customer.subscription.deleted'; + + beforeEach(() => { + sinon.stub(stripe.customers, 'del').returnsPromise().resolves({}); + sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({}); + }); + + afterEach(() => { + stripe.customers.del.restore(); + payments.cancelSubscription.restore(); + }); + + it('does not do anything if event.request is null (subscription cancelled manually)', async () => { + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + request: null, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.events.retrieve).to.have.been.called.once; + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + stripe.events.retrieve.restore(); + }); + + describe('user subscription', () => { + it('throws an error if the user is not found', async () => { + const customerId = 456; + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'basic_earned', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('userNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => { + const customerId = '456'; + + let subscriber = new User(); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'basic_earned', + }, + customer: customerId, + }, + }, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.customers.del).to.have.been.calledOnce; + expect(stripe.customers.del).to.have.been.calledWith(customerId); + expect(payments.cancelSubscription).to.have.been.calledOnce; + + let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0]; + expect(cancelSubscriptionOpts.user._id).to.equal(subscriber._id); + expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe'); + expect(cancelSubscriptionOpts.groupId).to.be.undefined; + + stripe.events.retrieve.restore(); + }); + }); + + describe('group plan subscription', () => { + it('throws an error if the group is not found', async () => { + const customerId = 456; + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('groupNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('throws an error if the group leader is not found', async () => { + const customerId = 456; + + let subscriber = generateGroup({ + name: 'test group', + type: 'guild', + privacy: 'public', + leader: uuid(), + }); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({ + message: i18n.t('userNotFound'), + httpCode: 404, + name: 'NotFound', + }); + + expect(stripe.customers.del).to.not.have.been.called; + expect(payments.cancelSubscription).to.not.have.been.called; + + stripe.events.retrieve.restore(); + }); + + it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => { + const customerId = '456'; + + let leader = new User(); + await leader.save(); + + let subscriber = generateGroup({ + name: 'test group', + type: 'guild', + privacy: 'public', + leader: leader._id, + }); + subscriber.purchased.plan.customerId = customerId; + subscriber.purchased.plan.paymentMethod = 'Stripe'; + await subscriber.save(); + + sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({ + id: 123, + type: eventType, + data: { + object: { + plan: { + id: 'group_monthly', + }, + customer: customerId, + }, + }, + }); + + await stripePayments.handleWebhooks({requestBody: {}}, stripe); + + expect(stripe.customers.del).to.have.been.calledOnce; + expect(stripe.customers.del).to.have.been.calledWith(customerId); + expect(payments.cancelSubscription).to.have.been.calledOnce; + + let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0]; + expect(cancelSubscriptionOpts.user._id).to.equal(leader._id); + expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe'); + expect(cancelSubscriptionOpts.groupId).to.equal(subscriber._id); + + stripe.events.retrieve.restore(); + }); + }); + }); + }); }); diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index a5ac73ae8b..a81b057a62 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -308,7 +308,7 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { let groupFields = basicGroupFields.concat(' purchased'); let group = await Group.findOne({ 'purchased.plan.customerId': customerId, - paymentMethod: this.constants.PAYMENT_METHOD, + 'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD, }).select(groupFields).exec(); if (!group) throw new NotFound(i18n.t('groupNotFound')); @@ -319,11 +319,11 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { console.log('is not group sub'); user = await User.findOne({ 'purchased.plan.customerId': customerId, - paymentMethod: this.constants.PAYMENT_METHOD, + 'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD, }).exec(); } - if (!user) throw new NotFound(i18n.t('groupNotFound')); + if (!user) throw new NotFound(i18n.t('userNotFound')); console.log('groupId', groupId); console.log('userId', user._id); @@ -343,7 +343,7 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { break; } default: { - logger.error(new Error(`Missing handler for Stripe webhook ${event.type}`), {eventJSON}); + logger.error(new Error(`Missing handler for Stripe webhook ${event.type}`), {event}); } } }; From 6e0341a4ff25517455c25add9584a6a9a1c4fbe1 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sat, 25 Mar 2017 17:33:35 +0100 Subject: [PATCH 6/7] add more logging --- website/server/controllers/top-level/payments/stripe.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/website/server/controllers/top-level/payments/stripe.js b/website/server/controllers/top-level/payments/stripe.js index b684b20c91..c5bc2e68de 100644 --- a/website/server/controllers/top-level/payments/stripe.js +++ b/website/server/controllers/top-level/payments/stripe.js @@ -91,7 +91,13 @@ api.handleWebhooks = { method: 'POST', url: '/stripe/webhooks', async handler (req, res) { - await stripePayments.handleWebhooks({requestBody: req.body}); + console.log('start handling webhook'); + + try { + await stripePayments.handleWebhooks({requestBody: req.body}); + } catch (err) { + console.log(err); + } return res.respond(200, {}); }, From fd9f3a32c49051c48d2a2c85a8724fa346b1713d Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Sat, 25 Mar 2017 17:48:46 +0100 Subject: [PATCH 7/7] fix linting --- .../server/controllers/top-level/payments/stripe.js | 8 +------- website/server/libs/stripePayments.js | 10 ---------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/website/server/controllers/top-level/payments/stripe.js b/website/server/controllers/top-level/payments/stripe.js index c5bc2e68de..b684b20c91 100644 --- a/website/server/controllers/top-level/payments/stripe.js +++ b/website/server/controllers/top-level/payments/stripe.js @@ -91,13 +91,7 @@ api.handleWebhooks = { method: 'POST', url: '/stripe/webhooks', async handler (req, res) { - console.log('start handling webhook'); - - try { - await stripePayments.handleWebhooks({requestBody: req.body}); - } catch (err) { - console.log(err); - } + await stripePayments.handleWebhooks({requestBody: req.body}); return res.respond(200, {}); }, diff --git a/website/server/libs/stripePayments.js b/website/server/libs/stripePayments.js index a81b057a62..eacd2f143b 100644 --- a/website/server/libs/stripePayments.js +++ b/website/server/libs/stripePayments.js @@ -288,7 +288,6 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { // Verify the event by fetching it from Stripe const event = await stripeApi.events.retrieve(requestBody.id); - console.log(event); switch (event.type) { case 'customer.subscription.deleted': { @@ -304,7 +303,6 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { let groupId; if (isGroupSub) { - console.log('is group sub'); let groupFields = basicGroupFields.concat(' purchased'); let group = await Group.findOne({ 'purchased.plan.customerId': customerId, @@ -316,7 +314,6 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { user = await User.findById(group.leader).exec(); } else { - console.log('is not group sub'); user = await User.findOne({ 'purchased.plan.customerId': customerId, 'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD, @@ -325,21 +322,14 @@ api.handleWebhooks = async function handleWebhooks (options, stripeInc) { if (!user) throw new NotFound(i18n.t('userNotFound')); - console.log('groupId', groupId); - console.log('userId', user._id); - await stripeApi.customers.del(customerId); - console.log('deleted stripe customer'); - await payments.cancelSubscription({ user, groupId, paymentMethod: this.constants.PAYMENT_METHOD, }); - console.log('cancelled subscription'); - break; } default: {