From 802e49bed33c2c5f91b1127a123600c1fb76e213 Mon Sep 17 00:00:00 2001
From: Andy Brett <andy@andybrett.com>
Date: Mon, 14 Dec 2020 10:05:09 -0800
Subject: [PATCH] add PaymentMailer and send email if payment auth is required

---
 .../spree/admin/payments_controller.rb        |  4 +++
 app/controllers/spree/payments_controller.rb  | 31 +++++++++++++++++++
 app/mailers/spree/payment_mailer.rb           | 16 ++++++++++
 .../authorize_payment.html.haml               |  2 ++
 .../payment_mailer/authorize_payment.text.erb |  2 ++
 config/locales/en.yml                         |  5 +++
 config/routes.rb                              |  1 +
 .../payments/payments_controller_spec.rb      | 13 ++++++++
 8 files changed, 74 insertions(+)
 create mode 100644 app/controllers/spree/payments_controller.rb
 create mode 100644 app/mailers/spree/payment_mailer.rb
 create mode 100644 app/views/spree/payment_mailer/authorize_payment.html.haml
 create mode 100644 app/views/spree/payment_mailer/authorize_payment.text.erb

diff --git a/app/controllers/spree/admin/payments_controller.rb b/app/controllers/spree/admin/payments_controller.rb
index e0a530a823..8d6fc851f3 100644
--- a/app/controllers/spree/admin/payments_controller.rb
+++ b/app/controllers/spree/admin/payments_controller.rb
@@ -154,6 +154,10 @@ module Spree
         return unless @payment.payment_method.class == Spree::Gateway::StripeSCA
 
         @payment.authorize!
+        if @payment.cvv_response_message.present?
+          PaymentMailer.authorize_payment(@payment).deliver
+          raise Spree::Core::GatewayError, I18n.t('action_required')
+        end
         return if @payment.pending? && @payment.cvv_response_message.nil?
 
         raise Spree::Core::GatewayError, I18n.t('authorization_failure')
diff --git a/app/controllers/spree/payments_controller.rb b/app/controllers/spree/payments_controller.rb
new file mode 100644
index 0000000000..ed93481c25
--- /dev/null
+++ b/app/controllers/spree/payments_controller.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaymentsController < Spree::StoreController
+    ssl_required :redirect_to_authorize
+
+    respond_to :html
+
+    prepend_before_action :require_logged_in, only: :redirect_to_authorize
+
+    def redirect_to_authorize
+      @payment = Spree::Payment.find(params[:id])
+      authorize! :show, @payment
+
+      if url = @payment.cvv_response_message
+        redirect_to url
+      else
+        redirect_to order_url(@payment.order)
+      end
+    end
+
+    private
+
+    def require_logged_in
+      return if session[:access_token] || params[:token] || spree_current_user
+
+      flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
+      redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
+    end
+  end
+end
diff --git a/app/mailers/spree/payment_mailer.rb b/app/mailers/spree/payment_mailer.rb
new file mode 100644
index 0000000000..b76e91ea83
--- /dev/null
+++ b/app/mailers/spree/payment_mailer.rb
@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaymentMailer < BaseMailer
+    include I18nHelper
+
+    def authorize_payment(payment)
+      @payment = payment
+      subject = I18n.t('spree.payment_mailer.authorize_payment.subject',
+                       distributor: @payment.order.distributor.name)
+      mail(to: payment.order.user.email,
+           from: from_address,
+           subject: subject)
+    end
+  end
+end
diff --git a/app/views/spree/payment_mailer/authorize_payment.html.haml b/app/views/spree/payment_mailer/authorize_payment.html.haml
new file mode 100644
index 0000000000..438a51c416
--- /dev/null
+++ b/app/views/spree/payment_mailer/authorize_payment.html.haml
@@ -0,0 +1,2 @@
+= t('.instructions', distributor: @payment.order.distributor.name, amount: @payment.display_amount)
+= main_app.authorize_payment_url(@payment)
diff --git a/app/views/spree/payment_mailer/authorize_payment.text.erb b/app/views/spree/payment_mailer/authorize_payment.text.erb
new file mode 100644
index 0000000000..e722b24997
--- /dev/null
+++ b/app/views/spree/payment_mailer/authorize_payment.text.erb
@@ -0,0 +1,2 @@
+<%= t('.instructions', distributor: @payment.order.distributor.name, amount: @payment.display_amount) %>
+<%= main_app.authorize_payment_url(@payment) %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 3a4700a9f5..9d53a0358d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2455,6 +2455,7 @@ See the %{link} to find out more about %{sitename}'s features and to start using
   payment_processing_failed: "Payment could not be processed, please check the details you entered"
   payment_method_not_supported: "That payment method is unsupported. Please choose another one."
   payment_updated: "Payment Updated"
+  action_required: "Action required"
   inventory_settings: "Inventory Settings"
   tag_rules: "Tag Rules"
   shop_preferences: "Shop Preferences"
@@ -3644,6 +3645,10 @@ See the %{link} to find out more about %{sitename}'s features and to start using
         subject: "Reset password instructions"
       confirmation_instructions:
         subject: "Please confirm your OFN account"
+    payment_mailer:
+      authorize_payment:
+        subject: "Please authorize your payment to %{distributor} on OFN"
+        instructions: "Your payment of %{amount} to %{distributor} requires additional authentication. Please visit the following URL to authorize your payment:"
     shipment_mailer:
       shipped_email:
         dear_customer: "Dear Customer,"
diff --git a/config/routes.rb b/config/routes.rb
index a657f7f234..795470cf3a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -29,6 +29,7 @@ Openfoodnetwork::Application.routes.draw do
   patch "/cart", :to => "spree/orders#update", :as => :update_cart
   put "/cart/empty", :to => 'spree/orders#empty', :as => :empty_cart
   get '/orders/:id/token/:token' => 'spree/orders#show', :as => :token_order
+  get '/payments/:id/authorize' => 'spree/payments#redirect_to_authorize', as: "authorize_payment"
 
   resource :cart, controller: "cart" do
     post :populate
diff --git a/spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb b/spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb
index 2f327e2de2..e91586e4ce 100644
--- a/spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb
+++ b/spec/controllers/spree/admin/orders/payments/payments_controller_spec.rb
@@ -91,6 +91,19 @@ describe Spree::Admin::PaymentsController, type: :controller do
           end
         end
 
+        context "where further action is required" do
+          before do
+            allow_any_instance_of(Spree::Payment).to receive(:authorize!) do |payment|
+              payment.update cvv_response_message: "http://redirect_url"
+            end
+          end
+          it "redirects to new payment page with flash error" do
+            spree_post :create, payment: params, order_id: order.number
+
+            redirects_to_new_payment_page_with_flash_error(I18n.t('action_required'))
+          end
+        end
+
         context "where both payment.process! and payment.authorize! work" do
           before do
             allow_any_instance_of(Spree::Payment).to receive(:authorize!) do |payment|