Merge branch 'master' into fix/normalized-translations

Author: SilasPeters

Gemfile

@@ -27,6 +27,9 @@ gem 'impressionist', github: 'charlotte-ruby/impressionist'
 # rests calls for mailgun
 gem 'rest-client'
 
+# mollie
+gem 'mollie-api-ruby'
+
 gem 'responders'
 
 # pagination

Gemfile.lock

@@ -179,6 +179,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.7.1)
     minitest (5.15.0)
+    mollie-api-ruby (4.13.0)
     netrc (0.11.0)
     nio4r (2.5.8)
     nokogiri (1.13.1)
@@ -352,6 +353,7 @@ DEPENDENCIES
   impressionist!
   listen
   mimemagic (= 0.3.9)
+  mollie-api-ruby
   pagy
   pg
   pg_search

app/assets/stylesheets/cards.css

@@ -26,6 +26,10 @@
   font-size: 30px;
 }
 
+.size-small {
+  font-size: 10px;
+}
+
 .card .table {
   margin-bottom: 0;
 }

app/controllers/members/payments_controller.rb

@@ -35,18 +35,35 @@ def pay_activities
       redirect_to(member_payments_path)
       return
     end
+
     payment = Payment.new(
       description: description,
       amount: amount,
-      issuer: transaction_params[:bank],
       member: member,
       payment_type: :ideal,
       transaction_id: unpaid.pluck(:activity_id),
       transaction_type: :activity,
       redirect_uri: member_payments_path
     )
+
     if payment.save
-      redirect_to(payment.payment_uri)
+      # Check URI for safety (supresses brakeman warning)
+      url = begin
+        URI.parse(payment.payment_uri)
+      rescue StandardError
+        nil
+      end
+
+      # Check if it's a valid URI and matches your whitelist of acceptable domains (e.g., only http(s)://example.com)
+      if url.is_a?(URI::HTTP) && [
+        'www.mollie.com', # staging
+        'pay.ideal.nl' # production
+      ].include?(url.host)
+        redirect_to(url.to_s)
+      else
+        # Fallback to a safe default redirect if the URI is invalid or not in the whitelist
+        redirect_to(root_path)
+      end
     else
       flash[:notice] = I18n.t('failed', scope: 'activerecord.errors.models.payment')
       redirect_to(member_payments_path)
@@ -97,15 +114,27 @@ def add_funds
       description: description,
       amount: amount,
       member: member,
-      issuer: transaction_params[:bank],
       payment_type: :ideal,
-
       transaction_id: nil,
       transaction_type: :checkout,
       redirect_uri: member_payments_path
     )
+
     if payment.save
-      redirect_to(payment.payment_uri)
+      # Check URI for safety (supresses brakeman warning)
+      url = begin
+        URI.parse(payment.payment_uri)
+      rescue StandardError
+        nil
+      end
+
+      # Check if it's a valid URI and matches your whitelist of acceptable domains (e.g., only http(s)://example.com)
+      if url.is_a?(URI::HTTP) && ['mollie.com'].include?(url.host)
+        redirect_to(url)
+      else
+        # Fallback to a safe default redirect if the URI is invalid or not in the whitelist
+        redirect_to(root_path)
+      end
     else
       flash[:warning] = I18n.t('failed', scope: 'activerecord.errors.models.payment')
       redirect_to(members_home_path)
@@ -115,6 +144,6 @@ def add_funds
   private
 
   def transaction_params
-    params.permit(:amount, :bank, :activity_ids, :payment_type)
+    params.permit(:amount, :activity_ids, :payment_type)
   end
 end

app/models/payment.rb

@@ -1,7 +1,5 @@
 #:nodoc:
 class Payment < ApplicationRecord
-  require 'request'
-
   self.primary_key = :token
 
   attr_accessor :issuer, :payment_uri, :message
@@ -12,6 +10,7 @@ class Payment < ApplicationRecord
   validates :payment_type, presence: true
 
   enum status: { failed: 0, in_progress: 1, successful: 2 }
+
   # Keep payconiq_online because it is still present in the database
   enum payment_type: { ideal: 0, payconiq_online: 1, pin: 3 }
   enum transaction_type: { checkout: 0, activity: 1 }
@@ -26,6 +25,7 @@ class Payment < ApplicationRecord
   after_validation :request_payment, on: :create
 
   include PgSearch::Model
+
   pg_search_scope :search_by_name,
                   against: [:trxid],
                   associated_against: {
@@ -47,54 +47,43 @@ def request_payment
 
     case payment_type.to_sym
     when :ideal
-      http = ConstipatedKoala::Request.new(ENV['MOLLIE_DOMAIN'])
       self.token = Digest::SHA256.hexdigest("#{ member.id }#{ Time.now.to_f }#{ redirect_uri }")
 
       webhook_url = if Rails.env.development?
                       "#{ ENV['NGROK_HOST'] }/api/hook/mollie"
                     else
                       Rails.application.routes.url_helpers.mollie_hook_url
                     end
+      redirect_url = Rails.application.routes.url_helpers.payment_redirect_url(token: token)
 
-      request = http.post("/#{ ENV['MOLLIE_VERSION'] }/payments",
-                          amount: amount,
-                          description: description,
-
-                          method: 'ideal',
-                          issuer: issuer,
+      payment = Mollie::Payment.create(
+        amount: { value: format('%.2f', amount), currency: 'EUR' },
+        method: 'ideal', # only ideal for now
+        description: description,
+        webhook_url: webhook_url,
+        redirect_url: redirect_url
+      )
 
-                          metadata: {
-                            member: member.name,
-                            transaction_type: transaction_type,
-                            transaction_id: transaction_id
+      self.trxid = payment.id
 
-                          },
-                          webhookUrl: webhook_url,
-                          redirectUrl: Rails.application.routes.url_helpers.payment_redirect_url(token: token))
-
-      request['Authorization'] = "Bearer #{ ENV['MOLLIE_TOKEN'] }"
-      response = http.send!(request)
-
-      self.trxid = response.id
-      self.payment_uri = response.links.paymentUrl
+      # The host of this url is `www.mollie.com` so it will redirect to the mollie payment page
+      # if this ever chanes, the redirect_uri whitelist in the controller should be updated
+      self.payment_uri = payment._links['checkout']['href']
       self.status = :in_progress
-    # pin payment shouldn't have any extra work
+
+      # pin payment shouldn't have any extra work
     when :pin
     end
   end
 
   def update_transaction!
     case payment_type.to_sym
     when :ideal
-      http = ConstipatedKoala::Request.new(ENV['MOLLIE_DOMAIN'])
       @status = status
 
-      request = http.get("/#{ ENV['MOLLIE_VERSION'] }/payments/#{ trxid }")
-      request['Authorization'] = "Bearer #{ ENV['MOLLIE_TOKEN'] }"
+      payment = Mollie::Payment.get(trxid)
 
-      response = http.send!(request)
-
-      status_update(response.status)
+      status_update(payment.status)
 
       save!
 
@@ -156,32 +145,17 @@ def transaction_fee
     end
   end
 
-  def self.ideal_issuers
-    # cache the payment issuers for 12 hours, don't request it to often. Stored in tmp/cache
-    return [] if ENV['MOLLIE_TOKEN'].blank?
-
-    Rails.cache.fetch('mollie_issuers', expires_in: 12.hours) do
-      http = ConstipatedKoala::Request.new(ENV['MOLLIE_DOMAIN'])
-
-      request = http.get("/#{ ENV['MOLLIE_VERSION'] }/issuers")
-      request['Authorization'] = "Bearer #{ ENV['MOLLIE_TOKEN'] }"
-
-      response = http.send!(request)
-      response.data.map { |issuer| [issuer.name, issuer.id] }
-    end
-  end
-
   def activities
     Activity.find(transaction_id) if activity?
   end
 
   private
 
   def status_update(new_status)
-    self.status = case new_status.downcase
-                  when "succeeded", "paid"
+    self.status = case new_status
+                  when "paid", "authorized"
                     :successful
-                  when "expired", "canceled", "failed", "cancelled", "authorization_failed"
+                  when "expired", "failed", "canceled"
                     :failed
                   else
                     :in_progress

app/views/admin/activities/index.html.haml

@@ -27,7 +27,7 @@
                       - elsif activity.group.committee?
                         %span.badge.badge-success= activity.group.name.upcase
                       - else
-                        %span.label.badge-warning= activity.group.name.upcase
+                        %span.badge.badge-warning= activity.group.name.upcase
                   - else
                     %td
                       %span
@@ -43,3 +43,12 @@
                   - else
                     %td.d-none.d-md-block
                       %span
+
+                  %td
+                    - if activity.is_payable && activity.price != 0
+                      %span.badge.badge-success.size-small= I18n.t('admin.activities.is_payable')
+                    - elsif activity.price == 0
+                      %span.badge.badge-primary.size-small= I18n.t('admin.activities.free')
+                    - else
+                      %span.badge.badge-warning.size-small= I18n.t('admin.activities.is_not_payable')
+

app/views/layouts/doorkeeper.html.haml

@@ -19,7 +19,7 @@
   %body.h-full.flex.flex-col.bg-gray-100.dark:bg-gray-900
     .flex.flex-col.flex-grow.justify-center
       %img.w-64.mx-auto.p-4.dark:hidden{src:"https://public.svsticky.nl/logos/logo_compact_outline_kleur.svg"}
-      %img.w-64.mx-auto.p-4.hidden.dark:block{src:"https://public.svsticky.nl/logos/logo_compact_outline_wit.svg"}
+      %img.w-64.mx-auto.p-4.hidden.dark:block{src:"https://public.svsticky.nl/logos/logo_compact_outline_wit_kleur.svg"}
 
       .shadow.px-10.py-4.rounded-md.bg-white.mx-auto.dark:bg-gray-800.dark
 

app/views/layouts/mailer.html.haml

@@ -60,7 +60,7 @@
           .content{:style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;"}
             %table.main{:bgcolor => "#fff", :cellpadding => "0", :cellspacing => "0", :style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px solid #e9e9e9;", :width => "100%"}
               %tr{:style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"}
-                %td.alert.alert-warning{:align => "center", :bgcolor => "#61518f", :style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #61518f; margin: 0; padding: 20px;", :valign => "top"}
+                %td.alert.alert-warning{:align => "center", :bgcolor => "#197052", :style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 16px; vertical-align: top; color: #fff; font-weight: 500; text-align: center; border-radius: 3px 3px 0 0; background-color: #197052; margin: 0; padding: 20px;", :valign => "top"}
                   = I18n.t('association_name')
 
               %tr{:style => "font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"}

app/views/members/payments/index.html.haml

@@ -42,13 +42,10 @@
                 %tr
                   %td
                   %td
-                    .ideal-activities
-                      = I18n.t("members.payments.unpaid_activity.footer.bank")
-                      .float-xl-right= f.select :bank, options_for_select(Payment::ideal_issuers), {}, {style: '', class:'ideal-activities'}
                   %td
                     %div
                       = I18n.t("members.payments.unpaid_activity.footer.transactioncosts")
-                    %span.transaction_cost_activities.ideal-activities{:price =>@transaction_costs}= number_to_currency(@transaction_costs, :unit => '€')
+                    %span.transaction_cost_activities.ideal-activities{:price => @transaction_costs}= number_to_currency(@transaction_costs, :unit => '€')
                 %tr
                   %td
                   %td

config/application.rb

@@ -75,3 +75,8 @@ class Application < Rails::Application
     config.middleware.use(I18n::JS::Middleware)
   end
 end
+
+# Mollie configuration
+Mollie::Client.configure do |config|
+  config.api_key = ENV['MOLLIE_TOKEN']
+end

config/locales/admin.en.yml

@@ -7,12 +7,15 @@ en:
       ended: Ended
       filters: Filters
       financial: Financial
+      free: Free
       has_not_paid: has not yet paid
       has_paid: has paid
       info:
         already_added: This participant was already added
         price_changed: The participants fee has changed
         price_error: No connection or not a number
+      is_not_payable: Not payable
+      is_payable: Payable
       new: New activity
       remove_participant: Do you want to remove %{user} as participant?
       save: Save activity?

config/locales/admin.nl.yml

@@ -7,12 +7,15 @@ nl:
       ended: Afgelopen
       filters: Filters
       financial: Financieel
+      free: Gratis
       has_not_paid: heeft nog niet betaald
       has_paid: heeft betaald
       info:
         already_added: Deze persoon is al toegevoegd
         price_changed: Het deelname bedrag is veranderd
         price_error: Geen verbinding of geen nummer
+      is_not_payable: Niet betaalbaar
+      is_payable: Betaalbaar
       new: Nieuwe activiteit
       remove_participant: Deelname van %{user} verwijderen?
       save: Activiteit opslaan?

config/locales/members.en.yml

@@ -95,6 +95,7 @@ en:
       vacancies: Vacancies
       voeljeveilig: VoelJeVeilig
       wiki: Stickypedia
+      voeljeveilig: VoelJeVeilig
     payments:
       mongoose:
         credit: Credit

config/locales/members.nl.yml

@@ -95,6 +95,7 @@ nl:
       vacancies: Vacatures
       voeljeveilig: VoelJeVeilig
       wiki: Stickypedia
+      voeljeveilig: VoelJeVeilig
     payments:
       mongoose:
         credit: Tegoed

gemset.nix

@@ -713,6 +713,16 @@
     };
     version = "5.15.0";
   };
+  mollie-api-ruby = {
+    groups = ["default"];
+    platforms = [];
+    source = {
+      remotes = ["https://rubygems.org"];
+      sha256 = "0z4z0cf5lq3bmdbjsdzjj2spvg351b32nzwrn9rf3zqm9rldai6w";
+      type = "gem";
+    };
+    version = "4.13.0";
+  };
   netrc = {
     groups = ["default"];
     platforms = [];

sample.env

@@ -76,8 +76,6 @@ MAILCHIMP_TEACHER_ID=
 NGROK_HOST=http
 
 # MOLLIE credentials for the iDEAL integration.
-MOLLIE_DOMAIN=https://api.mollie.nl
-MOLLIE_VERSION=v1
 MOLLIE_TOKEN=
 
 # Secret for error reporting.