From f6e3e01a109065fb73813c541d99fd6e70ed27f4 Mon Sep 17 00:00:00 2001 From: Luis Ramos Date: Fri, 12 Jun 2020 17:17:34 +0100 Subject: [PATCH] Extract permitted payment_source attributes from checkout to use them in the backoffice payments controller Add spec to verify payment source attributes are passed --- .../spree/admin/payments_controller.rb | 6 +++++- app/services/permitted_attributes/checkout.rb | 15 ++------------- .../permitted_attributes/payment_source.rb | 14 ++++++++++++++ .../spree/admin/payments_controller_spec.rb | 18 +++++++++++++++++- 4 files changed, 38 insertions(+), 15 deletions(-) create mode 100644 app/services/permitted_attributes/payment_source.rb diff --git a/app/controllers/spree/admin/payments_controller.rb b/app/controllers/spree/admin/payments_controller.rb index 676e148c6e..ae73760d8d 100644 --- a/app/controllers/spree/admin/payments_controller.rb +++ b/app/controllers/spree/admin/payments_controller.rb @@ -84,7 +84,11 @@ module Spree source_params = params.delete(:payment_source)[params[:payment][:payment_method_id]] params[:payment][:source_attributes] = source_params end - params.require(:payment).permit(:amount, :payment_method_id, :source_attributes) + + params.require(:payment).permit( + :amount, :payment_method_id, + source_attributes: ::PermittedAttributes::PaymentSource.attributes + ) end def load_data diff --git a/app/services/permitted_attributes/checkout.rb b/app/services/permitted_attributes/checkout.rb index da698a02e5..5eb9325f87 100644 --- a/app/services/permitted_attributes/checkout.rb +++ b/app/services/permitted_attributes/checkout.rb @@ -13,24 +13,13 @@ module PermittedAttributes :existing_card_id, :shipping_method_id, payments_attributes: [ :payment_method_id, - source_attributes: payment_source_attributes + source_attributes: PermittedAttributes::PaymentSource.attributes ], ship_address_attributes: PermittedAttributes::Address.attributes, bill_address_attributes: PermittedAttributes::Address.attributes ], - payment_source: payment_source_attributes + payment_source: PermittedAttributes::PaymentSource.attributes ) end - - private - - def payment_source_attributes - [ - :gateway_payment_profile_id, :cc_type, :last_digits, - :month, :year, :first_name, :last_name, - :number, :verification_value, - :save_requested_by_customer - ] - end end end diff --git a/app/services/permitted_attributes/payment_source.rb b/app/services/permitted_attributes/payment_source.rb new file mode 100644 index 0000000000..5ecfd2e3c7 --- /dev/null +++ b/app/services/permitted_attributes/payment_source.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +module PermittedAttributes + class PaymentSource + def self.attributes + [ + :gateway_payment_profile_id, :cc_type, :last_digits, + :month, :year, :first_name, :last_name, + :number, :verification_value, + :save_requested_by_customer + ] + end + end +end diff --git a/spec/controllers/spree/admin/payments_controller_spec.rb b/spec/controllers/spree/admin/payments_controller_spec.rb index 53dd604ebd..aeb9156ef2 100644 --- a/spec/controllers/spree/admin/payments_controller_spec.rb +++ b/spec/controllers/spree/admin/payments_controller_spec.rb @@ -92,11 +92,27 @@ describe Spree::Admin::PaymentsController, type: :controller do context "where both payment.process! and payment.authorize! work" do before do allow_any_instance_of(Spree::Payment).to receive(:authorize!) do |payment| - payment.update_attribute :state, "pending" + payment.update state: "pending" end allow_any_instance_of(Spree::Payment).to receive(:process!).and_return(true) end + it "makes a payment with the provided card details" do + source_attributes = { + gateway_payment_profile_id: "pm_123", + cc_type: "visa", + last_digits: "4242", + month: "4", + year: "2100" + } + + spree_post :create, payment: params.merge({ source_attributes: source_attributes }), + order_id: order.number + + payment = order.reload.payments.last + expect(payment.source.attributes.transform_keys(&:to_sym)).to include source_attributes + end + it "redirects to list of payments with success flash" do spree_post :create, payment: params, order_id: order.number