Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for managing account holder in payment module #11015

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

feat: Add support for managing account holder in payment module #11015

wants to merge 1 commit into from

Conversation

sradevski
Copy link
Member

BREAKING: The context and data fields were removed from the payment session endpoint as they pose a security risk, since they are open-ended.

The endpoint should only accept what is absolutely necessary to be provided by the client, nothing more.

@sradevski sradevski requested a review from a team as a code owner January 17, 2025 10:28
@vercel Vercel
Copy link

vercel bot commented Jan 17, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
medusa-dashboard ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 17, 2025 2:47pm
6 Skipped Deployments
Name Status Preview Comments Updated (UTC)
api-reference ⬜️ Ignored (Inspect) Jan 17, 2025 2:47pm
api-reference-v2 ⬜️ Ignored (Inspect) Visit Preview Jan 17, 2025 2:47pm
docs-ui ⬜️ Ignored (Inspect) Visit Preview Jan 17, 2025 2:47pm
docs-v2 ⬜️ Ignored (Inspect) Visit Preview Jan 17, 2025 2:47pm
medusa-docs ⬜️ Ignored (Inspect) Visit Preview Jan 17, 2025 2:47pm
resources-docs ⬜️ Ignored (Inspect) Visit Preview Jan 17, 2025 2:47pm

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 17, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 35b9fd7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@sradevski sradevski force-pushed the feat/add-support-manage-account-holder branch from f58080f to 430878f Compare January 17, 2025 10:30
@sradevski
Copy link
Member Author

/snapshot-this

@sradevski sradevski requested review from olivermrbl and removed request for mrnbpt January 17, 2025 10:34
@github-actions GitHub Actions
Copy link
Contributor

🚀 A snapshot release has been made for this PR

Test the snapshots by updating your package.json with the newly published versions:

yarn add @medusajs/admin-bundler@2.2.1-snapshot-20250117103757
yarn add @medusajs/admin-sdk@2.2.1-snapshot-20250117103757
yarn add @medusajs/admin-shared@2.2.1-snapshot-20250117103757
yarn add @medusajs/admin-vite-plugin@2.2.1-snapshot-20250117103757
yarn add @medusajs/dashboard@2.2.1-snapshot-20250117103757
yarn add create-medusa-app@2.2.1-snapshot-20250117103757
yarn add @medusajs/cli@2.2.1-snapshot-20250117103757
yarn add medusa-dev-cli@2.2.1-snapshot-20250117103757
yarn add @medusajs/medusa-oas-cli@2.2.1-snapshot-20250117103757
yarn add @medusajs/core-flows@2.2.1-snapshot-20250117103757
yarn add @medusajs/framework@2.2.1-snapshot-20250117103757
yarn add @medusajs/js-sdk@2.2.1-snapshot-20250117103757
yarn add @medusajs/modules-sdk@2.2.1-snapshot-20250117103757
yarn add @medusajs/orchestration@2.2.1-snapshot-20250117103757
yarn add @medusajs/types@2.2.1-snapshot-20250117103757
yarn add @medusajs/utils@2.2.1-snapshot-20250117103757
yarn add @medusajs/workflows-sdk@2.2.1-snapshot-20250117103757
yarn add @medusajs/icons@2.2.1-snapshot-20250117103757
yarn add @medusajs/ui-preset@2.2.1-snapshot-20250117103757
yarn add @medusajs/medusa@2.2.1-snapshot-20250117103757
yarn add @medusajs/telemetry@2.2.1-snapshot-20250117103757
yarn add @medusajs/test-utils@2.2.1-snapshot-20250117103757
yarn add @medusajs/api-key@2.2.1-snapshot-20250117103757
yarn add @medusajs/auth@2.2.1-snapshot-20250117103757
yarn add @medusajs/cache-inmemory@2.2.1-snapshot-20250117103757
yarn add @medusajs/cache-redis@2.2.1-snapshot-20250117103757
yarn add @medusajs/cart@2.2.1-snapshot-20250117103757
yarn add @medusajs/currency@2.2.1-snapshot-20250117103757
yarn add @medusajs/customer@2.2.1-snapshot-20250117103757
yarn add @medusajs/event-bus-local@2.2.1-snapshot-20250117103757
yarn add @medusajs/event-bus-redis@2.2.1-snapshot-20250117103757
yarn add @medusajs/file@2.2.1-snapshot-20250117103757
yarn add @medusajs/fulfillment@2.2.1-snapshot-20250117103757
yarn add @medusajs/index@2.2.1-snapshot-20250117103757
yarn add @medusajs/inventory@2.2.1-snapshot-20250117103757
yarn add @medusajs/link-modules@2.2.1-snapshot-20250117103757
yarn add @medusajs/locking@2.2.1-snapshot-20250117103757
yarn add @medusajs/notification@2.2.1-snapshot-20250117103757
yarn add @medusajs/order@2.2.1-snapshot-20250117103757
yarn add @medusajs/payment@2.2.1-snapshot-20250117103757
yarn add @medusajs/pricing@2.2.1-snapshot-20250117103757
yarn add @medusajs/product@2.2.1-snapshot-20250117103757
yarn add @medusajs/promotion@2.2.1-snapshot-20250117103757
yarn add @medusajs/auth-emailpass@2.2.1-snapshot-20250117103757
yarn add @medusajs/auth-github@2.2.1-snapshot-20250117103757
yarn add @medusajs/auth-google@2.2.1-snapshot-20250117103757
yarn add @medusajs/file-local@2.2.1-snapshot-20250117103757
yarn add @medusajs/file-s3@2.2.1-snapshot-20250117103757
yarn add @medusajs/fulfillment-manual@2.2.1-snapshot-20250117103757
yarn add @medusajs/locking-postgres@2.2.1-snapshot-20250117103757
yarn add @medusajs/locking-redis@2.2.1-snapshot-20250117103757
yarn add @medusajs/notification-local@2.2.1-snapshot-20250117103757
yarn add @medusajs/notification-sendgrid@2.2.1-snapshot-20250117103757
yarn add @medusajs/payment-stripe@2.2.1-snapshot-20250117103757
yarn add @medusajs/region@2.2.1-snapshot-20250117103757
yarn add @medusajs/sales-channel@2.2.1-snapshot-20250117103757
yarn add @medusajs/stock-location@2.2.1-snapshot-20250117103757
yarn add @medusajs/store@2.2.1-snapshot-20250117103757
yarn add @medusajs/tax@2.2.1-snapshot-20250117103757
yarn add @medusajs/user@2.2.1-snapshot-20250117103757
yarn add @medusajs/workflow-engine-inmemory@2.2.1-snapshot-20250117103757
yarn add @medusajs/workflow-engine-redis@2.2.1-snapshot-20250117103757

Latest commit: 7be4735

@sradevski sradevski force-pushed the feat/add-support-manage-account-holder branch from 430878f to c370fd0 Compare January 17, 2025 12:08
@sradevski
Copy link
Member Author

/snapshot-this

@github-actions GitHub Actions
Copy link
Contributor

🚀 A snapshot release has been made for this PR

Test the snapshots by updating your package.json with the newly published versions:

yarn add @medusajs/admin-bundler@2.2.1-snapshot-20250117121342
yarn add @medusajs/admin-sdk@2.2.1-snapshot-20250117121342
yarn add @medusajs/admin-shared@2.2.1-snapshot-20250117121342
yarn add @medusajs/admin-vite-plugin@2.2.1-snapshot-20250117121342
yarn add @medusajs/dashboard@2.2.1-snapshot-20250117121342
yarn add create-medusa-app@2.2.1-snapshot-20250117121342
yarn add @medusajs/cli@2.2.1-snapshot-20250117121342
yarn add medusa-dev-cli@2.2.1-snapshot-20250117121342
yarn add @medusajs/medusa-oas-cli@2.2.1-snapshot-20250117121342
yarn add @medusajs/core-flows@2.2.1-snapshot-20250117121342
yarn add @medusajs/framework@2.2.1-snapshot-20250117121342
yarn add @medusajs/js-sdk@2.2.1-snapshot-20250117121342
yarn add @medusajs/modules-sdk@2.2.1-snapshot-20250117121342
yarn add @medusajs/orchestration@2.2.1-snapshot-20250117121342
yarn add @medusajs/types@2.2.1-snapshot-20250117121342
yarn add @medusajs/utils@2.2.1-snapshot-20250117121342
yarn add @medusajs/workflows-sdk@2.2.1-snapshot-20250117121342
yarn add @medusajs/icons@2.2.1-snapshot-20250117121342
yarn add @medusajs/ui-preset@2.2.1-snapshot-20250117121342
yarn add @medusajs/medusa@2.2.1-snapshot-20250117121342
yarn add @medusajs/telemetry@2.2.1-snapshot-20250117121342
yarn add @medusajs/test-utils@2.2.1-snapshot-20250117121342
yarn add @medusajs/api-key@2.2.1-snapshot-20250117121342
yarn add @medusajs/auth@2.2.1-snapshot-20250117121342
yarn add @medusajs/cache-inmemory@2.2.1-snapshot-20250117121342
yarn add @medusajs/cache-redis@2.2.1-snapshot-20250117121342
yarn add @medusajs/cart@2.2.1-snapshot-20250117121342
yarn add @medusajs/currency@2.2.1-snapshot-20250117121342
yarn add @medusajs/customer@2.2.1-snapshot-20250117121342
yarn add @medusajs/event-bus-local@2.2.1-snapshot-20250117121342
yarn add @medusajs/event-bus-redis@2.2.1-snapshot-20250117121342
yarn add @medusajs/file@2.2.1-snapshot-20250117121342
yarn add @medusajs/fulfillment@2.2.1-snapshot-20250117121342
yarn add @medusajs/index@2.2.1-snapshot-20250117121342
yarn add @medusajs/inventory@2.2.1-snapshot-20250117121342
yarn add @medusajs/link-modules@2.2.1-snapshot-20250117121342
yarn add @medusajs/locking@2.2.1-snapshot-20250117121342
yarn add @medusajs/notification@2.2.1-snapshot-20250117121342
yarn add @medusajs/order@2.2.1-snapshot-20250117121342
yarn add @medusajs/payment@2.2.1-snapshot-20250117121342
yarn add @medusajs/pricing@2.2.1-snapshot-20250117121342
yarn add @medusajs/product@2.2.1-snapshot-20250117121342
yarn add @medusajs/promotion@2.2.1-snapshot-20250117121342
yarn add @medusajs/auth-emailpass@2.2.1-snapshot-20250117121342
yarn add @medusajs/auth-github@2.2.1-snapshot-20250117121342
yarn add @medusajs/auth-google@2.2.1-snapshot-20250117121342
yarn add @medusajs/file-local@2.2.1-snapshot-20250117121342
yarn add @medusajs/file-s3@2.2.1-snapshot-20250117121342
yarn add @medusajs/fulfillment-manual@2.2.1-snapshot-20250117121342
yarn add @medusajs/locking-postgres@2.2.1-snapshot-20250117121342
yarn add @medusajs/locking-redis@2.2.1-snapshot-20250117121342
yarn add @medusajs/notification-local@2.2.1-snapshot-20250117121342
yarn add @medusajs/notification-sendgrid@2.2.1-snapshot-20250117121342
yarn add @medusajs/payment-stripe@2.2.1-snapshot-20250117121342
yarn add @medusajs/region@2.2.1-snapshot-20250117121342
yarn add @medusajs/sales-channel@2.2.1-snapshot-20250117121342
yarn add @medusajs/stock-location@2.2.1-snapshot-20250117121342
yarn add @medusajs/store@2.2.1-snapshot-20250117121342
yarn add @medusajs/tax@2.2.1-snapshot-20250117121342
yarn add @medusajs/user@2.2.1-snapshot-20250117121342
yarn add @medusajs/workflow-engine-inmemory@2.2.1-snapshot-20250117121342
yarn add @medusajs/workflow-engine-redis@2.2.1-snapshot-20250117121342

Latest commit: 0cfaab5

christiananese
christiananese approved these changes Jan 17, 2025
View reviewed changes
Copy link
Contributor

@christiananese christiananese left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, would be good to add a ticket for documenting keys we are defining here like pp_stripe_stripe_customer_id

@sradevski
Copy link
Member Author

sradevski commented Jan 17, 2025
edited
Loading

Yes definitely, @shahednasser can you have a look and decide what deserves to be documented in the docs? There is the part of pp_stripe_stripe_customer_id that people MIGHT want to know about, although most will unlikely need to deal with it directly

There is also the new interface of a payment provider

olivermrbl
olivermrbl reviewed Jan 17, 2025
View reviewed changes
packages/modules/providers/payment-stripe/src/core/stripe-base.ts
Comment on lines -281 to -283
if (stripeId !== data.customer) {
return await this.initiatePayment(input)
} else {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Don't we need to deal with this scenario still?

  1. I initialize my cart as a guest customer
  2. Go through the checkout flow and create payment sessions
  3. I sign in -> should update the customer on the payment intent

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I am not sure our workflows are wired up to deal with this right now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are not, and this method is not even called.

I was gonna ask you why https://github.com/medusajs/medusa/pull/9348/files was closed actually, as I imagine that's where these flows would be implemented

@sradevski sradevski force-pushed the feat/add-support-manage-account-holder branch from c370fd0 to 1b5d9d9 Compare January 17, 2025 14:41
@sradevski sradevski force-pushed the feat/add-support-manage-account-holder branch from 1b5d9d9 to 35b9fd7 Compare January 17, 2025 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olivermrbl olivermrbl olivermrbl left review comments

@christiananese christiananese christiananese approved these changes

@sgirones sgirones Awaiting requested review from sgirones sgirones is a code owner automatically assigned from medusajs/engineering

@carlos-r-l-rodrigues carlos-r-l-rodrigues Awaiting requested review from carlos-r-l-rodrigues carlos-r-l-rodrigues is a code owner automatically assigned from medusajs/engineering

Assignees
No one assigned
Labels
has: breaking changes team: medusa type: feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sradevski @christiananese @olivermrbl