From ca1987fc87b1dcee284abb66907b5aa00c0b4897 Mon Sep 17 00:00:00 2001
From: Rob Harrington <oeoeaio@gmail.com>
Date: Fri, 8 Sep 2017 10:17:47 +1000
Subject: [PATCH] Prevent Stripe payment methods without account owners from
 being saved

---
 .../payment_methods_controller_decorator.rb   |  2 +-
 app/models/spree/gateway/stripe_connect.rb    |  7 +++++
 .../admin/payment_methods_controller_spec.rb  | 26 ++++++++++++++++++-
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/app/controllers/spree/admin/payment_methods_controller_decorator.rb b/app/controllers/spree/admin/payment_methods_controller_decorator.rb
index b13bcd2f17..aea47a05f3 100644
--- a/app/controllers/spree/admin/payment_methods_controller_decorator.rb
+++ b/app/controllers/spree/admin/payment_methods_controller_decorator.rb
@@ -74,7 +74,7 @@ module Spree
 
       def restrict_stripe_account_change
         return unless @payment_method.try(:type) == "Spree::Gateway::StripeConnect"
-        return unless @payment_method.preferred_enterprise_id
+        return unless @payment_method.preferred_enterprise_id.andand > 0
 
         @stripe_account_holder = Enterprise.find(@payment_method.preferred_enterprise_id)
         return if spree_current_user.enterprises.include? @stripe_account_holder
diff --git a/app/models/spree/gateway/stripe_connect.rb b/app/models/spree/gateway/stripe_connect.rb
index 7745ca708e..d3ac5fd49d 100644
--- a/app/models/spree/gateway/stripe_connect.rb
+++ b/app/models/spree/gateway/stripe_connect.rb
@@ -3,6 +3,8 @@ module Spree
     class StripeConnect < Gateway
       preference :enterprise_id, :integer
 
+      validate :ensure_enterprise_selected
+
       attr_accessible :preferred_enterprise_id
 
       CARD_TYPE_MAPPING = {
@@ -132,6 +134,11 @@ module Spree
         Rails.logger.error("Stripe Error: #{e}")
         nil
       end
+
+      def ensure_enterprise_selected
+        return if preferred_enterprise_id.andand > 0
+        errors.add(:stripe_account_owner, I18n.t(:error_required))
+      end
     end
   end
 end
diff --git a/spec/controllers/spree/admin/payment_methods_controller_spec.rb b/spec/controllers/spree/admin/payment_methods_controller_spec.rb
index b3942bfa92..681d7c5309 100644
--- a/spec/controllers/spree/admin/payment_methods_controller_spec.rb
+++ b/spec/controllers/spree/admin/payment_methods_controller_spec.rb
@@ -20,13 +20,37 @@ describe Spree::Admin::PaymentMethodsController do
           end
         end
 
-        context "as a user that does not manage the existing stripe account holder" do
+        context "as a user that manages the existing stripe account holder" do
           before { enterprise2.update_attributes!(owner_id: user.id) }
 
           it "allows the stripe account holder to be updated" do
             spree_put :update, params
             expect(payment_method.reload.preferred_enterprise_id).to eq enterprise1.id
           end
+
+          context "when no enterprise is selected as the account holder" do
+            before { payment_method.update_attribute(:preferred_enterprise_id, nil) }
+
+            context "id not provided at all" do
+              before { params[:payment_method].delete(:preferred_enterprise_id) }
+
+              it "does not save the payment method" do
+                spree_put :update, params
+                expect(response).to render_template :edit
+                expect(assigns(:payment_method).errors.messages[:stripe_account_owner]).to include I18n.t(:error_required)
+              end
+            end
+
+            context "enterprise_id of 0" do
+              before { params[:payment_method][:preferred_enterprise_id] = 0 }
+
+              it "does not save the payment method" do
+                spree_put :update, params
+                expect(response).to render_template :edit
+                expect(assigns(:payment_method).errors.messages[:stripe_account_owner]).to include I18n.t(:error_required)
+              end
+            end
+          end
         end
       end
     end