Fixed user patching to not also unsubscribe subscribers.

2025-03-14 07:00:01 -04:00 · 2014-12-05 14:11:38 -08:00 · 2014-12-05 14:11:38 -08:00 · 209836c172
commit 209836c172
parent fd88056123
6 changed files with 23 additions and 14 deletions
--- a/app/views/account/PaymentsView.coffee
+++ b/app/views/account/PaymentsView.coffee
@ -36,7 +36,8 @@ module.exports = class PaymentsView extends RootView
    document.location.reload()

  onClickEndSubscription: (e) ->
-    stripe = me.get('stripe')
+    stripe = _.clone(me.get('stripe'))
    delete stripe.planID
-    me.save()
+    me.set('stripe', stripe)
+    me.patch({headers: {'X-Change-Plan': 'true'}})
    @listenToOnce me, 'sync', -> document.location.reload()
--- a/app/views/play/modal/SubscribeModal.coffee
+++ b/app/views/play/modal/SubscribeModal.coffee
@ -60,14 +60,14 @@ module.exports = class SubscribeModal extends ModalView
    @state = 'purchasing'
    @render()

-    stripe = me.get('stripe') ? {}
+    stripe = _.clone(me.get('stripe') ? {})
    stripe.planID = @product.planID
    stripe.token = e.token.id
    me.set 'stripe', stripe

    @listenToOnce me, 'sync', @onSubscriptionSuccess
    @listenToOnce me, 'error', @onSubscriptionError
-    me.save()
+    me.patch({headers: {'X-Change-Plan': 'true'}})

  onSubscriptionSuccess: ->
    application.tracker?.trackEvent 'Finished subscription purchase', {}
--- a/server/payments/subscription_handler.coffee
+++ b/server/payments/subscription_handler.coffee
@ -20,7 +20,7 @@ class SubscriptionHandler extends Handler
    if (not req.user) or req.user.isAnonymous()
      return done({res: 'You must be signed in to subscribe.', code: 403})

-    token = req.body.stripe?.token
+    token = req.body.stripe.token
    customerID = user.get('stripe')?.customerID
    if not (token or customerID)
      @logSubscriptionError(req, 'Missing stripe token or customer ID.')
@ -29,6 +29,10 @@ class SubscriptionHandler extends Handler
    if token
      if customerID
        stripe.customers.update customerID, { card: token }, (err, customer) =>
+          if err or not customer
+            # should not happen outside of test and production polluting each other
+            @logSubscriptionError(req, 'Cannot find customer: ', +customer.id + '\n\n' + err)
+            return done({res: 'Cannot find customer.', code: 404})
          @checkForExistingSubscription(req, user, customer, done)
          
      else
--- a/server/users/user_handler.coffee
+++ b/server/users/user_handler.coffee
@ -110,8 +110,10 @@ UserHandler = class UserHandler extends Handler
        
    # Subscription setting
    (req, user, callback) ->
+      return callback(null, req, user) unless req.headers['x-change-plan'] # ensure only saves that are targeted at changing the subscription actually affect the subscription
+      return callback(null, req, user) unless req.body.stripe
      hasPlan = user.get('stripe')?.planID?
-      wantsPlan = req.body.stripe?.planID?
+      wantsPlan = req.body.stripe.planID?
      
      return callback(null, req, user) if hasPlan is wantsPlan
      if wantsPlan and not hasPlan
@ -127,9 +129,10 @@ UserHandler = class UserHandler extends Handler

    # Discount setting
    (req, user, callback) ->
+      return callback(null, req, user) unless req.body.stripe
      return callback(null, req, user) unless req.user?.isAdmin()
      hasCoupon = user.get('stripe')?.couponID
-      wantsCoupon = req.body.stripe?.couponID
+      wantsCoupon = req.body.stripe.couponID

      return callback(null, req, user) if hasCoupon is wantsCoupon
      if wantsCoupon and (hasCoupon isnt wantsCoupon)
--- a/test/server/functional/discount_handler.spec.coffee
+++ b/test/server/functional/discount_handler.spec.coffee
@ -75,7 +75,7 @@ describe '/db/user, editing stripe.couponID property', ->
      loginJoe (joe) ->
        joeData.stripe.token = stripeTokenID
        joeData.stripe.planID = 'basic'
-        request.put {uri: userURL, json: joeData }, (err, res, body) ->
+        request.put {uri: userURL, json: joeData, headers: {'X-Change-Plan': 'true'} }, (err, res, body) ->
          joeData = body
          expect(res.statusCode).toBe(200)
          stripe.customers.retrieve joeData.stripe.customerID, (err, customer) ->
--- a/test/server/functional/subscription.spec.coffee
+++ b/test/server/functional/subscription.spec.coffee
@ -85,6 +85,7 @@ describe '/db/user, editing stripe property', ->
  stripe = require('stripe')(config.stripe.secretKey)
  userURL = getURL('/db/user')
  webhookURL = getURL('/stripe/webhook')
+  headers = {'X-Change-Plan': 'true'}

  it 'clears the db first', (done) ->
    clearModels [User, Payment], (err) ->
@ -95,7 +96,7 @@ describe '/db/user, editing stripe property', ->
    request.get getURL('/auth/whoami'), (err, res, body) ->
      body = JSON.parse(body)
      body.stripe = { planID: 'basic', token: '12345' }
-      request.put {uri: userURL, json: body}, (err, res, body) ->
+      request.put {uri: userURL, json: body, headers: headers}, (err, res, body) ->
        expect(res.statusCode).toBe 403
        done()

@ -114,7 +115,7 @@ describe '/db/user, editing stripe property', ->
          token: stripeTokenID
          planID: 'basic'
        }
-        request.put {uri: userURL, json: joeData }, (err, res, body) ->
+        request.put {uri: userURL, json: joeData, headers: headers }, (err, res, body) ->
          expect(res.statusCode).toBe(402)
          done()
          
@ -129,7 +130,7 @@ describe '/db/user, editing stripe property', ->
          token: stripeTokenID
          planID: 'basic'
        }
-        request.put {uri: userURL, json: joeData }, (err, res, body) ->
+        request.put {uri: userURL, json: joeData, headers: headers }, (err, res, body) ->
          joeData = body
          expect(res.statusCode).toBe(200)
          expect(joeData.purchased.gems).toBe(3500)
@ -156,7 +157,7 @@ describe '/db/user, editing stripe property', ->
 
  it 'schedules the stripe subscription to be cancelled when stripe.planID is removed from the user', (done) ->
    delete joeData.stripe.planID
-    request.put {uri: userURL, json: joeData }, (err, res, body) ->
+    request.put {uri: userURL, json: joeData, headers: headers }, (err, res, body) ->
      joeData = body
      expect(res.statusCode).toBe(200)
      expect(joeData.stripe.subscriptionID).toBeDefined()
@ -170,7 +171,7 @@ describe '/db/user, editing stripe property', ->
  
  it 'allows you to sign up again using the same customer ID as before, no token necessary', (done) ->
    joeData.stripe.planID = 'basic'
-    request.put {uri: userURL, json: joeData }, (err, res, body) ->
+    request.put {uri: userURL, json: joeData, headers: headers }, (err, res, body) ->
      joeData = body
    
      expect(res.statusCode).toBe(200)
@ -208,7 +209,7 @@ describe '/db/user, editing stripe property', ->
          
  it "updates the customer's email when you change the user's email", (done) ->
    joeData.email = 'newEmail@gmail.com'
-    request.put {uri: userURL, json: joeData }, (err, res, body) ->
+    request.put {uri: userURL, json: joeData, headers: headers }, (err, res, body) ->
      f = -> stripe.customers.retrieve joeData.stripe.customerID, (err, customer) ->
        expect(customer.email).toBe('newEmail@gmail.com')
        done()