Fix Cash App Pay token reuse issues (with subscriptions)

changelog.txt

@@ -1,6 +1,7 @@
 *** Changelog ***
 
 = 8.6.0 - xxxx-xx-xx =
+* Fix - Fix multiple issues related to the reuse of Cash App Pay tokens (as a saved payment method) when subscribing.
  Tweak - Minor text updates to webhook-related configuration labels and buttons.
 ** Add - Indicate the activation status of each payment method individually, instead of using a general notice.
 * Fix - JS error when billing country field does not exist on the payment method page.

client/classic/upe/deferred-intent.js

@@ -111,7 +111,8 @@ jQuery( function ( $ ) {
 	function maybeConfirmVoucherOrWalletPayment() {
 		if (
 			getStripeServerData()?.isOrderPay ||
-			getStripeServerData()?.isCheckout
+			getStripeServerData()?.isCheckout ||
+			getStripeServerData()?.isChangingPayment
 		) {
 			if ( window.location.hash.startsWith( '#wc-stripe-voucher-' ) ) {
 				confirmVoucherPayment(
@@ -125,7 +126,8 @@ jQuery( function ( $ ) {
 			) {
 				confirmWalletPayment(
 					api,
-					getStripeServerData()?.isOrderPay
+					getStripeServerData()?.isOrderPay ||
+						getStripeServerData()?.isChangingPayment
 						? $( '#order_review' )
 						: $( 'form.checkout' )
 				);

client/classic/upe/payment-processing.js

@@ -391,7 +391,7 @@ export const confirmVoucherPayment = async ( api, jQueryForm ) => {
  *
  * When processing a payment for a wallet payment method on the checkout or order pay page,
  * the process_payment_with_deferred_intent() function redirects the customer to a URL
- * formatted with: #wc-stripe-wallet-<order_id>:<payment_method_type>:<client_secret>:<redirect_url>.
+ * formatted with: #wc-stripe-wallet-<order_id>:<payment_method_type>:<payment_intent_type>:<client_secret>:<redirect_url>.
  *
  * This function, which is hooked onto the hashchanged event, checks if the URL contains the data we need to process the wallet payment.
  *
@@ -407,7 +407,7 @@ export const confirmWalletPayment = async ( api, jQueryForm ) => {
 	}
 
 	const partials = window.location.href.match(
-		/#wc-stripe-wallet-(.+):(.+):(.+):(.+)$/
+		/#wc-stripe-wallet-(.+):(.+):(.+):(.+):(.+)$/
 	);
 
 	if ( ! partials ) {
@@ -423,7 +423,7 @@ export const confirmWalletPayment = async ( api, jQueryForm ) => {
 	);
 
 	const orderId = partials[ 1 ];
-	const clientSecret = partials[ 3 ];
+	const clientSecret = partials[ 4 ];
 
 	// Verify the request using the data added to the URL.
 	if (
@@ -435,7 +435,8 @@ export const confirmWalletPayment = async ( api, jQueryForm ) => {
 	}
 
 	const paymentMethodType = partials[ 2 ];
-	const returnURL = decodeURIComponent( partials[ 4 ] );
+	const intentType = partials[ 3 ];
+	const returnURL = decodeURIComponent( partials[ 5 ] );
 
 	try {
 		// Confirm the payment to tell Stripe to display the modal to the customer.
@@ -453,11 +454,19 @@ export const confirmWalletPayment = async ( api, jQueryForm ) => {
 					} );
 				break;
 			case 'cashapp':
-				confirmPayment = await api
-					.getStripe()
-					.confirmCashappPayment( clientSecret, {
-						return_url: returnURL,
-					} );
+				if ( intentType === 'setup_intent' ) {
+					confirmPayment = await api
+						.getStripe()
+						.confirmCashappSetup( clientSecret, {
+							return_url: returnURL,
+						} );
+				} else {
+					confirmPayment = await api
+						.getStripe()
+						.confirmCashappPayment( clientSecret, {
+							return_url: returnURL,
+						} );
+				}
 				break;
 			default:
 				// eslint-disable-next-line no-console
@@ -477,7 +486,11 @@ export const confirmWalletPayment = async ( api, jQueryForm ) => {
 
 		// Do not redirect to the order received page if the modal is closed without payment.
 		// Otherwise redirect to the order received page.
-		if ( confirmPayment.paymentIntent.status !== 'requires_action' ) {
+		const status =
+			intentType === 'setup_intent'
+				? confirmPayment.setupIntent.status
+				: confirmPayment.paymentIntent.status;
+		if ( status !== 'requires_action' ) {
 			window.location.href = returnURL;
 		}
 	} catch ( error ) {

includes/payment-methods/class-wc-stripe-upe-payment-gateway.php

@@ -834,6 +834,14 @@ private function process_payment_with_deferred_intent( int $order_id ) {
 
 				// Create a payment intent, or update an existing one associated with the order.
 				$payment_intent = $this->process_payment_intent_for_order( $order, $payment_information );
+			} elseif ( $payment_information['is_using_saved_payment_method'] && 'cashapp' === $selected_payment_type ) {
+				// If the payment method is Cash App Pay and the order has no cost, mark the order as paid.
+				$order->payment_complete();
+
+				return [
+					'result'   => 'success',
+					'redirect' => '',
+				];
 			} else {
 				$payment_intent = $this->process_setup_intent_for_order( $order, $payment_information );
 			}
@@ -884,11 +892,12 @@ private function process_payment_with_deferred_intent( int $order_id ) {
 						rawurlencode( $redirect )
 					);
 				} elseif ( isset( $payment_intent->payment_method_types ) && count( array_intersect( [ 'wechat_pay', 'cashapp' ], $payment_intent->payment_method_types ) ) !== 0 ) {
-					// For Wallet payment method types (CashApp/WeChat Pay), redirect the customer to a URL hash formatted #wc-stripe-wallet-{order_id}:{payment_method_type}:{client_secret}:{redirect_url} to confirm the intent which also displays the modal.
+					// For Wallet payment method types (CashApp/WeChat Pay), redirect the customer to a URL hash formatted #wc-stripe-wallet-{order_id}:{payment_method_type}:{payment_intent_type}:{client_secret}:{redirect_url} to confirm the intent which also displays the modal.
 					$redirect = sprintf(
-						'#wc-stripe-wallet-%s:%s:%s:%s',
+						'#wc-stripe-wallet-%s:%s:%s:%s:%s',
 						$order_id,
 						$payment_information['selected_payment_type'],
+						$payment_intent->object,
 						$payment_intent->client_secret,
 						rawurlencode( $redirect )
 					);

includes/payment-methods/class-wc-stripe-upe-payment-method-cash-app-pay.php

@@ -40,14 +40,6 @@ public function __construct() {
 		// Cash App Pay supports subscriptions. Init subscriptions so it can process subscription payments.
 		$this->maybe_init_subscriptions();
 
-		/**
-		 * Cash App Pay is incapable of processing zero amount payments with saved payment methods.
-		 *
-		 * This is because setup intents with a saved payment method (token) fail. While we wait for a solution to this issue, we
-		 * disable customer's changing the payment method to Cash App Pay as that would result in a $0 set up intent.
-		 */
-		$this->supports = array_diff( $this->supports, [ 'subscription_payment_method_change_customer' ] );
-
 		add_filter( 'woocommerce_thankyou_order_received_text', [ $this, 'order_received_text_for_wallet_failure' ], 10, 2 );
 	}
 
@@ -71,28 +63,6 @@ public function get_retrievable_type() {
 		return $this->get_id();
 	}
 
-	/**
-	 * Determines whether Cash App Pay is enabled at checkout.
-	 *
-	 * @param int    $order_id                  The order ID.
-	 * @param string $account_domestic_currency The account's default currency.
-	 *
-	 * @return bool Whether Cash App Pay is enabled at checkout.
-	 */
-	public function is_enabled_at_checkout( $order_id = null, $account_domestic_currency = null ) {
-		/**
-		 * Cash App Pay is incapable of processing zero amount payments with saved payment methods.
-		 *
-		 * This is because setup intents with a saved payment method (token) fail. While we wait for a solution to this issue, we
-		 * disable Cash App Pay for zero amount orders.
-		 */
-		if ( ! is_add_payment_method_page() && $this->get_current_order_amount() <= 0 ) {
-			return false;
-		}
-
-		return parent::is_enabled_at_checkout( $order_id, $account_domestic_currency );
-	}
-
 	/**
 	 * Creates a Cash App Pay payment token for the customer.
 	 *
@@ -130,10 +100,10 @@ public function order_received_text_for_wallet_failure( $text, $order ) {
 			$redirect_status = wc_clean( wp_unslash( $_GET['redirect_status'] ) );
 		}
 		if ( $order && $this->id === $order->get_payment_method() && 'failed' === $redirect_status ) {
-			$text = '<p class="woocommerce-error">';
+			$text      = '<p class="woocommerce-error">';
 				$text .= esc_html( 'Unfortunately your order cannot be processed as the payment method has declined your transaction. Please attempt your purchase again.' );
-			$text .= '</p>';
-			$text .= '<p class="woocommerce-notice woocommerce-notice--error woocommerce-thankyou-order-failed-actions">';
+			$text     .= '</p>';
+			$text     .= '<p class="woocommerce-notice woocommerce-notice--error woocommerce-thankyou-order-failed-actions">';
 				$text .= '<a href="' . esc_url( $order->get_checkout_payment_url() ) . '" class="button pay">' . esc_html( 'Pay' ) . '</a>';
 			if ( is_user_logged_in() ) {
 				$text .= '<a href="' . esc_url( wc_get_page_permalink( 'myaccount' ) ) . '" class="button pay">' . esc_html( 'My account' ) . '</a>';

readme.txt

@@ -129,6 +129,7 @@ If you get stuck, you can ask for help in the Plugin Forum.
 == Changelog ==
 
 = 8.6.0 - xxxx-xx-xx =
+* Fix - Fix multiple issues related to the reuse of Cash App Pay tokens (as a saved payment method) when subscribing.
 * Tweak - Minor text updates to webhook-related configuration labels and buttons.
 * Add - Indicate the activation status of each payment method individually, instead of using a general notice.
 * Fix - JS error when billing country field does not exist on the payment method page.

tests/phpunit/test-class-wc-stripe-upe-payment-gateway.php

@@ -482,6 +482,7 @@ public function test_process_payment_deferred_intent_with_required_action_for_wa
 		$mock_intent = (object) wp_parse_args(
 			[
 				'status'               => 'requires_action',
+				'object'               => 'payment_intent',
 				'data'                 => [
 					(object) [
 						'id'       => $order_id,
@@ -530,7 +531,7 @@ public function test_process_payment_deferred_intent_with_required_action_for_wa
 		$return_url = self::MOCK_RETURN_URL;
 
 		$this->assertEquals( 'success', $response['result'] );
-		$this->assertMatchesRegularExpression( "/#wc-stripe-wallet-{$order_id}:wechat_pay:{$mock_intent->client_secret}:{$return_url}/", $response['redirect'] );
+		$this->assertMatchesRegularExpression( "/#wc-stripe-wallet-{$order_id}:wechat_pay:{$mock_intent->object}:{$mock_intent->client_secret}:{$return_url}/", $response['redirect'] );
 	}
 
 	/**