StripePI: Update to retrieve_setup_intent and headers

Update retrieve_setup_intent to be a GET request and update idempotency_key to only be passed in headers if it for a POST request Stripe PI Remote: 99 tests, 469 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Unit: 67 tests, 350 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Stripe Remote: 79 tests, 377 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Unit: 147 tests, 777 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed
activemerchant · Oct 11, 2024 · 759da90 · 759da90
1 parent 8575398
commit 759da90
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 11 deletions.
diff --git a/lib/active_merchant/billing/gateways/stripe.rb b/lib/active_merchant/billing/gateways/stripe.rb
@@ -673,15 +673,15 @@ def key(options = {})
         options[:key] || @api_key
       end
 
-      def headers(options = {})
+      def headers(method = :post, options = {})
         headers = {
           'Authorization' => 'Basic ' + Base64.strict_encode64(key(options).to_s + ':').strip,
           'User-Agent' => "Stripe/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",
           'Stripe-Version' => api_version(options),
           'X-Stripe-Client-User-Agent' => stripe_client_user_agent(options),
           'X-Stripe-Client-User-Metadata' => { ip: options[:ip] }.to_json
         }
-        headers['Idempotency-Key'] = options[:idempotency_key] if options[:idempotency_key]
+        headers['Idempotency-Key'] = options[:idempotency_key] if options[:idempotency_key] && method != :get
         headers['Stripe-Account'] = options[:stripe_account] if options[:stripe_account]
         headers
       end
@@ -699,7 +699,7 @@ def api_version(options)
       def api_request(method, endpoint, parameters = nil, options = {})
         raw_response = response = nil
         begin
-          raw_response = ssl_request(method, self.live_url + endpoint, post_data(parameters), headers(options))
+          raw_response = ssl_request(method, self.live_url + endpoint, post_data(parameters), headers(method, options))
           response = parse(raw_response)
         rescue ResponseError => e
           raw_response = e.response.body

diff --git a/lib/active_merchant/billing/gateways/stripe_payment_intents.rb b/lib/active_merchant/billing/gateways/stripe_payment_intents.rb
@@ -196,9 +196,7 @@ def retrieve_setup_intent(setup_intent_id, options = {})
         # eg (latest_attempt -> payment_method_details -> card -> network_transaction_id)
         #
         # Being able to retrieve these fields enables payment flows that rely on MIT exemptions, e.g: off_session
-        commit(:post, "setup_intents/#{setup_intent_id}", {
-          'expand[]': 'latest_attempt'
-        }, options)
+        commit(:get, "setup_intents/#{setup_intent_id}?expand[]=latest_attempt", nil, options)
       end
 
       def authorize(money, payment_method, options = {})

diff --git a/lib/active_merchant/billing/gateways/webpay.rb b/lib/active_merchant/billing/gateways/webpay.rb
@@ -84,7 +84,7 @@ def json_error(raw_response)
         }
       end
 
-      def headers(options = {})
+      def headers(method = :post, options = {})
         {
           'Authorization' => 'Basic ' + Base64.encode64(@api_key.to_s + ':').strip,
           'User-Agent' => "Webpay/v1 ActiveMerchantBindings/#{ActiveMerchant::VERSION}",

diff --git a/test/unit/gateways/stripe_payment_intents_test.rb b/test/unit/gateways/stripe_payment_intents_test.rb
@@ -137,11 +137,17 @@ def test_create_intent_with_optional_idempotency_key_header
     idempotency_key = 'test123'
     options = @options.merge(idempotency_key: idempotency_key)
 
-    stub_comms(@gateway, :ssl_request) do
+    create_intent = stub_comms(@gateway, :ssl_request) do
       @gateway.create_intent(@amount, @visa_token, options)
     end.check_request do |_method, _endpoint, _data, headers|
       assert_equal idempotency_key, headers['Idempotency-Key']
     end.respond_with(successful_create_intent_response)
+
+    stub_comms(@gateway, :ssl_request) do
+      @gateway.show_intent(create_intent.authorization, options)
+    end.check_request do |_method, _endpoint, _data, headers|
+      assert_not_equal idempotency_key, headers['Idempotency-Key']
+    end.respond_with(successful_create_intent_response)
   end
 
   def test_request_three_d_secure
@@ -971,13 +977,21 @@ def test_successful_avs_and_cvc_check
   end
 
   def test_create_setup_intent_with_moto_exemption
-    options = @options.merge(moto: true, confirm: true)
+    idempotency_key = 'test123'
+    options = @options.merge(moto: true, confirm: true, idempotency_key: idempotency_key)
 
-    stub_comms(@gateway, :ssl_request) do
+    create_intent = stub_comms(@gateway, :ssl_request) do
       @gateway.create_setup_intent(@visa_token, options)
-    end.check_request do |_method, _endpoint, data, _headers|
+    end.check_request do |_method, _endpoint, data, headers|
+      assert_equal(idempotency_key, headers['Idempotency-Key'])
       assert_match(/\[moto\]=true/, data)
     end.respond_with(successful_verify_response)
+
+    stub_comms(@gateway, :ssl_request) do
+      @gateway.retrieve_setup_intent(create_intent.authorization, options)
+    end.check_request do |_method, _endpoint, _data, headers|
+      assert_not_equal(idempotency_key, headers['Idempotency-Key'])
+    end.respond_with(successful_verify_response)
   end
 
   def test_add_network_token_cryptogram_and_eci_for_apple_pay_cit