Fix restore purchase creating duplicate unclaimed account

When restore purchase was called, the processing created another unclaimed account and all the future payments were matched against this new account. This caused original device to loose subscription as renewals were linked to the user that wasn't associated with original device's device token. remp/dn-mofa#216
remp2020 · Sep 28, 2020 · 9a8060d · 9a8060d
1 parent 94b5707
commit 9a8060d
Showing 1 changed file with 35 additions and 30 deletions.
diff --git a/src/api/VerifyPurchaseApiHandler.php b/src/api/VerifyPurchaseApiHandler.php
@@ -117,7 +117,11 @@ public function handle(ApiAuthorizationInterface $authorization)
         );
 
         // verify receipt in Google system
-        $subscriptionOrResponse =  $this->verifyGooglePlayBillingPurchaseSubscription($purchaseSubscription);
+        $subscriptionOrResponse =  $this->verifyGooglePlayBillingPurchaseSubscription(
+            $authorization,
+            $purchaseSubscription,
+            $purchaseTokenRow
+        );
         if ($subscriptionOrResponse instanceof JsonResponse) {
             return $subscriptionOrResponse;
         }
@@ -133,7 +137,6 @@ public function handle(ApiAuthorizationInterface $authorization)
         $user = $userOrResponse;
 
         return $this->createPayment(
-            $authorization,
             $user,
             $subscriptionResponse,
             $purchaseTokenRow,
@@ -144,8 +147,11 @@ public function handle(ApiAuthorizationInterface $authorization)
     /**
      * @return JsonResponse|SubscriptionResponse - Return validated subscription (SubscriptionResponse) or JsonResponse which should be returned by API.
      */
-    private function verifyGooglePlayBillingPurchaseSubscription($purchaseSubscription)
-    {
+    private function verifyGooglePlayBillingPurchaseSubscription(
+        UserTokenAuthorization $authorization,
+        $purchaseSubscription,
+        ActiveRow $purchaseTokenRow
+    ) {
         try {
             $this->googlePlayValidator = $this->googlePlayValidatorFactory->create();
             $gSubscription = $this->googlePlayValidator
@@ -179,11 +185,35 @@ private function verifyGooglePlayBillingPurchaseSubscription($purchaseSubscripti
             return $response;
         }
 
+        // check if payment with this purchase token already exists
+        $paymentWithPurchaseToken = $this->paymentMetaRepository->findByMeta(
+            GooglePlayBillingModule::META_KEY_PURCHASE_TOKEN,
+            $purchaseTokenRow->purchase_token
+        );
+        if ($paymentWithPurchaseToken) {
+            // payment is created internally; we can confirm it in Google
+            if (!$gSubscription->isAcknowledged()) {
+                $this->acknowledge($purchaseTokenRow);
+            }
+            $this->pairUserWithAuthorizedToken(
+                $authorization,
+                $paymentWithPurchaseToken->payment->user,
+                $purchaseTokenRow
+            );
+
+            $response = new JsonResponse([
+                'status' => 'ok',
+                'code' => 'success_already_created',
+                'message' => "Google Play purchase verified (transaction was already processed).",
+            ]);
+            $response->setHttpCode(Response::S200_OK);
+            return $response;
+        }
+
         return $gSubscription;
     }
 
     private function createPayment(
-        UserTokenAuthorization $authorization,
         ActiveRow $user,
         SubscriptionResponse $subscriptionResponse,
         ActiveRow $purchaseTokenRow,
@@ -223,31 +253,6 @@ private function createPayment(
             return $response;
         }
 
-        // check if payment with this purchase token already exists
-        $paymentWithPurchaseToken = $this->paymentMetaRepository->findByMeta(
-            GooglePlayBillingModule::META_KEY_PURCHASE_TOKEN,
-            $purchaseTokenRow->purchase_token
-        );
-        if ($paymentWithPurchaseToken) {
-            // payment is created internally; we can confirm it in Google
-            if (!$subscriptionResponse->isAcknowledged()) {
-                $this->acknowledge($purchaseTokenRow);
-            }
-            $this->pairUserWithAuthorizedToken(
-                $authorization,
-                $paymentWithPurchaseToken->payment->user,
-                $purchaseTokenRow
-            );
-
-            $response = new JsonResponse([
-                'status' => 'ok',
-                'code' => 'success_already_created',
-                'message' => "Google Play purchase verified (transaction was already processed).",
-            ]);
-            $response->setHttpCode(Response::S200_OK);
-            return $response;
-        }
-
         $metas = [
             GooglePlayBillingModule::META_KEY_PURCHASE_TOKEN => $purchaseTokenRow->purchase_token,
             GooglePlayBillingModule::META_KEY_ORDER_ID => $subscriptionResponse->getRawResponse()->getOrderId(),