From 4a5afc00ad2fc3db855c7a42927db3e2aa22d76a Mon Sep 17 00:00:00 2001
From: yeseniamolinab <yesi@sumofus.org>
Date: Tue, 29 Nov 2022 16:16:15 -0600
Subject: [PATCH 1/3] remove expired cards from db and cookie

---
 .../api/payment/braintree_controller.rb         | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/payment/braintree_controller.rb b/app/controllers/api/payment/braintree_controller.rb
index de3cfe7ed..fb3195989 100644
--- a/app/controllers/api/payment/braintree_controller.rb
+++ b/app/controllers/api/payment/braintree_controller.rb
@@ -7,6 +7,8 @@ class Api::Payment::BraintreeController < PaymentController # rubocop:disable Me
   before_action :check_api_key, only: [:refund]
   before_action :verify_bot, only: [:transaction], if: -> { authenticate_cypress_http_token == false }
 
+  EXPIRED_CARD_ERROR_CODE = '2004'
+
   def token
     @merchant_account_id = unsafe_params[:merchantAccountId]
     render json: { token: ::Braintree::ClientToken.generate(merchant_account_id: @merchant_account_id) }
@@ -31,7 +33,8 @@ def express_payment
         cookied_payment_methods: params.to_unsafe_hash['payment_method_ids']
       ).process
     rescue PaymentProcessor::Exceptions::BraintreePaymentError => e
-      render json: { error: e.message, success: false }, status: 500
+      remove_expired_card unless e.message != EXPIRED_CARD_ERROR_CODE
+      render json: { error: e.message, success: false }, status: 422
     rescue ArgumentError => e
       @status = 400
       @status = 404 if e.to_s == 'PaymentProcessor::Exceptions::CustomerNotFound'
@@ -67,6 +70,7 @@ def one_click
     render status: :unprocessable_entity, errors: oneclick_payment_errors unless @result.success?
   rescue PaymentProcessor::Exceptions::BraintreePaymentError => e
     @result = e
+    remove_expired_card unless e.message != EXPIRED_CARD_ERROR_CODE
     render status: :unprocessable_entity, errors: e.message
   end
 
@@ -160,4 +164,15 @@ def member_matches_payload
 
     recognized_member.email == user_params[:email]
   end
+
+  def remove_expired_card
+    @payment_options = BraintreeServices::PaymentOptions.new(unsafe_params, cookies.signed[:payment_methods])
+    existing_payment_methods = (cookies.signed[:payment_methods] || '').split(',')
+
+    unless @payment_options.nil?
+      @payment_method_obj = Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token)&.attributes
+      existing_payment_methods.delete(@payment_options.token)
+      Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token).destroy unless @payment_method_obj.nil?
+    end
+  end
 end

From 2463bc6163fef4bee5986ff709c0096e529f83d7 Mon Sep 17 00:00:00 2001
From: yeseniamolinab <yesi@sumofus.org>
Date: Tue, 29 Nov 2022 17:00:36 -0600
Subject: [PATCH 2/3] remove card for one click from uri and updating :cookie:

---
 .../api/payment/braintree_controller.rb       |  7 +++++-
 app/controllers/pages_controller.rb           | 24 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/payment/braintree_controller.rb b/app/controllers/api/payment/braintree_controller.rb
index fb3195989..32b87e6db 100644
--- a/app/controllers/api/payment/braintree_controller.rb
+++ b/app/controllers/api/payment/braintree_controller.rb
@@ -168,10 +168,15 @@ def member_matches_payload
   def remove_expired_card
     @payment_options = BraintreeServices::PaymentOptions.new(unsafe_params, cookies.signed[:payment_methods])
     existing_payment_methods = (cookies.signed[:payment_methods] || '').split(',')
-
     unless @payment_options.nil?
       @payment_method_obj = Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token)&.attributes
       existing_payment_methods.delete(@payment_options.token)
+
+      cookies.signed[:payment_methods] = {
+        value: existing_payment_methods.uniq.join(','),
+        expires: 1.year.from_now,
+        domain: :all
+      }
       Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token).destroy unless @payment_method_obj.nil?
     end
   end
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index 032b8d313..54678dbed 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -13,6 +13,8 @@ class PagesController < ApplicationController # rubocop:disable Metrics/ClassLen
   before_action :localize, only: %i[show follow_up double_opt_in_notice]
   before_action :record_tracking, only: %i[show]
 
+  EXPIRED_CARD_ERROR_CODE = '2004'
+
   attr_reader :error_code
   def index
     @pages = Search::PageSearcher.search(search_params)
@@ -201,6 +203,7 @@ def process_one_click
     ).process
   rescue PaymentProcessor::Exceptions::BraintreePaymentError => e
     set_error_code(e.message)
+    remove_expired_card unless e.message != EXPIRED_CARD_ERROR_CODE
     @process_one_click = false
   rescue StandardError
     @process_one_click = false
@@ -225,4 +228,25 @@ def redirect_to_donations_experiment
       redirect_to request.fullpath.gsub(path_match, "/#{@page.language_code}/a/")
     end
   end
+
+  def remove_expired_card
+    unless recognized_member.present?
+      @payment_options = BraintreeServices::PaymentOptions.new(params.to_unsafe_hash,
+                                                               cookies.signed[:payment_methods],
+                                                               recognized_member)
+    end
+
+    existing_payment_methods = (cookies.signed[:payment_methods] || '').split(',')
+
+    unless @payment_options.nil?
+      @payment_method_obj = Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token)&.attributes
+      existing_payment_methods.delete(@payment_options.token)
+      cookies.signed[:payment_methods] = {
+        value: existing_payment_methods.uniq.join(','),
+        expires: 1.year.from_now,
+        domain: :all
+      }
+      Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token).destroy unless @payment_method_obj.nil?
+    end
+  end
 end

From 0274c54ac4c8f024d74964d92ecc85c31b99ee49 Mon Sep 17 00:00:00 2001
From: yeseniamolinab <yesi@sumofus.org>
Date: Tue, 29 Nov 2022 17:52:47 -0600
Subject: [PATCH 3/3] fixed one click from uri logic

---
 app/controllers/pages_controller.rb | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index 54678dbed..66b3d01da 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -230,17 +230,13 @@ def redirect_to_donations_experiment
   end
 
   def remove_expired_card
-    unless recognized_member.present?
-      @payment_options = BraintreeServices::PaymentOptions.new(params.to_unsafe_hash,
-                                                               cookies.signed[:payment_methods],
-                                                               recognized_member)
-    end
-
+    @payment_options = recognized_member.payment_methods.last if recognized_member.present?
     existing_payment_methods = (cookies.signed[:payment_methods] || '').split(',')
 
     unless @payment_options.nil?
       @payment_method_obj = Payment::Braintree::PaymentMethod.find_by_token(@payment_options.token)&.attributes
       existing_payment_methods.delete(@payment_options.token)
+
       cookies.signed[:payment_methods] = {
         value: existing_payment_methods.uniq.join(','),
         expires: 1.year.from_now,