Merge branch 'main' into prod-cluster

Author: ryanjjung

assets/app/vue/views/SubscribeView/components/CheckoutStep.vue

@@ -16,19 +16,24 @@ const initCurrencyFormatter = (code: string) => {
   });
 };
 
+const DEFAULT_PAYMENT_TYPE = 'card';
+const ARE_WE_DONE_YET_TIMER_MS = 2500;
+const SHORT_WAIT_MS = 2500;
+const EXCEPTIONS_UNTIL_ERROR_SHOWN = 3;
+
+// We don't need these to be reactive
 let currencyFormatter = initCurrencyFormatter('USD');
 let paddle = null;
 let doneCheckerHandler = null;
 let exceptionCounter = 0;
-
+let transactionId = null;
+let paymentType = DEFAULT_PAYMENT_TYPE;
 
 const planName = ref();
 const planSystemError = ref(false);
 const paymentComplete = ref(false);
 const paddleLoading = ref(true);
 const paddleUnknownError = ref(false);
-const ARE_WE_DONE_YET_TIMER_MS = 2500;
-const EXCEPTIONS_UNTIL_ERROR_SHOWN = 3;
 
 // Placeholder information for the skeletons
 const order_summary = ref({
@@ -60,6 +65,8 @@ onUnmounted(() => {
  * 
  * Poll the is-done api route every 2.5 seconds, and if we're doneish (paid or complete) 
  * then reload the window to let the payment verification screen do their magic.
+ * 
+ * Triggered by PaddleJS's checkout events. (Anyone with a transaction ID!)
  */
 const areWeDoneHere = async () => {
   try {
@@ -76,9 +83,15 @@ const areWeDoneHere = async () => {
 
     // For some reason PaddleJS has paid's constant as undefined. Hmmm...
     if (['completed', 'paid'].indexOf(status) > -1) {
-      window.location.reload();
+      // Remove the Paddle checkout form, and after a short wait reload the page.
+      paymentComplete.value = true;
+      // We re-use this handler since it's not currently used, and it's hooked up to unMount.
+      doneCheckerHandler = window.setTimeout(() => {
+        window.location.reload();
+      }, SHORT_WAIT_MS);
+      return;
     }
-
+    
     // Lastly clear up the exception counter, if we've reached here there's no exceptions happening and no errors need to be shown.
     exceptionCounter = 0;
   } catch (e) {
@@ -132,21 +145,34 @@ const onPaddleEvent = async (evt: PaddleEventData) => {
   // Just update the cart, every checkout.* event has all the information on it.
   if (evt.name.indexOf('checkout.') === 0) {
     const data = evt.data;
+    const backendNeedsUpdate = transactionId !== (data?.transaction_id ?? null) || paymentType !== data.payment.method_details.type;
+
+    // Transaction ID should only update if we're not falsey.
+    if (data?.transaction_id) {
+      transactionId = data?.transaction_id ?? null;
+    }
 
-    // Set the transaction id
-    if (!doneCheckerHandler && data?.transaction_id) {
+    // Payment type is only reliably updated on payment selected.
+    if (evt.name == 'checkout.payment.selected') {
+      paymentType = data.payment.method_details.type;
+    }
+
+    if (backendNeedsUpdate) {
       await fetch('/api/v1/subscription/paddle/tx/set/', {
         mode: 'same-origin',
         credentials: 'include',
         method: 'PUT',
         body: JSON.stringify({
-          txid: data?.transaction_id,
+          payment_type: paymentType,
+          txid: transactionId,
         }),
         headers: {
           'X-CSRFToken': csrfToken,
         },
       });
+    }
 
+    if (!doneCheckerHandler && transactionId) {
       // Setup our done checker
       doneCheckerHandler = window.setTimeout(() => areWeDoneHere(), ARE_WE_DONE_YET_TIMER_MS);
     }
@@ -208,8 +234,9 @@ const setupPaddle = async () => {
     eventCallback: onPaddleEvent,
     checkout: {
       settings: {
+        successUrl: `${window.location.origin}/subscription/paddle/complete/`,
         displayMode: 'inline',
-        frameTarget: 'checkout-container',
+        frameTarget: 'paddle-checkout',
         frameInitialHeight: 992,
         frameStyle: 'width: 100%; background-color: transparent; border: none;',
         variant: 'one-page',
@@ -318,6 +345,7 @@ export default {
         <!-- Paddle's checkout will just disappear into the void once it starts redirecting us to successUrl.
              It looks ugly, so show a small message in its place. -->
         <p v-if="paymentComplete">{{ t('views.subscribe.paymentComplete') }}</p>
+        <div v-else class="paddle-checkout"></div>
       </card-container>
     </div>
   </div>
@@ -350,6 +378,7 @@ export default {
 
   .checkout-container {
     width: 100%;
+    min-height: 1090px;
   }
 
   .summary-card {

pulumi/Pulumi.stage.yaml

@@ -71,4 +71,4 @@ config:
   accounts:keycloak-admin-client-secret:
     secure: AAABACh3RnRJFRb37U658qPm+wN8GUDqeZ/Ck90/qJnGWmULNhVtn5u/+BD8NtVVvaqiMhRmwzja7wLeYypciQ==
   accounts:appointment-caldav-secret:
-    secure: AAABAForTqyhyLA5jEP8mv6uX1s2Kp9CFim/R+NCEAvC8ZgmBhqxsmcL8zWeTBsOZlfLGlkVNBFVo7/teEknbw==
+    secure: AAABAPXX4cm62Agkc0pob1MUB1c7qYxWgJeAFm1051m+Pe3uhZh9KA5qG9ZuTVCbj0i38CCkrefveMpxja23CQ==

pulumi/config.stage.yaml

@@ -300,6 +300,7 @@ resources:
         - stalwart-api-auth-key
         - keycloak-admin-client-id
         - keycloak-admin-client-secret
+        - appointment-caldav-secret
 
   tb:ec2:SshableInstance: {}
   # Fill out this template to build an SSH bastion

src/thunderbird_accounts/mail/utils.py

@@ -48,7 +48,6 @@ def decode_app_password(secret):
 
 
 def create_stalwart_account(user, app_password: Optional[str] = None) -> bool:
-    # Run this immediately for now, in the future we'll ship these to celery
     if user.account_set.count() > 0 and user.account_set.first().stalwart_id:
         return False
 

src/thunderbird_accounts/subscription/templates/close_window.html

@@ -0,0 +1,8 @@
+<html lang="en">
+<head></head>
+<body>
+<p>You may close this window.</p>
+<noscript>...you'll need to close the window manually because you do not have javascript enabled. Sorry!</noscript>
+<script>window.close();</script>
+</body>
+</html>

src/thunderbird_accounts/subscription/tests/test_views.py

@@ -121,17 +121,48 @@ def test_transaction_found_but_not_doneish(self):
 
             instance.notifications.list.assert_not_called()
 
-    def _test_doneish_by_status(self, tx_status):
+
+class PaddleTransactionCompleteCase(TestCase):
+    def setUp(self):
+        self.client = RequestClient()
+        self.user = User.objects.create(
+            username=f'test@{settings.PRIMARY_EMAIL_DOMAIN}', oidc_id='1234', is_awaiting_payment_verification=False
+        )
+        oidc_force_login(self.client, self.user)
+        self.url = reverse('paddle_completed')
+        self.txid = 'abc123'
+
+    def set_paddle_transaction_session_data(self, payment_type):
+        """This actually tests set_paddle_transaction_id too!"""
+        txid_response = self.client.put(
+            reverse('paddle_txid'), data=json.dumps({'txid': self.txid, 'payment_type': payment_type})
+        )
+        self.assertEqual(txid_response.status_code, 200)
+        data = txid_response.json()
+        self.assertTrue(data.get('success'))
+
+    def _test_doneish_by_status(self, tx_status, is_popup_payment_provider=False):
         """Helper function so we can reduce some code without introducing artifacts between test runs."""
-        # Make sure we have a txid in session
-        self.set_paddle_transaction_id()
+        # Make sure we have a txid and payment type in session
+        payment_type = 'card' if not is_popup_payment_provider else 'paypal'
+        ok_status_code = 200 if is_popup_payment_provider else 302
+        ok_payment_verification = tx_status in [
+            Transaction.StatusValues.PAID.value,
+            Transaction.StatusValues.COMPLETED.value,
+        ]
+
+        self.set_paddle_transaction_session_data(payment_type)
 
-        transaction = Transaction.objects.create(paddle_id=self.txid, status=tx_status)
+        transaction = Transaction.objects.create(paddle_id=self.txid, status=tx_status.value)
         self.assertIsNotNone(transaction)
 
         with patch('thunderbird_accounts.subscription.tasks.dev_only_paddle_fake_webhook', MagicMock()) as task_mock:
             with patch('thunderbird_accounts.subscription.decorators.Client', MagicMock()) as paddle_client_mock:
                 instance = paddle_client_mock()
+                status_mock = MagicMock()
+
+                status_mock.status = tx_status
+                instance.transactions.get.return_value = status_mock
 
                 self.assertFalse(self.user.is_awaiting_payment_verification)
 
@@ -140,26 +171,31 @@ def _test_doneish_by_status(self, tx_status):
                     follow=False,
                 )
                 self.assertTrue(response)
-                self.assertEqual(response.status_code, 200)
-
-                data = response.json()
-                self.assertTrue(data)
-                self.assertEqual(data.get('status'), tx_status)
+                self.assertEqual(response.status_code, ok_status_code)
 
                 self.user.refresh_from_db()
-                self.assertTrue(self.user.is_awaiting_payment_verification)
+                self.assertEqual(self.user.is_awaiting_payment_verification, ok_payment_verification)
 
+                instance.transactions.get.assert_called()
                 instance.notifications.list.assert_not_called()
                 task_mock.assert_not_called()
 
+    @override_settings(IS_DEV=False)
+    def test_transaction_found_and_is_not_doneish_by_being_ready(self):
+        """We found the transaction but it's doneish (status=READY). This shouldn't do anything!
+
+        We should also ensure IS_DEV=False does not call Paddle or the fake webhook task."""
+
+        self._test_doneish_by_status(Transaction.StatusValues.READY)
+
     @override_settings(IS_DEV=False)
     def test_transaction_found_and_is_doneish_by_being_paid(self):
         """We found the transaction but it's doneish (status=PAID). This should trigger payment verification
         and remove txid from session.
 
         We should also ensure IS_DEV=False does not call Paddle or the fake webhook task."""
 
-        self._test_doneish_by_status(Transaction.StatusValues.PAID.value)
+        self._test_doneish_by_status(Transaction.StatusValues.PAID)
 
     @override_settings(IS_DEV=False)
     def test_transaction_found_and_is_doneish_by_being_completed(self):
@@ -168,4 +204,22 @@ def test_transaction_found_and_is_doneish_by_being_completed(self):
 
         We should also ensure IS_DEV=False does not call Paddle or the fake webhook task."""
 
-        self._test_doneish_by_status(Transaction.StatusValues.COMPLETED.value)
+        self._test_doneish_by_status(Transaction.StatusValues.COMPLETED)
+
+    @override_settings(IS_DEV=False)
+    def test_transaction_found_and_is_doneish_by_being_paid_popup_popup_edition(self):
+        """We found the transaction but it's doneish (status=PAID). This should trigger payment verification
+        and remove txid from session.
+
+        We should also ensure IS_DEV=False does not call Paddle or the fake webhook task."""
+
+        self._test_doneish_by_status(Transaction.StatusValues.PAID, True)
+
+    @override_settings(IS_DEV=False)
+    def test_transaction_found_and_is_doneish_by_being_completed_popup_edition(self):
+        """We found the transaction but it's doneish (status=COMPLETED). This should trigger payment verification
+        and remove txid from session.
+
+        We should also ensure IS_DEV=False does not call Paddle or the fake webhook task."""
+
+        self._test_doneish_by_status(Transaction.StatusValues.COMPLETED, True)