Skip to content

Add external Stripe IDs to CreditCardValidation

Ruby Nealon requested to merge rubynealon/add-stripe-cc-validate-info into master

What does this MR do and why?

Implements the database and API change for https://gitlab.com/gitlab-org/gitlab/-/issues/467658 (confidential).

Adds 3 new columns to user_credit_card_validations:

  • stripe_setup_intent_xid
  • stripe_payment_method_xid
  • stripe_card_fingerprint

This is needed to save data that will be sent from CustomersDot per https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/10172

This MR only adds the columns and accepts the new attributes on the API endpoint - there is no change in UI/user experience as a result of what is added/changed here.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Testing this requires having the GDK and CustomersDot running

Pre-requisites:

  1. Configure the ZUORA_PAYMENT_METHOD_VALIDATION_PAGE_ID in your .env on CustomersDot
    • The guide to setup CustomersDot does not set this, it is different from the other page IDs
    • Set up a hosted page on Zuora that matches GL.com CC Validation_2022.04 but has Hosted Domain: http://localhost:3000
    • If you use http://gdk.test:3000, you can use my page ID: 8a8aa1958fc38ab7018fe75ad5b85315
    • (my local environment had it setup for http://localhost:3000 by default but I did not test it worked properly)
  2. Make sure your GDK is running as GitLab.com (put export GITLAB_SIMULATE_SAAS=1 in env.runit in your GDK root and gdk restart - the file may need creating)
  3. Enable the CC verification FF in GDK: Feature.enable(:ci_require_credit_card_on_free_plan)
  4. Enable the find stripe FF in your local CDot find_stripe_setup_intents_for_zuora_payment_methods

Getting the CC validation page to display

  1. Register and sign in as a new user on the GDK
    • Or verify an existing user doesn't have CC validation yet: User.find(USERIDREPLACE).credit_card_validation == nil
  2. Create a new project
  3. Ceate a failed pipeline for the user: 
    Ci::Pipeline.create!(status: 'failed', project_id: PROJECTIDREPLACE, finished_at: Time.current, user_id: USERIDREPLACE, failure_reason: 'user_not_verified', source: 'push', ref: 'main', sha: 'test')

Testing it works

  1. Go to the failed pipeline page in the project you created the failed pipeline for in the previous step, click Validate account, and fill out the payment form
    • 4242 4242 4242 4242 for the CC number
    • other values can be anything
    • If you get a "failed to load payment form" error, make sure ZUORA_PAYMENT_METHOD_VALIDATION_PAGE_ID is set
  2. Submit the validation form and confirm the account is validated
  3. Check that the Stripe values are set for the user User.find(USERIDREPLACE).credit_card_validation

Partially redacted example output from a local end-to-end test with both changes:

[3] pry(main)> User.find(MYLOCALTESTINGUSERID).credit_card_validation
  User Load (0.7ms)  SELECT "users".* FROM "users" WHERE "users"."id" = MYLOCALTESTINGUSERID LIMIT 1 /*application:console,db_config_name:main,console_hostname:tanuki,console_username:ruby,line:/app/models/concerns/use_sql_function_for_primary_key_lookups.rb:8:in `_query_by_sql'*/
  Users::CreditCardValidation Load (0.6ms)  SELECT "user_credit_card_validations"."user_id", "user_credit_card_validations"."credit_card_validated_at", "user_credit_card_validations"."last_digits_hash", "user_credit_card_validations"."holder_name_hash", "user_credit_card_validations"."expiration_date_hash", "user_credit_card_validations"."network_hash", "user_credit_card_validations"."zuora_payment_method_xid", "user_credit_card_validations"."stripe_setup_intent_xid", "user_credit_card_validations"."stripe_payment_method_xid", "user_credit_card_validations"."stripe_card_fingerprint" FROM "user_credit_card_validations" WHERE "user_credit_card_validations"."user_id" = MYLOCALTESTINGUSERID LIMIT 1 /*application:console,db_config_name:main,console_hostname:tanuki,console_username:ruby,line:(pry):3:in `__pry__'*/
=> #<Users::CreditCardValidation:0x00000003195a7358
 user_id: MYLOCALTESTINGUSERID,
 credit_card_validated_at: Mon, 17 Jun 2024 11:19:44.776000000 UTC +00:00,
 last_digits_hash: "1.../a20=",
 holder_name_hash: "A...ND=",
 expiration_date_hash: "T...Pq=",
 network_hash: "Ab...4d=",
 zuora_payment_method_xid: "9b...1a",
 stripe_setup_intent_xid: "seti_1...p2",
 stripe_payment_method_xid: "pm_1...AI",
 stripe_card_fingerprint: "0...Ac">

Merge request reports