Class: Crm::PaymentsController

# File 'app/controllers/crm/payments_controller.rb', line 122

def approve
  @payment = Payment.find(params[:id])
  @payment.update(payment_approved: true)
  @order = @payment.order
  if @order and @order.pending_release_authorization?
    # @order.release_order  #For now we don't release automatically. We let accounting decide
  end
  flash[:info] = 'Payment has been approved.'
  redirect_to_return_path_or_default(order_url(@order))
end

#approve_fraud_report ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 133

def approve_fraud_report
  @payment = Payment.find(params[:id])
  @payment.update(payment_approved: true)
  @order = @payment.order
  @order.release_order if @order && @order.pending_release_authorization?
  flash[:info] = 'Fraud report has been approved.'
  redirect_to_return_path_or_default(order_url(@order))
end

#capture_funds ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 406

def capture_funds
  @payment = Payment.find(params[:id])
  @order = @payment.order

  if request.get?
    @max_capturable = @payment.amount - @payment.total_captured
    @capture_amount = @max_capturable
    render :capture_funds
  else
    max_capturable = @payment.amount - @payment.total_captured

    if @payment.supports_multicapture?
      begin
        capture_amount = BigDecimal(params[:capture_amount].to_s)
      rescue ArgumentError
        flash[:error] = "Invalid amount format"
        redirect_to capture_funds_payment_path(@payment) and return
      end

      if capture_amount <= 0
        flash[:error] = 'Capture amount must be greater than zero.'
        redirect_to capture_funds_payment_path(@payment)
        return
      end

      if capture_amount > max_capturable
        flash[:error] = "Capture amount cannot exceed the remaining authorized amount (#{helpers.number_to_currency(max_capturable, unit: @order.currency_symbol)})."
        redirect_to capture_funds_payment_path(@payment)
        return
      end
    else
      capture_amount = max_capturable
    end

    is_partial = @payment.supports_multicapture? && capture_amount < max_capturable
    res = @payment.gateway_class.new(@payment).capture(capture_amount, final_capture: !is_partial)
    if res.success
      flash[:info] = "#{helpers.number_to_currency(capture_amount, unit: @order.currency_symbol)} captured successfully."
    else
      flash[:error] = res.message.presence || "Couldn't capture this payment."
    end
    redirect_to order_path(@order, tab: 'payments')
  end
end

#check_invoice_status ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 142

def check_invoice_status
  if @order.pending_release_authorization?
    @payment = @order.payments.find(params[:id])
    paid = @payment.check_paypal_invoice_payment_status
    if paid
      flash[:info] = 'Invoice has been paid, releasing order'
    else
      flash[:error] = 'Invoice has not yet been paid'
    end
    #   @order.reload
    #   if @order.payments.all_authorized.any? {|pp| pp.category == Payment::PAYPAL_INVOICE and !pp.captured?}
    #     flash[:info] = "Order has another PayPal Invoice which needs to be paid before order can be released."
    #   else
    #     @order.release_order_from_pending_release_authorization
    #     flash[:info] = "Invoice has been paid, releasing order"
    #   end
    # else
    #   flash[:error] = "Invoice has not yet been paid"
    # end
  else
    flash[:info] = 'Order has already been released'
  end
  redirect_to order_url(@order)
end

#check_stripe_status ⇒ `Object`

On-demand sync: Heatwave authorized CC payments against Stripe (e.g. captured in Dashboard only).

# File 'app/controllers/crm/payments_controller.rb', line 246

def check_stripe_status
  @payment = Payment.find(params[:id])
  authorize! :read, @payment

  unless @payment.authorization_type == 'credit_card'
    flash[:error] = 'Checking Stripe status applies to credit card payments only.'
    redirect_to transactions_payment_path(@payment) and return
  end

  unless @payment.authorized?
    flash[:info] = "Payment is #{@payment.state}; Stripe sync only runs for authorized card payments."
    redirect_to transactions_payment_path(@payment) and return
  end

  if @payment.authorization_code.blank? && @payment.stripe_payment_intent_id.to_s.start_with?('pi_')
    @payment.update_columns(authorization_code: @payment.stripe_payment_intent_id)
  end

  if @payment.authorization_code.blank?
    flash[:error] = 'No Stripe PaymentIntent ID is linked to this payment.'
    redirect_to transactions_payment_path(@payment) and return
  end

  previous_state = @payment.state
  @payment.check_cc_payment_status
  @payment.reload

  if @payment.state != previous_state
    flash[:info] = "Updated from #{previous_state} to #{@payment.state} based on Stripe."
  else
    flash[:info] = "Stripe check complete; payment remains #{@payment.human_state_name.downcase}."
  end
  redirect_to transactions_payment_path(@payment)
rescue StandardError => e
  ErrorReporting.error(e)
  flash[:error] = "Could not check Stripe: #{e.message}"
  redirect_to transactions_payment_path(@payment)
end

#confirm_void ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 96

def confirm_void
  result = @payment.gateway_class.new(@payment).void
  if result.success
    flash[:info] = 'Payment has been successfully voided.'
    redirect_to order_path(@order, tab: 'payments')
  else
    flash.now[:error] = void_failure_message(result)
    load_void_confirmation_data
    render :void_confirmation, status: :unprocessable_entity
  end
end

#confirm_void_shared ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 108

def confirm_void_shared
  siblings = @payment.shared_pi_siblings
  result = @payment.gateway_class.new(@payment).void
  if result.success
    siblings.each { |sib| sib.payment_voided! }
    flash[:info] = "Voided #{siblings.count + 1} payments sharing the same authorization."
    redirect_to order_url(@order)
  else
    flash.now[:error] = void_failure_message(result)
    load_void_confirmation_data
    render :void_confirmation, status: :unprocessable_entity
  end
end

#create ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 31

def create
  if ppaa = params.dig(:payment)
    ppaa['remote_ip_address'] = NetworkConstants::HEATWAVE_PUBLIC_IP
    ppaa['skip_minfraud'] = true
    if ppaa['category'] == 'PayPal Invoice' && ppaa['amount'].present?
      begin
        ppaa['amount'] = [BigDecimal(ppaa['amount'].to_s), @order.balance].min
      rescue ArgumentError
        flash[:error] = "Invalid amount format"
        redirect_to order_url(@order) and return
      end
    end
  end
  @payment = @order.payments.build(params[:payment])
  @upload = Upload.new
  # Check if the PO was already used on this customer's orders
  if @payment.po_number.present? && (order_numbers = @order.customer.orders.active.joins(:payments).where.not(Payment[:state].eq('voided')).where(Payment[:po_number].matches(@payment.po_number)).pluck(:reference_number)) && order_numbers.present?
    flash[:warning] = "PO ##{@payment.po_number} was already used on order(s) #{order_numbers.join(', ')}"
  end
  if params.dig(:purchase_order_upload, :attachment).present?
    # The PO upload is an optional attachment — we don't want a wrong mime
    # type (e.g. user uploaded a JPG by mistake) to 500 the whole payment
    # flow. Surface the validation error as a flash and continue processing
    # the payment. (AppSignal #4726.)
    po_upload = @order.uploads.build(params[:purchase_order_upload])
    unless po_upload.save
      upload_warning = "Purchase order attachment was not saved: #{po_upload.errors.full_messages.to_sentence}"
      flash[:warning] = [flash[:warning].presence, upload_warning].compact.join(' ')
    end
  end

  res = Payment::OrderProcessor.new(@order, params[:payment]).process
  if res.result == 'invalid' || res.result == 'failed'
    flash.now[:error] = res.error
    flash.now[:notice] = res.notice
    # @payment = res.payment || @order.payments.build(params[:payment])
    @report_errors_for = [@payment]
    @payment_options = @order.payment_options('crm')
    set_incrementable_authorizations
    @payment_preference = @customer&.preferred_payment_method
    render :new, status: :unprocessable_entity
  elsif res.result == 'partially_authorized'
    redirect_to new_order_payment_path(@order), info: res.notice, error: res.error
  elsif res.result == 'fully_authorized'
    redirect_to order_path(@order), info: res.notice, error: res.error
  end
end

#create_payment_intent ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 451

def create_payment_intent
  currency = @order.currency
  max_cents = (@order.balance * 100).to_i
  requested_cents = params[:amount_cents].present? ? params[:amount_cents].to_i : max_cents
  amount_cents = [requested_cents, max_cents].min
  amount_cents = [amount_cents, 50].max # Stripe minimum is 50 cents

  ensure_stripe_customer_id!(@customer, currency) if @customer.present?

  description = @order.reference_number.present? ? "Order #{@order.reference_number}" : "Order ID #{@order.id}"
  statement_descriptor = @order.reference_number.present? ? "WarmlyYours #{@order.reference_number}".truncate(22) : nil

  pi_params = {
    amount_cents: amount_cents,
    currency: currency,
    capture_method: 'manual',
    payment_method_types: ['card'],
    description: description,
    statement_descriptor: statement_descriptor,
    metadata: {
      order_id: @order.id,
      customer_id: @customer&.id
    }
  }
  pi_params[:customer_id] = @customer.stripe_customer_id if @customer&.stripe_customer_id.present?
  pi_params[:setup_future_usage] = 'off_session' if pi_params[:customer_id].present?

  pi = Payment::Apis::Stripe.create_payment_intent(**pi_params)
  render json: { client_secret: pi.client_secret, payment_intent_id: pi.id }
rescue ::Stripe::StripeError => e
  render json: { error: e.message }, status: :unprocessable_entity
end

#create_paypal_from_vault ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 332

def create_paypal_from_vault
  customer = @order.customer
  unless customer&.paypal_vault_token_id.present?
    flash[:error] = 'Customer does not have a saved PayPal wallet.'
    return redirect_to new_order_payment_path(@order)
  end

  @order.reload
  unless @order.balance.positive?
    flash[:error] = 'Order has no outstanding balance.'
    return redirect_to order_path(@order)
  end

  deliveries_to_pay = @order.deliveries.select { |d| d.balance.positive? }
  if deliveries_to_pay.empty?
    flash[:error] = 'No deliveries with outstanding balance.'
    return redirect_to order_path(@order, tab: 'payments')
  end

  amount_remaining = @order.balance
  total_authorized = BigDecimal("0")
  payments_created = []

  deliveries_to_pay.each do |delivery|
    break unless amount_remaining.positive?

    amount = [delivery.balance, amount_remaining].min
    next unless amount.positive?

    payment = @order.payments.create!(
      currency: @order.currency,
      category: Payment::PAYPAL,
      authorization_type: 'paypal',
      amount: amount,
      email: customer.email,
      customer: customer,
      delivery: delivery,
      paypal_metadata: {
        'vault_authorized' => true,
        'vault_token_id' => customer.paypal_vault_token_id
      }
    )

    result = Payment::Gateways::Paypal.new(payment).authorize_from_vault(customer.paypal_vault_token_id)
    payments_created << { payment: payment, success: result.success, message: result.message, amount: amount }

    if result.success
      total_authorized += amount
      amount_remaining -= amount
    end
  end

  if payments_created.empty?
    flash[:error] = 'No payments could be created. Check delivery balances.'
    return redirect_to order_path(@order, tab: 'payments')
  end

  successes = payments_created.count { |p| p[:success] }
  failures = payments_created.count { |p| !p[:success] }

  if failures.zero? && successes.positive?
    flash[:info] = "PayPal vault authorization successful for #{helpers.number_to_currency(total_authorized, unit: @order.currency_symbol)}."
    @order.reload
    @order.payment_complete if @order.balance <= 0
    redirect_to order_path(@order, tab: 'payments')
  elsif successes.positive?
    flash[:warning] = "#{successes} payment(s) authorized (#{helpers.number_to_currency(total_authorized, unit: @order.currency_symbol)}), #{failures} failed. Check payment details."
    redirect_to order_path(@order, tab: 'payments')
  else
    flash[:error] = "PayPal vault authorization failed: #{payments_created.first&.dig(:message)}"
    redirect_to new_order_payment_path(@order)
  end
end

#edit ⇒ `Object`



27
28
29

# File 'app/controllers/crm/payments_controller.rb', line 27

def edit
  @payment = @order.payments.find(params[:id])
end

#fraud_report ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 216

def fraud_report
  @payment = Payment.find(params[:id])
  @fraud_report = @payment.fraud_report
end

#increment_authorization ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 285

def increment_authorization
  @payment = @order.payments.find(params[:id])
  begin
    new_amount = BigDecimal(params[:amount])
  rescue ArgumentError
    flash[:error] = "Invalid amount format"
    redirect_to order_url(@order) and return
  end

  unless @payment.supports_incremental_authorization?
    flash[:error] = 'This payment does not support incremental authorization.'
    return redirect_to new_order_payment_path(@order)
  end

  unless @payment.authorized?
    flash[:error] = 'Payment must be in authorized state to increment.'
    return redirect_to new_order_payment_path(@order)
  end

  if @payment.total_captured.positive?
    flash[:error] = 'Cannot increment authorization after funds have been captured. Create a new payment instead.'
    return redirect_to new_order_payment_path(@order)
  end

  if @payment.transactions.where(action: 'incremental_authorization').count >= 10
    flash[:error] = 'Maximum of 10 incremental authorization attempts reached. Please create a new payment.'
    return redirect_to new_order_payment_path(@order)
  end

  res = Payment::Gateways::CreditCard.new(@payment).increment_authorization(new_amount)
  if res.success
    flash[:info] = "Authorization incremented to #{number_to_currency(new_amount)}."
    @order.reload
    if @order.balance <= 0 && @order.payment_complete
      redirect_to order_path(@order)
    elsif @order.balance <= 0
      flash[:warning] = "Balance is covered but order could not advance: #{@order.errors_to_s}"
      redirect_to order_path(@order)
    else
      redirect_to new_order_payment_path(@order)
    end
  else
    flash[:error] = "Failed to increment authorization: #{res.message}"
    redirect_to new_order_payment_path(@order)
  end
end

#new ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 12

def new
  if @order.valid?
    @payment_options = @order.payment_options('crm')
    @payment = @order.payments.build(category: @payment_options.first, amount: @order.balance, po_number: (@order.rma.present? ? @order.rma.original_po_number : nil))
    @upload = Upload.new

    set_incrementable_authorizations
    CreditCardVault.sync_stripe_status!(@customer)
    @payment_preference = @customer&.preferred_payment_method
  else
    flash[:error] = "Unable to take payment as there are problems with the order. Errors: #{@order.errors_to_s}."
    redirect_to @order
  end
end

#reauthorize_paypal ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 234

def reauthorize_paypal
  @payment = Payment.find(params[:id])
  result = @payment.check_paypal_payment_status
  if result.ok?
    flash[:info] = result.message
  else
    flash[:error] = result.message
  end
  redirect_to_return_path_or_default order_path(@payment.order)
end

#resend_paypal_invoice ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 167

def resend_paypal_invoice
  @payment = @order.payments.find(params[:id])
  res = @payment.resend_paypal_invoice
  if res[:success]
    flash[:info] = 'Invoice successfully resent'
  else
    flash[:error] = "Unable to resend invoice, error message: #{res[:message]}"
  end
  redirect_to order_path(@order)
end

#send_receipt ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 178

def send_receipt
  @payment = @order.payments.find(params[:id])
  cb = CommunicationBuilder.new(resource: @payment, current_user: current_user)
  redirect_to new_communication_path(cb.to_params)
end

#show ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 7

def show
  @payment = Payment.find(params[:id])
  redirect_to transactions_payment_path(@payment)
end

#skip_auto_receipt ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 204

def skip_auto_receipt
  @payment = Payment.find(params[:id])
  skip = params[:skip]
  if @payment.update(skip_auto_receipt: skip)
    flash[:info] = "Skipping auto receipt set to #{skip}"
    redirect_to_return_path_or_default transactions_payment_path(@payment)
  else
    flash[:error] = "An error occurred. Couldn't set the skip auto receipt vaariable for this payment."
    redirect_to_return_path_or_default transactions_payment_path(@payment)
  end
end

#skip_payment ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 79

def skip_payment
  set_variables
  if @order.balance < 0
    flash[:error] = 'Order has negative balance, please correct. '
  elsif @order.balance > 0
    flash[:error] = 'Order has a positive balance, please process payment normally.'
  elsif @order.balance == 0
    flash[:error] = "Order cannot be released to the warehouse. #{@order.errors_to_s} #{@order.shipping_address.errors_to_s}" unless @order.payment_complete
  end
  redirect_to order_url(@order)
end

#transactions ⇒ `Object`



200
201
202

# File 'app/controllers/crm/payments_controller.rb', line 200

def transactions
  @payment = Payment.find(params[:id])
end

#unhide_vault ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 221

def unhide_vault
  @payment = Payment.find(params[:id])
  authorize! :unhide_vault, @payment
  if @payment.credit_card_vault.nil?
    flash[:error] = 'No vault found'
  else
    new_hidden = !@payment.credit_card_vault.hidden?
    @payment.credit_card_vault.update(hidden: new_hidden)
    flash[:info] = new_hidden ? 'Vault has been hidden' : 'Vault has been unhidden'
  end
  redirect_to_return_path_or_default transactions_payment_path(@payment)
end

#update ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 184

def update
  @payment = @order.payments.find(params[:id])
  if @payment.update(params[:payment])
    m = 'Payment information has been updated'
    if params.dig(:purchase_order_upload, :attachment).present?
      u = @order.uploads.build(params[:purchase_order_upload])
      m + ". Unable to save purchase order pdf. #{u.errors_to_s}" unless u.save
    end

    flash[:info] = 'Payment information has been updated'
    redirect_to @order
  else
    render action: :edit, status: :unprocessable_entity
  end
end

#void ⇒ `Object`

# File 'app/controllers/crm/payments_controller.rb', line 91

def void
  load_void_confirmation_data
  render :void_confirmation
end

Class: Crm::PaymentsController

Constant Summary

Constants included from Controllers::ReferenceFindable

Constants included from Controllers::AnalyticsEvents

Constants included from Controllers::ErrorRendering

Constants included from Www::SeoHelper

Constants included from IconHelper

Instance Method Summary collapse

Methods inherited from CrmController

Methods inherited from ApplicationController

Methods included from Controllers::ReturnPathHandling

Methods included from Controllers::AnalyticsEvents

Methods included from Controllers::DeviceDetection

Methods included from Controllers::SubdomainDetection

Methods included from Controllers::TrackingDetection

Methods included from Controllers::AcceleratedFileSending

Methods included from Controllers::ErrorRendering

Methods included from Controllers::TurnstileVerification

Methods included from Controllers::CloudflareCaching

Methods included from Controllers::Webpackable

Methods included from Controllers::Localizable

Methods included from Controllers::Authenticable

Methods included from ApplicationHelper

Methods included from UppyUploaderHelper

Methods included from Www::ImagesHelper

Methods included from Www::SeoHelper

Methods included from UrlsHelper

Methods included from IconHelper

Instance Method Details

#approve ⇒ Object

#approve_fraud_report ⇒ Object

#capture_funds ⇒ Object

#check_invoice_status ⇒ Object

#check_stripe_status ⇒ Object

#confirm_void ⇒ Object

#confirm_void_shared ⇒ Object

#create ⇒ Object

#create_payment_intent ⇒ Object

#create_paypal_from_vault ⇒ Object

#edit ⇒ Object

#fraud_report ⇒ Object

#increment_authorization ⇒ Object

#new ⇒ Object

#reauthorize_paypal ⇒ Object

#resend_paypal_invoice ⇒ Object

#send_receipt ⇒ Object

#show ⇒ Object

#skip_auto_receipt ⇒ Object

#skip_payment ⇒ Object

#transactions ⇒ Object

#unhide_vault ⇒ Object

#update ⇒ Object

#void ⇒ Object

#approve ⇒ `Object`

#approve_fraud_report ⇒ `Object`

#capture_funds ⇒ `Object`

#check_invoice_status ⇒ `Object`

#check_stripe_status ⇒ `Object`

#confirm_void ⇒ `Object`

#confirm_void_shared ⇒ `Object`

#create ⇒ `Object`

#create_payment_intent ⇒ `Object`

#create_paypal_from_vault ⇒ `Object`

#edit ⇒ `Object`

#fraud_report ⇒ `Object`

#increment_authorization ⇒ `Object`

#new ⇒ `Object`

#reauthorize_paypal ⇒ `Object`

#resend_paypal_invoice ⇒ `Object`

#send_receipt ⇒ `Object`

#show ⇒ `Object`

#skip_auto_receipt ⇒ `Object`

#skip_payment ⇒ `Object`

#transactions ⇒ `Object`

#unhide_vault ⇒ `Object`

#update ⇒ `Object`

#void ⇒ `Object`