From 0c141d02ab01bd6cf10772d2fc87390fd4e3d326 Mon Sep 17 00:00:00 2001
From: Ramakrishnan Muthukrishnan <ram@leastauthority.com>
Date: Tue, 5 Nov 2019 13:05:16 +0530
Subject: [PATCH] handle cases where voucher code is missing/mismatched from
 response

---
 src/PaymentServer/Processors/Stripe.hs | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/PaymentServer/Processors/Stripe.hs b/src/PaymentServer/Processors/Stripe.hs
index 6b68bc2..5d8b367 100644
--- a/src/PaymentServer/Processors/Stripe.hs
+++ b/src/PaymentServer/Processors/Stripe.hs
@@ -152,7 +152,16 @@ charge d key (Charges token voucher amount currency) = do
       -&- tokenId
       -&- MetaData [("Voucher", voucher)]
   case result of
-    Right (Charge {}) -> do
-      liftIO $ payForVoucher d voucher
-      return Ok
-    Left (StripeError {}) -> throwError err400 { errBody = "Stripe charge didn't succeed" }
+    Right Charge { chargeMetaData = metadata } ->
+      -- verify that we are getting the same metadata that we sent.
+      case metadata of
+        MetaData [("Voucher", v)] ->
+          if v == voucher
+            then
+            do
+              liftIO $ payForVoucher d voucher
+              return Ok
+            else
+            throwError err400 { errBody = "Voucher code mismatch" }
+        _ -> throwError err400 { errBody = "Voucher code not found" }
+    Left StripeError {} -> throwError err400 { errBody = "Stripe charge didn't succeed" }
-- 
GitLab