Manage 3D Secure payments with Solidus Stripe

[spaghetticode]

Europe legislation requires now SCA payments. Stripe provides this kind of secure payments via the Stripe Payment Intents API. This new library needs to be used by the gem solidus_stripe in order to be able to manage 3D Secure payments.

[spaghetticode]

I opened a PR that implements the Payment Intents API by using the stripe gem.

This PR is based on online guides provided by Stripe that show how to implement the payment system using their gem. This not optimal for us, as solidus_stripe uses ActiveMerchant, but ActiveMerchant Stripe Payment Intents flow is different than other ones, so I think we would need extensive modifications to Solidus codebase in order to make it work.

[spaghetticode]

Using active merchant gateway instead of the one from the gem stripe requires extensive changes in Solidus payment system, as AFAIK we need to add an extra step for 3DS authorization.

The activemerchant API call leaves us with an unauthorized transaction that includes this kind of information:

  "setup_future_usage"=>nil,
  "status"=>"requires_action",
  "next_action"=>
    {"type"=>"use_stripe_sdk",
     "use_stripe_sdk"=>
      {"type"=>"three_d_secure_redirect",
       "stripe_js"=>"https://hooks.stripe.com/redirect/authenticate/src_1FkA9E22AWtpwVQme7yvktuE?client_secret=src_client_secret_GGhY0f0xADnWSEMWapYudO1Z",
       "source"=>"src_1FkA9E22AWtpwVQme7yvktuE",
       "known_frame_issues"=>"false"}},

We need to address some issues and add some behavior in order to make the payment successful:

• change the request so that the respose setup_future_usage is on_session, this way we can reuse this payment method
• include in the request the return URL (should be https://store.com/checkout/confirm) where Stripe 3DS confirmation page will redirect the user
• we need an extra step that, once the current request cycle is complete, redirects the user to the provided stripe_js URL. If all goes well after entering the security code the user will be redirected back to the store, where the checkout process can proceed as usual. The entry point for all these changes is CheckoutController#update, and most of the stuff happens in Spree::Order and Spree::Payment state machines, so the task does not look easy.

[spaghetticode]

I'm converting all the new code to use ActiveMerchant API. I already completed the payment part, now I need to complete the part that stores the payment method for future use. It's proving a bit more complicated than the rest.

[spaghetticode]

The conversion to ActiveMerchant has been completed. The PR is now open, ready for suggestions and reviews. Readme can still be improved though.

[spaghetticode]

PR has been reviewed. There's still one single point to fix, will complete the change next week, should be rather easy.

[spaghetticode]

CI is red due to changes introduced to solidus_support and solidus_dev_support. Will become green after https://github.com/nebulab/solidus/issues/36