From f83d0a766f86896d211cc0ffebf361f9b0193abc Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 14 Nov 2021 11:39:36 +0000
Subject: [PATCH 1/2] Memoize Checkout#valid_payment_intent_provided?

---
 app/controllers/checkout_controller.rb | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/controllers/checkout_controller.rb b/app/controllers/checkout_controller.rb
index 6b0f08ba99..8567f30502 100644
--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -148,12 +148,14 @@ class CheckoutController < ::BaseController
   end
 
   def valid_payment_intent_provided?
-    return false unless params["payment_intent"]&.starts_with?("pi_")
+    @valid_payment_intent_provided ||= begin
+      return false unless params["payment_intent"]&.starts_with?("pi_")
 
-    last_payment = OrderPaymentFinder.new(@order).last_payment
-    @order.state == "payment" &&
-      last_payment&.state == "requires_authorization" &&
-      last_payment&.response_code == params["payment_intent"]
+      last_payment = OrderPaymentFinder.new(@order).last_payment
+      @order.state == "payment" &&
+        last_payment&.state == "requires_authorization" &&
+        last_payment&.response_code == params["payment_intent"]
+    end
   end
 
   def handle_redirect_from_stripe

From f8349434bf341da4e13676bdda97ca6c8fba7c6b Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 14 Nov 2021 14:33:31 +0000
Subject: [PATCH 2/2] Skip address setup logic if we're coming from Stripe

The code here runs from a callback which was originally designed to make sure the checkout page was set up correctly in the "normal" checkout workflow. It wasn't really designed to be run when the page is being loaded a second time due to the user being redirected back from Stripe (with SCA). The things it's doing here are necessary in the former case, but a really bad idea in the latter (potentially messing up the order's ship and bill addresses in certain cases like guest checkout).
---
 app/controllers/checkout_controller.rb       | 2 ++
 spec/controllers/checkout_controller_spec.rb | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/app/controllers/checkout_controller.rb b/app/controllers/checkout_controller.rb
index 8567f30502..fe392d5058 100644
--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -84,6 +84,8 @@ class CheckoutController < ::BaseController
     redirect_to(main_app.shop_path) && return if redirect_to_shop?
     handle_invalid_stock && return unless valid_order_line_items?
 
+    return if valid_payment_intent_provided?
+
     before_address
     setup_for_current_state
   end
diff --git a/spec/controllers/checkout_controller_spec.rb b/spec/controllers/checkout_controller_spec.rb
index 10bc625675..4c413727d4 100644
--- a/spec/controllers/checkout_controller_spec.rb
+++ b/spec/controllers/checkout_controller_spec.rb
@@ -210,6 +210,12 @@ describe CheckoutController, type: :controller do
           expect(response).to redirect_to order_path(order)
         end
 
+        it "does not attempt to load different addresses" do
+          expect(OpenFoodNetwork::AddressFinder).to_not receive(:new)
+
+          get :edit, params: { payment_intent: "pi_123" }
+        end
+
         it "creates a customer record" do
           order.update_columns(customer_id: nil)
           Customer.delete_all