blesta / gateway-stripepayments Goto Github PK

When making a payment in Blesta, if this Stripe Payments gateway is installed, but not used for the payment, it's possible that the other gateway being used will fail. This relates primarily to non-merchant gateways when CC payments are disabled or unavailable to select at all.

The current version of the module available in this repository checks if the Stripe customer object has any active card associated using this condition:

if (isset($customer->active_card->id)) {

On our system this condition does not match a single customer using Stripe payments, as the field active_card on Stripe\Customer has been deprecated for ages back with API 2013-07-05 and replaced with cards and default_card: https://stripe.com/docs/upgrades#2013-07-05

Which then once again got changed to sources and default_source with API 2015-02-18: https://stripe.com/docs/upgrades#2015-02-18

Is it possible that this migration routine has been developed against a really old Stripe API version, as Stripe requires manually triggering an upgrade of the API version inside the customer account? In my case the following changes to stripe_payments.php have allowed the migration routine to gather the new payment source identifiers using API 2019-09-09:

168c168
<                 if (isset($customer->active_card->id)) {
---
>                 if (isset($customer->default_source)) {
172c172
<                         'reference_id' => $customer->active_card->id,
---
>                         'reference_id' => $customer->default_source,

A payment method associated with a setup intent can cannot be reused until it is attached to a customer, but in the order form there is no opportunity to to attach the details to a customer before we try to confirm payment. Instead we should use a payment method that is not associated as we do when we are not saving the payment details, then save the details and attach them to a customer after successful submission.

We created a logo for the stripe payments gateway, but another one should be added that is more consistent with the official logos
Also add a description for the gateway

We recently added code to prevent submitting a payment request to stripe when the button is clicked to edit the payment. This code appears to be specific to firefox and not supported by at least chrome. We should find a solution that is supported cross browser.

If either the cc form or the submission html are loaded multiple times on the same page (e.g. via ajax) then the submission events for them will be triggered multiple times, which could cause errors. We should use jquery's one() to ensure they are triggered only once

A CC payment that requires customer intervention (e.g. SCA, 3DS), will return a status of "requires_source_action" (among others) that indicate another step is necessary to complete payment. This is not an overall payment success status, although it is currently treated as one. Instead, the status "succeeded" should be evaluated as success.

On line 156 of StripePayments is a count:

$account_count = count($legacy_stripe_accounts);

This causes an error in php 7.2+, and is inaccurate statement otherwise for attempting to count an object that implements the Traversable interface.
count(): Parameter must be an array or an object that implements Countable

In the above, $legacy_stripe_accounts is a PDOStatement resulting from a query on the Record::getStatement object, which is Traversable. It is not countable via count(), and should not be used in that way. Alternatively, a second query that calls Record::numResults() can be run instead of count(Record::getStatement()) in order to retrieve the total accounts.

Stripe prefers to be sent application info to identify plugins/libraries.
See https://stripe.com/docs/building-plugins#setappinfo

Use \Stripe\Stripe::setAppInfo to pass information about Blesta to satisfy that expectation for them.