Mostly implement order refunds and cancellations

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

Mostly implement order refunds and cancellations

Summary:
Ref T2787. This has some rough edges but basically works.

- Users can cancel orders that are in incomplete states (or in complete states, if the application allows them to -- for example, some future application might allow cancellation of billed-but-not-shipped orders).
- Merchant controllers can partially or fully refund orders from any state after payment.

Test Plan: This is still rough around the edges, but issued Stripe and WePay refunds.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D10664

epriestley 11 years ago 1e8c314c b6c65719

+781 -57

23 changed files

expand all collapse all

resources

sql

autopatches

20141008.phortunerefund.sql

src

__phutil_library_map__.php

applications

fund

phortune

FundBackerProduct.php

phortune

application

PhabricatorPhortuneApplication.php

cart

PhortuneCartImplementation.php

controller

PhortuneAccountViewController.php

PhortuneCartCancelController.php

PhortuneCartCheckoutController.php

PhortuneCartController.php

PhortuneCartViewController.php

PhortuneController.php

currency

PhortuneCurrency.php

product

PhortuneProductImplementation.php

provider

PhortuneBalancedPaymentProvider.php

PhortunePayPalPaymentProvider.php

PhortunePaymentProvider.php

PhortuneStripePaymentProvider.php

PhortuneTestPaymentProvider.php

PhortuneWePayPaymentProvider.php

storage

PhortuneAccount.php

PhortuneCart.php

PhortuneCharge.php

PhortuneProduct.php

+11

resources/sql/autopatches/20141008.phortunerefund.sql

reviewed

··· 1 1 + ALTER TABLE {$NAMESPACE}_phortune.phortune_charge 2 2 + ADD amountRefundedAsCurrency VARCHAR(64) NOT NULL COLLATE utf8_bin; 3 3 + 4 4 + UPDATE {$NAMESPACE}_phortune.phortune_charge 5 5 + SET amountRefundedAsCurrency = '0.00 USD'; 6 6 + 7 7 + ALTER TABLE {$NAMESPACE}_phortune.phortune_charge 8 8 + ADD refundingPHID VARBINARY(64); 9 9 + 10 10 + ALTER TABLE {$NAMESPACE}_phortune.phortune_charge 11 11 + ADD refundedChargePHID VARBINARY(64);

src/__phutil_library_map__.php

reviewed

··· 2554 2554 'PhortuneAccountViewController' => 'applications/phortune/controller/PhortuneAccountViewController.php', 2555 2555 'PhortuneBalancedPaymentProvider' => 'applications/phortune/provider/PhortuneBalancedPaymentProvider.php', 2556 2556 'PhortuneCart' => 'applications/phortune/storage/PhortuneCart.php', 2557 2557 + 'PhortuneCartCancelController' => 'applications/phortune/controller/PhortuneCartCancelController.php', 2557 2558 'PhortuneCartCheckoutController' => 'applications/phortune/controller/PhortuneCartCheckoutController.php', 2558 2559 'PhortuneCartController' => 'applications/phortune/controller/PhortuneCartController.php', 2559 2560 'PhortuneCartImplementation' => 'applications/phortune/cart/PhortuneCartImplementation.php', ··· 5608 5609 'PhortuneDAO', 5609 5610 'PhabricatorPolicyInterface', 5610 5611 ), 5612 5612 + 'PhortuneCartCancelController' => 'PhortuneCartController', 5611 5613 'PhortuneCartCheckoutController' => 'PhortuneCartController', 5612 5614 'PhortuneCartController' => 'PhortuneController', 5613 5615 'PhortuneCartListController' => 'PhortuneController',

src/applications/fund/phortune/FundBackerProduct.php

reviewed

··· 115 115 return; 116 116 } 117 117 118 118 + public function didRefundProduct( 119 119 + PhortuneProduct $product, 120 120 + PhortunePurchase $purchase) { 121 121 + $viewer = $this->getViewer(); 122 122 + // TODO: Undonate. 123 123 + } 124 124 + 118 125 }

src/applications/phortune/application/PhabricatorPhortuneApplication.php

reviewed

··· 48 48 'cart/(?P<id>\d+)/' => array( 49 49 '' => 'PhortuneCartViewController', 50 50 'checkout/' => 'PhortuneCartCheckoutController', 51 51 + '(?P<action>cancel|refund)/' => 'PhortuneCartCancelController', 51 52 ), 52 53 'account/' => array( 53 54 '' => 'PhortuneAccountListController',

+15

src/applications/phortune/cart/PhortuneCartImplementation.php

reviewed

··· 16 16 abstract public function getCancelURI(PhortuneCart $cart); 17 17 abstract public function getDoneURI(PhortuneCart $cart); 18 18 19 19 + public function assertCanCancelOrder(PhortuneCart $cart) { 20 20 + switch ($cart->getStatus()) { 21 21 + case PhortuneCart::STATUS_PURCHASED: 22 22 + throw new Exception( 23 23 + pht( 24 24 + 'This order can not be cancelled because it has already been '. 25 25 + 'completed.')); 26 26 + break; 27 27 + } 28 28 + } 29 29 + 30 30 + public function assertCanRefundOrder(PhortuneCart $cart) { 31 31 + return; 32 32 + } 33 33 + 19 34 abstract public function willCreateCart( 20 35 PhabricatorUser $viewer, 21 36 PhortuneCart $cart);

+11

src/applications/phortune/controller/PhortuneAccountViewController.php

reviewed

··· 12 12 $request = $this->getRequest(); 13 13 $user = $request->getUser(); 14 14 15 15 + // TODO: Currently, you must be able to edit an account to view the detail 16 16 + // page, because the account must be broadly visible so merchants can 17 17 + // process orders but merchants should not be able to see all the details 18 18 + // of an account. Ideally this page should be visible to merchants, too, 19 19 + // just with less information. 20 20 + 15 21 $account = id(new PhortuneAccountQuery()) 16 22 ->setViewer($user) 17 23 ->withIDs(array($this->accountID)) 24 24 + ->requireCapabilities( 25 25 + array( 26 26 + PhabricatorPolicyCapability::CAN_VIEW, 27 27 + PhabricatorPolicyCapability::CAN_EDIT, 28 28 + )) 18 29 ->executeOne(); 19 30 20 31 if (!$account) {

+195

src/applications/phortune/controller/PhortuneCartCancelController.php

reviewed

··· 1 1 + <?php 2 2 + 3 3 + final class PhortuneCartCancelController 4 4 + extends PhortuneCartController { 5 5 + 6 6 + private $id; 7 7 + private $action; 8 8 + 9 9 + public function willProcessRequest(array $data) { 10 10 + $this->id = $data['id']; 11 11 + $this->action = $data['action']; 12 12 + } 13 13 + 14 14 + public function processRequest() { 15 15 + $request = $this->getRequest(); 16 16 + $viewer = $request->getUser(); 17 17 + 18 18 + $cart = id(new PhortuneCartQuery()) 19 19 + ->setViewer($viewer) 20 20 + ->withIDs(array($this->id)) 21 21 + ->needPurchases(true) 22 22 + ->executeOne(); 23 23 + if (!$cart) { 24 24 + return new Aphront404Response(); 25 25 + } 26 26 + 27 27 + switch ($this->action) { 28 28 + case 'cancel': 29 29 + // You must be able to edit the account to cancel an order. 30 30 + PhabricatorPolicyFilter::requireCapability( 31 31 + $viewer, 32 32 + $cart->getAccount(), 33 33 + PhabricatorPolicyCapability::CAN_EDIT); 34 34 + $is_refund = false; 35 35 + break; 36 36 + case 'refund': 37 37 + // You must be able to control the merchant to refund an order. 38 38 + PhabricatorPolicyFilter::requireCapability( 39 39 + $viewer, 40 40 + $cart->getMerchant(), 41 41 + PhabricatorPolicyCapability::CAN_EDIT); 42 42 + $is_refund = true; 43 43 + break; 44 44 + default: 45 45 + return new Aphront404Response(); 46 46 + } 47 47 + 48 48 + $cancel_uri = $cart->getDetailURI(); 49 49 + $merchant = $cart->getMerchant(); 50 50 + 51 51 + try { 52 52 + if ($is_refund) { 53 53 + $title = pht('Unable to Refund Order'); 54 54 + $cart->assertCanRefundOrder(); 55 55 + } else { 56 56 + $title = pht('Unable to Cancel Order'); 57 57 + $cart->assertCanCancelOrder(); 58 58 + } 59 59 + } catch (Exception $ex) { 60 60 + return $this->newDialog() 61 61 + ->setTitle($title) 62 62 + ->appendChild($ex->getMessage()) 63 63 + ->addCancelButton($cancel_uri); 64 64 + } 65 65 + 66 66 + $charges = id(new PhortuneChargeQuery()) 67 67 + ->setViewer($viewer) 68 68 + ->withCartPHIDs(array($cart->getPHID())) 69 69 + ->withStatuses( 70 70 + array( 71 71 + PhortuneCharge::STATUS_CHARGED, 72 72 + )) 73 73 + ->execute(); 74 74 + 75 75 + $amounts = mpull($charges, 'getAmountAsCurrency'); 76 76 + $maximum = PhortuneCurrency::newFromList($amounts); 77 77 + $v_refund = $maximum->formatForDisplay(); 78 78 + 79 79 + $errors = array(); 80 80 + $e_refund = true; 81 81 + if ($request->isFormPost()) { 82 82 + if ($is_refund) { 83 83 + try { 84 84 + $refund = PhortuneCurrency::newFromUserInput( 85 85 + $viewer, 86 86 + $request->getStr('refund')); 87 87 + $refund->assertInRange('0.00 USD', $maximum->formatForDisplay()); 88 88 + } catch (Exception $ex) { 89 89 + $errors[] = $ex; 90 90 + $e_refund = pht('Invalid'); 91 91 + } 92 92 + } else { 93 93 + $refund = $maximum; 94 94 + } 95 95 + 96 96 + if (!$errors) { 97 97 + $charges = msort($charges, 'getID'); 98 98 + $charges = array_reverse($charges); 99 99 + 100 100 + if ($charges) { 101 101 + $providers = id(new PhortunePaymentProviderConfigQuery()) 102 102 + ->setViewer($viewer) 103 103 + ->withPHIDs(mpull($charges, 'getProviderPHID')) 104 104 + ->execute(); 105 105 + $providers = mpull($providers, null, 'getPHID'); 106 106 + } else { 107 107 + $providers = array(); 108 108 + } 109 109 + 110 110 + foreach ($charges as $charge) { 111 111 + $refundable = $charge->getAmountRefundableAsCurrency(); 112 112 + if (!$refundable->isPositive()) { 113 113 + // This charge is a refund, or has already been fully refunded. 114 114 + continue; 115 115 + } 116 116 + 117 117 + if ($refund->isGreaterThan($refundable)) { 118 118 + $refund_amount = $refundable; 119 119 + } else { 120 120 + $refund_amount = $refund; 121 121 + } 122 122 + 123 123 + $provider_config = idx($providers, $charge->getProviderPHID()); 124 124 + if (!$provider_config) { 125 125 + throw new Exception(pht('Unable to load provider for charge!')); 126 126 + } 127 127 + 128 128 + $provider = $provider_config->buildProvider(); 129 129 + 130 130 + $refund_charge = $cart->willRefundCharge( 131 131 + $viewer, 132 132 + $provider, 133 133 + $charge, 134 134 + $refund_amount); 135 135 + 136 136 + $refunded = false; 137 137 + try { 138 138 + $provider->refundCharge($charge, $refund_charge); 139 139 + $refunded = true; 140 140 + } catch (Exception $ex) { 141 141 + phlog($ex); 142 142 + $cart->didFailRefund($charge, $refund_charge); 143 143 + } 144 144 + 145 145 + if ($refunded) { 146 146 + $cart->didRefundCharge($charge, $refund_charge); 147 147 + $refund = $refund->subtract($refund_amount); 148 148 + } 149 149 + 150 150 + if (!$refund->isPositive()) { 151 151 + break; 152 152 + } 153 153 + } 154 154 + 155 155 + if ($refund->isPositive()) { 156 156 + throw new Exception(pht('Unable to refund some charges!')); 157 157 + } 158 158 + 159 159 + return id(new AphrontRedirectResponse())->setURI($cancel_uri); 160 160 + } 161 161 + } 162 162 + 163 163 + if ($is_refund) { 164 164 + $title = pht('Refund Order?'); 165 165 + $body = pht( 166 166 + 'Really refund this order?'); 167 167 + $button = pht('Refund Order'); 168 168 + 169 169 + $form = id(new AphrontFormView()) 170 170 + ->setUser($viewer) 171 171 + ->appendChild( 172 172 + id(new AphrontFormTextControl()) 173 173 + ->setName('refund') 174 174 + ->setLabel(pht('Amount')) 175 175 + ->setError($e_refund) 176 176 + ->setValue($v_refund)); 177 177 + 178 178 + $form = $form->buildLayoutView(); 179 179 + } else { 180 180 + $title = pht('Cancel Order?'); 181 181 + $body = pht( 182 182 + 'Really cancel this order? Any payment will be refunded.'); 183 183 + $button = pht('Cancel Order'); 184 184 + 185 185 + $form = null; 186 186 + } 187 187 + 188 188 + return $this->newDialog() 189 189 + ->setTitle($title) 190 190 + ->appendChild($body) 191 191 + ->appendChild($form) 192 192 + ->addSubmitButton($button) 193 193 + ->addCancelButton($cancel_uri); 194 194 + } 195 195 + }

+6 -2

src/applications/phortune/controller/PhortuneCartCheckoutController.php

reviewed

··· 119 119 } 120 120 } 121 121 122 122 - $cart_box = $this->buildCartContents($cart); 123 123 - $cart_box->setFormErrors($errors); 122 122 + $cart_table = $this->buildCartContentTable($cart); 123 123 + 124 124 + $cart_box = id(new PHUIObjectBoxView()) 125 125 + ->setFormErrors($errors) 126 126 + ->setHeaderText(pht('Cart Contents')) 127 127 + ->appendChild($cart_table); 124 128 125 129 $title = pht('Buy Stuff'); 126 130

+2 -4

src/applications/phortune/controller/PhortuneCartController.php

reviewed

··· 3 3 abstract class PhortuneCartController 4 4 extends PhortuneController { 5 5 6 6 - protected function buildCartContents(PhortuneCart $cart) { 6 6 + protected function buildCartContentTable(PhortuneCart $cart) { 7 7 8 8 $rows = array(); 9 9 foreach ($cart->getPurchases() as $purchase) { ··· 39 39 'right', 40 40 )); 41 41 42 42 - return id(new PHUIObjectBoxView()) 43 43 - ->setHeaderText(pht('Cart Contents')) 44 44 - ->appendChild($table); 42 42 + return $table; 45 43 } 46 44 47 45 }

+96 -1

src/applications/phortune/controller/PhortuneCartViewController.php

reviewed

··· 22 22 return new Aphront404Response(); 23 23 } 24 24 25 25 - $cart_box = $this->buildCartContents($cart); 25 25 + $can_admin = PhabricatorPolicyFilter::hasCapability( 26 26 + $viewer, 27 27 + $cart->getMerchant(), 28 28 + PhabricatorPolicyCapability::CAN_EDIT); 29 29 + 30 30 + $cart_table = $this->buildCartContentTable($cart); 31 31 + 32 32 + $properties = $this->buildPropertyListView($cart); 33 33 + $actions = $this->buildActionListView($cart, $can_admin); 34 34 + $properties->setActionList($actions); 35 35 + 36 36 + $header = id(new PHUIHeaderView()) 37 37 + ->setUser($viewer) 38 38 + ->setHeader(pht('Order Detail')) 39 39 + ->setPolicyObject($cart); 40 40 + 41 41 + $cart_box = id(new PHUIObjectBoxView()) 42 42 + ->setHeader($header) 43 43 + ->appendChild($properties) 44 44 + ->appendChild($cart_table); 26 45 27 46 $charges = id(new PhortuneChargeQuery()) 28 47 ->setViewer($viewer) ··· 49 68 )); 50 69 51 70 } 71 71 + 72 72 + private function buildPropertyListView(PhortuneCart $cart) { 73 73 + 74 74 + $viewer = $this->getRequest()->getUser(); 75 75 + 76 76 + $view = id(new PHUIPropertyListView()) 77 77 + ->setUser($viewer) 78 78 + ->setObject($cart); 79 79 + 80 80 + $handles = $this->loadViewerHandles( 81 81 + array( 82 82 + $cart->getAccountPHID(), 83 83 + $cart->getAuthorPHID(), 84 84 + $cart->getMerchantPHID(), 85 85 + )); 86 86 + 87 87 + $view->addProperty( 88 88 + pht('Order Name'), 89 89 + $cart->getName()); 90 90 + $view->addProperty( 91 91 + pht('Account'), 92 92 + $handles[$cart->getAccountPHID()]->renderLink()); 93 93 + $view->addProperty( 94 94 + pht('Authorized By'), 95 95 + $handles[$cart->getAuthorPHID()]->renderLink()); 96 96 + $view->addProperty( 97 97 + pht('Merchant'), 98 98 + $handles[$cart->getMerchantPHID()]->renderLink()); 99 99 + $view->addProperty( 100 100 + pht('Status'), 101 101 + PhortuneCart::getNameForStatus($cart->getStatus())); 102 102 + $view->addProperty( 103 103 + pht('Updated'), 104 104 + phabricator_datetime($cart->getDateModified(), $viewer)); 105 105 + 106 106 + return $view; 107 107 + } 108 108 + 109 109 + private function buildActionListView(PhortuneCart $cart, $can_admin) { 110 110 + $viewer = $this->getRequest()->getUser(); 111 111 + $id = $cart->getID(); 112 112 + 113 113 + $can_edit = PhabricatorPolicyFilter::hasCapability( 114 114 + $viewer, 115 115 + $cart, 116 116 + PhabricatorPolicyCapability::CAN_EDIT); 117 117 + 118 118 + $view = id(new PhabricatorActionListView()) 119 119 + ->setUser($viewer) 120 120 + ->setObject($cart); 121 121 + 122 122 + $can_cancel = ($can_edit && $cart->canCancelOrder()); 123 123 + 124 124 + $cancel_uri = $this->getApplicationURI("cart/{$id}/cancel/"); 125 125 + $refund_uri = $this->getApplicationURI("cart/{$id}/refund/"); 126 126 + 127 127 + $view->addAction( 128 128 + id(new PhabricatorActionView()) 129 129 + ->setName(pht('Cancel Order')) 130 130 + ->setIcon('fa-times') 131 131 + ->setDisabled(!$can_cancel) 132 132 + ->setWorkflow(true) 133 133 + ->setHref($cancel_uri)); 134 134 + 135 135 + if ($can_admin) { 136 136 + $view->addAction( 137 137 + id(new PhabricatorActionView()) 138 138 + ->setName(pht('Refund Order')) 139 139 + ->setIcon('fa-reply') 140 140 + ->setWorkflow(true) 141 141 + ->setHref($refund_uri)); 142 142 + } 143 143 + 144 144 + return $view; 145 145 + } 146 146 + 52 147 }

+4 -2

src/applications/phortune/controller/PhortuneController.php

reviewed

··· 28 28 $charge->getID(), 29 29 $handles[$charge->getCartPHID()]->renderLink(), 30 30 $handles[$charge->getProviderPHID()]->renderLink(), 31 31 - $handles[$charge->getPaymentMethodPHID()]->renderLink(), 31 31 + $charge->getPaymentMethodPHID() 32 32 + ? $handles[$charge->getPaymentMethodPHID()]->renderLink() 33 33 + : null, 32 34 $handles[$charge->getMerchantPHID()]->renderLink(), 33 35 $charge->getAmountAsCurrency()->formatForDisplay(), 34 34 - PhortuneCharge::getNameForStatus($charge->getStatus()), 36 36 + $charge->getStatusForDisplay(), 35 37 phabricator_datetime($charge->getDateCreated(), $viewer), 36 38 ); 37 39 }

+54 -8

src/applications/phortune/currency/PhortuneCurrency.php

reviewed

··· 48 48 $value = (int)round(100 * $value); 49 49 50 50 $currency = idx($matches, 2, $default); 51 51 - if ($currency) { 52 52 - switch ($currency) { 53 53 - case 'USD': 54 54 - break; 55 55 - default: 56 56 - throw new Exception("Unsupported currency '{$currency}'!"); 57 57 - } 51 51 + switch ($currency) { 52 52 + case 'USD': 53 53 + break; 54 54 + default: 55 55 + throw new Exception("Unsupported currency '{$currency}'!"); 58 56 } 59 57 60 58 return self::newFromValueAndCurrency($value, $currency); ··· 126 124 throw new Exception("Invalid currency format ('{$string}')."); 127 125 } 128 126 127 127 + private function throwUnlikeCurrenciesException(PhortuneCurrency $other) { 128 128 + throw new Exception( 129 129 + pht( 130 130 + 'Trying to operate on unlike currencies ("%s" and "%s")!', 131 131 + $this->currency, 132 132 + $other->currency)); 133 133 + } 134 134 + 129 135 public function add(PhortuneCurrency $other) { 130 136 if ($this->currency !== $other->currency) { 131 131 - throw new Exception(pht('Trying to add unlike currencies!')); 137 137 + $this->throwUnlikeCurrenciesException($other); 132 138 } 133 139 134 140 $currency = new PhortuneCurrency(); ··· 138 144 $currency->currency = $this->currency; 139 145 140 146 return $currency; 147 147 + } 148 148 + 149 149 + public function subtract(PhortuneCurrency $other) { 150 150 + if ($this->currency !== $other->currency) { 151 151 + $this->throwUnlikeCurrenciesException($other); 152 152 + } 153 153 + 154 154 + $currency = new PhortuneCurrency(); 155 155 + 156 156 + // TODO: This should check for integer overflows, etc. 157 157 + $currency->value = $this->value - $other->value; 158 158 + $currency->currency = $this->currency; 159 159 + 160 160 + return $currency; 161 161 + } 162 162 + 163 163 + public function isEqualTo(PhortuneCurrency $other) { 164 164 + if ($this->currency !== $other->currency) { 165 165 + $this->throwUnlikeCurrenciesException($other); 166 166 + } 167 167 + 168 168 + return ($this->value === $other->value); 169 169 + } 170 170 + 171 171 + public function negate() { 172 172 + $currency = new PhortuneCurrency(); 173 173 + $currency->value = -$this->value; 174 174 + $currency->currency = $this->currency; 175 175 + return $currency; 176 176 + } 177 177 + 178 178 + public function isPositive() { 179 179 + return ($this->value > 0); 180 180 + } 181 181 + 182 182 + public function isGreaterThan(PhortuneCurrency $other) { 183 183 + if ($this->currency !== $other->currency) { 184 184 + $this->throwUnlikeCurrenciesException($other); 185 185 + } 186 186 + return $this->value > $other->value; 141 187 } 142 188 143 189 /**

src/applications/phortune/product/PhortuneProductImplementation.php

reviewed

··· 28 28 return; 29 29 } 30 30 31 31 + public function didRefundProduct( 32 32 + PhortuneProduct $product, 33 33 + PhortunePurchase $purchase) { 34 34 + return; 35 35 + } 36 36 + 31 37 }

+8 -1

src/applications/phortune/provider/PhortuneBalancedPaymentProvider.php

reviewed

··· 179 179 $charge->save(); 180 180 } 181 181 182 182 + protected function executeRefund( 183 183 + PhortuneCharge $charge, 184 184 + PhortuneCharge $refund) { 185 185 + // TODO: Implement. 186 186 + throw new PhortuneNotImplementedException($this); 187 187 + } 188 188 + 182 189 private function getMarketplaceID() { 183 190 return $this 184 191 ->getProviderConfig() ··· 192 199 } 193 200 194 201 private function getMarketplaceURI() { 195 195 - return '/v1/marketplace/'.$this->getMarketplaceID(); 202 202 + return '/v1/marketplaces/'.$this->getMarketplaceID(); 196 203 } 197 204 198 205

src/applications/phortune/provider/PhortunePayPalPaymentProvider.php

reviewed

··· 167 167 throw new Exception('!'); 168 168 } 169 169 170 170 + protected function executeRefund( 171 171 + PhortuneCharge $charge, 172 172 + PhortuneCharge $refund) { 173 173 + // TODO: Implement. 174 174 + throw new PhortuneNotImplementedException($this); 175 175 + } 176 176 + 170 177 private function getPaypalAPIUsername() { 171 178 return $this 172 179 ->getProviderConfig()

+10

src/applications/phortune/provider/PhortunePaymentProvider.php

reviewed

··· 137 137 $this->executeCharge($payment_method, $charge); 138 138 } 139 139 140 140 + final public function refundCharge( 141 141 + PhortuneCharge $charge, 142 142 + PhortuneCharge $refund) { 143 143 + $this->executeRefund($charge, $refund); 144 144 + } 145 145 + 140 146 abstract protected function executeCharge( 141 147 PhortunePaymentMethod $payment_method, 148 148 + PhortuneCharge $charge); 149 149 + 150 150 + abstract protected function executeRefund( 151 151 + PhortuneCharge $charge, 142 152 PhortuneCharge $charge); 143 153 144 154

+36 -6

src/applications/phortune/provider/PhortuneStripePaymentProvider.php

reviewed

··· 146 146 'capture' => true, 147 147 ); 148 148 149 149 - try { 150 150 - $stripe_charge = Stripe_Charge::create($params, $secret_key); 151 151 - } catch (Stripe_CardError $ex) { 152 152 - // TODO: Fail charge explicitly. 153 153 - throw $ex; 154 154 - } 149 149 + $stripe_charge = Stripe_Charge::create($params, $secret_key); 155 150 156 151 $id = $stripe_charge->id; 157 152 if (!$id) { ··· 159 154 } 160 155 161 156 $charge->setMetadataValue('stripe.chargeID', $id); 157 157 + $charge->save(); 158 158 + } 159 159 + 160 160 + protected function executeRefund( 161 161 + PhortuneCharge $charge, 162 162 + PhortuneCharge $refund) { 163 163 + 164 164 + $charge_id = $charge->getMetadataValue('stripe.chargeID'); 165 165 + if (!$charge_id) { 166 166 + throw new Exception( 167 167 + pht('Unable to refund charge; no Stripe chargeID!')); 168 168 + } 169 169 + 170 170 + $root = dirname(phutil_get_library_root('phabricator')); 171 171 + require_once $root.'/externals/stripe-php/lib/Stripe.php'; 172 172 + 173 173 + $refund_cents = $refund 174 174 + ->getAmountAsCurrency() 175 175 + ->negate() 176 176 + ->getValueInUSDCents(); 177 177 + 178 178 + $secret_key = $this->getSecretKey(); 179 179 + $params = array( 180 180 + 'amount' => $refund_cents, 181 181 + ); 182 182 + 183 183 + $stripe_charge = Stripe_Charge::retrieve($charge_id, $secret_key); 184 184 + $stripe_refund = $stripe_charge->refunds->create($params); 185 185 + 186 186 + $id = $stripe_refund->id; 187 187 + if (!$id) { 188 188 + throw new Exception(pht('Stripe refund call did not return an ID!')); 189 189 + } 190 190 + 191 191 + $charge->setMetadataValue('stripe.refundID', $id); 162 192 $charge->save(); 163 193 } 164 194

src/applications/phortune/provider/PhortuneTestPaymentProvider.php

reviewed

··· 56 56 return; 57 57 } 58 58 59 59 + protected function executeRefund( 60 60 + PhortuneCharge $charge, 61 61 + PhortuneCharge $refund) { 62 62 + return; 63 63 + } 64 64 + 59 65 public function getAllConfigurableProperties() { 60 66 return array(); 61 67 }

+23

src/applications/phortune/provider/PhortuneWePayPaymentProvider.php

reviewed

··· 186 186 ->getMetadataValue(self::WEPAY_ACCOUNT_ID); 187 187 } 188 188 189 189 + protected function executeRefund( 190 190 + PhortuneCharge $charge, 191 191 + PhortuneCharge $refund) { 192 192 + 193 193 + $root = dirname(phutil_get_library_root('phabricator')); 194 194 + require_once $root.'/externals/wepay/wepay.php'; 195 195 + 196 196 + WePay::useStaging( 197 197 + $this->getWePayClientID(), 198 198 + $this->getWePayClientSecret()); 199 199 + 200 200 + $wepay = new WePay($this->getWePayAccessToken()); 201 201 + 202 202 + $charge_id = $charge->getMetadataValue('wepay.checkoutID'); 203 203 + 204 204 + $params = array( 205 205 + 'checkout_id' => $charge_id, 206 206 + 'refund_reason' => pht('Refund'), 207 207 + 'amount' => $refund->getAmountAsCurrency()->negate()->formatBareValue(), 208 208 + ); 209 209 + 210 210 + $wepay->request('checkout/refund', $params); 211 211 + } 189 212 190 213 /* -( One-Time Payments )-------------------------------------------------- */ 191 214

+13 -5

src/applications/phortune/storage/PhortuneAccount.php

reviewed

··· 106 106 } 107 107 108 108 public function getPolicy($capability) { 109 109 - if ($this->getPHID() === null) { 110 110 - // Allow a user to create an account for themselves. 111 111 - return PhabricatorPolicies::POLICY_USER; 112 112 - } else { 113 113 - return PhabricatorPolicies::POLICY_NOONE; 109 109 + switch ($capability) { 110 110 + case PhabricatorPolicyCapability::CAN_VIEW: 111 111 + // Accounts are technically visible to all users, because merchant 112 112 + // controllers need to be able to see accounts in order to process 113 113 + // orders. We lock things down more tightly at the application level. 114 114 + return PhabricatorPolicies::POLICY_USER; 115 115 + case PhabricatorPolicyCapability::CAN_EDIT: 116 116 + if ($this->getPHID() === null) { 117 117 + // Allow a user to create an account for themselves. 118 118 + return PhabricatorPolicies::POLICY_USER; 119 119 + } else { 120 120 + return PhabricatorPolicies::POLICY_NOONE; 121 121 + } 114 122 } 115 123 } 116 124

+220 -26

src/applications/phortune/storage/PhortuneCart.php

reviewed

··· 92 92 $this->openTransaction(); 93 93 $this->beginReadLocking(); 94 94 95 95 - $copy = clone $this; 96 96 - $copy->reload(); 95 95 + $copy = clone $this; 96 96 + $copy->reload(); 97 97 98 98 - if ($copy->getStatus() !== self::STATUS_READY) { 99 99 - throw new Exception( 100 100 - pht( 101 101 - 'Cart has wrong status ("%s") to call willApplyCharge(), expected '. 102 102 - '"%s".', 103 103 - $copy->getStatus(), 104 104 - self::STATUS_READY)); 105 105 - } 98 98 + if ($copy->getStatus() !== self::STATUS_READY) { 99 99 + throw new Exception( 100 100 + pht( 101 101 + 'Cart has wrong status ("%s") to call willApplyCharge(), '. 102 102 + 'expected "%s".', 103 103 + $copy->getStatus(), 104 104 + self::STATUS_READY)); 105 105 + } 106 106 + 107 107 + $charge->save(); 108 108 + $this->setStatus(PhortuneCart::STATUS_PURCHASING)->save(); 106 109 107 107 - $charge->save(); 108 108 - $this->setStatus(PhortuneCart::STATUS_PURCHASING)->save(); 110 110 + $this->endReadLocking(); 109 111 $this->saveTransaction(); 110 112 111 113 return $charge; ··· 117 119 $this->openTransaction(); 118 120 $this->beginReadLocking(); 119 121 120 120 - $copy = clone $this; 121 121 - $copy->reload(); 122 122 + $copy = clone $this; 123 123 + $copy->reload(); 122 124 123 123 - if ($copy->getStatus() !== self::STATUS_PURCHASING) { 124 124 - throw new Exception( 125 125 - pht( 126 126 - 'Cart has wrong status ("%s") to call didApplyCharge(), expected '. 127 127 - '"%s".', 128 128 - $copy->getStatus(), 129 129 - self::STATUS_PURCHASING)); 130 130 - } 125 125 + if ($copy->getStatus() !== self::STATUS_PURCHASING) { 126 126 + throw new Exception( 127 127 + pht( 128 128 + 'Cart has wrong status ("%s") to call didApplyCharge(), '. 129 129 + 'expected "%s".', 130 130 + $copy->getStatus(), 131 131 + self::STATUS_PURCHASING)); 132 132 + } 133 133 + 134 134 + $charge->save(); 135 135 + $this->setStatus(self::STATUS_CHARGED)->save(); 131 136 132 132 - $charge->save(); 133 133 - $this->setStatus(self::STATUS_CHARGED)->save(); 137 137 + $this->endReadLocking(); 134 138 $this->saveTransaction(); 135 139 136 140 foreach ($this->purchases as $purchase) { ··· 142 146 return $this; 143 147 } 144 148 149 149 + public function willRefundCharge( 150 150 + PhabricatorUser $actor, 151 151 + PhortunePaymentProvider $provider, 152 152 + PhortuneCharge $charge, 153 153 + PhortuneCurrency $amount) { 154 154 + 155 155 + if (!$amount->isPositive()) { 156 156 + throw new Exception( 157 157 + pht('Trying to refund nonpositive amount of money!')); 158 158 + } 159 159 + 160 160 + if ($amount->isGreaterThan($charge->getAmountRefundableAsCurrency())) { 161 161 + throw new Exception( 162 162 + pht('Trying to refund more money than remaining on charge!')); 163 163 + } 164 164 + 165 165 + if ($charge->getRefundedChargePHID()) { 166 166 + throw new Exception( 167 167 + pht('Trying to refund a refund!')); 168 168 + } 169 169 + 170 170 + if ($charge->getStatus() !== PhortuneCharge::STATUS_CHARGED) { 171 171 + throw new Exception( 172 172 + pht('Trying to refund an uncharged charge!')); 173 173 + } 174 174 + 175 175 + $refund_charge = PhortuneCharge::initializeNewCharge() 176 176 + ->setAccountPHID($this->getAccount()->getPHID()) 177 177 + ->setCartPHID($this->getPHID()) 178 178 + ->setAuthorPHID($actor->getPHID()) 179 179 + ->setMerchantPHID($this->getMerchant()->getPHID()) 180 180 + ->setProviderPHID($provider->getProviderConfig()->getPHID()) 181 181 + ->setPaymentMethodPHID($charge->getPaymentMethodPHID()) 182 182 + ->setRefundedChargePHID($charge->getPHID()) 183 183 + ->setAmountAsCurrency($amount->negate()); 184 184 + 185 185 + $charge->openTransaction(); 186 186 + $charge->beginReadLocking(); 187 187 + 188 188 + $copy = clone $charge; 189 189 + $copy->reload(); 190 190 + 191 191 + if ($copy->getRefundingPHID() !== null) { 192 192 + throw new Exception( 193 193 + pht('Trying to refund a charge which is already refunding!')); 194 194 + } 195 195 + 196 196 + $refund_charge->save(); 197 197 + $charge->setRefundingPHID($refund_charge->getPHID()); 198 198 + $charge->save(); 199 199 + 200 200 + $charge->endReadLocking(); 201 201 + $charge->saveTransaction(); 202 202 + 203 203 + return $refund_charge; 204 204 + } 205 205 + 206 206 + public function didRefundCharge( 207 207 + PhortuneCharge $charge, 208 208 + PhortuneCharge $refund) { 209 209 + 210 210 + $refund->setStatus(PhortuneCharge::STATUS_CHARGED); 211 211 + 212 212 + $this->openTransaction(); 213 213 + $this->beginReadLocking(); 214 214 + 215 215 + $copy = clone $charge; 216 216 + $copy->reload(); 217 217 + 218 218 + if ($charge->getRefundingPHID() !== $refund->getPHID()) { 219 219 + throw new Exception( 220 220 + pht('Charge is in the wrong refunding state!')); 221 221 + } 222 222 + 223 223 + $charge->setRefundingPHID(null); 224 224 + 225 225 + // NOTE: There's some trickiness here to get the signs right. Both 226 226 + // these values are positive but the refund has a negative value. 227 227 + $total_refunded = $charge 228 228 + ->getAmountRefundedAsCurrency() 229 229 + ->add($refund->getAmountAsCurrency()->negate()); 230 230 + 231 231 + $charge->setAmountRefundedAsCurrency($total_refunded); 232 232 + $charge->save(); 233 233 + $refund->save(); 234 234 + 235 235 + $this->endReadLocking(); 236 236 + $this->saveTransaction(); 237 237 + 238 238 + foreach ($this->purchases as $purchase) { 239 239 + $purchase->getProduct()->didRefundProduct($purchase); 240 240 + } 241 241 + 242 242 + return $this; 243 243 + } 244 244 + 245 245 + public function didFailRefund( 246 246 + PhortuneCharge $charge, 247 247 + PhortuneCharge $refund) { 248 248 + 249 249 + $refund->setStatus(PhortuneCharge::STATUS_FAILED); 250 250 + 251 251 + $this->openTransaction(); 252 252 + $this->beginReadLocking(); 253 253 + 254 254 + $copy = clone $charge; 255 255 + $copy->reload(); 256 256 + 257 257 + if ($charge->getRefundingPHID() !== $refund->getPHID()) { 258 258 + throw new Exception( 259 259 + pht('Charge is in the wrong refunding state!')); 260 260 + } 261 261 + 262 262 + $charge->setRefundingPHID(null); 263 263 + $charge->save(); 264 264 + $refund->save(); 265 265 + 266 266 + $this->endReadLocking(); 267 267 + $this->saveTransaction(); 268 268 + } 269 269 + 145 270 public function getName() { 146 271 return $this->getImplementation()->getName($this); 147 272 } ··· 162 287 return '/phortune/cart/'.$this->getID().'/checkout/'; 163 288 } 164 289 290 290 + public function canCancelOrder() { 291 291 + try { 292 292 + $this->assertCanCancelOrder(); 293 293 + return true; 294 294 + } catch (Exception $ex) { 295 295 + return false; 296 296 + } 297 297 + } 298 298 + 299 299 + public function canRefundOrder() { 300 300 + try { 301 301 + $this->assertCanRefundOrder(); 302 302 + return true; 303 303 + } catch (Exception $ex) { 304 304 + return false; 305 305 + } 306 306 + } 307 307 + 308 308 + public function assertCanCancelOrder() { 309 309 + switch ($this->getStatus()) { 310 310 + case self::STATUS_BUILDING: 311 311 + throw new Exception( 312 312 + pht( 313 313 + 'This order can not be cancelled because the application has not '. 314 314 + 'finished building it yet.')); 315 315 + case self::STATUS_READY: 316 316 + throw new Exception( 317 317 + pht( 318 318 + 'This order can not be cancelled because it has not been placed.')); 319 319 + } 320 320 + 321 321 + return $this->getImplementation()->assertCanCancelOrder($this); 322 322 + } 323 323 + 324 324 + public function assertCanRefundOrder() { 325 325 + switch ($this->getStatus()) { 326 326 + case self::STATUS_BUILDING: 327 327 + throw new Exception( 328 328 + pht( 329 329 + 'This order can not be refunded because the application has not '. 330 330 + 'finished building it yet.')); 331 331 + case self::STATUS_READY: 332 332 + throw new Exception( 333 333 + pht( 334 334 + 'This order can not be refunded because it has not been placed.')); 335 335 + } 336 336 + 337 337 + return $this->getImplementation()->assertCanRefundOrder($this); 338 338 + } 339 339 + 165 340 public function getConfiguration() { 166 341 return array( 167 342 self::CONFIG_AUX_PHID => true, ··· 260 435 } 261 436 262 437 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { 263 263 - return $this->getAccount()->hasAutomaticCapability($capability, $viewer); 438 438 + if ($this->getAccount()->hasAutomaticCapability($capability, $viewer)) { 439 439 + return true; 440 440 + } 441 441 + 442 442 + // If the viewer controls the merchant this order was placed with, they 443 443 + // can view the order. 444 444 + if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { 445 445 + $can_admin = PhabricatorPolicyFilter::hasCapability( 446 446 + $viewer, 447 447 + $this->getMerchant(), 448 448 + PhabricatorPolicyCapability::CAN_EDIT); 449 449 + if ($can_admin) { 450 450 + return true; 451 451 + } 452 452 + } 453 453 + 454 454 + return false; 264 455 } 265 456 266 457 public function describeAutomaticCapability($capability) { 267 267 - return pht('Carts inherit the policies of the associated account.'); 458 458 + return array( 459 459 + pht('Orders inherit the policies of the associated account.'), 460 460 + pht('The merchant you placed an order with can review and manage it.'), 461 461 + ); 268 462 } 269 463 270 464 }

+44 -2

src/applications/phortune/storage/PhortuneCharge.php

reviewed

··· 20 20 protected $merchantPHID; 21 21 protected $paymentMethodPHID; 22 22 protected $amountAsCurrency; 23 23 + protected $amountRefundedAsCurrency; 24 24 + protected $refundedChargePHID; 25 25 + protected $refundingPHID; 23 26 protected $status; 24 27 protected $metadata = array(); 25 28 ··· 28 31 29 32 public static function initializeNewCharge() { 30 33 return id(new PhortuneCharge()) 31 31 - ->setStatus(self::STATUS_CHARGING); 34 34 + ->setStatus(self::STATUS_CHARGING) 35 35 + ->setAmountRefundedAsCurrency(PhortuneCurrency::newEmptyCurrency()); 32 36 } 33 37 34 38 public function getConfiguration() { ··· 39 43 ), 40 44 self::CONFIG_APPLICATION_SERIALIZERS => array( 41 45 'amountAsCurrency' => new PhortuneCurrencySerializer(), 46 46 + 'amountRefundedAsCurrency' => new PhortuneCurrencySerializer(), 42 47 ), 43 48 self::CONFIG_COLUMN_SCHEMA => array( 44 44 - 'paymentProviderKey' => 'text128', 45 49 'paymentMethodPHID' => 'phid?', 50 50 + 'refundedChargePHID' => 'phid?', 51 51 + 'refundingPHID' => 'phid?', 46 52 'amountAsCurrency' => 'text64', 53 53 + 'amountRefundedAsCurrency' => 'text64', 47 54 'status' => 'text32', 48 55 ), 49 56 self::CONFIG_KEY_SCHEMA => array( ··· 75 82 return idx(self::getStatusNameMap(), $status, pht('Unknown')); 76 83 } 77 84 85 85 + public function getStatusForDisplay() { 86 86 + if ($this->getStatus() == self::STATUS_CHARGED) { 87 87 + if ($this->getRefundedChargePHID()) { 88 88 + return pht('Refund'); 89 89 + } 90 90 + 91 91 + $refunded = $this->getAmountRefundedAsCurrency(); 92 92 + 93 93 + if ($refunded->isPositive()) { 94 94 + if ($refunded->isEqualTo($this->getAmountAsCurrency())) { 95 95 + return pht('Fully Refunded'); 96 96 + } else { 97 97 + return pht('%s Refunded', $refunded->formatForDisplay()); 98 98 + } 99 99 + } 100 100 + } 101 101 + 102 102 + return self::getNameForStatus($this->getStatus()); 103 103 + } 104 104 + 78 105 public function generatePHID() { 79 106 return PhabricatorPHID::generateNewPHID( 80 107 PhortuneChargePHIDType::TYPECONST); ··· 105 132 public function attachCart(PhortuneCart $cart = null) { 106 133 $this->cart = $cart; 107 134 return $this; 135 135 + } 136 136 + 137 137 + public function getAmountRefundableAsCurrency() { 138 138 + $amount = $this->getAmountAsCurrency(); 139 139 + $refunded = $this->getAmountRefundedAsCurrency(); 140 140 + 141 141 + // We can't refund negative amounts of money, since it does not make 142 142 + // sense and is not possible in the various payment APIs. 143 143 + 144 144 + $refundable = $amount->subtract($refunded); 145 145 + if ($refundable->isPositive()) { 146 146 + return $refundable; 147 147 + } else { 148 148 + return PhortuneCurrency::newEmptyCurrency(); 149 149 + } 108 150 } 109 151 110 152

src/applications/phortune/storage/PhortuneProduct.php

reviewed

··· 78 78 return $this->getImplementation()->didPurchaseProduct($this, $purchase); 79 79 } 80 80 81 81 + public function didRefundProduct(PhortunePurchase $purchase) { 82 82 + return $this->getImplementation()->didRefundProduct($this, $purchase); 83 83 + } 84 84 + 81 85 82 86 /* -( PhabricatorPolicyInterface )----------------------------------------- */ 83 87