swissChili | f0cbdc3 | 2023-01-05 17:21:38 -0500 | [diff] [blame] | 1 | <?php |
| 2 | if ( ! defined( 'ABSPATH' ) ) { |
| 3 | exit; |
| 4 | } |
| 5 | |
| 6 | /** |
| 7 | * WC_Gateway_Stripe class. |
| 8 | * |
| 9 | * @extends WC_Payment_Gateway |
| 10 | */ |
| 11 | class WC_Gateway_Stripe extends WC_Stripe_Payment_Gateway { |
| 12 | |
| 13 | const ID = 'stripe'; |
| 14 | |
| 15 | /** |
| 16 | * Should we capture Credit cards |
| 17 | * |
| 18 | * @var bool |
| 19 | */ |
| 20 | public $capture; |
| 21 | |
| 22 | /** |
| 23 | * Alternate credit card statement name |
| 24 | * |
| 25 | * @var bool |
| 26 | */ |
| 27 | public $statement_descriptor; |
| 28 | |
| 29 | /** |
| 30 | * Should we store the users credit cards? |
| 31 | * |
| 32 | * @var bool |
| 33 | */ |
| 34 | public $saved_cards; |
| 35 | |
| 36 | /** |
| 37 | * API access secret key |
| 38 | * |
| 39 | * @var string |
| 40 | */ |
| 41 | public $secret_key; |
| 42 | |
| 43 | /** |
| 44 | * Api access publishable key |
| 45 | * |
| 46 | * @var string |
| 47 | */ |
| 48 | public $publishable_key; |
| 49 | |
| 50 | /** |
| 51 | * Do we accept Payment Request? |
| 52 | * |
| 53 | * @var bool |
| 54 | */ |
| 55 | public $payment_request; |
| 56 | |
| 57 | /** |
| 58 | * Is test mode active? |
| 59 | * |
| 60 | * @var bool |
| 61 | */ |
| 62 | public $testmode; |
| 63 | |
| 64 | /** |
| 65 | * Inline CC form styling |
| 66 | * |
| 67 | * @var string |
| 68 | */ |
| 69 | public $inline_cc_form; |
| 70 | |
| 71 | /** |
| 72 | * Constructor |
| 73 | */ |
| 74 | public function __construct() { |
| 75 | $this->id = self::ID; |
| 76 | $this->method_title = __( 'Stripe', 'woocommerce-gateway-stripe' ); |
| 77 | /* translators: 1) link to Stripe register page 2) link to Stripe api keys page */ |
| 78 | $this->method_description = __( 'Stripe works by adding payment fields on the checkout and then sending the details to Stripe for verification.', 'woocommerce-gateway-stripe' ); |
| 79 | $this->has_fields = true; |
| 80 | $this->supports = [ |
| 81 | 'products', |
| 82 | 'refunds', |
| 83 | 'tokenization', |
| 84 | 'add_payment_method', |
| 85 | ]; |
| 86 | |
| 87 | // Load the form fields. |
| 88 | $this->init_form_fields(); |
| 89 | |
| 90 | // Load the settings. |
| 91 | $this->init_settings(); |
| 92 | |
| 93 | // Check if subscriptions are enabled and add support for them. |
| 94 | $this->maybe_init_subscriptions(); |
| 95 | |
| 96 | // Check if pre-orders are enabled and add support for them. |
| 97 | $this->maybe_init_pre_orders(); |
| 98 | |
| 99 | // Get setting values. |
| 100 | $this->title = $this->get_validated_option( 'title' ); |
| 101 | $this->description = $this->get_validated_option( 'description' ); |
| 102 | $this->enabled = $this->get_option( 'enabled' ); |
| 103 | $this->testmode = 'yes' === $this->get_option( 'testmode' ); |
| 104 | $this->inline_cc_form = 'yes' === $this->get_option( 'inline_cc_form' ); |
| 105 | $this->capture = 'yes' === $this->get_option( 'capture', 'yes' ); |
| 106 | $this->statement_descriptor = WC_Stripe_Helper::clean_statement_descriptor( $this->get_validated_option( 'statement_descriptor' ) ); |
| 107 | $this->saved_cards = 'yes' === $this->get_option( 'saved_cards' ); |
| 108 | $this->secret_key = $this->testmode ? $this->get_validated_option( 'test_secret_key' ) : $this->get_validated_option( 'secret_key' ); |
| 109 | $this->publishable_key = $this->testmode ? $this->get_validated_option( 'test_publishable_key' ) : $this->get_validated_option( 'publishable_key' ); |
| 110 | $this->payment_request = 'yes' === $this->get_option( 'payment_request', 'yes' ); |
| 111 | |
| 112 | WC_Stripe_API::set_secret_key( $this->secret_key ); |
| 113 | |
| 114 | // Hooks. |
| 115 | add_action( 'wp_enqueue_scripts', [ $this, 'payment_scripts' ] ); |
| 116 | add_action( 'woocommerce_update_options_payment_gateways_' . $this->id, [ $this, 'process_admin_options' ] ); |
| 117 | add_action( 'woocommerce_admin_order_totals_after_total', [ $this, 'display_order_fee' ] ); |
| 118 | add_action( 'woocommerce_admin_order_totals_after_total', [ $this, 'display_order_payout' ], 20 ); |
| 119 | add_action( 'woocommerce_customer_save_address', [ $this, 'show_update_card_notice' ], 10, 2 ); |
| 120 | add_filter( 'woocommerce_available_payment_gateways', [ $this, 'prepare_order_pay_page' ] ); |
| 121 | add_action( 'woocommerce_account_view-order_endpoint', [ $this, 'check_intent_status_on_order_page' ], 1 ); |
| 122 | add_filter( 'woocommerce_payment_successful_result', [ $this, 'modify_successful_payment_result' ], 99999, 2 ); |
| 123 | add_action( 'set_logged_in_cookie', [ $this, 'set_cookie_on_current_request' ] ); |
| 124 | add_filter( 'woocommerce_get_checkout_payment_url', [ $this, 'get_checkout_payment_url' ], 10, 2 ); |
| 125 | add_filter( 'woocommerce_settings_api_sanitized_fields_' . $this->id, [ $this, 'settings_api_sanitized_fields' ] ); |
| 126 | add_filter( 'woocommerce_gateway_' . $this->id . '_settings_values', [ $this, 'update_onboarding_settings' ] ); |
| 127 | |
| 128 | // Note: display error is in the parent class. |
| 129 | add_action( 'admin_notices', [ $this, 'display_errors' ], 9999 ); |
| 130 | } |
| 131 | |
| 132 | /** |
| 133 | * Checks if gateway should be available to use. |
| 134 | * |
| 135 | * @since 4.0.2 |
| 136 | */ |
| 137 | public function is_available() { |
| 138 | if ( is_add_payment_method_page() && ! $this->saved_cards ) { |
| 139 | return false; |
| 140 | } |
| 141 | |
| 142 | return parent::is_available(); |
| 143 | } |
| 144 | |
| 145 | /** |
| 146 | * Adds a notice for customer when they update their billing address. |
| 147 | * |
| 148 | * @since 4.1.0 |
| 149 | * @param int $user_id The ID of the current user. |
| 150 | * @param string $load_address The address to load. |
| 151 | */ |
| 152 | public function show_update_card_notice( $user_id, $load_address ) { |
| 153 | if ( ! $this->saved_cards || ! WC_Stripe_Payment_Tokens::customer_has_saved_methods( $user_id ) || 'billing' !== $load_address ) { |
| 154 | return; |
| 155 | } |
| 156 | |
| 157 | /* translators: 1) Opening anchor tag 2) closing anchor tag */ |
| 158 | wc_add_notice( sprintf( __( 'If your billing address has been changed for saved payment methods, be sure to remove any %1$ssaved payment methods%2$s on file and re-add them.', 'woocommerce-gateway-stripe' ), '<a href="' . esc_url( wc_get_endpoint_url( 'payment-methods' ) ) . '" class="wc-stripe-update-card-notice" style="text-decoration:underline;">', '</a>' ), 'notice' ); |
| 159 | } |
| 160 | |
| 161 | /** |
| 162 | * Get_icon function. |
| 163 | * |
| 164 | * @since 1.0.0 |
| 165 | * @version 5.6.2 |
| 166 | * @return string|null |
| 167 | */ |
| 168 | public function get_icon() { |
| 169 | return apply_filters( 'woocommerce_gateway_icon', null, $this->id ); |
| 170 | } |
| 171 | |
| 172 | /** |
| 173 | * Initialise Gateway Settings Form Fields |
| 174 | */ |
| 175 | public function init_form_fields() { |
| 176 | $this->form_fields = require dirname( __FILE__ ) . '/admin/stripe-settings.php'; |
| 177 | unset( $this->form_fields['title_upe'] ); |
| 178 | } |
| 179 | |
| 180 | /** |
| 181 | * Payment form on checkout page |
| 182 | */ |
| 183 | public function payment_fields() { |
| 184 | global $wp; |
| 185 | $user = wp_get_current_user(); |
| 186 | $display_tokenization = $this->supports( 'tokenization' ) && is_checkout() && $this->saved_cards; |
| 187 | $total = WC()->cart->total; |
| 188 | $user_email = ''; |
| 189 | $description = $this->get_description(); |
| 190 | $description = ! empty( $description ) ? $description : ''; |
| 191 | $firstname = ''; |
| 192 | $lastname = ''; |
| 193 | |
| 194 | // If paying from order, we need to get total from order not cart. |
| 195 | if ( isset( $_GET['pay_for_order'] ) && ! empty( $_GET['key'] ) ) { // wpcs: csrf ok. |
| 196 | $order = wc_get_order( wc_clean( $wp->query_vars['order-pay'] ) ); // wpcs: csrf ok, sanitization ok. |
| 197 | $total = $order->get_total(); |
| 198 | $user_email = $order->get_billing_email(); |
| 199 | } else { |
| 200 | if ( $user->ID ) { |
| 201 | $user_email = get_user_meta( $user->ID, 'billing_email', true ); |
| 202 | $user_email = $user_email ? $user_email : $user->user_email; |
| 203 | } |
| 204 | } |
| 205 | |
| 206 | if ( is_add_payment_method_page() ) { |
| 207 | $firstname = $user->user_firstname; |
| 208 | $lastname = $user->user_lastname; |
| 209 | } |
| 210 | |
| 211 | ob_start(); |
| 212 | |
| 213 | echo '<div |
| 214 | id="stripe-payment-data" |
| 215 | data-email="' . esc_attr( $user_email ) . '" |
| 216 | data-full-name="' . esc_attr( $firstname . ' ' . $lastname ) . '" |
| 217 | data-currency="' . esc_attr( strtolower( get_woocommerce_currency() ) ) . '" |
| 218 | >'; |
| 219 | |
| 220 | if ( $this->testmode ) { |
| 221 | /* translators: link to Stripe testing page */ |
| 222 | $description .= ' ' . sprintf( __( 'TEST MODE ENABLED. In test mode, you can use the card number 4242424242424242 with any CVC and a valid expiration date or check the <a href="%s" target="_blank">Testing Stripe documentation</a> for more card numbers.', 'woocommerce-gateway-stripe' ), 'https://stripe.com/docs/testing' ); |
| 223 | } |
| 224 | |
| 225 | $description = trim( $description ); |
| 226 | |
| 227 | echo apply_filters( 'wc_stripe_description', wpautop( wp_kses_post( $description ) ), $this->id ); // wpcs: xss ok. |
| 228 | |
| 229 | if ( $display_tokenization ) { |
| 230 | $this->tokenization_script(); |
| 231 | $this->saved_payment_methods(); |
| 232 | } |
| 233 | |
| 234 | $this->elements_form(); |
| 235 | |
| 236 | if ( apply_filters( 'wc_stripe_display_save_payment_method_checkbox', $display_tokenization ) && ! is_add_payment_method_page() && ! isset( $_GET['change_payment_method'] ) ) { // wpcs: csrf ok. |
| 237 | |
| 238 | $this->save_payment_method_checkbox(); |
| 239 | } |
| 240 | |
| 241 | do_action( 'wc_stripe_payment_fields_stripe', $this->id ); |
| 242 | |
| 243 | echo '</div>'; |
| 244 | |
| 245 | ob_end_flush(); |
| 246 | } |
| 247 | |
| 248 | /** |
| 249 | * Renders the Stripe elements form. |
| 250 | * |
| 251 | * @since 4.0.0 |
| 252 | * @version 4.0.0 |
| 253 | */ |
| 254 | public function elements_form() { |
| 255 | ?> |
| 256 | <fieldset id="wc-<?php echo esc_attr( $this->id ); ?>-cc-form" class="wc-credit-card-form wc-payment-form" style="background:transparent;"> |
| 257 | <?php do_action( 'woocommerce_credit_card_form_start', $this->id ); ?> |
| 258 | |
| 259 | <?php if ( $this->inline_cc_form ) { ?> |
| 260 | <label for="card-element"> |
| 261 | <?php esc_html_e( 'Credit or debit card', 'woocommerce-gateway-stripe' ); ?> |
| 262 | </label> |
| 263 | |
| 264 | <div id="stripe-card-element" class="wc-stripe-elements-field"> |
| 265 | <!-- a Stripe Element will be inserted here. --> |
| 266 | </div> |
| 267 | <?php } else { ?> |
| 268 | <div class="form-row form-row-wide"> |
| 269 | <label for="stripe-card-element"><?php esc_html_e( 'Card Number', 'woocommerce-gateway-stripe' ); ?> <span class="required">*</span></label> |
| 270 | <div class="stripe-card-group"> |
| 271 | <div id="stripe-card-element" class="wc-stripe-elements-field"> |
| 272 | <!-- a Stripe Element will be inserted here. --> |
| 273 | </div> |
| 274 | |
| 275 | <i class="stripe-credit-card-brand stripe-card-brand" alt="Credit Card"></i> |
| 276 | </div> |
| 277 | </div> |
| 278 | |
| 279 | <div class="form-row form-row-first"> |
| 280 | <label for="stripe-exp-element"><?php esc_html_e( 'Expiry Date', 'woocommerce-gateway-stripe' ); ?> <span class="required">*</span></label> |
| 281 | |
| 282 | <div id="stripe-exp-element" class="wc-stripe-elements-field"> |
| 283 | <!-- a Stripe Element will be inserted here. --> |
| 284 | </div> |
| 285 | </div> |
| 286 | |
| 287 | <div class="form-row form-row-last"> |
| 288 | <label for="stripe-cvc-element"><?php esc_html_e( 'Card Code (CVC)', 'woocommerce-gateway-stripe' ); ?> <span class="required">*</span></label> |
| 289 | <div id="stripe-cvc-element" class="wc-stripe-elements-field"> |
| 290 | <!-- a Stripe Element will be inserted here. --> |
| 291 | </div> |
| 292 | </div> |
| 293 | <div class="clear"></div> |
| 294 | <?php } ?> |
| 295 | |
| 296 | <!-- Used to display form errors --> |
| 297 | <div class="stripe-source-errors" role="alert"></div> |
| 298 | <?php do_action( 'woocommerce_credit_card_form_end', $this->id ); ?> |
| 299 | <div class="clear"></div> |
| 300 | </fieldset> |
| 301 | <?php |
| 302 | } |
| 303 | |
| 304 | /** |
| 305 | * Override the parent admin_options method. |
| 306 | */ |
| 307 | public function admin_options() { |
| 308 | do_action( 'wc_stripe_gateway_admin_options_wrapper', $this ); |
| 309 | } |
| 310 | |
| 311 | /** |
| 312 | * Completes an order without a positive value. |
| 313 | * |
| 314 | * @since 4.2.0 |
| 315 | * @param WC_Order $order The order to complete. |
| 316 | * @param WC_Order $prepared_source Payment source and customer data. |
| 317 | * @param boolean $force_save_source Whether the payment source must be saved, like when dealing with a Subscription setup. |
| 318 | * @return array Redirection data for `process_payment`. |
| 319 | */ |
| 320 | public function complete_free_order( $order, $prepared_source, $force_save_source ) { |
| 321 | if ( $force_save_source ) { |
| 322 | $intent_secret = $this->setup_intent( $order, $prepared_source ); |
| 323 | |
| 324 | if ( ! empty( $intent_secret ) ) { |
| 325 | // `get_return_url()` must be called immediately before returning a value. |
| 326 | return [ |
| 327 | 'result' => 'success', |
| 328 | 'redirect' => $this->get_return_url( $order ), |
| 329 | 'setup_intent_secret' => $intent_secret, |
| 330 | ]; |
| 331 | } |
| 332 | } |
| 333 | |
| 334 | // Remove cart. |
| 335 | WC()->cart->empty_cart(); |
| 336 | |
| 337 | $order->payment_complete(); |
| 338 | |
| 339 | // Return thank you page redirect. |
| 340 | return [ |
| 341 | 'result' => 'success', |
| 342 | 'redirect' => $this->get_return_url( $order ), |
| 343 | ]; |
| 344 | } |
| 345 | |
| 346 | /** |
| 347 | * Process the payment |
| 348 | * |
| 349 | * @since 1.0.0 |
| 350 | * @since 4.1.0 Add 4th parameter to track previous error. |
| 351 | * @version 5.6.0 |
| 352 | * |
| 353 | * @param int $order_id Reference. |
| 354 | * @param bool $retry Should we retry on fail. |
| 355 | * @param bool $force_save_source Force save the payment source. |
| 356 | * @param mix $previous_error Any error message from previous request. |
| 357 | * @param bool $use_order_source Whether to use the source, which should already be attached to the order. |
| 358 | * |
| 359 | * @throws Exception If payment will not be accepted. |
| 360 | * @return array|void |
| 361 | */ |
| 362 | public function process_payment( $order_id, $retry = true, $force_save_source = false, $previous_error = false, $use_order_source = false ) { |
| 363 | try { |
| 364 | $order = wc_get_order( $order_id ); |
| 365 | |
| 366 | if ( $this->has_subscription( $order_id ) ) { |
| 367 | $force_save_source = true; |
| 368 | } |
| 369 | |
| 370 | if ( $this->maybe_change_subscription_payment_method( $order_id ) ) { |
| 371 | return $this->process_change_subscription_payment_method( $order_id ); |
| 372 | } |
| 373 | |
| 374 | if ( $this->maybe_process_pre_orders( $order_id ) ) { |
| 375 | return $this->process_pre_order( $order_id ); |
| 376 | } |
| 377 | |
| 378 | // Check whether there is an existing intent. |
| 379 | $intent = $this->get_intent_from_order( $order ); |
| 380 | if ( isset( $intent->object ) && 'setup_intent' === $intent->object ) { |
| 381 | $intent = false; // This function can only deal with *payment* intents |
| 382 | } |
| 383 | |
| 384 | $stripe_customer_id = null; |
| 385 | if ( $intent && ! empty( $intent->customer ) ) { |
| 386 | $stripe_customer_id = $intent->customer; |
| 387 | } |
| 388 | |
| 389 | // For some payments the source should already be present in the order. |
| 390 | if ( $use_order_source ) { |
| 391 | $prepared_source = $this->prepare_order_source( $order ); |
| 392 | } else { |
| 393 | $prepared_source = $this->prepare_source( get_current_user_id(), $force_save_source, $stripe_customer_id ); |
| 394 | } |
| 395 | |
| 396 | // If we are using a saved payment method that is PaymentMethod (pm_) and not a Source (src_) we need to use |
| 397 | // the process_payment() from the UPE gateway which uses the PaymentMethods API instead of Sources API. |
| 398 | // This happens when using a saved payment method that was added with the UPE gateway. |
| 399 | if ( $this->is_using_saved_payment_method() && ! empty( $prepared_source->source ) && substr( $prepared_source->source, 0, 3 ) === 'pm_' ) { |
| 400 | $upe_gateway = new WC_Stripe_UPE_Payment_Gateway(); |
| 401 | return $upe_gateway->process_payment_with_saved_payment_method( $order_id ); |
| 402 | } |
| 403 | |
| 404 | $this->maybe_disallow_prepaid_card( $prepared_source->source_object ); |
| 405 | $this->check_source( $prepared_source ); |
| 406 | $this->save_source_to_order( $order, $prepared_source ); |
| 407 | |
| 408 | if ( 0 >= $order->get_total() ) { |
| 409 | return $this->complete_free_order( $order, $prepared_source, $force_save_source ); |
| 410 | } |
| 411 | |
| 412 | // This will throw exception if not valid. |
| 413 | $this->validate_minimum_order_amount( $order ); |
| 414 | |
| 415 | WC_Stripe_Logger::log( "Info: Begin processing payment for order $order_id for the amount of {$order->get_total()}" ); |
| 416 | |
| 417 | if ( $intent ) { |
| 418 | $intent = $this->update_existing_intent( $intent, $order, $prepared_source ); |
| 419 | } else { |
| 420 | $intent = $this->create_intent( $order, $prepared_source ); |
| 421 | } |
| 422 | |
| 423 | // Confirm the intent after locking the order to make sure webhooks will not interfere. |
| 424 | if ( empty( $intent->error ) ) { |
| 425 | $this->lock_order_payment( $order, $intent ); |
| 426 | $intent = $this->confirm_intent( $intent, $order, $prepared_source ); |
| 427 | } |
| 428 | |
| 429 | $force_save_source_value = apply_filters( 'wc_stripe_force_save_source', $force_save_source, $prepared_source->source ); |
| 430 | |
| 431 | if ( ! empty( $intent->error ) ) { |
| 432 | $this->maybe_remove_non_existent_customer( $intent->error, $order ); |
| 433 | |
| 434 | // We want to retry. |
| 435 | if ( $this->is_retryable_error( $intent->error ) ) { |
| 436 | return $this->retry_after_error( $intent, $order, $retry, $force_save_source, $previous_error, $use_order_source ); |
| 437 | } |
| 438 | |
| 439 | $this->unlock_order_payment( $order ); |
| 440 | $this->throw_localized_message( $intent, $order ); |
| 441 | } |
| 442 | |
| 443 | if ( 'succeeded' === $intent->status && ! $this->is_using_saved_payment_method() && ( $this->save_payment_method_requested() || $force_save_source_value ) ) { |
| 444 | $this->save_payment_method( $prepared_source->source_object ); |
| 445 | } |
| 446 | |
| 447 | if ( ! empty( $intent ) ) { |
| 448 | // Use the last charge within the intent to proceed. |
| 449 | $response = end( $intent->charges->data ); |
| 450 | |
| 451 | // If the intent requires a 3DS flow, redirect to it. |
| 452 | if ( 'requires_action' === $intent->status ) { |
| 453 | $this->unlock_order_payment( $order ); |
| 454 | |
| 455 | if ( is_wc_endpoint_url( 'order-pay' ) ) { |
| 456 | $redirect_url = add_query_arg( 'wc-stripe-confirmation', 1, $order->get_checkout_payment_url( false ) ); |
| 457 | |
| 458 | return [ |
| 459 | 'result' => 'success', |
| 460 | 'redirect' => $redirect_url, |
| 461 | ]; |
| 462 | } else { |
| 463 | /** |
| 464 | * This URL contains only a hash, which will be sent to `checkout.js` where it will be set like this: |
| 465 | * `window.location = result.redirect` |
| 466 | * Once this redirect is sent to JS, the `onHashChange` function will execute `handleCardPayment`. |
| 467 | */ |
| 468 | |
| 469 | return [ |
| 470 | 'result' => 'success', |
| 471 | 'redirect' => $this->get_return_url( $order ), |
| 472 | 'payment_intent_secret' => $intent->client_secret, |
| 473 | 'save_payment_method' => $this->save_payment_method_requested(), |
| 474 | ]; |
| 475 | } |
| 476 | } |
| 477 | } |
| 478 | |
| 479 | // Process valid response. |
| 480 | $this->process_response( $response, $order ); |
| 481 | |
| 482 | // Remove cart. |
| 483 | if ( isset( WC()->cart ) ) { |
| 484 | WC()->cart->empty_cart(); |
| 485 | } |
| 486 | |
| 487 | // Unlock the order. |
| 488 | $this->unlock_order_payment( $order ); |
| 489 | |
| 490 | // Return thank you page redirect. |
| 491 | return [ |
| 492 | 'result' => 'success', |
| 493 | 'redirect' => $this->get_return_url( $order ), |
| 494 | ]; |
| 495 | |
| 496 | } catch ( WC_Stripe_Exception $e ) { |
| 497 | wc_add_notice( $e->getLocalizedMessage(), 'error' ); |
| 498 | WC_Stripe_Logger::log( 'Error: ' . $e->getMessage() ); |
| 499 | |
| 500 | do_action( 'wc_gateway_stripe_process_payment_error', $e, $order ); |
| 501 | |
| 502 | /* translators: error message */ |
| 503 | $order->update_status( 'failed' ); |
| 504 | |
| 505 | return [ |
| 506 | 'result' => 'fail', |
| 507 | 'redirect' => '', |
| 508 | ]; |
| 509 | } |
| 510 | } |
| 511 | |
| 512 | /** |
| 513 | * Saves payment method |
| 514 | * |
| 515 | * @param object $source_object |
| 516 | * @throws WC_Stripe_Exception |
| 517 | */ |
| 518 | public function save_payment_method( $source_object ) { |
| 519 | $user_id = get_current_user_id(); |
| 520 | $customer = new WC_Stripe_Customer( $user_id ); |
| 521 | |
| 522 | if ( ( $user_id && 'reusable' === $source_object->usage ) ) { |
| 523 | $response = $customer->add_source( $source_object->id ); |
| 524 | |
| 525 | if ( ! empty( $response->error ) ) { |
| 526 | throw new WC_Stripe_Exception( print_r( $response, true ), $this->get_localized_error_message_from_response( $response ) ); |
| 527 | } |
| 528 | if ( is_wp_error( $response ) ) { |
| 529 | throw new WC_Stripe_Exception( $response->get_error_message(), $response->get_error_message() ); |
| 530 | } |
| 531 | } |
| 532 | } |
| 533 | |
| 534 | /** |
| 535 | * Displays the Stripe fee |
| 536 | * |
| 537 | * @since 4.1.0 |
| 538 | * |
| 539 | * @param int $order_id The ID of the order. |
| 540 | */ |
| 541 | public function display_order_fee( $order_id ) { |
| 542 | if ( apply_filters( 'wc_stripe_hide_display_order_fee', false, $order_id ) ) { |
| 543 | return; |
| 544 | } |
| 545 | |
| 546 | $order = wc_get_order( $order_id ); |
| 547 | |
| 548 | $fee = WC_Stripe_Helper::get_stripe_fee( $order ); |
| 549 | $currency = WC_Stripe_Helper::get_stripe_currency( $order ); |
| 550 | |
| 551 | if ( ! $fee || ! $currency ) { |
| 552 | return; |
| 553 | } |
| 554 | |
| 555 | ?> |
| 556 | |
| 557 | <tr> |
| 558 | <td class="label stripe-fee"> |
| 559 | <?php echo wc_help_tip( __( 'This represents the fee Stripe collects for the transaction.', 'woocommerce-gateway-stripe' ) ); // wpcs: xss ok. ?> |
| 560 | <?php esc_html_e( 'Stripe Fee:', 'woocommerce-gateway-stripe' ); ?> |
| 561 | </td> |
| 562 | <td width="1%"></td> |
| 563 | <td class="total"> |
| 564 | -<?php echo wc_price( $fee, [ 'currency' => $currency ] ); // wpcs: xss ok. ?> |
| 565 | </td> |
| 566 | </tr> |
| 567 | |
| 568 | <?php |
| 569 | } |
| 570 | |
| 571 | /** |
| 572 | * Displays the net total of the transaction without the charges of Stripe. |
| 573 | * |
| 574 | * @since 4.1.0 |
| 575 | * |
| 576 | * @param int $order_id The ID of the order. |
| 577 | */ |
| 578 | public function display_order_payout( $order_id ) { |
| 579 | if ( apply_filters( 'wc_stripe_hide_display_order_payout', false, $order_id ) ) { |
| 580 | return; |
| 581 | } |
| 582 | |
| 583 | $order = wc_get_order( $order_id ); |
| 584 | |
| 585 | $net = WC_Stripe_Helper::get_stripe_net( $order ); |
| 586 | $currency = WC_Stripe_Helper::get_stripe_currency( $order ); |
| 587 | |
| 588 | if ( ! $net || ! $currency ) { |
| 589 | return; |
| 590 | } |
| 591 | |
| 592 | ?> |
| 593 | |
| 594 | <tr> |
| 595 | <td class="label stripe-payout"> |
| 596 | <?php echo wc_help_tip( __( 'This represents the net total that will be credited to your Stripe bank account. This may be in the currency that is set in your Stripe account.', 'woocommerce-gateway-stripe' ) ); // wpcs: xss ok. ?> |
| 597 | <?php esc_html_e( 'Stripe Payout:', 'woocommerce-gateway-stripe' ); ?> |
| 598 | </td> |
| 599 | <td width="1%"></td> |
| 600 | <td class="total"> |
| 601 | <?php echo wc_price( $net, [ 'currency' => $currency ] ); // wpcs: xss ok. ?> |
| 602 | </td> |
| 603 | </tr> |
| 604 | |
| 605 | <?php |
| 606 | } |
| 607 | |
| 608 | /** |
| 609 | * Retries the payment process once an error occured. |
| 610 | * |
| 611 | * @since 4.2.0 |
| 612 | * @param object $response The response from the Stripe API. |
| 613 | * @param WC_Order $order An order that is being paid for. |
| 614 | * @param bool $retry A flag that indicates whether another retry should be attempted. |
| 615 | * @param bool $force_save_source Force save the payment source. |
| 616 | * @param mixed $previous_error Any error message from previous request. |
| 617 | * @param bool $use_order_source Whether to use the source, which should already be attached to the order. |
| 618 | * @throws WC_Stripe_Exception If the payment is not accepted. |
| 619 | * @return array|void |
| 620 | */ |
| 621 | public function retry_after_error( $response, $order, $retry, $force_save_source, $previous_error, $use_order_source ) { |
| 622 | if ( ! $retry ) { |
| 623 | $localized_message = __( 'Sorry, we are unable to process your payment at this time. Please retry later.', 'woocommerce-gateway-stripe' ); |
| 624 | $order->add_order_note( $localized_message ); |
| 625 | throw new WC_Stripe_Exception( print_r( $response, true ), $localized_message ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions. |
| 626 | } |
| 627 | |
| 628 | // Don't do anymore retries after this. |
| 629 | if ( 5 <= $this->retry_interval ) { |
| 630 | return $this->process_payment( $order->get_id(), false, $force_save_source, $response->error, $previous_error ); |
| 631 | } |
| 632 | |
| 633 | sleep( $this->retry_interval ); |
| 634 | $this->retry_interval++; |
| 635 | |
| 636 | return $this->process_payment( $order->get_id(), true, $force_save_source, $response->error, $previous_error, $use_order_source ); |
| 637 | } |
| 638 | |
| 639 | /** |
| 640 | * Adds the necessary hooks to modify the "Pay for order" page in order to clean |
| 641 | * it up and prepare it for the Stripe PaymentIntents modal to confirm a payment. |
| 642 | * |
| 643 | * @since 4.2 |
| 644 | * @param WC_Payment_Gateway[] $gateways A list of all available gateways. |
| 645 | * @return WC_Payment_Gateway[] Either the same list or an empty one in the right conditions. |
| 646 | */ |
| 647 | public function prepare_order_pay_page( $gateways ) { |
| 648 | if ( ! is_wc_endpoint_url( 'order-pay' ) || ! isset( $_GET['wc-stripe-confirmation'] ) ) { // wpcs: csrf ok. |
| 649 | return $gateways; |
| 650 | } |
| 651 | |
| 652 | try { |
| 653 | $this->prepare_intent_for_order_pay_page(); |
| 654 | } catch ( WC_Stripe_Exception $e ) { |
| 655 | // Just show the full order pay page if there was a problem preparing the Payment Intent |
| 656 | return $gateways; |
| 657 | } |
| 658 | |
| 659 | add_filter( 'woocommerce_checkout_show_terms', '__return_false' ); |
| 660 | add_filter( 'woocommerce_pay_order_button_html', '__return_false' ); |
| 661 | add_filter( 'woocommerce_available_payment_gateways', '__return_empty_array' ); |
| 662 | add_filter( 'woocommerce_no_available_payment_methods_message', [ $this, 'change_no_available_methods_message' ] ); |
| 663 | add_action( 'woocommerce_pay_order_after_submit', [ $this, 'render_payment_intent_inputs' ] ); |
| 664 | |
| 665 | return []; |
| 666 | } |
| 667 | |
| 668 | /** |
| 669 | * Changes the text of the "No available methods" message to one that indicates |
| 670 | * the need for a PaymentIntent to be confirmed. |
| 671 | * |
| 672 | * @since 4.2 |
| 673 | * @return string the new message. |
| 674 | */ |
| 675 | public function change_no_available_methods_message() { |
| 676 | return wpautop( __( "Almost there!\n\nYour order has already been created, the only thing that still needs to be done is for you to authorize the payment with your bank.", 'woocommerce-gateway-stripe' ) ); |
| 677 | } |
| 678 | |
| 679 | /** |
| 680 | * Prepares the Payment Intent for it to be completed in the "Pay for Order" page. |
| 681 | * |
| 682 | * @param WC_Order|null $order Order object, or null to get the order from the "order-pay" URL parameter |
| 683 | * |
| 684 | * @throws WC_Stripe_Exception |
| 685 | * @since 4.3 |
| 686 | */ |
| 687 | public function prepare_intent_for_order_pay_page( $order = null ) { |
| 688 | if ( ! isset( $order ) || empty( $order ) ) { |
| 689 | $order = wc_get_order( absint( get_query_var( 'order-pay' ) ) ); |
| 690 | } |
| 691 | $intent = $this->get_intent_from_order( $order ); |
| 692 | |
| 693 | if ( ! $intent ) { |
| 694 | throw new WC_Stripe_Exception( |
| 695 | 'Payment Intent not found', |
| 696 | sprintf( |
| 697 | /* translators: %s is the order Id */ |
| 698 | __( 'Payment Intent not found for order #%s', 'woocommerce-gateway-stripe' ), |
| 699 | $order->get_id() |
| 700 | ) |
| 701 | ); |
| 702 | } |
| 703 | |
| 704 | if ( 'requires_payment_method' === $intent->status && isset( $intent->last_payment_error ) |
| 705 | && 'authentication_required' === $intent->last_payment_error->code ) { |
| 706 | $level3_data = $this->get_level3_data_from_order( $order ); |
| 707 | $intent = WC_Stripe_API::request_with_level3_data( |
| 708 | [ |
| 709 | 'payment_method' => $intent->last_payment_error->source->id, |
| 710 | ], |
| 711 | 'payment_intents/' . $intent->id . '/confirm', |
| 712 | $level3_data, |
| 713 | $order |
| 714 | ); |
| 715 | |
| 716 | if ( isset( $intent->error ) ) { |
| 717 | throw new WC_Stripe_Exception( print_r( $intent, true ), $intent->error->message ); |
| 718 | } |
| 719 | } |
| 720 | |
| 721 | $this->order_pay_intent = $intent; |
| 722 | } |
| 723 | |
| 724 | /** |
| 725 | * Renders hidden inputs on the "Pay for Order" page in order to let Stripe handle PaymentIntents. |
| 726 | * |
| 727 | * @param WC_Order|null $order Order object, or null to get the order from the "order-pay" URL parameter |
| 728 | * |
| 729 | * @throws WC_Stripe_Exception |
| 730 | * @since 4.2 |
| 731 | */ |
| 732 | public function render_payment_intent_inputs( $order = null ) { |
| 733 | if ( ! isset( $order ) || empty( $order ) ) { |
| 734 | $order = wc_get_order( absint( get_query_var( 'order-pay' ) ) ); |
| 735 | } |
| 736 | if ( ! isset( $this->order_pay_intent ) ) { |
| 737 | $this->prepare_intent_for_order_pay_page( $order ); |
| 738 | } |
| 739 | |
| 740 | $verification_url = add_query_arg( |
| 741 | [ |
| 742 | 'order' => $order->get_id(), |
| 743 | 'nonce' => wp_create_nonce( 'wc_stripe_confirm_pi' ), |
| 744 | 'redirect_to' => rawurlencode( $this->get_return_url( $order ) ), |
| 745 | 'is_pay_for_order' => true, |
| 746 | ], |
| 747 | WC_AJAX::get_endpoint( 'wc_stripe_verify_intent' ) |
| 748 | ); |
| 749 | |
| 750 | echo '<input type="hidden" id="stripe-intent-id" value="' . esc_attr( $this->order_pay_intent->client_secret ) . '" />'; |
| 751 | echo '<input type="hidden" id="stripe-intent-return" value="' . esc_attr( $verification_url ) . '" />'; |
| 752 | } |
| 753 | |
| 754 | /** |
| 755 | * Adds an error message wrapper to each saved method. |
| 756 | * |
| 757 | * @since 4.2.0 |
| 758 | * @param WC_Payment_Token $token Payment Token. |
| 759 | * @return string Generated payment method HTML |
| 760 | */ |
| 761 | public function get_saved_payment_method_option_html( $token ) { |
| 762 | $html = parent::get_saved_payment_method_option_html( $token ); |
| 763 | $error_wrapper = '<div class="stripe-source-errors" role="alert"></div>'; |
| 764 | |
| 765 | return preg_replace( '~</(\w+)>\s*$~', "$error_wrapper</$1>", $html ); |
| 766 | } |
| 767 | |
| 768 | /** |
| 769 | * Attempt to manually complete the payment process for orders, which are still pending |
| 770 | * before displaying the View Order page. This is useful in case webhooks have not been set up. |
| 771 | * |
| 772 | * @since 4.2.0 |
| 773 | * @param int $order_id The ID that will be used for the thank you page. |
| 774 | */ |
| 775 | public function check_intent_status_on_order_page( $order_id ) { |
| 776 | if ( empty( $order_id ) || absint( $order_id ) <= 0 ) { |
| 777 | return; |
| 778 | } |
| 779 | |
| 780 | $order = wc_get_order( absint( $order_id ) ); |
| 781 | |
| 782 | if ( ! $order ) { |
| 783 | return; |
| 784 | } |
| 785 | |
| 786 | $this->verify_intent_after_checkout( $order ); |
| 787 | } |
| 788 | |
| 789 | /** |
| 790 | * Attached to `woocommerce_payment_successful_result` with a late priority, |
| 791 | * this method will combine the "naturally" generated redirect URL from |
| 792 | * WooCommerce and a payment/setup intent secret into a hash, which contains both |
| 793 | * the secret, and a proper URL, which will confirm whether the intent succeeded. |
| 794 | * |
| 795 | * @since 4.2.0 |
| 796 | * @param array $result The result from `process_payment`. |
| 797 | * @param int $order_id The ID of the order which is being paid for. |
| 798 | * @return array |
| 799 | */ |
| 800 | public function modify_successful_payment_result( $result, $order_id ) { |
| 801 | if ( ! isset( $result['payment_intent_secret'] ) && ! isset( $result['setup_intent_secret'] ) ) { |
| 802 | // Only redirects with intents need to be modified. |
| 803 | return $result; |
| 804 | } |
| 805 | |
| 806 | // Put the final thank you page redirect into the verification URL. |
| 807 | $query_params = [ |
| 808 | 'order' => $order_id, |
| 809 | 'nonce' => wp_create_nonce( 'wc_stripe_confirm_pi' ), |
| 810 | 'redirect_to' => rawurlencode( $result['redirect'] ), |
| 811 | ]; |
| 812 | |
| 813 | $force_save_source_value = apply_filters( 'wc_stripe_force_save_source', false ); |
| 814 | |
| 815 | if ( $this->save_payment_method_requested() || $force_save_source_value ) { |
| 816 | $query_params['save_payment_method'] = true; |
| 817 | } |
| 818 | |
| 819 | $verification_url = add_query_arg( $query_params, WC_AJAX::get_endpoint( 'wc_stripe_verify_intent' ) ); |
| 820 | |
| 821 | if ( isset( $result['payment_intent_secret'] ) ) { |
| 822 | $redirect = sprintf( '#confirm-pi-%s:%s', $result['payment_intent_secret'], rawurlencode( $verification_url ) ); |
| 823 | } elseif ( isset( $result['setup_intent_secret'] ) ) { |
| 824 | $redirect = sprintf( '#confirm-si-%s:%s', $result['setup_intent_secret'], rawurlencode( $verification_url ) ); |
| 825 | } |
| 826 | |
| 827 | return [ |
| 828 | 'result' => 'success', |
| 829 | 'redirect' => $redirect, |
| 830 | ]; |
| 831 | } |
| 832 | |
| 833 | /** |
| 834 | * Proceed with current request using new login session (to ensure consistent nonce). |
| 835 | */ |
| 836 | public function set_cookie_on_current_request( $cookie ) { |
| 837 | $_COOKIE[ LOGGED_IN_COOKIE ] = $cookie; |
| 838 | } |
| 839 | |
| 840 | /** |
| 841 | * Executed between the "Checkout" and "Thank you" pages, this |
| 842 | * method updates orders based on the status of associated PaymentIntents. |
| 843 | * |
| 844 | * @since 4.2.0 |
| 845 | * @param WC_Order $order The order which is in a transitional state. |
| 846 | */ |
| 847 | public function verify_intent_after_checkout( $order ) { |
| 848 | $payment_method = $order->get_payment_method(); |
| 849 | if ( $payment_method !== $this->id ) { |
| 850 | // If this is not the payment method, an intent would not be available. |
| 851 | return; |
| 852 | } |
| 853 | |
| 854 | $intent = $this->get_intent_from_order( $order ); |
| 855 | if ( ! $intent ) { |
| 856 | // No intent, redirect to the order received page for further actions. |
| 857 | return; |
| 858 | } |
| 859 | |
| 860 | // A webhook might have modified or locked the order while the intent was retreived. This ensures we are reading the right status. |
| 861 | clean_post_cache( $order->get_id() ); |
| 862 | $order = wc_get_order( $order->get_id() ); |
| 863 | |
| 864 | if ( ! $order->has_status( |
| 865 | apply_filters( |
| 866 | 'wc_stripe_allowed_payment_processing_statuses', |
| 867 | [ 'pending', 'failed' ], |
| 868 | $order |
| 869 | ) |
| 870 | ) ) { |
| 871 | // If payment has already been completed, this function is redundant. |
| 872 | return; |
| 873 | } |
| 874 | |
| 875 | if ( $this->lock_order_payment( $order, $intent ) ) { |
| 876 | return; |
| 877 | } |
| 878 | |
| 879 | if ( 'setup_intent' === $intent->object && 'succeeded' === $intent->status ) { |
| 880 | WC()->cart->empty_cart(); |
| 881 | if ( $this->has_pre_order( $order ) ) { |
| 882 | $this->mark_order_as_pre_ordered( $order ); |
| 883 | } else { |
| 884 | $order->payment_complete(); |
| 885 | } |
| 886 | } elseif ( 'succeeded' === $intent->status || 'requires_capture' === $intent->status ) { |
| 887 | // Proceed with the payment completion. |
| 888 | $this->handle_intent_verification_success( $order, $intent ); |
| 889 | } elseif ( 'requires_payment_method' === $intent->status ) { |
| 890 | // `requires_payment_method` means that SCA got denied for the current payment method. |
| 891 | $this->handle_intent_verification_failure( $order, $intent ); |
| 892 | } |
| 893 | |
| 894 | $this->unlock_order_payment( $order ); |
| 895 | } |
| 896 | |
| 897 | /** |
| 898 | * Called after an intent verification succeeds, this allows |
| 899 | * specific APNs or children of this class to modify its behavior. |
| 900 | * |
| 901 | * @param WC_Order $order The order whose verification succeeded. |
| 902 | * @param stdClass $intent The Payment Intent object. |
| 903 | */ |
| 904 | protected function handle_intent_verification_success( $order, $intent ) { |
| 905 | $this->process_response( end( $intent->charges->data ), $order ); |
| 906 | $this->maybe_process_subscription_early_renewal_success( $order, $intent ); |
| 907 | } |
| 908 | |
| 909 | /** |
| 910 | * Called after an intent verification fails, this allows |
| 911 | * specific APNs or children of this class to modify its behavior. |
| 912 | * |
| 913 | * @param WC_Order $order The order whose verification failed. |
| 914 | * @param stdClass $intent The Payment Intent object. |
| 915 | */ |
| 916 | protected function handle_intent_verification_failure( $order, $intent ) { |
| 917 | $this->failed_sca_auth( $order, $intent ); |
| 918 | $this->maybe_process_subscription_early_renewal_failure( $order, $intent ); |
| 919 | } |
| 920 | |
| 921 | /** |
| 922 | * Checks if the payment intent associated with an order failed and records the event. |
| 923 | * |
| 924 | * @since 4.2.0 |
| 925 | * @param WC_Order $order The order which should be checked. |
| 926 | * @param object $intent The intent, associated with the order. |
| 927 | */ |
| 928 | public function failed_sca_auth( $order, $intent ) { |
| 929 | // If the order has already failed, do not repeat the same message. |
| 930 | if ( $order->has_status( 'failed' ) ) { |
| 931 | return; |
| 932 | } |
| 933 | |
| 934 | // Load the right message and update the status. |
| 935 | $status_message = isset( $intent->last_payment_error ) |
| 936 | /* translators: 1) The error message that was received from Stripe. */ |
| 937 | ? sprintf( __( 'Stripe SCA authentication failed. Reason: %s', 'woocommerce-gateway-stripe' ), $intent->last_payment_error->message ) |
| 938 | : __( 'Stripe SCA authentication failed.', 'woocommerce-gateway-stripe' ); |
| 939 | $order->update_status( 'failed', $status_message ); |
| 940 | } |
| 941 | |
| 942 | /** |
| 943 | * Preserves the "wc-stripe-confirmation" URL parameter so the user can complete the SCA authentication after logging in. |
| 944 | * |
| 945 | * @param string $pay_url Current computed checkout URL for the given order. |
| 946 | * @param WC_Order $order Order object. |
| 947 | * |
| 948 | * @return string Checkout URL for the given order. |
| 949 | */ |
| 950 | public function get_checkout_payment_url( $pay_url, $order ) { |
| 951 | global $wp; |
| 952 | if ( isset( $_GET['wc-stripe-confirmation'] ) && isset( $wp->query_vars['order-pay'] ) && $wp->query_vars['order-pay'] == $order->get_id() ) { |
| 953 | $pay_url = add_query_arg( 'wc-stripe-confirmation', 1, $pay_url ); |
| 954 | } |
| 955 | return $pay_url; |
| 956 | } |
| 957 | |
| 958 | /** |
| 959 | * Checks whether new keys are being entered when saving options. |
| 960 | */ |
| 961 | public function process_admin_options() { |
| 962 | // Load all old values before the new settings get saved. |
| 963 | $old_publishable_key = $this->get_option( 'publishable_key' ); |
| 964 | $old_secret_key = $this->get_option( 'secret_key' ); |
| 965 | $old_test_publishable_key = $this->get_option( 'test_publishable_key' ); |
| 966 | $old_test_secret_key = $this->get_option( 'test_secret_key' ); |
| 967 | |
| 968 | parent::process_admin_options(); |
| 969 | |
| 970 | // Load all old values after the new settings have been saved. |
| 971 | $new_publishable_key = $this->get_option( 'publishable_key' ); |
| 972 | $new_secret_key = $this->get_option( 'secret_key' ); |
| 973 | $new_test_publishable_key = $this->get_option( 'test_publishable_key' ); |
| 974 | $new_test_secret_key = $this->get_option( 'test_secret_key' ); |
| 975 | |
| 976 | // Checks whether a value has transitioned from a non-empty value to a new one. |
| 977 | $has_changed = function( $old_value, $new_value ) { |
| 978 | return ! empty( $old_value ) && ( $old_value !== $new_value ); |
| 979 | }; |
| 980 | |
| 981 | // Look for updates. |
| 982 | if ( |
| 983 | $has_changed( $old_publishable_key, $new_publishable_key ) |
| 984 | || $has_changed( $old_secret_key, $new_secret_key ) |
| 985 | || $has_changed( $old_test_publishable_key, $new_test_publishable_key ) |
| 986 | || $has_changed( $old_test_secret_key, $new_test_secret_key ) |
| 987 | ) { |
| 988 | update_option( 'wc_stripe_show_changed_keys_notice', 'yes' ); |
| 989 | } |
| 990 | } |
| 991 | |
| 992 | public function validate_publishable_key_field( $key, $value ) { |
| 993 | $value = $this->validate_text_field( $key, $value ); |
| 994 | if ( ! empty( $value ) && ! preg_match( '/^pk_live_/', $value ) ) { |
| 995 | return ''; |
| 996 | } |
| 997 | return $value; |
| 998 | } |
| 999 | |
| 1000 | public function validate_secret_key_field( $key, $value ) { |
| 1001 | $value = $this->validate_text_field( $key, $value ); |
| 1002 | if ( ! empty( $value ) && ! preg_match( '/^[rs]k_live_/', $value ) ) { |
| 1003 | return ''; |
| 1004 | } |
| 1005 | return $value; |
| 1006 | } |
| 1007 | |
| 1008 | public function validate_test_publishable_key_field( $key, $value ) { |
| 1009 | $value = $this->validate_text_field( $key, $value ); |
| 1010 | if ( ! empty( $value ) && ! preg_match( '/^pk_test_/', $value ) ) { |
| 1011 | return ''; |
| 1012 | } |
| 1013 | return $value; |
| 1014 | } |
| 1015 | |
| 1016 | public function validate_test_secret_key_field( $key, $value ) { |
| 1017 | $value = $this->validate_text_field( $key, $value ); |
| 1018 | if ( ! empty( $value ) && ! preg_match( '/^[rs]k_test_/', $value ) ) { |
| 1019 | return ''; |
| 1020 | } |
| 1021 | return $value; |
| 1022 | } |
| 1023 | |
| 1024 | /** |
| 1025 | * Ensures the statement descriptor about to be saved to options does not contain any invalid characters. |
| 1026 | * |
| 1027 | * @since 4.8.0 |
| 1028 | * @param $settings WC_Settings_API settings to be filtered |
| 1029 | * @return Filtered settings |
| 1030 | */ |
| 1031 | public function settings_api_sanitized_fields( $settings ) { |
| 1032 | if ( is_array( $settings ) ) { |
| 1033 | if ( array_key_exists( 'statement_descriptor', $settings ) ) { |
| 1034 | $settings['statement_descriptor'] = WC_Stripe_Helper::clean_statement_descriptor( $settings['statement_descriptor'] ); |
| 1035 | } |
| 1036 | } |
| 1037 | return $settings; |
| 1038 | } |
| 1039 | |
| 1040 | /** |
| 1041 | * Checks whether the gateway is enabled. |
| 1042 | * |
| 1043 | * @return bool The result. |
| 1044 | */ |
| 1045 | public function is_enabled() { |
| 1046 | return 'yes' === $this->get_option( 'enabled' ); |
| 1047 | } |
| 1048 | |
| 1049 | /** |
| 1050 | * Disables gateway. |
| 1051 | */ |
| 1052 | public function disable() { |
| 1053 | $this->update_option( 'enabled', 'no' ); |
| 1054 | } |
| 1055 | |
| 1056 | /** |
| 1057 | * Enables gateway. |
| 1058 | */ |
| 1059 | public function enable() { |
| 1060 | $this->update_option( 'enabled', 'yes' ); |
| 1061 | } |
| 1062 | |
| 1063 | /** |
| 1064 | * Returns whether test_mode is active for the gateway. |
| 1065 | * |
| 1066 | * @return boolean Test mode enabled if true, disabled if false. |
| 1067 | */ |
| 1068 | public function is_in_test_mode() { |
| 1069 | return 'yes' === $this->get_option( 'testmode' ); |
| 1070 | } |
| 1071 | |
| 1072 | /** |
| 1073 | * Determines whether the "automatic" or "manual" capture setting is enabled. |
| 1074 | * |
| 1075 | * @return bool |
| 1076 | */ |
| 1077 | public function is_automatic_capture_enabled() { |
| 1078 | return empty( $this->get_option( 'capture' ) ) || $this->get_option( 'capture' ) === 'yes'; |
| 1079 | } |
| 1080 | |
| 1081 | /** |
| 1082 | * Validates statement descriptor value |
| 1083 | * |
| 1084 | * @param string $param Param name. |
| 1085 | * @param string $value Posted Value. |
| 1086 | * @param int $max_length Maximum statement length. |
| 1087 | * |
| 1088 | * @return string Sanitized statement descriptor. |
| 1089 | * @throws InvalidArgumentException When statement descriptor is invalid. |
| 1090 | */ |
| 1091 | public function validate_account_statement_descriptor_field( $param, $value, $max_length ) { |
| 1092 | // Since the value is escaped, and we are saving in a place that does not require escaping, apply stripslashes. |
| 1093 | $value = trim( stripslashes( $value ) ); |
| 1094 | $field = __( 'customer bank statement', 'woocommerce-gateway-stripe' ); |
| 1095 | |
| 1096 | if ( 'short_statement_descriptor' === $param ) { |
| 1097 | $field = __( 'shortened customer bank statement', 'woocommerce-gateway-stripe' ); |
| 1098 | } |
| 1099 | |
| 1100 | // Validation can be done with a single regex but splitting into multiple for better readability. |
| 1101 | $valid_length = '/^.{5,' . $max_length . '}$/'; |
| 1102 | $has_one_letter = '/^.*[a-zA-Z]+/'; |
| 1103 | $no_specials = '/^[^*"\'<>]*$/'; |
| 1104 | |
| 1105 | if ( |
| 1106 | ! preg_match( $valid_length, $value ) || |
| 1107 | ! preg_match( $has_one_letter, $value ) || |
| 1108 | ! preg_match( $no_specials, $value ) |
| 1109 | ) { |
| 1110 | throw new InvalidArgumentException( |
| 1111 | sprintf( |
| 1112 | /* translators: %1 field name, %2 Number of the maximum characters allowed */ |
| 1113 | __( 'The %1$s is invalid. The bank statement must contain only Latin characters, be between 5 and %2$u characters, contain at least one letter, and not contain any of the special characters: \' " * < >', 'woocommerce-gateway-stripe' ), |
| 1114 | $field, |
| 1115 | $max_length |
| 1116 | ) |
| 1117 | ); |
| 1118 | } |
| 1119 | |
| 1120 | return $value; |
| 1121 | } |
| 1122 | |
| 1123 | /** |
| 1124 | * Get required setting keys for setup. |
| 1125 | * |
| 1126 | * @return array Array of setting keys used for setup. |
| 1127 | */ |
| 1128 | public function get_required_settings_keys() { |
| 1129 | return [ 'publishable_key', 'secret_key' ]; |
| 1130 | } |
| 1131 | |
| 1132 | /** |
| 1133 | * Get the connection URL. |
| 1134 | * |
| 1135 | * @return string Connection URL. |
| 1136 | */ |
| 1137 | public function get_connection_url( $return_url = '' ) { |
| 1138 | $api = new WC_Stripe_Connect_API(); |
| 1139 | $connect = new WC_Stripe_Connect( $api ); |
| 1140 | |
| 1141 | $url = $connect->get_oauth_url( $return_url ); |
| 1142 | |
| 1143 | return is_wp_error( $url ) ? null : $url; |
| 1144 | } |
| 1145 | |
| 1146 | /** |
| 1147 | * Get help text to display during quick setup. |
| 1148 | * |
| 1149 | * @return string |
| 1150 | */ |
| 1151 | public function get_setup_help_text() { |
| 1152 | return sprintf( |
| 1153 | /* translators: %1$s Link to Stripe API details, %2$s Link to register a Stripe account */ |
| 1154 | __( 'Your API details can be obtained from your <a href="%1$s">Stripe account</a>. Don’t have a Stripe account? <a href="%2$s">Create one.</a>', 'woocommerce-gateway-stripe' ), |
| 1155 | 'https://dashboard.stripe.com/apikeys', |
| 1156 | 'https://dashboard.stripe.com/register' |
| 1157 | ); |
| 1158 | } |
| 1159 | |
| 1160 | /** |
| 1161 | * Determine if the gateway still requires setup. |
| 1162 | * |
| 1163 | * @return bool |
| 1164 | */ |
| 1165 | public function needs_setup() { |
| 1166 | return ! $this->get_option( 'publishable_key' ) || ! $this->get_option( 'secret_key' ); |
| 1167 | } |
| 1168 | |
| 1169 | /** |
| 1170 | * Updates the test mode based on keys provided when setting up the gateway via onboarding. |
| 1171 | * |
| 1172 | * @return array |
| 1173 | */ |
| 1174 | public function update_onboarding_settings( $settings ) { |
| 1175 | if ( ! isset( $_SERVER['HTTP_REFERER'] ) ) { |
| 1176 | return; |
| 1177 | } |
| 1178 | |
| 1179 | parse_str( wp_parse_url( $_SERVER['HTTP_REFERER'], PHP_URL_QUERY ), $queries ); // phpcs:ignore sanitization ok. |
| 1180 | |
| 1181 | // Determine if merchant is onboarding (page='wc-admin' and task='payments'). |
| 1182 | if ( |
| 1183 | ! isset( $queries ) || |
| 1184 | ! isset( $queries['page'] ) || |
| 1185 | ! isset( $queries['task'] ) || |
| 1186 | 'wc-admin' !== $queries['page'] || |
| 1187 | 'payments' !== $queries['task'] |
| 1188 | ) { |
| 1189 | return; |
| 1190 | } |
| 1191 | |
| 1192 | if ( ! empty( $settings['publishable_key'] ) && ! empty( $settings['secret_key'] ) ) { |
| 1193 | if ( strpos( $settings['publishable_key'], 'pk_test_' ) === 0 || strpos( $settings['secret_key'], 'sk_test_' ) === 0 ) { |
| 1194 | $settings['test_publishable_key'] = $settings['publishable_key']; |
| 1195 | $settings['test_secret_key'] = $settings['secret_key']; |
| 1196 | unset( $settings['publishable_key'] ); |
| 1197 | unset( $settings['secret_key'] ); |
| 1198 | $settings['testmode'] = 'yes'; |
| 1199 | } else { |
| 1200 | $settings['testmode'] = 'no'; |
| 1201 | } |
| 1202 | } |
| 1203 | |
| 1204 | return $settings; |
| 1205 | } |
| 1206 | |
| 1207 | /** |
| 1208 | * Validates a field value before updating. |
| 1209 | * |
| 1210 | * @param string $field_key the form field key. |
| 1211 | * @param string $field_value the form field value. |
| 1212 | * |
| 1213 | * @return bool True if the value was updated, false otherwise. |
| 1214 | */ |
| 1215 | public function update_validated_option( $field_key, $field_value ) { |
| 1216 | $validated_field_value = $this->validate_field( $field_key, $field_value ); |
| 1217 | return $this->update_option( $field_key, $validated_field_value ); |
| 1218 | } |
| 1219 | |
| 1220 | /** |
| 1221 | * Retrieves validated field value. |
| 1222 | * |
| 1223 | * @param string $field_key the form field key. |
| 1224 | * @param mixed $empty_value fallback value. |
| 1225 | * |
| 1226 | * @return string validated field value. |
| 1227 | */ |
| 1228 | public function get_validated_option( $field_key, $empty_value = null ) { |
| 1229 | $value = parent::get_option( $field_key, $empty_value ); |
| 1230 | return $this->validate_field( $field_key, $value ); |
| 1231 | } |
| 1232 | |
| 1233 | /** |
| 1234 | * Ensures validated field values. |
| 1235 | * |
| 1236 | * @param string $field_key the form field key. |
| 1237 | * @param string $field_value the form field value. |
| 1238 | * |
| 1239 | * @return string validated field value. |
| 1240 | */ |
| 1241 | private function validate_field( $field_key, $field_value ) { |
| 1242 | if ( is_callable( [ $this, 'validate_' . $field_key . '_field' ] ) ) { |
| 1243 | return $this->{'validate_' . $field_key . '_field'}( $field_key, $field_value ); |
| 1244 | } |
| 1245 | |
| 1246 | if ( empty( $this->form_fields ) ) { |
| 1247 | $this->init_form_fields(); |
| 1248 | } |
| 1249 | if ( key_exists( $field_key, $this->form_fields ) ) { |
| 1250 | $field_type = $this->form_fields[ $field_key ]['type']; |
| 1251 | |
| 1252 | if ( is_callable( [ $this, 'validate_' . $field_type . '_field' ] ) ) { |
| 1253 | return $this->{'validate_' . $field_type . '_field'}( $field_key, $field_value ); |
| 1254 | } |
| 1255 | } |
| 1256 | |
| 1257 | return $this->validate_text_field( $field_key, $field_value ); |
| 1258 | } |
| 1259 | } |