MDL-69166 pg_paypal: capture payment directly

payment/gateway/paypal/amd/build/gateways_modal.min.js

@@ -1,2 +1,2 @@
-function _typeof(a){"@babel/helpers - typeof";if("function"==typeof Symbol&&"symbol"==typeof Symbol.iterator){_typeof=function(a){return typeof a}}else{_typeof=function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a}}return _typeof(a)}define ("pg_paypal/gateways_modal",["exports","./repository","core/templates","core/truncate","core/ajax","core/modal_factory","core/modal_events"],function(a,b,c,d,e,f,g){"use strict";Object.defineProperty(a,"__esModule",{value:!0});a.process=void 0;b=j(b);c=h(c);d=h(d);e=h(e);f=h(f);g=h(g);function h(a){return a&&a.__esModule?a:{default:a}}function i(){if("function"!=typeof WeakMap)return null;var a=new WeakMap;i=function(){return a};return a}function j(a){if(a&&a.__esModule){return a}if(null===a||"object"!==_typeof(a)&&"function"!=typeof a){return{default:a}}var b=i();if(b&&b.has(a)){return b.get(a)}var c={},d=Object.defineProperty&&Object.getOwnPropertyDescriptor;for(var e in a){if(Object.prototype.hasOwnProperty.call(a,e)){var f=d?Object.getOwnPropertyDescriptor(a,e):null;if(f&&(f.get||f.set)){Object.defineProperty(c,e,f)}else{c[e]=a[e]}}}c.default=a;if(b){b.set(a,c)}return c}function k(a,b){return r(a)||q(a,b)||m(a,b)||l()}function l(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function m(a,b){if(!a)return;if("string"==typeof a)return p(a,b);var c=Object.prototype.toString.call(a).slice(8,-1);if("Object"===c&&a.constructor)c=a.constructor.name;if("Map"===c||"Set"===c)return Array.from(c);if("Arguments"===c||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(c))return p(a,b)}function p(a,b){if(null==b||b>a.length)b=a.length;for(var c=0,d=Array(b);c<b;c++){d[c]=a[c]}return d}function q(a,b){if("undefined"==typeof Symbol||!(Symbol.iterator in Object(a)))return;var c=[],d=!0,e=!1,f=void 0;try{for(var g=a[Symbol.iterator](),h;!(d=(h=g.next()).done);d=!0){c.push(h.value);if(b&&c.length===b)break}}catch(a){e=!0;f=a}finally{try{if(!d&&null!=g["return"])g["return"]()}finally{if(e)throw f}}return c}function r(a){if(Array.isArray(a))return a}function s(a,b,c,d,e,f,g){try{var h=a[f](g),i=h.value}catch(a){c(a);return}if(h.done){b(i)}else{Promise.resolve(i).then(d,e)}}function t(a){return function(){var b=this,c=arguments;return new Promise(function(d,e){var h=a.apply(b,c);function f(a){s(h,d,e,f,g,"next",a)}function g(a){s(h,d,e,f,g,"throw",a)}f(void 0)})}}var u=function(){var a=t(regeneratorRuntime.mark(function a(){var b;return regeneratorRuntime.wrap(function(a){while(1){switch(a.prev=a.next){case 0:a.t0=f.default;a.t1=f.default.types.CANCEL;a.next=4;return c.default.render("pg_paypal/paypal_button_placeholder",{});case 4:a.t2=a.sent;a.t3={type:a.t1,body:a.t2};a.next=8;return a.t0.create.call(a.t0,a.t3);case 8:b=a.sent;b.show();return a.abrupt("return",b);case 11:case"end":return a.stop();}}},a)}));return function(){return a.apply(this,arguments)}}(),v=function(){var a=t(regeneratorRuntime.mark(function a(c,f,h,i,j,l){var m,n,o,p,q;return regeneratorRuntime.wrap(function(a){while(1){switch(a.prev=a.next){case 0:a.next=2;return Promise.all([u(),b.getConfigForJs()]);case 2:m=a.sent;n=k(m,2);o=n[0];p=n[1];o.getRoot().on(g.default.hidden,function(){o.destroy()});q="https://www.paypal.com/sdk/js?client-id=".concat(p.clientid,"&currency=").concat(f,"&intent=authorize");w(q,function(){o.setBody("<form></form>");paypal.Buttons({createOrder:function createOrder(a,b){return b.order.create({purchase_units:[{amount:{currency_code:f,value:c},description:d.default.truncate(j,{length:127,stripTags:!0})}],application_context:{shipping_preference:"NO_SHIPPING",brand_name:d.default.truncate(p.brandname,{length:127,stripTags:!0})}})},onApprove:function onApprove(a,b){b.order.authorize().then(function(b){var c=b.purchase_units[0].payments.authorizations[0].id;return e.default.call([{methodname:"pg_paypal_transaction_complete",args:{component:h,componentid:i,orderid:a.orderID,authorizationid:c}}])[0].then(function(a){o.hide();return l(a)})})}}).render(o.getBody()[0])});case 9:case"end":return a.stop();}}},a)}));return function(){return a.apply(this,arguments)}}();a.process=v;var w=function(a,b){if(w.currentlyloaded==a){b();return}if(w.currentlyloaded){var d=document.querySelector("script[src=\"".concat(w.currentlyloaded,"\"]"));if(d){d.parentNode.removeChild(d)}}var c=document.createElement("script");if(c.readyState){c.onreadystatechange=function(){if("complete"==this.readyState||"loaded"==this.readyState){this.onreadystatechange=null;b()}}}else{c.onload=function(){b()}}c.setAttribute("src",a);document.head.appendChild(c);w.currentlyloaded=a};w.currentlyloaded=""});
+function _typeof(a){"@babel/helpers - typeof";if("function"==typeof Symbol&&"symbol"==typeof Symbol.iterator){_typeof=function(a){return typeof a}}else{_typeof=function(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a}}return _typeof(a)}define ("pg_paypal/gateways_modal",["exports","./repository","core/templates","core/truncate","core/ajax","core/modal_factory","core/modal_events","core/str"],function(a,b,c,d,e,f,g,h){"use strict";Object.defineProperty(a,"__esModule",{value:!0});a.process=void 0;b=k(b);c=i(c);d=i(d);e=i(e);f=i(f);g=i(g);function i(a){return a&&a.__esModule?a:{default:a}}function j(){if("function"!=typeof WeakMap)return null;var a=new WeakMap;j=function(){return a};return a}function k(a){if(a&&a.__esModule){return a}if(null===a||"object"!==_typeof(a)&&"function"!=typeof a){return{default:a}}var b=j();if(b&&b.has(a)){return b.get(a)}var c={},d=Object.defineProperty&&Object.getOwnPropertyDescriptor;for(var e in a){if(Object.prototype.hasOwnProperty.call(a,e)){var f=d?Object.getOwnPropertyDescriptor(a,e):null;if(f&&(f.get||f.set)){Object.defineProperty(c,e,f)}else{c[e]=a[e]}}}c.default=a;if(b){b.set(a,c)}return c}function l(a,b){return r(a)||q(a,b)||n(a,b)||m()}function m(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function n(a,b){if(!a)return;if("string"==typeof a)return p(a,b);var c=Object.prototype.toString.call(a).slice(8,-1);if("Object"===c&&a.constructor)c=a.constructor.name;if("Map"===c||"Set"===c)return Array.from(c);if("Arguments"===c||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(c))return p(a,b)}function p(a,b){if(null==b||b>a.length)b=a.length;for(var c=0,d=Array(b);c<b;c++){d[c]=a[c]}return d}function q(a,b){if("undefined"==typeof Symbol||!(Symbol.iterator in Object(a)))return;var c=[],d=!0,e=!1,f=void 0;try{for(var g=a[Symbol.iterator](),h;!(d=(h=g.next()).done);d=!0){c.push(h.value);if(b&&c.length===b)break}}catch(a){e=!0;f=a}finally{try{if(!d&&null!=g["return"])g["return"]()}finally{if(e)throw f}}return c}function r(a){if(Array.isArray(a))return a}function s(a,b,c,d,e,f,g){try{var h=a[f](g),i=h.value}catch(a){c(a);return}if(h.done){b(i)}else{Promise.resolve(i).then(d,e)}}function t(a){return function(){var b=this,c=arguments;return new Promise(function(d,e){var h=a.apply(b,c);function f(a){s(h,d,e,f,g,"next",a)}function g(a){s(h,d,e,f,g,"throw",a)}f(void 0)})}}var u=function(){var a=t(regeneratorRuntime.mark(function a(){var b;return regeneratorRuntime.wrap(function(a){while(1){switch(a.prev=a.next){case 0:a.t0=f.default;a.next=3;return c.default.render("pg_paypal/paypal_button_placeholder",{});case 3:a.t1=a.sent;a.t2={body:a.t1};a.next=7;return a.t0.create.call(a.t0,a.t2);case 7:b=a.sent;b.show();return a.abrupt("return",b);case 10:case"end":return a.stop();}}},a)}));return function(){return a.apply(this,arguments)}}(),v=function(){var a=t(regeneratorRuntime.mark(function a(c,f,i,j,k,m){var n,o,p,q,r;return regeneratorRuntime.wrap(function(a){while(1){switch(a.prev=a.next){case 0:a.next=2;return Promise.all([u(),b.getConfigForJs()]);case 2:n=a.sent;o=l(n,2);p=o[0];q=o[1];p.getRoot().on(g.default.outsideClick,function(a){a.preventDefault()});p.getRoot().on(g.default.hidden,function(){p.destroy()});r="https://www.paypal.com/sdk/js?client-id=".concat(q.clientid,"&currency=").concat(f);w(r,function(){p.setBody("");paypal.Buttons({createOrder:function createOrder(a,b){return b.order.create({purchase_units:[{amount:{currency_code:f,value:c},description:d.default.truncate(k,{length:127,stripTags:!0})}],application_context:{shipping_preference:"NO_SHIPPING",brand_name:d.default.truncate(q.brandname,{length:127,stripTags:!0})}})},onApprove:function onApprove(a){p.setBody((0,h.get_string)("authorising","pg_paypal"));return e.default.call([{methodname:"pg_paypal_create_transaction_complete",args:{component:i,componentid:j,orderid:a.orderID}}])[0].then(function(a){p.hide();return m(a)})}}).render(p.getBody()[0])});case 10:case"end":return a.stop();}}},a)}));return function(){return a.apply(this,arguments)}}();a.process=v;var w=function(a,b){if(w.currentlyloaded==a){b();return}if(w.currentlyloaded){var d=document.querySelector("script[src=\"".concat(w.currentlyloaded,"\"]"));if(d){d.parentNode.removeChild(d)}}var c=document.createElement("script");if(c.readyState){c.onreadystatechange=function(){if("complete"==this.readyState||"loaded"==this.readyState){this.onreadystatechange=null;b()}}}else{c.onload=function(){b()}}c.setAttribute("src",a);document.head.appendChild(c);w.currentlyloaded=a};w.currentlyloaded=""});
 //# sourceMappingURL=gateways_modal.min.js.map

payment/gateway/paypal/amd/src/gateways_modal.js

@@ -27,15 +27,15 @@ import Truncate from 'core/truncate';
 import Ajax from 'core/ajax';
 import ModalFactory from 'core/modal_factory';
 import ModalEvents from 'core/modal_events';
+import {get_string as getString} from 'core/str';
 
 /**
  * Creates and shows a modal that contains a placeholder.
  *
  * @returns {Promise<Modal>}
  */
-const showPlaceholder = async() => {
+const showModalWithPlaceholder = async() => {
     const modal = await ModalFactory.create({
-        type: ModalFactory.types.CANCEL,
         body: await Templates.render('pg_paypal/paypal_button_placeholder', {})
     });
     modal.show();
@@ -59,23 +59,28 @@ export const process = async(amount, currency, component, componentid, descripti
         modal,
         paypalConfig,
     ] = await Promise.all([
-        showPlaceholder(),
+        showModalWithPlaceholder(),
         Repository.getConfigForJs(),
     ]);
 
+    modal.getRoot().on(ModalEvents.outsideClick, (e) => {
+        // Prevent closing the modal when clicking outside of it.
+        e.preventDefault();
+    });
+
     modal.getRoot().on(ModalEvents.hidden, () => {
         // Destroy when hidden.
         modal.destroy();
     });
 
-    const paypalScript = `https://www.paypal.com/sdk/js?client-id=${paypalConfig.clientid}&currency=${currency}&intent=authorize`;
+    const paypalScript = `https://www.paypal.com/sdk/js?client-id=${paypalConfig.clientid}&currency=${currency}`;
 
     callExternalFunction(paypalScript, () => {
-        modal.setBody('<form></form>'); // This is a hack. Instead of emptying the body, we put an empty form there so the modal
-                                        // is not closed when user clicks outside of modal.
+        modal.setBody(''); // We have to clear the body. The render method in paypal.Buttons will render everything.
+
         paypal.Buttons({ // eslint-disable-line
+            // Set up the transaction.
             createOrder: function(data, actions) {
-                // This function sets up the details of the transaction, including the amount and line item details.
                 return actions.order.create({
                     purchase_units: [{ // eslint-disable-line
                         amount: {
@@ -90,26 +95,22 @@ export const process = async(amount, currency, component, componentid, descripti
                     },
                 });
             },
-            onApprove: function(data, actions) {
-                // Authorize the transaction.
-                actions.order.authorize().then(function(authorization) {
-                    // Get the authorization id.
-                    const authorizationID = authorization.purchase_units[0].payments.authorizations[0].id;
+            // Finalise the transaction.
+            onApprove: function(data) {
+                modal.setBody(getString('authorising', 'pg_paypal'));
 
-                    // Call your server to validate and capture the transaction.
-                    return Ajax.call([{
-                        methodname: 'pg_paypal_transaction_complete',
-                        args: {
-                            component,
-                            componentid,
-                            orderid: data.orderID,
-                            authorizationid: authorizationID,
-                        },
-                    }])[0]
-                    .then(function(res) {
-                        modal.hide();
-                        return callback(res);
-                    });
+                // Call server to validate and capture payment for order.
+                return Ajax.call([{
+                    methodname: 'pg_paypal_create_transaction_complete',
+                    args: {
+                        component,
+                        componentid,
+                        orderid: data.orderID,
+                    },
+                }])[0]
+                .then(function(res) {
+                    modal.hide();
+                    return callback(res);
                 });
             }
         }).render(modal.getBody()[0]);

payment/gateway/paypal/classes/external/transaction_complete.php

@@ -29,6 +29,8 @@ namespace pg_paypal\external;
 use external_api;
 use external_function_parameters;
 use external_value;
+use core_payment\helper as payment_helper;
+use pg_paypal\paypal_helper;
 
 defined('MOODLE_INTERNAL') || die();
 
@@ -46,7 +48,6 @@ class transaction_complete extends external_api {
             'component' => new external_value(PARAM_COMPONENT, 'The component name'),
             'componentid' => new external_value(PARAM_INT, 'The item id in the context of the component'),
             'orderid' => new external_value(PARAM_TEXT, 'The order id coming back from PayPal'),
-            'authorizationid' => new external_value(PARAM_TEXT, 'The authorization id coming back from PayPal'),
         ]);
     }
 
@@ -57,18 +58,15 @@ class transaction_complete extends external_api {
      * @param string $component Name of the component that the componentid belongs to
      * @param int $componentid An internal identifier that is used by the component
      * @param string $orderid PayPal order ID
-     * @param string $authorizationid The PayPal-generated ID for the authorized payment
      * @return array
      */
-    public static function execute(string $component, int $componentid, string $orderid,
-            string $authorizationid): array {
+    public static function execute(string $component, int $componentid, string $orderid): array {
         global $USER, $DB;
 
         self::validate_parameters(self::execute_parameters(), [
             'component' => $component,
             'componentid' => $componentid,
             'orderid' => $orderid,
-            'authorizationid' => $authorizationid,
         ]);
 
         $config = get_config('pg_paypal');
@@ -77,52 +75,56 @@ class transaction_complete extends external_api {
         [
             'amount' => $amount,
             'currency' => $currency
-        ] = \core_payment\helper::get_cost($component, $componentid);
+        ] = payment_helper::get_cost($component, $componentid);
 
-        $paypalhelper = new \pg_paypal\paypal_helper($config->clientid, $config->secret, $sandbox);
-        $authorization = $paypalhelper->capture_authorization($authorizationid, $amount, $currency);
+        $paypalhelper = new paypal_helper($config->clientid, $config->secret, $sandbox);
+        $orderdetails = $paypalhelper->get_order_details($orderid);
 
         $success = false;
         $message = '';
 
-        if ($authorization) {
-            switch ($authorization['status']) {
-                case 'COMPLETED':
-                    $success = true;
-                    // Everything is correct. Let's give them what they paid for.
-                    try {
-                        \core_payment\helper::deliver_order($component, $componentid);
+        if ($orderdetails) {
+            if ($orderdetails['status'] == paypal_helper::ORDER_STATUS_APPROVED &&
+                    $orderdetails['intent'] == paypal_helper::ORDER_INTENT_CAPTURE) {
+                $item = $orderdetails['purchase_units'][0];
+                if ($item['amount']['value'] == $amount && $item['amount']['currency_code'] == $currency) {
+                    $capture = $paypalhelper->capture_order($orderid);
+                    if ($capture && $capture['status'] == paypal_helper::CAPTURE_STATUS_COMPLETED) {
+                        $success = true;
+                        // Everything is correct. Let's give them what they paid for.
+                        try {
+                            payment_helper::deliver_order($component, $componentid);
 
-                        $paymentid = \core_payment\helper::save_payment($component, $componentid, (int)$USER->id, $amount, $currency,
-                                'paypal');
+                            $paymentid = payment_helper::save_payment($component, $componentid, (int) $USER->id, $amount,
+                                    $currency, 'paypal');
 
-                        // Store PayPal extra information.
-                        $record = new \stdClass();
-                        $record->paymentid = $paymentid;
-                        $record->pp_orderid = $orderid;
-                        $record->pp_authorizationid = $authorizationid;
-                        $record->pp_paymentid = $authorization->id; // The PayPal-generated ID for the captured payment.
-                        $record->pp_status = 'COMPLETED';
+                            // Store PayPal extra information.
+                            $record = new \stdClass();
+                            $record->paymentid = $paymentid;
+                            $record->pp_orderid = $orderid;
 
-                        $DB->insert_record('pg_paypal', $record);
-                    } catch (\Exception $e) {
-                        debugging('Exception while trying to process payment: ' . $e->getMessage(), DEBUG_DEVELOPER);
+                            $DB->insert_record('pg_paypal', $record);
+                        } catch (\Exception $e) {
+                            debugging('Exception while trying to process payment: ' . $e->getMessage(), DEBUG_DEVELOPER);
+                            $success = false;
+                            $message = get_string('internalerror', 'pg_paypal');
+                        }
+                    } else {
                         $success = false;
-                        $message = get_string('internalerror', 'pg_paypal');
+                        $message = get_string('paymentnotcleared', 'pg_paypal');
                     }
-                    break;
-                case 'PENDING':
+                } else {
                     $success = false;
-                    $message = get_string('echecknotsupported', 'pg_paypal');
-                    break;
-                default:
-                    $success = false;
-                    $message = get_string('paymentnotcleared', 'pg_paypal');
+                    $message = get_string('amountmismatch', 'pg_paypal');
+                }
+            } else {
+                $success = false;
+                $message = get_string('paymentnotcleared', 'pg_paypal');
             }
         } else {
             // Could not capture authorization!
             $success = false;
-            $message = get_string('captureauthorizationfailed', 'pg_paypal');
+            $message = get_string('cannotfetchorderdatails', 'pg_paypal');
         }
 
         return [

payment/gateway/paypal/classes/paypal_helper.php

@@ -32,6 +32,21 @@ require_once($CFG->libdir . '/filelib.php');
 
 class paypal_helper {
 
+    /**
+     * @var string The payment was authorized or the authorized payment was captured for the order.
+     */
+    public const CAPTURE_STATUS_COMPLETED = 'COMPLETED';
+
+    /**
+     * @var string The merchant intends to capture payment immediately after the customer makes a payment.
+     */
+    public const ORDER_INTENT_CAPTURE = 'CAPTURE';
+
+    /**
+     * @var string The customer approved the payment.
+     */
+    public const ORDER_STATUS_APPROVED = 'APPROVED';
+
     /**
      * @var string The base API URL
      */

payment/gateway/paypal/db/install.xml

@@ -9,9 +9,6 @@
         <FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true"/>
         <FIELD NAME="paymentid" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false"/>
         <FIELD NAME="pp_orderid" TYPE="char" LENGTH="255" NOTNULL="true" DEFAULT="The ID of the order in PayPal" SEQUENCE="false"/>
-        <FIELD NAME="pp_authorizationid" TYPE="char" LENGTH="255" NOTNULL="true" SEQUENCE="false"/>
-        <FIELD NAME="pp_paymentid" TYPE="char" LENGTH="255" NOTNULL="false" SEQUENCE="false" COMMENT="The PayPal-generated ID for the captured payment."/>
-        <FIELD NAME="pp_status" TYPE="char" LENGTH="32" NOTNULL="false" SEQUENCE="false"/>
       </FIELDS>
       <KEYS>
         <KEY NAME="primary" TYPE="primary" FIELDS="id"/>

payment/gateway/paypal/lang/en/pg_paypal.php

@@ -22,19 +22,19 @@
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
+$string['amountmismatch'] = 'The amount you attempted to pay does not match the required fee. Your account has not been debited.';
+$string['authorising'] = 'Authorising the payment. Please wait...';
 $string['brandname'] = 'Brand name';
 $string['brandname_desc'] = 'The optional label that overrides the business name in the PayPal account on the PayPal site.';
-$string['captureauthorizationfailed'] = 'Could not capture authorization.';
+$string['cannotfetchorderdatails'] = 'Could not fetch payment details from PayPal. Your account has not been debited.';
 $string['clientid'] = 'Client ID';
 $string['clientid_desc'] = 'The client ID that PayPal generated for your application.';
-$string['echecknotsupported'] = 'E-check is not supported.';
 $string['environment'] = 'Environment';
 $string['environment_desc'] = 'You can set this to Sandbox if you are using sandbox accounts (for testing purpose only).';
 $string['gatewaydescription'] = 'PayPal is an authorised payment gateway provider for processing credit card transactions.';
 $string['gatewayname'] = 'PayPal';
-$string['internalerror'] = 'Internal error.';
+$string['internalerror'] = 'An internal error has occurred. Please contact us.';
 $string['live'] = 'Live';
-$string['paymentauthorizationwarning'] = 'For PayPal payment authorizations, you must enable this feature on your PayPal account.';
 $string['paymentnotcleared'] = 'payment not cleared by PayPal.';
 $string['pluginname'] = 'PayPal';
 $string['pluginname_desc'] = 'The PayPal plugin allows you to receive payments via PayPal.';

payment/gateway/paypal/settings.php

@@ -28,9 +28,6 @@ if ($ADMIN->fulltree) {
 
     $settings->add(new admin_setting_heading('pg_paypal_settings', '', get_string('pluginname_desc', 'pg_paypal')));
 
-    $warning = $OUTPUT->notification(get_string('paymentauthorizationwarning', 'pg_paypal'), 'warning');
-    $settings->add(new admin_setting_heading('pg_paypal/warning', '', $warning));
-
     $settings->add(new admin_setting_configtext('pg_paypal/brandname', get_string('brandname', 'pg_paypal'),
             get_string('brandname', 'pg_paypal'), '', PARAM_TEXT));
     $settings->add(new admin_setting_configtext('pg_paypal/clientid', get_string('clientid', 'pg_paypal'),