feat: add initial support for stripe payment intents (#3847)

* temp: add project-zebra to branches that should run ci (#3824) * fix: initial implementation of stripe fixes (#3817) Co-authored-by: John Nagro <[email protected]> * feat: Add waffle flag to enable Stripe payments (#3816) REV-3004 * feat: initial implementation of Stripe processor (#3826) Co-authored-by: wdrussell2015 <[email protected]> Co-authored-by: John Nagro <[email protected]> * fix: billing address creation * fix: retreive calls cannot take idempotency keys * temp: add logging * temp: add more logging * temp: add logging * fix: parsing address from payment intent * chore: cleanup logs * fix: Get billing address line2 default empty (#3833) * fix: Stripe billing address line2 default to empty if null (#3835) REV-3069 * feat: add SDN check (#3834) * feat: add SDN check * feat: use confirm call to complete transaction with stripe in ecommerce checkout endpoint * fix: make capture-context more resilient to idempotency errors (#3836) * fix: make capture-context more resilient to idempotency errors * fix: add new card types for stripe * feat: /management fulfill actions for Stripe FulfillFrozenBaskets is a helper class for a management page in Ecommerce (hosted at URL /management) that fulfills baskets that are paid but stuck in queue for fulfillment, to be used if, for example, ecommerce-worker is down. Add Stripe support for FulfillFrozenBaskets. Change FulfillFrozenBaskets so it does not continue fulfillment if the billing details are not retrievable. For Stripe, this handles when: * The PaymentMethod was not expanded in the PaymentIntent stored in the PaymentProcessorResponse (generating a TypeError) * The PaymentMethod was not a card (generating a KeyError). Also switched Cybersource to not fulfill if it cannot find the card brand. * fix: update PaymentIntent before confirmation * fix: stripe refunds should be of payment_intents, not charges * fix: change PaymentIntents to update_or_create Apparently, idempotency keys can expire after 24 hours. https://stripe.com/docs/api/idempotent_requests "Keys are eligible to be removed from the system automatically after they're at least 24 hours old, and a new request is generated if a key is reused after the original has been pruned." * refactor: reduce number of statements in management/utils.py for quality * fix: enable Stripe custom actions beta in settings * fix: finish passing api_version and enable_telemetry to stripe client * fix: add 'unknown' stripe card brand * fix: stripe api calls should be to payment_method and payment_intent_id * test: patch for stripePaymentIntent.modify * fix: StripeCheckoutView as a View instead of a FormView-like class StripeCheckoutView was previously like a FormView. However, our implementation of Stripe is much simpler and we opted to remove the overhead of Forms in lieu of trying to ensure all existing interfaces related to StripeSubmitForm. * fix: handle when Stripe charge is already refunded * test: correct refund_mock to use new payment_intent API * test: update Stripe mock responses for new API using actual calls * fix: log when payment_intent_id is missing from basket * refactor: move logging before retrieving any baskets * fix: clear out edx.org-specific Stripe publishable_key and secret_key * fix: throw a 500 on capture_context exceptions The Payment MFE will hang silently if capture_context fails. Throwing the exception will show an error message in Payment MFE, cluing the user in to the fact that there might be a problem. * fix: convert StripeCheckoutView to DRF for JWT auth Looks like JWT auth only works with DRF. * fix: return 200s or 400s instead of 302s in StripeCheckoutView We tried using 302s to redirect the Payment MFE to the receipt page. This didn't work because the library that we use for requests, Axios, doesn't appear to support not following redirects. Return a 200 or 400 instead, and separately instruct the frontend on what to do when receiving these. * fix: deprecate ECOMMERCE_PAYMENT_PROCESSOR_CONFIG.stripe.error_url error_path is already autoset by _oscar.py and grabbed by property processors.stripe.Stripe.error_url. * Revert "fix: throw a 500 on capture_context exceptions" This reverts commit 1008272. It looks like there is a chance that we might depend on this behavior (no errors on exceptions in _add_capture_context) given how this error occurs with non-negligible frequency in production. Will attempt to warn user on frontend side. * add self.record_processor_response to more stripe code paths (#3852) * feat: REV-3076 | record payment processor for various stripe logical flows * chore: update tests for sanity checks * fix: address comments * fix: use ISO 3166-1 alpha-2 country code for SDN check (#3854) * fix: add waffle flag ENABLE_STRIPE_PAYMENT_PROCESSOR to get_client_side_payment_processor_class() The client-side payment processor decides which payment processor Ecommerce will use when generating the capture context for a payment. Force the client-side payment processor to be 'stripe' when the waffle flag is on. * fix: make postcode & state optional for stripe Cybersource has an optional line2, postcode, and state: https://github.com/openedx/ecommerce/blob/05404ebac527da1f6a0fac7df262ca79f3acec56/ecommerce/extensions/payment/views/cybersource.py#L544-L547 Do the same for Stripe. Co-authored-by: Chris Pappas <[email protected]> Co-authored-by: John Nagro <[email protected]> Co-authored-by: Juliana Kang <[email protected]> Co-authored-by: wdrussell2015 <[email protected]> Co-authored-by: Chris Pappas <[email protected]>
openedx-unsupported · Nov 1, 2022 · 140b75f · 140b75f
1 parent 05404eb
commit 140b75f
Show file tree

Hide file tree

Showing 33 changed files with 1,383 additions and 459 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [master]
+    branches: [master, project-zebra]
   pull_request:
-    branches: [master]
+    branches: [master, project-zebra]
 
 jobs:
   build:

diff --git a/ecommerce/core/models.py b/ecommerce/core/models.py
@@ -21,6 +21,7 @@
 from ecommerce.core.constants import ALL_ACCESS_CONTEXT, ALLOW_MISSING_LMS_USER_ID
 from ecommerce.core.exceptions import MissingLmsUserIdException
 from ecommerce.core.utils import log_message_and_raise_validation_error
+from ecommerce.extensions.basket.constants import ENABLE_STRIPE_PAYMENT_PROCESSOR
 from ecommerce.extensions.payment.exceptions import ProcessorNotFoundError
 from ecommerce.extensions.payment.helpers import get_processor_class, get_processor_class_by_name
 
@@ -274,17 +275,24 @@ def get_payment_processors(self):
             if processor.NAME in self.payment_processors_set and processor.is_enabled()
         ]
 
-    def get_client_side_payment_processor_class(self):
+    def get_client_side_payment_processor_class(self, request):
         """ Returns the payment processor class to be used for client-side payments.
 
         If no processor is set, returns None.
 
          Returns:
              BasePaymentProcessor
         """
+        desired_processor = self.client_side_payment_processor
+
+        # Force client_side_payment_processor to be Stripe when waffle flag is set.
+        # This allows slowly increasing the percentage of users redirected to Stripe.
+        if waffle.flag_is_active(request, ENABLE_STRIPE_PAYMENT_PROCESSOR):
+            desired_processor = 'stripe'
+
         if self.client_side_payment_processor:
             for processor in self._all_payment_processors():
-                if processor.NAME == self.client_side_payment_processor:
+                if processor.NAME == desired_processor:
                     return processor
 
         return None

diff --git a/ecommerce/core/tests/test_models.py b/ecommerce/core/tests/test_models.py
@@ -13,6 +13,7 @@
 from requests.exceptions import ConnectionError as ReqConnectionError
 from social_django.models import UserSocialAuth
 from testfixtures import LogCapture
+from waffle.testutils import override_flag
 
 from ecommerce.core.models import (
     BusinessClient,
@@ -22,6 +23,7 @@
     User
 )
 from ecommerce.core.tests import toggle_switch
+from ecommerce.extensions.basket.constants import ENABLE_STRIPE_PAYMENT_PROCESSOR
 from ecommerce.extensions.catalogue.tests.mixins import DiscoveryTestMixin
 from ecommerce.extensions.payment.tests.processors import AnotherDummyProcessor, DummyProcessor
 from ecommerce.tests.factories import SiteConfigurationFactory
@@ -334,10 +336,22 @@ def test_get_client_side_payment_processor(self):
         site_config = _make_site_config(processor_name)
 
         site_config.client_side_payment_processor = None
-        self.assertIsNone(site_config.get_client_side_payment_processor_class())
+        self.assertIsNone(site_config.get_client_side_payment_processor_class(request=None))
 
         site_config.client_side_payment_processor = processor_name
-        self.assertEqual(site_config.get_client_side_payment_processor_class().NAME, processor_name)
+        self.assertEqual(site_config.get_client_side_payment_processor_class(request=None).NAME, processor_name)
+
+    @override_flag(ENABLE_STRIPE_PAYMENT_PROCESSOR, active=True)
+    def test_get_client_side_payment_processor_waffle_enabled(self):
+        """ Verify that Stripe is always returned when waffle flag is on. """
+        processor_name = 'cybersource,stripe'
+        site_config = _make_site_config(processor_name)
+
+        site_config.client_side_payment_processor = None
+        self.assertIsNone(site_config.get_client_side_payment_processor_class(request=None))
+
+        site_config.client_side_payment_processor = 'cybersource'
+        self.assertEqual(site_config.get_client_side_payment_processor_class(request=None).NAME, 'stripe')
 
     def test_get_from_email(self):
         """

diff --git a/ecommerce/extensions/api/v2/constants.py b/ecommerce/extensions/api/v2/constants.py
@@ -9,7 +9,7 @@
 # .. toggle_name: enable_hoist_order_history
 # .. toggle_type: waffle_flag
 # .. toggle_default: False
-# .. toggle_description: Allows order fetching from Commerce Coordinator API for display in Order History MFE.
+# .. toggle_description: Allows order fetching from Commerce Coordinator API for display in Order History MFE
 # .. toggle_use_cases: open_edx
 # .. toggle_creation_date: 2022-04-05
 # .. toggle_tickets: REV-2576
@@ -19,7 +19,7 @@
 # .. toggle_name: enable_receipts_via_ecommerce_mfe
 # .. toggle_type: waffle_flag
 # .. toggle_default: False
-# .. toggle_description: Determines whether to send user to new receipt page (vs old)          .
+# .. toggle_description: Determines whether to send user to new receipt page (vs old)
 # .. toggle_use_cases: open_edx
 # .. toggle_creation_date: 2022-06-02
 # .. toggle_tickets: REV-2687

diff --git a/ecommerce/extensions/basket/constants.py b/ecommerce/extensions/basket/constants.py
@@ -2,3 +2,13 @@
 EMAIL_OPT_IN_ATTRIBUTE = "email_opt_in"
 PURCHASER_BEHALF_ATTRIBUTE = "purchased_for_organization"
 PAYMENT_INTENT_ID_ATTRIBUTE = "payment_intent_id"
+
+# .. toggle_name: enable_stripe_payment_processor
+# .. toggle_type: waffle_flag
+# .. toggle_default: False
+# .. toggle_description: Allows payments to be processed through Stripe instead of CyberSource
+# .. toggle_use_cases: open_edx
+# .. toggle_creation_date: 2022-09-19
+# .. toggle_tickets: REV-3004
+# .. toggle_status: supported
+ENABLE_STRIPE_PAYMENT_PROCESSOR = 'enable_stripe_payment_processor'
diff --git a/ecommerce/extensions/basket/tests/test_views.py b/ecommerce/extensions/basket/tests/test_views.py
@@ -33,7 +33,7 @@
 from ecommerce.enterprise.utils import construct_enterprise_course_consent_url
 from ecommerce.entitlements.utils import create_or_update_course_entitlement
 from ecommerce.extensions.analytics.utils import translate_basket_line_for_segment
-from ecommerce.extensions.basket.constants import EMAIL_OPT_IN_ATTRIBUTE
+from ecommerce.extensions.basket.constants import EMAIL_OPT_IN_ATTRIBUTE, ENABLE_STRIPE_PAYMENT_PROCESSOR
 from ecommerce.extensions.basket.tests.mixins import BasketMixin
 from ecommerce.extensions.basket.tests.test_utils import TEST_BUNDLE_ID
 from ecommerce.extensions.basket.utils import _set_basket_bundle_status, apply_voucher_on_basket_and_check_discount
@@ -403,6 +403,7 @@ def assert_empty_basket_response(
     def assert_expected_response(
             self,
             basket,
+            enable_stripe_payment_processor=False,
             url=None,
             response=None,
             status_code=200,
@@ -456,6 +457,7 @@ def assert_expected_response(
         expected_response = {
             'basket_id': basket.id,
             'currency': currency,
+            'enable_stripe_payment_processor': enable_stripe_payment_processor,
             'offers': offers,
             'coupons': coupons,
             'messages': messages if messages else [],
@@ -698,6 +700,18 @@ def test_discounted_seat_type(self, discount_value):
             voucher=voucher,
         )
 
+    @ddt.data(True, False)
+    def test_enable_stripe_payment_processor_flag(self, enable_stripe_payment_processor):
+        with override_flag(ENABLE_STRIPE_PAYMENT_PROCESSOR, active=enable_stripe_payment_processor):
+            seat = self.create_seat(self.course)
+            basket = self.create_basket_and_add_product(seat)
+            response = self.client.get(self.path)
+            self.assert_expected_response(
+                basket,
+                response=response,
+                enable_stripe_payment_processor=enable_stripe_payment_processor,
+            )
+
     @responses.activate
     def test_enterprise_free_basket_redirect(self):
         """

diff --git a/ecommerce/extensions/basket/utils.py b/ecommerce/extensions/basket/utils.py
@@ -18,7 +18,7 @@
 from ecommerce.core.url_utils import absolute_url
 from ecommerce.courses.utils import mode_for_product
 from ecommerce.extensions.analytics.utils import track_segment_event
-from ecommerce.extensions.basket.constants import PURCHASER_BEHALF_ATTRIBUTE
+from ecommerce.extensions.basket.constants import PAYMENT_INTENT_ID_ATTRIBUTE, PURCHASER_BEHALF_ATTRIBUTE
 from ecommerce.extensions.order.exceptions import AlreadyPlacedOrderException
 from ecommerce.extensions.order.utils import UserAlreadyPlacedOrder
 from ecommerce.extensions.payment.constants import DISABLE_MICROFRONTEND_FOR_BASKET_PAGE_FLAG_NAME
@@ -30,6 +30,8 @@
 Basket = get_model('basket', 'Basket')
 BasketAttribute = get_model('basket', 'BasketAttribute')
 BasketAttributeType = get_model('basket', 'BasketAttributeType')
+BillingAddress = get_model('order', 'BillingAddress')
+Country = get_model('address', 'Country')
 BUNDLE = 'bundle_identifier'
 ORGANIZATION_ATTRIBUTE_TYPE = 'organization'
 ENTERPRISE_CATALOG_ATTRIBUTE_TYPE = 'enterprise_catalog_uuid'
@@ -384,6 +386,25 @@ def basket_add_organization_attribute(basket, request_data):
         )
 
 
+@newrelic.agent.function_trace()
+def basket_add_payment_intent_id_attribute(basket, payment_intent_id):
+    """
+    Adds the Stripe payment_intent_id attribute on basket.
+
+    Arguments:
+        basket(Basket): order basket
+        payment_intent_id (string): Payment Intent Identifier
+
+    """
+
+    payment_intent_id_attribute, __ = BasketAttributeType.objects.get_or_create(name=PAYMENT_INTENT_ID_ATTRIBUTE)
+    BasketAttribute.objects.update_or_create(
+        basket=basket,
+        attribute_type=payment_intent_id_attribute,
+        defaults={'value_text': payment_intent_id.strip()}
+    )
+
+
 @newrelic.agent.function_trace()
 def basket_add_enterprise_catalog_attribute(basket, request_data):
     """
@@ -569,3 +590,23 @@ def is_duplicate_seat_attempt(basket, product):
     found_product_quantity = basket.product_quantity(product)
 
     return bool(product_type == 'Seat' and found_product_quantity)
+
+
+def get_billing_address_from_payment_intent_data(payment_intent):
+    """
+    Take stripes response_data dict, instantiates a BillingAddress object
+    and return it.
+    """
+    billing_details = payment_intent['payment_method']['billing_details']
+    customer_address = billing_details['address']
+    address = BillingAddress(
+        first_name=billing_details['name'],  # Stripe only has a single name field
+        last_name='',
+        line1=customer_address['line1'],
+        line2='' if not customer_address['line2'] else customer_address['line2'],  # line2 is optional
+        line4=customer_address['city'],  # Oscar uses line4 for city
+        postcode='' if not customer_address['postal_code'] else customer_address['postal_code'],  # postcode is optional
+        state='' if not customer_address['state'] else customer_address['state'],  # state is optional
+        country=Country.objects.get(iso_3166_1_a2__iexact=customer_address['country'])
+    )
+    return address
diff --git a/ecommerce/extensions/basket/views.py b/ecommerce/extensions/basket/views.py
@@ -47,7 +47,7 @@
     translate_basket_line_for_segment
 )
 from ecommerce.extensions.basket import message_utils
-from ecommerce.extensions.basket.constants import EMAIL_OPT_IN_ATTRIBUTE
+from ecommerce.extensions.basket.constants import EMAIL_OPT_IN_ATTRIBUTE, ENABLE_STRIPE_PAYMENT_PROCESSOR
 from ecommerce.extensions.basket.exceptions import BadRequestException, RedirectException, VoucherException
 from ecommerce.extensions.basket.utils import (
     add_invalid_code_message_to_url,
@@ -583,7 +583,7 @@ def _get_payment_processors_data(self, payment_processors):
             basket view context needs to be updated with.
         """
         site_configuration = self.request.site.siteconfiguration
-        payment_processor_class = site_configuration.get_client_side_payment_processor_class()
+        payment_processor_class = site_configuration.get_client_side_payment_processor_class(self.request)
 
         if payment_processor_class:
             payment_processor = payment_processor_class(self.request.site)
@@ -615,15 +615,16 @@ class CaptureContextApiLogicMixin:  # pragma: no cover
     Business logic for the capture context API.
     """
     def _add_capture_context(self, response):
-        payment_processor_class = self.request.site.siteconfiguration.get_client_side_payment_processor_class()
+        site_configuration = self.request.site.siteconfiguration
+        payment_processor_class = site_configuration.get_client_side_payment_processor_class(self.request)
         if not payment_processor_class:
             return
         payment_processor = payment_processor_class(self.request.site)
         if not hasattr(payment_processor, 'get_capture_context'):
             return
 
         try:
-            response['capture_context'] = payment_processor.get_capture_context(self.request.session)
+            response['capture_context'] = payment_processor.get_capture_context(self.request)
         except:  # pylint: disable=bare-except
             logger.exception("Error generating capture_context")
             return
@@ -681,6 +682,7 @@ def _serialize_context(self, context, lines_data):
         self._add_total_summary(response, context)
         self._add_offers(response)
         self._add_coupons(response, context)
+        self._add_enable_stripe_payment_processor(response)
         return response
 
     def _add_products(self, response, lines_data):
@@ -738,6 +740,11 @@ def _add_coupons(self, response, context):
     def _add_messages(self, response):
         response['messages'] = message_utils.serialize(self.request)
 
+    def _add_enable_stripe_payment_processor(self, response):
+        response['enable_stripe_payment_processor'] = waffle.flag_is_active(
+            self.request, ENABLE_STRIPE_PAYMENT_PROCESSOR
+        )
+
     def _get_response_status(self, response):
         return message_utils.get_response_status(response['messages'])
 

diff --git a/ecommerce/extensions/payment/constants.py b/ecommerce/extensions/payment/constants.py
@@ -8,25 +8,41 @@
         'display_name': _('American Express'),
         'cybersource_code': '003',
         'apple_pay_network': 'amex',
-        'stripe_brand': 'American Express',
+        'stripe_brand': 'amex',
+    },
+    'diners': {
+        'display_name': _('Diners'),
+        'stripe_brand': 'diners',
     },
     'discover': {
         'display_name': _('Discover'),
         'cybersource_code': '004',
         'apple_pay_network': 'discover',
-        'stripe_brand': 'Discover',
+        'stripe_brand': 'discover',
+    },
+    'jcb': {
+        'display_name': _('JCB'),
+        'stripe_brand': 'jcb',
     },
     'mastercard': {
         'display_name': _('MasterCard'),
         'cybersource_code': '002',
         'apple_pay_network': 'mastercard',
-        'stripe_brand': 'MasterCard',
+        'stripe_brand': 'mastercard',
+    },
+    'unionpay': {
+        'display_name': _('UnionPay'),
+        'stripe_brand': 'unionpay',
+    },
+    'unknown': {
+        'display_name': _('Unknown'),
+        'stripe_brand': 'unknown',
     },
     'visa': {
         'display_name': _('Visa'),
         'cybersource_code': '001',
         'apple_pay_network': 'visa',
-        'stripe_brand': 'Visa',
+        'stripe_brand': 'visa',
     },
 }
 

diff --git a/ecommerce/extensions/payment/migrations/0032_alter_source_card_type.py b/ecommerce/extensions/payment/migrations/0032_alter_source_card_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.15 on 2022-10-11 16:12
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('payment', '0031_sdnfallbackdata'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='source',
+            name='card_type',
+            field=models.CharField(blank=True, choices=[('american_express', 'American Express'), ('diners', 'Diners'), ('discover', 'Discover'), ('jcb', 'JCB'), ('mastercard', 'MasterCard'), ('unionpay', 'UnionPay'), ('unknown', 'Unknown'), ('visa', 'Visa')], max_length=255, null=True),
+        ),
+    ]
diff --git a/ecommerce/extensions/payment/processors/__init__.py b/ecommerce/extensions/payment/processors/__init__.py
@@ -1,6 +1,7 @@
 
 
 import abc
+import logging
 from collections import namedtuple
 
 import waffle
@@ -13,6 +14,8 @@
 HandledProcessorResponse = namedtuple('HandledProcessorResponse',
                                       ['transaction_id', 'total', 'currency', 'card_number', 'card_type'])
 
+logger = logging.getLogger(__name__)
+
 
 class BasePaymentProcessor(metaclass=abc.ABCMeta):  # pragma: no cover
     """Base payment processor class."""

diff --git a/ecommerce/extensions/payment/processors/cybersource.py b/ecommerce/extensions/payment/processors/cybersource.py
@@ -177,8 +177,9 @@ def __init__(self, site):
     def client_side_payment_url(self):
         return None
 
-    def get_capture_context(self, session):  # pragma: no cover
+    def get_capture_context(self, request):  # pragma: no cover
         # To delete None values in Input Request Json body
+        session = request.session
 
         requestObj = GeneratePublicKeyRequest(
             encryption_type='RsaOaep256',