Class: Spree::CoinbaseController

Inherits:

StoreController

• Object
• StoreController
• Spree::CoinbaseController

Includes:

HTTParty

Defined in:

app/controllers/spree/coinbase_controller.rb

Instance Method Summary

• #callback ⇒ Object
• #cancel ⇒ Object
• #redirect ⇒ Object
• #success ⇒ Object

Instance Method Details

#callback ⇒ Object

# File 'app/controllers/spree/coinbase_controller.rb', line 51

def callback

	# Download order information from Coinbase (do not trust sent order information)
	cb_order_id = params["order"]["id"]
	cb_order = make_coinbase_request :get, "/orders/%s" % cb_order_id, {}

	if cb_order.nil?
			render text: "Invalid order ID", status: 400
			return
	end

	cb_order = cb_order["order"]

	if cb_order["status"] != "completed"
			render text: "Invalid order status", status: 400
			return
	end

	# Fetch Spree order information, find relevant payment, and verify button_id
	order_id = cb_order["custom"]
	order = Spree::Order.find(order_id)
	button_id = cb_order["button"]["id"]
	payments = order.payments.where(:state => "processing",
                                     :payment_method_id => payment_method)
	payment = nil
	payments.each do |p|
		if p.source.button_id == button_id
			payment = p
		end
		end

		if payment.nil?
			render text: "No matching payment for order", status: 400
			return
		end

		# Verify secret_token
		if payment.source.secret_token != params[:secret_token]
			render text: "Invalid secret token", status: 400
			return
		end

		# Now that this callback has been verified, process the payment!
		transaction = payment.source
		transaction.order_id = cb_order_id
		transaction.save

		# Make payment pending -> make order complete -> make payment complete -> update order
		payment.pend!
		order.next
		if !order.complete?
			render text: "Could not transition order: %s" % order.errors
			return
		end
		payment.complete!
		order.update!

		# Successful payment!
		render text: "Callback successful"

end

#cancel ⇒ Object

# File 'app/controllers/spree/coinbase_controller.rb', line 113

def cancel

	order = current_order || raise(ActiveRecord::RecordNotFound)

	# Void the 'pending' payment created in redirect
	# If doing an on-site checkout params will be nil, so just
	# cancel all Coinbase payments (it is unlikely there will be more than one)
	button_id = params["order"]["button"]["id"] rescue nil
	payments = order.payments.where(:state => "pending",
                                     :payment_method_id => payment_method)
	payments.each do |payment|
		if payment.source.button_id == button_id || button_id.nil?
			payment.void!
		end
		end

	redirect_to edit_order_checkout_url(order, :state => 'payment'),
		:notice => Spree.t(:spree_coinbase_checkout_cancelled)
end

#redirect ⇒ Object

# File 'app/controllers/spree/coinbase_controller.rb', line 9

def redirect
	order = current_order || raise(ActiveRecord::RecordNotFound)

	if order.state != "payment"
		redirect_to root_url() # Order is not ready for payment / has already been paid
		return
	end

	# Create Coinbase button code
	secret_token = SecureRandom.base64(30)
	button_params = { :button => {
			:name => "Order #%s" % order.number,
			:price_string => order.total,
			:price_currency_iso => order.currency,
			:custom => order.id,
			:custom_secure => true,
			:callback_url => spree_coinbase_callback_url(:payment_method_id => params[:payment_method_id], :secret_token => secret_token),
			:cancel_url => spree_coinbase_cancel_url(:payment_method_id => params[:payment_method_id]),
			:success_url => spree_coinbase_success_url(:payment_method_id => params[:payment_method_id], :order_num => order.number),
			:info_url => root_url(),
			} }
	result = make_coinbase_request :post, "/buttons", button_params
	code = result["button"]["code"]

	if code
		# Add a "processing" payment that is used to verify the callback
		transaction = CoinbaseTransaction.new
		transaction.button_id = code
		transaction.secret_token = secret_token
		payment = order.payments.create({:amount => order.total,
										:source => transaction,
										:payment_method => payment_method })
		payment.started_processing!

		use_off_site = payment_method.preferred_use_off_site_payment_page
		redirect_to "https://coinbase.com/%1$s/%2$s" % [use_off_site ? "checkouts" : "inline_payments", code]
	else
		redirect_to edit_order_checkout_url(order, :state => 'payment'),
                   :notice => Spree.t(:spree_coinbase_checkout_error)
	end
end

#success ⇒ Object

# File 'app/controllers/spree/coinbase_controller.rb', line 133

def success

	order = Spree::Order.find_by_number(params[:order_num]) || raise(ActiveRecord::RecordNotFound)

	if order.complete?
         	session[:order_id] = nil # Reset cart
		redirect_to spree.order_path(order), :notice => Spree.t(:order_processed_successfully)
	end

	# If order not complete, wait for callback to come in... (page will automatically refresh, see view)
end