Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/wpforms-.../src/Integrat.../Stripe/Api
File: PaymentIntents.php
// Saving payment info is important for a future form entry meta update.
[500] Fix | Delete
$this->intent = $this->retrieve_payment_intent( $this->payment_intent_id, [ 'expand' => [ 'customer' ] ] );
[501] Fix | Delete
[502] Fix | Delete
if ( $this->intent->status !== 'succeeded' ) {
[503] Fix | Delete
[504] Fix | Delete
// This error is unlikely to happen because the same check is done on a frontend.
[505] Fix | Delete
$this->error = esc_html__( 'Stripe payment was not confirmed. Please check your Stripe dashboard.', 'wpforms-lite' );
[506] Fix | Delete
[507] Fix | Delete
return;
[508] Fix | Delete
}
[509] Fix | Delete
[510] Fix | Delete
// Saving customer and subscription info is important for a future form meta update.
[511] Fix | Delete
$this->customer = $this->intent->customer;
[512] Fix | Delete
}
[513] Fix | Delete
[514] Fix | Delete
/**
[515] Fix | Delete
* Process subscription.
[516] Fix | Delete
*
[517] Fix | Delete
* @since 1.8.2
[518] Fix | Delete
*
[519] Fix | Delete
* @param array $args Subscription arguments.
[520] Fix | Delete
*
[521] Fix | Delete
* @throws ApiErrorException If the request fails.
[522] Fix | Delete
*/
[523] Fix | Delete
public function process_subscription( $args ) {
[524] Fix | Delete
[525] Fix | Delete
if ( $this->payment_method_id ) {
[526] Fix | Delete
[527] Fix | Delete
// Normal flow.
[528] Fix | Delete
$this->charge_subscription( $args );
[529] Fix | Delete
[530] Fix | Delete
} elseif ( $this->payment_intent_id ) {
[531] Fix | Delete
[532] Fix | Delete
// 3D Secure flow.
[533] Fix | Delete
$this->finalize_subscription();
[534] Fix | Delete
}
[535] Fix | Delete
}
[536] Fix | Delete
[537] Fix | Delete
/**
[538] Fix | Delete
* Request a subscription charge to be made by Stripe.
[539] Fix | Delete
*
[540] Fix | Delete
* @since 1.8.2
[541] Fix | Delete
*
[542] Fix | Delete
* @param array $args Subscription payment arguments.
[543] Fix | Delete
*/
[544] Fix | Delete
protected function charge_subscription( $args ) { // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh
[545] Fix | Delete
[546] Fix | Delete
if ( empty( $this->payment_method_id ) ) {
[547] Fix | Delete
$this->error = esc_html__( 'Stripe subscription stopped, missing PaymentMethod id.', 'wpforms-lite' );
[548] Fix | Delete
[549] Fix | Delete
return;
[550] Fix | Delete
}
[551] Fix | Delete
[552] Fix | Delete
$sub_args = [
[553] Fix | Delete
'items' => [
[554] Fix | Delete
[
[555] Fix | Delete
'plan' => $this->get_plan_id( $args ),
[556] Fix | Delete
],
[557] Fix | Delete
],
[558] Fix | Delete
'metadata' => [
[559] Fix | Delete
'form_name' => $args['form_title'],
[560] Fix | Delete
'form_id' => $args['form_id'],
[561] Fix | Delete
'cycles' => $args['cycles'] ?? null,
[562] Fix | Delete
],
[563] Fix | Delete
'expand' => [ 'latest_invoice.payment_intent' ],
[564] Fix | Delete
];
[565] Fix | Delete
[566] Fix | Delete
if ( isset( $args['application_fee_percent'] ) ) {
[567] Fix | Delete
$sub_args['application_fee_percent'] = $args['application_fee_percent'];
[568] Fix | Delete
}
[569] Fix | Delete
[570] Fix | Delete
if ( isset( $args['description'] ) ) {
[571] Fix | Delete
$sub_args['description'] = $args['description'];
[572] Fix | Delete
}
[573] Fix | Delete
[574] Fix | Delete
try {
[575] Fix | Delete
$this->set_customer( $args['email'], $args['customer_name'] ?? '', $args['customer_address'] ?? [], $args['customer_phone'] ?? '', $args['customer_metadata'] ?? [] );
[576] Fix | Delete
[577] Fix | Delete
$sub_args['customer'] = $this->get_customer( 'id' );
[578] Fix | Delete
$sub_args['payment_behavior'] = 'default_incomplete';
[579] Fix | Delete
$sub_args['off_session'] = true;
[580] Fix | Delete
$sub_args['payment_settings'] = [
[581] Fix | Delete
'save_default_payment_method' => 'on_subscription',
[582] Fix | Delete
];
[583] Fix | Delete
[584] Fix | Delete
if ( Helpers::is_link_supported() ) {
[585] Fix | Delete
$sub_args['payment_settings']['payment_method_types'] = [ 'card', 'link' ];
[586] Fix | Delete
}
[587] Fix | Delete
[588] Fix | Delete
// Create the subscription.
[589] Fix | Delete
$this->subscription = Subscription::create( $sub_args, Helpers::get_auth_opts() );
[590] Fix | Delete
[591] Fix | Delete
$this->intent = $this->subscription->latest_invoice->payment_intent;
[592] Fix | Delete
[593] Fix | Delete
if ( ! $this->intent || ! in_array( $this->intent->status, [ 'succeeded', 'requires_action', 'requires_confirmation', 'requires_payment_method' ], true ) ) {
[594] Fix | Delete
$this->error = esc_html__( 'Stripe subscription stopped. invalid PaymentIntent status.', 'wpforms-lite' );
[595] Fix | Delete
[596] Fix | Delete
return;
[597] Fix | Delete
}
[598] Fix | Delete
[599] Fix | Delete
if ( $this->intent->status === 'succeeded' ) {
[600] Fix | Delete
return;
[601] Fix | Delete
}
[602] Fix | Delete
[603] Fix | Delete
$this->set_bypass_captcha_3dsecure_token( $args );
[604] Fix | Delete
[605] Fix | Delete
if ( in_array( $this->intent->status , [ 'requires_confirmation', 'requires_payment_method' ], true ) ) {
[606] Fix | Delete
$this->request_confirm_payment_ajax( $this->intent );
[607] Fix | Delete
}
[608] Fix | Delete
[609] Fix | Delete
$this->request_3dsecure_ajax( $this->intent );
[610] Fix | Delete
} catch ( Exception $e ) {
[611] Fix | Delete
[612] Fix | Delete
$this->handle_exception( $e );
[613] Fix | Delete
}
[614] Fix | Delete
}
[615] Fix | Delete
[616] Fix | Delete
/**
[617] Fix | Delete
* Finalize a subscription after 3D Secure authorization is finished successfully.
[618] Fix | Delete
*
[619] Fix | Delete
* @since 1.8.2
[620] Fix | Delete
*
[621] Fix | Delete
* @throws ApiErrorException If the request fails.
[622] Fix | Delete
*/
[623] Fix | Delete
protected function finalize_subscription() {
[624] Fix | Delete
[625] Fix | Delete
// Saving payment info is important for a future form entry meta update.
[626] Fix | Delete
$this->intent = $this->retrieve_payment_intent( $this->payment_intent_id, [ 'expand' => [ 'invoice.subscription', 'customer' ] ] );
[627] Fix | Delete
[628] Fix | Delete
if ( $this->intent->status !== 'succeeded' ) {
[629] Fix | Delete
[630] Fix | Delete
// This error is unlikely to happen because the same check is done on a frontend.
[631] Fix | Delete
$this->error = esc_html__( 'Stripe subscription was not confirmed. Please check your Stripe dashboard.', 'wpforms-lite' );
[632] Fix | Delete
[633] Fix | Delete
return;
[634] Fix | Delete
}
[635] Fix | Delete
[636] Fix | Delete
// Saving customer and subscription info is important for a future form meta update.
[637] Fix | Delete
$this->customer = $this->intent->customer;
[638] Fix | Delete
$this->subscription = $this->intent->invoice->subscription;
[639] Fix | Delete
}
[640] Fix | Delete
[641] Fix | Delete
/**
[642] Fix | Delete
* Get saved Stripe PaymentIntent object or its key.
[643] Fix | Delete
*
[644] Fix | Delete
* @since 1.8.2
[645] Fix | Delete
*
[646] Fix | Delete
* @param string $key Name of the key to retrieve.
[647] Fix | Delete
*
[648] Fix | Delete
* @return mixed
[649] Fix | Delete
*/
[650] Fix | Delete
public function get_payment( $key = '' ) {
[651] Fix | Delete
[652] Fix | Delete
return $this->get_var( 'intent', $key );
[653] Fix | Delete
}
[654] Fix | Delete
[655] Fix | Delete
/**
[656] Fix | Delete
* Get details from a saved Charge object.
[657] Fix | Delete
*
[658] Fix | Delete
* @since 1.8.2
[659] Fix | Delete
*
[660] Fix | Delete
* @param string|array $keys Key or an array of keys to retrieve.
[661] Fix | Delete
*
[662] Fix | Delete
* @return array
[663] Fix | Delete
*/
[664] Fix | Delete
public function get_charge_details( $keys ) {
[665] Fix | Delete
[666] Fix | Delete
$charge = isset( $this->intent->charges->data[0] ) ? $this->intent->charges->data[0] : null;
[667] Fix | Delete
[668] Fix | Delete
if ( empty( $charge ) || empty( $keys ) ) {
[669] Fix | Delete
return [];
[670] Fix | Delete
}
[671] Fix | Delete
[672] Fix | Delete
if ( is_string( $keys ) ) {
[673] Fix | Delete
$keys = [ $keys ];
[674] Fix | Delete
}
[675] Fix | Delete
[676] Fix | Delete
$result = [];
[677] Fix | Delete
[678] Fix | Delete
foreach ( $keys as $key ) {
[679] Fix | Delete
if ( isset( $charge->payment_method_details->card, $charge->payment_method_details->card->{$key} ) ) {
[680] Fix | Delete
$result[ $key ] = sanitize_text_field( $charge->payment_method_details->card->{$key} );
[681] Fix | Delete
[682] Fix | Delete
continue;
[683] Fix | Delete
}
[684] Fix | Delete
[685] Fix | Delete
if ( isset( $charge->payment_method_details->{$key} ) ) {
[686] Fix | Delete
$result[ $key ] = sanitize_text_field( $charge->payment_method_details->{$key} );
[687] Fix | Delete
[688] Fix | Delete
continue;
[689] Fix | Delete
}
[690] Fix | Delete
[691] Fix | Delete
if ( isset( $charge->billing_details->{$key} ) ) {
[692] Fix | Delete
$result[ $key ] = sanitize_text_field( $charge->billing_details->{$key} );
[693] Fix | Delete
}
[694] Fix | Delete
}
[695] Fix | Delete
[696] Fix | Delete
return $result;
[697] Fix | Delete
}
[698] Fix | Delete
[699] Fix | Delete
/**
[700] Fix | Delete
* Request a frontend 3D Secure authorization from a user.
[701] Fix | Delete
*
[702] Fix | Delete
* @since 1.8.2
[703] Fix | Delete
*
[704] Fix | Delete
* @param PaymentIntent $intent PaymentIntent to authorize.
[705] Fix | Delete
*/
[706] Fix | Delete
protected function request_3dsecure_ajax( $intent ) {
[707] Fix | Delete
[708] Fix | Delete
if ( ! isset( $intent->status, $intent->next_action->type ) ) {
[709] Fix | Delete
return;
[710] Fix | Delete
}
[711] Fix | Delete
[712] Fix | Delete
if ( $intent->status !== 'requires_action' || $intent->next_action->type !== 'use_stripe_sdk' ) {
[713] Fix | Delete
return;
[714] Fix | Delete
}
[715] Fix | Delete
[716] Fix | Delete
wp_send_json_success(
[717] Fix | Delete
[
[718] Fix | Delete
'action_required' => true,
[719] Fix | Delete
'payment_intent_client_secret' => $intent->client_secret,
[720] Fix | Delete
'payment_method_id' => $this->payment_method_id,
[721] Fix | Delete
]
[722] Fix | Delete
);
[723] Fix | Delete
}
[724] Fix | Delete
[725] Fix | Delete
/**
[726] Fix | Delete
* Request a frontend payment confirmation from a user.
[727] Fix | Delete
*
[728] Fix | Delete
* @since 1.8.2
[729] Fix | Delete
*
[730] Fix | Delete
* @param PaymentIntent $intent PaymentIntent to authorize.
[731] Fix | Delete
*/
[732] Fix | Delete
protected function request_confirm_payment_ajax( $intent ) {
[733] Fix | Delete
[734] Fix | Delete
wp_send_json_success(
[735] Fix | Delete
[
[736] Fix | Delete
'action_required' => true,
[737] Fix | Delete
'payment_intent_client_secret' => $intent->client_secret,
[738] Fix | Delete
'payment_method_id' => $this->payment_method_id,
[739] Fix | Delete
]
[740] Fix | Delete
);
[741] Fix | Delete
}
[742] Fix | Delete
[743] Fix | Delete
/**
[744] Fix | Delete
* Set an encrypted token as a PaymentIntent metadata item.
[745] Fix | Delete
*
[746] Fix | Delete
* @since 1.8.2
[747] Fix | Delete
* @since 1.9.6 Added $args parameter.
[748] Fix | Delete
*
[749] Fix | Delete
* @param array $args Additional arguments.
[750] Fix | Delete
*
[751] Fix | Delete
* @throws ApiErrorException In case payment intent save wasn't successful.
[752] Fix | Delete
*/
[753] Fix | Delete
private function set_bypass_captcha_3dsecure_token( array $args = [] ) {
[754] Fix | Delete
[755] Fix | Delete
$form_data = wpforms()->obj( 'process' )->form_data;
[756] Fix | Delete
[757] Fix | Delete
// Set token only if captcha is enabled for the form.
[758] Fix | Delete
if ( empty( $form_data['settings']['recaptcha'] ) ) {
[759] Fix | Delete
return;
[760] Fix | Delete
}
[761] Fix | Delete
[762] Fix | Delete
$this->intent->metadata['captcha_3dsecure_token'] = Crypto::encrypt( $this->intent->id );
[763] Fix | Delete
$this->intent->metadata['spam_reason'] = $args['metadata']['spam_reason'] ?? null;
[764] Fix | Delete
[765] Fix | Delete
$this->intent->update( $this->intent->id, $this->intent->serializeParameters(), Helpers::get_auth_opts() );
[766] Fix | Delete
}
[767] Fix | Delete
[768] Fix | Delete
/**
[769] Fix | Delete
* Bypass CAPTCHA check on successful 3dSecure check.
[770] Fix | Delete
*
[771] Fix | Delete
* @since 1.8.2
[772] Fix | Delete
*
[773] Fix | Delete
* @param bool $is_bypassed True if CAPTCHA is bypassed.
[774] Fix | Delete
* @param array $entry Form entry data.
[775] Fix | Delete
* @param array $form_data Form data and settings.
[776] Fix | Delete
*
[777] Fix | Delete
* @return bool
[778] Fix | Delete
*
[779] Fix | Delete
* @throws ApiErrorException In case payment intent save wasn't successful.
[780] Fix | Delete
*/
[781] Fix | Delete
public function bypass_captcha_on_3dsecure_submit( $is_bypassed, $entry, $form_data ) {
[782] Fix | Delete
[783] Fix | Delete
// Firstly, run checks that may prevent bypassing:
[784] Fix | Delete
// 1) Sanity check to prevent possible tinkering with captcha on non-payment forms.
[785] Fix | Delete
// 2) All Captcha providers are enabled by the same setting.
[786] Fix | Delete
if (
[787] Fix | Delete
! Helpers::is_payments_enabled( $form_data ) ||
[788] Fix | Delete
empty( $form_data['settings']['recaptcha'] ) ||
[789] Fix | Delete
empty( $entry['payment_intent_id'] )
[790] Fix | Delete
) {
[791] Fix | Delete
return $is_bypassed;
[792] Fix | Delete
}
[793] Fix | Delete
[794] Fix | Delete
// This is executed before payment processing kicks in and fills `$this->intent`.
[795] Fix | Delete
// PaymentIntent intent has to be retrieved from Stripe instead of getting it from `$this->intent`.
[796] Fix | Delete
$intent = $this->retrieve_payment_intent( $entry['payment_intent_id'] );
[797] Fix | Delete
[798] Fix | Delete
if ( empty( $intent->status ) || $intent->status !== 'succeeded' ) {
[799] Fix | Delete
return $is_bypassed;
[800] Fix | Delete
}
[801] Fix | Delete
[802] Fix | Delete
$token = ! empty( $intent->metadata['captcha_3dsecure_token'] ) ? $intent->metadata['captcha_3dsecure_token'] : '';
[803] Fix | Delete
[804] Fix | Delete
if ( Crypto::decrypt( $token ) !== $intent->id ) {
[805] Fix | Delete
return $is_bypassed;
[806] Fix | Delete
}
[807] Fix | Delete
[808] Fix | Delete
// Cleanup the token to prevent its repeated usage and declutter the metadata.
[809] Fix | Delete
$intent->metadata['captcha_3dsecure_token'] = null;
[810] Fix | Delete
[811] Fix | Delete
$intent->update( $intent->id, $intent->serializeParameters(), Helpers::get_auth_opts() );
[812] Fix | Delete
[813] Fix | Delete
if ( isset( $intent->metadata['spam_reason'] ) ) {
[814] Fix | Delete
return $is_bypassed;
[815] Fix | Delete
}
[816] Fix | Delete
[817] Fix | Delete
return true;
[818] Fix | Delete
}
[819] Fix | Delete
[820] Fix | Delete
/**
[821] Fix | Delete
* Retrieve Mandate object from Stripe.
[822] Fix | Delete
*
[823] Fix | Delete
* @since 1.8.7
[824] Fix | Delete
*
[825] Fix | Delete
* @param string $id Mandate id.
[826] Fix | Delete
* @param array $args Additional arguments.
[827] Fix | Delete
*
[828] Fix | Delete
* @throws ApiErrorException If the request fails.
[829] Fix | Delete
*
[830] Fix | Delete
* @return Mandate|null
[831] Fix | Delete
*/
[832] Fix | Delete
public function retrieve_mandate( string $id, array $args = [] ) {
[833] Fix | Delete
[834] Fix | Delete
try {
[835] Fix | Delete
[836] Fix | Delete
$defaults = [ 'id' => $id ];
[837] Fix | Delete
[838] Fix | Delete
if ( isset( $args['mode'] ) ) {
[839] Fix | Delete
$auth_opts = [ 'api_key' => Helpers::get_stripe_key( 'secret', $args['mode'] ) ];
[840] Fix | Delete
[841] Fix | Delete
unset( $args['mode'] );
[842] Fix | Delete
}
[843] Fix | Delete
[844] Fix | Delete
$args = wp_parse_args( $args, $defaults );
[845] Fix | Delete
[846] Fix | Delete
return Mandate::retrieve( $args, $auth_opts ?? Helpers::get_auth_opts() );
[847] Fix | Delete
} catch ( Exception $e ) {
[848] Fix | Delete
[849] Fix | Delete
wpforms_log(
[850] Fix | Delete
'Stripe: Unable to get Mandate.',
[851] Fix | Delete
$e->getMessage(),
[852] Fix | Delete
[
[853] Fix | Delete
'type' => [ 'payment', 'error' ],
[854] Fix | Delete
]
[855] Fix | Delete
);
[856] Fix | Delete
}
[857] Fix | Delete
[858] Fix | Delete
return null;
[859] Fix | Delete
}
[860] Fix | Delete
[861] Fix | Delete
/**
[862] Fix | Delete
* Create Stripe Setup Intent.
[863] Fix | Delete
*
[864] Fix | Delete
* @since 1.8.7
[865] Fix | Delete
*
[866] Fix | Delete
* @param array $intent_data Intent data.
[867] Fix | Delete
* @param array $args Additional arguments.
[868] Fix | Delete
*
[869] Fix | Delete
* @throws ApiErrorException If the request fails.
[870] Fix | Delete
*
[871] Fix | Delete
* @return SetupIntent|null
[872] Fix | Delete
*/
[873] Fix | Delete
public function create_setup_intent( array $intent_data, array $args ) {
[874] Fix | Delete
[875] Fix | Delete
try {
[876] Fix | Delete
if ( isset( $args['mode'] ) ) {
[877] Fix | Delete
$auth_opts = [ 'api_key' => Helpers::get_stripe_key( 'secret', $args['mode'] ) ];
[878] Fix | Delete
}
[879] Fix | Delete
[880] Fix | Delete
return SetupIntent::create( $intent_data, $auth_opts ?? Helpers::get_auth_opts() );
[881] Fix | Delete
} catch ( Exception $e ) {
[882] Fix | Delete
[883] Fix | Delete
wpforms_log(
[884] Fix | Delete
'Stripe: Unable to create Setup Intent.',
[885] Fix | Delete
$e->getMessage(),
[886] Fix | Delete
[
[887] Fix | Delete
'type' => [ 'payment', 'error' ],
[888] Fix | Delete
]
[889] Fix | Delete
);
[890] Fix | Delete
}
[891] Fix | Delete
[892] Fix | Delete
return null;
[893] Fix | Delete
}
[894] Fix | Delete
[895] Fix | Delete
/**
[896] Fix | Delete
* Get Country Specs.
[897] Fix | Delete
*
[898] Fix | Delete
* @since 1.9.1
[899] Fix | Delete
*
[900] Fix | Delete
* @param string $country Country code.
[901] Fix | Delete
* @param array $args Additional arguments.
[902] Fix | Delete
*
[903] Fix | Delete
* @throws ApiErrorException If the request fails.
[904] Fix | Delete
*
[905] Fix | Delete
* @return CountrySpec|null
[906] Fix | Delete
*/
[907] Fix | Delete
public function get_country_specs( string $country, array $args = [] ) {
[908] Fix | Delete
[909] Fix | Delete
try {
[910] Fix | Delete
if ( isset( $args['mode'] ) ) {
[911] Fix | Delete
$auth_opts = [ 'api_key' => Helpers::get_stripe_key( 'secret', $args['mode'] ) ];
[912] Fix | Delete
}
[913] Fix | Delete
[914] Fix | Delete
return CountrySpec::retrieve( $country, $auth_opts ?? Helpers::get_auth_opts() );
[915] Fix | Delete
} catch ( Exception $e ) {
[916] Fix | Delete
[917] Fix | Delete
wpforms_log(
[918] Fix | Delete
'Stripe: Unable to get Country specs.',
[919] Fix | Delete
$e->getMessage(),
[920] Fix | Delete
[
[921] Fix | Delete
'type' => [ 'payment', 'error' ],
[922] Fix | Delete
]
[923] Fix | Delete
);
[924] Fix | Delete
}
[925] Fix | Delete
[926] Fix | Delete
return null;
[927] Fix | Delete
}
[928] Fix | Delete
}
[929] Fix | Delete
[930] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function