From 527f4e2cb3906c6e6270d2a48b14c3ea90884a33 Mon Sep 17 00:00:00 2001
From: Andy Brett <andy@andybrett.com>
Date: Sat, 29 May 2021 10:56:00 -0700
Subject: [PATCH] move payment to requires_authorization if cvv_result is
 present

---
 app/controllers/spree/admin/payments_controller.rb          | 4 +++-
 app/models/spree/payment/processing.rb                      | 4 +++-
 .../order_management/order/stripe_sca_payment_authorize.rb  | 4 +++-
 .../order/stripe_sca_payment_authorize_spec.rb              | 2 +-
 spec/features/admin/payments_stripe_spec.rb                 | 2 +-
 spec/queries/payments_requiring_action_spec.rb              | 6 +++++-
 6 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/app/controllers/spree/admin/payments_controller.rb b/app/controllers/spree/admin/payments_controller.rb
index cd1f3a7b38..790be4fcee 100644
--- a/app/controllers/spree/admin/payments_controller.rb
+++ b/app/controllers/spree/admin/payments_controller.rb
@@ -175,7 +175,9 @@ module Spree
 
         @payment.authorize!(full_order_path(@payment.order))
 
-        raise Spree::Core::GatewayError, I18n.t('authorization_failure') unless @payment.pending?
+        unless @payment.pending? || @payment.requires_authorization?
+          raise Spree::Core::GatewayError, I18n.t('authorization_failure')
+        end
 
         return unless @payment.requires_authorization?
 
diff --git a/app/models/spree/payment/processing.rb b/app/models/spree/payment/processing.rb
index c66cda21b7..d4e0ba1af0 100644
--- a/app/models/spree/payment/processing.rb
+++ b/app/models/spree/payment/processing.rb
@@ -236,7 +236,9 @@ module Spree
             if response.cvv_result
               self.cvv_response_code = response.cvv_result['code']
               self.cvv_response_message = response.cvv_result['message']
-              self.require_authorization if self.cvv_response_message.present?
+              if self.cvv_response_message.present?
+                return self.require_authorization!
+              end
             end
           end
           __send__("#{success_state}!")
diff --git a/engines/order_management/app/services/order_management/order/stripe_sca_payment_authorize.rb b/engines/order_management/app/services/order_management/order/stripe_sca_payment_authorize.rb
index 4739c1a357..80f5364490 100644
--- a/engines/order_management/app/services/order_management/order/stripe_sca_payment_authorize.rb
+++ b/engines/order_management/app/services/order_management/order/stripe_sca_payment_authorize.rb
@@ -15,7 +15,9 @@ module OrderManagement
 
         @payment.authorize!(redirect_url)
 
-        @order.errors.add(:base, I18n.t('authorization_failure')) unless @payment.pending?
+        unless @payment.pending? || @payment.requires_authorization?
+          @order.errors.add(:base, I18n.t('authorization_failure'))
+        end
 
         @payment
       end
diff --git a/engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb b/engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb
index 74a03dfcf4..00447c6d78 100644
--- a/engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb
+++ b/engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb
@@ -65,7 +65,7 @@ module OrderManagement
                 allow(PaymentMailer).to receive(:authorize_payment) { mail_mock }
                 allow(PaymentMailer).to receive(:authorization_required) { mail_mock }
                 allow(payment).to receive(:authorize!) {
-                  payment.state = "pending"
+                  payment.state = "requires_authorization"
                   payment.cvv_response_message = "https://stripe.com/redirect"
                 }
               end
diff --git a/spec/features/admin/payments_stripe_spec.rb b/spec/features/admin/payments_stripe_spec.rb
index a4467a4f5a..b07b049f0e 100644
--- a/spec/features/admin/payments_stripe_spec.rb
+++ b/spec/features/admin/payments_stripe_spec.rb
@@ -82,7 +82,7 @@ feature '
 
           expect(page).to have_link "StripeSCA"
           expect(page).to have_content "PENDING"
-          expect(OrderPaymentFinder.new(order.reload).last_payment.state).to eq "pending"
+          expect(OrderPaymentFinder.new(order.reload).last_payment.state).to eq "requires_authorization"
         end
       end
     end
diff --git a/spec/queries/payments_requiring_action_spec.rb b/spec/queries/payments_requiring_action_spec.rb
index a3af3af3cd..27bad63977 100644
--- a/spec/queries/payments_requiring_action_spec.rb
+++ b/spec/queries/payments_requiring_action_spec.rb
@@ -10,7 +10,11 @@ describe PaymentsRequiringAction do
   describe '#query' do
     context "payment has a cvv_response_message" do
       let(:payment) do
-        create(:payment, order: order, cvv_response_message: "https://stripe.com/redirect")
+        create(:payment,
+          order: order,
+          cvv_response_message: "https://stripe.com/redirect",
+          state: "requires_authorization"
+        )
       end
 
       it "finds the payment" do