Move payment authorization to StripeController

This Stripe-payment-authorizing logic is used by backoffice and subscriptions orders (but not the checkout), and was previously being handled by the #show action in Spree::OrdersController. It involves the user being redirected back to OFN after visiting a Stripe URL.
2026-02-28 01:53:25 +00:00 · 2021-12-31 14:02:02 +00:00
parent 6c2b623f8b
commit 12f7fc98fa
3 changed files with 35 additions and 15 deletions
--- a/app/controllers/payment_gateways/stripe_controller.rb
+++ b/app/controllers/payment_gateways/stripe_controller.rb
@@ -13,8 +13,42 @@ module PaymentGateways
      process_payment_completion!
    end

+    def authorize
+      load_order_for_authorization
+
+      return unless params.key?("payment_intent")
+
+      result = ProcessPaymentIntent.new(params["payment_intent"], @order).call!
+
+      unless result.ok?
+        flash.now[:error] = "#{I18n.t('payment_could_not_process')}. #{result.error}"
+      end
+
+      redirect_to order_path(@order)
+    end
+
    private

+    def load_order_for_authorization
+      require_order_authentication!
+
+      session[:access_token] ||= params[:order_token]
+      @order = Spree::Order.find_by(number: params[:id]) || current_order
+
+      if @order
+        authorize! :edit, @order, session[:access_token]
+      else
+        authorize! :create, Spree::Order
+      end
+    end
+
+    def require_order_authentication!
+      return if session[:access_token] || params[:order_token] || spree_current_user
+
+      flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
+      redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
+    end
+
    def validate_stock
      return if sufficient_stock?

--- a/app/controllers/spree/orders_controller.rb
+++ b/app/controllers/spree/orders_controller.rb
@@ -25,8 +25,6 @@ module Spree

    def show
      @order = Spree::Order.find_by!(number: params[:id])
-
-      handle_stripe_response
    end

    def empty
@@ -122,19 +120,6 @@ module Spree
      end
    end

-    # Stripe can redirect here after a payment is processed in the backoffice.
-    # We verify if it was successful here and persist the changes.
-    def handle_stripe_response
-      return unless params.key?("payment_intent")
-
-      result = ProcessPaymentIntent.new(params["payment_intent"], @order).call!
-
-      unless result.ok?
-        flash.now[:error] = "#{I18n.t('payment_could_not_process')}. #{result.error}"
-      end
-      @order.reload
-    end
-
    def filter_order_params
      if params[:order] && params[:order][:line_items_attributes]
        params[:order][:line_items_attributes] =
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -75,6 +75,7 @@ Openfoodnetwork::Application.routes.draw do
    get "/paypal/cancel", to: "paypal#cancel", as: :cancel_paypal

    get "/stripe/confirm", to: "stripe#confirm", as: :confirm_stripe
+    get "/stripe/authorize", to: "stripe#authorize", as: :authorize_stripe
  end

  constraints SplitCheckoutConstraint.new do