From d9db32640afb4352733cd52edc10f2ba615eea70 Mon Sep 17 00:00:00 2001 From: evazion Date: Fri, 25 Dec 2020 02:01:42 -0600 Subject: [PATCH] user upgrades: fix checkout form leaking recipient's email. The checkout form should be prefilled with the purchaser's email address, not the recipient's. --- app/models/user_upgrade.rb | 2 +- test/unit/user_upgrade_test.rb | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/app/models/user_upgrade.rb b/app/models/user_upgrade.rb index acb2eb32b..55c388a46 100644 --- a/app/models/user_upgrade.rb +++ b/app/models/user_upgrade.rb @@ -166,7 +166,7 @@ class UserUpgrade < ApplicationRecord success_url: Routes.user_upgrade_url(self), cancel_url: Routes.new_user_upgrade_url(user_id: recipient.id), client_reference_id: "user_upgrade_#{id}", - customer_email: recipient.email_address&.address, + customer_email: purchaser.email_address&.address, payment_method_types: ["card"], line_items: [{ price_data: { diff --git a/test/unit/user_upgrade_test.rb b/test/unit/user_upgrade_test.rb index 070fa2f48..93666aebb 100644 --- a/test/unit/user_upgrade_test.rb +++ b/test/unit/user_upgrade_test.rb @@ -45,5 +45,19 @@ class UserUpgradeTest < ActiveSupport::TestCase end end end + + context "the #create_checkout! method" do + context "for a gifted upgrade" do + context "to Gold" do + should "prefill the Stripe checkout page with the purchaser's email address" do + @user = create(:user, email_address: build(:email_address)) + @user_upgrade = create(:gift_gold_upgrade, purchaser: @user) + @checkout = @user_upgrade.create_checkout! + + assert_equal(@user.email_address.address, @checkout.customer_email) + end + end + end + end end end