Merge branch 'stripe-webhook' into develop

test/api/v3/unit/libs/stripePayments.test.js

@@ -10,6 +10,8 @@ import { model as Coupon } from '../../../../../website/server/models/coupon';
 import stripePayments from '../../../../../website/server/libs/stripePayments';
 import payments from '../../../../../website/server/libs/payments';
 import common from '../../../../../website/common';
+import logger from '../../../../../website/server/libs/logger';
+import { v4 as uuid } from 'uuid';
 
 const i18n = common.i18n;
 
@@ -759,4 +761,238 @@ describe('Stripe Payments', () => {
       expect(updatedGroup.purchased.plan.quantity).to.eql(4);
     });
   });
+
+  describe('handleWebhooks', () => {
+    describe('all events', () => {
+      const eventType = 'account.updated';
+      const event = {id: 123};
+      const eventRetrieved = {type: eventType};
+
+      beforeEach(() => {
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves(eventRetrieved);
+        sinon.stub(logger, 'error');
+      });
+
+      afterEach(() => {
+        stripe.events.retrieve.restore();
+        logger.error.restore();
+      });
+
+      it('logs an error if an unsupported webhook event is passed', async () => {
+        const error = new Error(`Missing handler for Stripe webhook ${eventType}`);
+        await stripePayments.handleWebhooks({requestBody: event}, stripe);
+        expect(logger.error).to.have.been.called.once;
+        expect(logger.error).to.have.been.calledWith(error, {event: eventRetrieved});
+      });
+
+      it('retrieves and validates the event from Stripe', async () => {
+        await stripePayments.handleWebhooks({requestBody: event}, stripe);
+        expect(stripe.events.retrieve).to.have.been.called.once;
+        expect(stripe.events.retrieve).to.have.been.calledWith(event.id);
+      });
+    });
+
+    describe('customer.subscription.deleted', () => {
+      const eventType = 'customer.subscription.deleted';
+
+      beforeEach(() => {
+        sinon.stub(stripe.customers, 'del').returnsPromise().resolves({});
+        sinon.stub(payments, 'cancelSubscription').returnsPromise().resolves({});
+      });
+
+      afterEach(() => {
+        stripe.customers.del.restore();
+        payments.cancelSubscription.restore();
+      });
+
+      it('does not do anything if event.request is null (subscription cancelled manually)', async () => {
+        sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+          id: 123,
+          type: eventType,
+          request: null,
+        });
+
+        await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+        expect(stripe.events.retrieve).to.have.been.called.once;
+        expect(stripe.customers.del).to.not.have.been.called;
+        expect(payments.cancelSubscription).to.not.have.been.called;
+        stripe.events.retrieve.restore();
+      });
+
+      describe('user subscription', () => {
+        it('throws an error if the user is not found', async () => {
+          const customerId = 456;
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'basic_earned',
+                },
+                customer: customerId,
+              },
+            },
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('userNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+          const customerId = '456';
+
+          let subscriber = new User();
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'basic_earned',
+                },
+                customer: customerId,
+              },
+            },
+          });
+
+          await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+          expect(stripe.customers.del).to.have.been.calledOnce;
+          expect(stripe.customers.del).to.have.been.calledWith(customerId);
+          expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+          let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+          expect(cancelSubscriptionOpts.user._id).to.equal(subscriber._id);
+          expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+          expect(cancelSubscriptionOpts.groupId).to.be.undefined;
+
+          stripe.events.retrieve.restore();
+        });
+      });
+
+      describe('group plan subscription', () => {
+        it('throws an error if the group is not found', async () => {
+          const customerId = 456;
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('groupNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('throws an error if the group leader is not found', async () => {
+          const customerId = 456;
+
+          let subscriber = generateGroup({
+            name: 'test group',
+            type: 'guild',
+            privacy: 'public',
+            leader: uuid(),
+          });
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+          });
+
+          await expect(stripePayments.handleWebhooks({requestBody: {}}, stripe)).to.eventually.be.rejectedWith({
+            message: i18n.t('userNotFound'),
+            httpCode: 404,
+            name: 'NotFound',
+          });
+
+          expect(stripe.customers.del).to.not.have.been.called;
+          expect(payments.cancelSubscription).to.not.have.been.called;
+
+          stripe.events.retrieve.restore();
+        });
+
+        it('deletes the customer on Stripe and calls payments.cancelSubscription', async () => {
+          const customerId = '456';
+
+          let leader = new User();
+          await leader.save();
+
+          let subscriber = generateGroup({
+            name: 'test group',
+            type: 'guild',
+            privacy: 'public',
+            leader: leader._id,
+          });
+          subscriber.purchased.plan.customerId = customerId;
+          subscriber.purchased.plan.paymentMethod = 'Stripe';
+          await subscriber.save();
+
+          sinon.stub(stripe.events, 'retrieve').returnsPromise().resolves({
+            id: 123,
+            type: eventType,
+            data: {
+              object: {
+                plan: {
+                  id: 'group_monthly',
+                },
+                customer: customerId,
+              },
+            },
+          });
+
+          await stripePayments.handleWebhooks({requestBody: {}}, stripe);
+
+          expect(stripe.customers.del).to.have.been.calledOnce;
+          expect(stripe.customers.del).to.have.been.calledWith(customerId);
+          expect(payments.cancelSubscription).to.have.been.calledOnce;
+
+          let cancelSubscriptionOpts = payments.cancelSubscription.lastCall.args[0];
+          expect(cancelSubscriptionOpts.user._id).to.equal(leader._id);
+          expect(cancelSubscriptionOpts.paymentMethod).to.equal('Stripe');
+          expect(cancelSubscriptionOpts.groupId).to.equal(subscriber._id);
+
+          stripe.events.retrieve.restore();
+        });
+      });
+    });
+  });
 });

website/common/script/content/subscriptionBlocks.js

@@ -3,35 +3,47 @@ import each from 'lodash/each';
 
 let subscriptionBlocks = {
   basic_earned: {
+    target: 'user',
+    canSubscribe: true,
     months: 1,
     price: 5,
   },
   basic_3mo: {
+    target: 'user',
+    canSubscribe: true,
     months: 3,
     price: 15,
   },
   basic_6mo: {
+    target: 'user',
+    canSubscribe: true,
     months: 6,
     price: 30,
   },
   google_6mo: {
+    target: 'user',
+    canSubscribe: true,
     months: 6,
     price: 24,
     discount: true,
     original: 30,
   },
   basic_12mo: {
+    target: 'user',
+    canSubscribe: true,
     months: 12,
     price: 48,
   },
   group_monthly: {
-    type: 'group',
+    target: 'group',
+    canSubscribe: true,
     months: 1,
     price: 9,
     quantity: 3, // Default quantity for Stripe - The same as having 3 user subscriptions
   },
   group_plan_auto: {
-    type: 'group',
+    target: 'user',
+    canSubscribe: false,
     months: 0,
     price: 0,
     quantity: 1,

website/server/controllers/top-level/payments/stripe.js

@@ -87,4 +87,14 @@ api.subscribeCancel = {
   },
 };
 
+api.handleWebhooks = {
+  method: 'POST',
+  url: '/stripe/webhooks',
+  async handler (req, res) {
+    await stripePayments.handleWebhooks({requestBody: req.body});
+
+    return res.respond(200, {});
+  },
+};
+
 module.exports = api;

website/server/libs/stripePayments.js

@@ -2,7 +2,7 @@ import stripeModule from 'stripe';
 import nconf from 'nconf';
 import cc from 'coupon-code';
 import moment from 'moment';
-
+import logger from './logger';
 import {
   BadRequest,
   NotAuthorized,
@@ -270,4 +270,73 @@ api.chargeForAdditionalGroupMember = async function chargeForAdditionalGroupMemb
   group.purchased.plan.quantity = group.memberCount + plan.quantity - 1;
 };
 
+/**
+ * Handle webhooks from stripes
+ *
+ * @param  options
+ * @param  options.user  The user object who is purchasing
+ * @param  options.groupId  The id of the group purchasing a subscription
+ *
+ * @return undefined
+ */
+api.handleWebhooks = async function handleWebhooks (options, stripeInc) {
+  let {requestBody} = options;
+
+  // @TODO: We need to mock this, but curently we don't have correct Dependency Injection. And the Stripe Api doesn't seem to be a singleton?
+  let stripeApi = stripe;
+  if (stripeInc) stripeApi = stripeInc;
+
+  // Verify the event by fetching it from Stripe
+  const event = await stripeApi.events.retrieve(requestBody.id);
+
+  switch (event.type) {
+    case 'customer.subscription.deleted': {
+      // event.request === null means that the user itself cancelled the subscrioption,
+      // the cancellation on our side has been already handled
+      if (event.request === null) break;
+
+      const subscription = event.data.object;
+      const customerId = subscription.customer;
+      const isGroupSub = shared.content.subscriptionBlocks[subscription.plan.id].target === 'group';
+
+      let user;
+      let groupId;
+
+      if (isGroupSub) {
+        let groupFields = basicGroupFields.concat(' purchased');
+        let group = await Group.findOne({
+          'purchased.plan.customerId': customerId,
+          'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD,
+        }).select(groupFields).exec();
+
+        if (!group) throw new NotFound(i18n.t('groupNotFound'));
+        groupId = group._id;
+
+        user = await User.findById(group.leader).exec();
+      } else {
+        user = await User.findOne({
+          'purchased.plan.customerId': customerId,
+          'purchased.plan.paymentMethod': this.constants.PAYMENT_METHOD,
+        }).exec();
+      }
+
+      if (!user) throw new NotFound(i18n.t('userNotFound'));
+
+      await stripeApi.customers.del(customerId);
+
+      await payments.cancelSubscription({
+        user,
+        groupId,
+        paymentMethod: this.constants.PAYMENT_METHOD,
+      });
+
+      break;
+    }
+    default: {
+      logger.error(new Error(`Missing handler for Stripe webhook ${event.type}`), {event});
+    }
+  }
+};
+
+
 module.exports = api;

website/views/options/settings/subscription.jade

@@ -31,7 +31,7 @@ script(id='partials/options.settings.subscription.html',type='text/ng-template',
         div(ng-if='!user.purchased.plan.customerId || (user.purchased.plan.customerId && user.purchased.plan.dateTerminated)')
           h4(ng-if='(user.purchased.plan.customerId && user.purchased.plan.dateTerminated)')= env.t("resubscribe")
           .form-group.reduce-top-margin
-            .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.type !== 'group'")
+            .radio(ng-repeat='block in Content.subscriptionBlocks | toArray | omit: "discount==true" | orderBy:"months"', ng-if="block.target !== 'group' && block.canSubscribe === true")
               label
                 input(type="radio", name="subRadio", ng-value="block.key", ng-model='_subscription.key')
                 span(ng-show='block.original')