search

Kyon147 / laravel-shopify

A full-featured Laravel package for aiding in Shopify App development
MIT License
331 stars 98 forks source link

Problem with Calculation of Trial Days Remaining from Cancellation #320

Open cemilkrc opened 3 weeks ago

cemilkrc commented 3 weeks ago

Expected Behavior

The expected behavior is that users should only have access to the trial period once for a set duration (e.g., 3 days) and should not be able to exploit the trial period by continuously uninstalling and reinstalling the application to reset the trial days.

Current Behavior

Currently, users can exploit the trial period calculation by continuously uninstalling and reinstalling the application within a 24-hour period. This allows them to gain unlimited trial days because the dates are stored only on a day-level basis, ignoring hours and minutes.

Failure Information

This issue arises because the date and time are recorded only at the day level. Users can uninstall and reinstall the application within a 24-hour period to abuse the trial period. This allows them to repeatedly reset the trial period to the full duration (e.g., 3 days).

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

Step 1: Install the application.

activated_on: 2024-06-12 00:00:00
trial_ends_on: 2024-06-15 00:00:00
cancelled_on: 2024-06-12 00:00:00 (same day)

Step 2: Uninstall the application on the same day.

Step 3: Reinstall the application the next day.

activated_on: 2024-06-13 00:00:00
trial_ends_on: 2024-06-16 00:00:00
cancelled_on: NULL

Step 4: Repeat the uninstall and reinstall process to continuously gain a new trial period.

image

Current Function

https://github.com/Kyon147/laravel-shopify/blob/91995ac14f3f71cdae61e7403d2465f7387a6677/src/Services/ChargeHelper.php#L290

This function only calculates the trial days at the day level, ignoring hours and minutes. As a result, in the above scenario, each reinstallation provides the user with a new full 3-day trial period.

Root Cause

The root cause is storing dates only at the day level and not capturing hours and minutes, preventing accurate calculation of the trial period. The following image clearly illustrates this issue:

Proposed Solution

We can provide a more accurate calculation by storing the date and time information with minute-level precision, and adjusting the remainingTrialDaysFromCancel function accordingly. If you give me your thoughts, I would like to contribute to solving the problem.

Context

Kyon147 commented 3 weeks ago

Thanks @cemilkrc

I've seen something issue and did have a quick look into it but you've done a lot more work in investigating so thank you!

Sounds like a good solution if you wanted to open a PR

cemilkrc commented 3 weeks ago

@Kyon147 I'm working on the problem, I'll open a PR when I solve it.