Merge branch 'master' into stable/1.2.x

app/assets/javascripts/campaigns.js.coffee

@@ -11,7 +11,7 @@ Crowdhoster.campaigns =
 
     # Checkout section functions:
     if($('#checkout').length)
-      $('html,body').animate({scrollTop: $('#checkout').offset().top})
+      $('html,body').animate({scrollTop: $('#header')[0].scrollHeight})
 
     $('#quantity').on "change", (e) ->
       quantity = $(this).val()
@@ -59,6 +59,7 @@ Crowdhoster.campaigns =
         this.submit()
 
   submitPaymentForm: (form) ->
+    $('#refresh-msg').show()
     $('#errors').hide()
     $('#errors').html('')
     $('button[type="submit"]').attr('disabled', true).html('Processing, please wait...')
@@ -68,14 +69,15 @@ Crowdhoster.campaigns =
     $form = $(form)
 
     cardData =
-      number: $form.find('#card_number').val()
+      number: $form.find('#card_number').val().replace(/\s/g, "")
       expiration_month: $form.find('#expiration_month').val()
       expiration_year: $form.find('#expiration_year').val()
       security_code: $form.find('#security_code').val()
       postal_code: $form.find('#billing_postal_code').val()
 
     errors = crowdtilt.card.validate(cardData)
     if !$.isEmptyObject(errors)
+      $('#refresh-msg').hide()
       $.each errors, (index, value) ->
         $('#errors').append('<p>' + value + '</p>')
       $('#errors').show()
@@ -96,8 +98,10 @@ Crowdhoster.campaigns =
         input = $('<input name="ct_card_id" value="' + token + '" type="hidden" />');
         form = document.getElementById('payment_form')
         form.appendChild(input[0])
+        $('#client_timestamp').val((new Date()).getTime())
         form.submit()
       else
+        $('#refresh-msg').hide()
         $('#errors').append('<p>An error occurred. Please check your credit card details and try again.</p><br><p>If you continue to experience issues, please <a href="mailto:[email protected]?subject=Support request for a payment issue&body=PLEASE DESCRIBE YOUR PAYMENT ISSUES HERE">click here</a> to contact support.</p>')
         $('#errors').show()
         $('.loader').hide()

app/assets/stylesheets/admin.css.scss

@@ -148,7 +148,7 @@
         float: left;
         margin-right: 10px;
         input {
-          width: 350px;
+          width: 270px;
           margin: 0 2px 0px 0px;
         }
       }

app/controllers/admin/campaigns_controller.rb

@@ -282,11 +282,17 @@ def payments
       if payment
         @payments = [payment]
       else
-        @payments = @campaign.payments.order("created_at ASC")
+        @payments = @campaign.payments_completed.order("created_at ASC")
         flash.now[:error] = "Contributor not found for " + params[:payment_id]
       end
+    elsif params.has_key?(:email) && !params[:email].blank?
+      @payments = @campaign.payments_completed.where("lower(email) = ?", params[:email].downcase)
+      if @payments.blank?
+        @payments = @campaign.payments_completed.order("created_at ASC")
+        flash.now[:error] = "Contributor not found for " + params[:email]
+      end
     else
-      @payments = @campaign.payments.order("created_at ASC")
+      @payments = @campaign.payments_completed.order("created_at ASC")
     end
 
     respond_to do |format|

app/controllers/admin_controller.rb

@@ -2,7 +2,7 @@ class AdminController < ApplicationController
   layout "admin"
   before_filter :authenticate_user!
   before_filter :verify_admin
-  before_filter :set_ct_env, only: [:admin_bank_setup, :ajax_verify]
+  before_filter :set_ct_env, only: [:admin_bank_account, :create_admin_bank_account, :delete_admin_bank_account, :ajax_verify]
 
   def admin_website
     #Handle the form submission if request is PUT
@@ -30,28 +30,33 @@ def admin_processor_setup
     end
   end
 
-  def admin_bank_setup
-    redirect_to admin_processor_setup_url, flash: { error: "Please set up your payment processor before providing your bank details" } and return unless @settings.payments_activated?
+  def create_admin_bank_account
+    if params[:ct_bank_id].blank?
+      flash = { :error => "Looks like you have JavaScript disabled. JavaScript is required for bank account setup." }
+    else
+      begin
+        bank = {
+          id: params[:ct_bank_id]
+        }
+        Crowdtilt.post('/users/' + @ct_admin_id + '/banks/default', {bank: bank})
+      rescue => exception
+        flash = { :error => "An error occurred, please contact [email protected]: #{exception.message}" }
+      else
+        flash = { :success => "Your bank account is all set up!" }
+      end
+    end
+    redirect_to admin_bank_account_url, :status => 303, :flash => flash
+  end
+
+  def admin_bank_account
+    unless @settings.payments_activated?
+      redirect_to admin_processor_setup_url, flash: { error: "Please set up your payment processor before providing your bank details" } and return
+    end
     @bank = {}
     begin
       response = Crowdtilt.get('/users/' + @ct_admin_id + '/banks/default')
     rescue => exception # response threw an error, default bank may not be set up
-      if request.post?
-        if params[:ct_bank_id].blank?
-          flash.now[:error] = "An error occurred, please try again" and return
-        else
-          begin
-            bank = {
-              id: params[:ct_bank_id]
-            }
-            response = Crowdtilt.post('/users/' + @ct_admin_id + '/banks/default', {bank: bank})
-          rescue => exception
-            flash.now[:error] = exception.message and return
-          else
-            @bank = response['bank']
-          end
-        end
-      end
+      # do nothing
     else # response is good, check for default bank
       if response['bank'] # default bank is already set up
         @bank = response['bank']
@@ -61,6 +66,23 @@ def admin_bank_setup
     end
   end
 
+  def delete_admin_bank_account
+    begin
+      response = Crowdtilt.get('/users/' + @ct_admin_id + '/banks/default')
+    rescue => exception
+        flash = { :error => "No default bank account" }
+    else
+      begin
+        Crowdtilt.delete('/users/' + @ct_admin_id + '/banks/' + response['bank']['id'])
+      rescue => exception
+        flash = { :error => "An error occurred, please contact [email protected]: #{exception.message}" }
+      else
+        flash = { :info => "Bank account deleted successfully" }
+      end
+    end
+    redirect_to admin_bank_account_url, :status => 303, :flash => flash
+  end
+
   def ajax_verify
     if params[:name].blank? || params[:phone].blank? || params[:street_address].blank? || params[:postal_code].blank? || params[:dob].blank?
       render text: "error" and return #not all fields filled out

app/controllers/campaigns_controller.rb

@@ -61,6 +61,7 @@ def checkout_payment
 
   def checkout_process
 
+    client_timestamp = params.has_key?(:client_timestamp) ? params[:client_timestamp].to_i : nil
     ct_user_id = params[:ct_user_id]
     ct_card_id = params[:ct_card_id]
     fullname = params[:fullname]
@@ -103,17 +104,20 @@ def checkout_process
     # TODO: Check to make sure the amount is valid here
 
     # Create the payment record in our db, if there are errors, redirect the user
-    @payment = @campaign.payments.new fullname: fullname,
-                                      email: email,
-                                      billing_postal_code: billing_postal_code,
-                                      quantity: quantity,
-                                      address_one: address_one,
-                                      address_two: address_two,
-                                      city: city,
-                                      state: state,
-                                      postal_code: postal_code,
-                                      country: country,
-                                      additional_info: additional_info
+     payment_params = {client_timestamp: client_timestamp,
+                       fullname: fullname,
+                       email: email,
+                       billing_postal_code: billing_postal_code,
+                       quantity: quantity,
+                       address_one: address_one,
+                       address_two: address_two,
+                       city: city,
+                       state: state,
+                       postal_code: postal_code,
+                       country: country,
+                       additional_info: additional_info}
+
+     @payment = @campaign.payments.new(payment_params)
 
     if !@payment.valid?
       message = ''
@@ -123,6 +127,23 @@ def checkout_process
       redirect_to checkout_amount_url(@campaign), flash: { error: message[0...-2] } and return
     end
 
+    # Check if there's an existing payment with the same payment_params and client_timestamp. 
+    # If exists, look at the status to route accordingly. 
+    if !client_timestamp.nil? && existing_payment = @campaign.payments.where(payment_params).first
+      case existing_payment.status
+      when nil
+        flash_msg = { info: "Your payment is still being processed! If you have not received a confirmation email, please try again or contact support by emailing [email protected]" }
+      when 'error'
+        flash_msg = { error: "There was an error processing your payment. Please try again or contact support by emailing [email protected]." }
+      else
+        # A status other than nil or 'error' indicates success! Treat as original payment
+        redirect_to checkout_confirmation_url(@campaign), :status => 303, :flash => { payment_guid: @payment.ct_payment_id } and return
+      end
+      redirect_to checkout_amount_url(@campaign), flash: flash_msg and return
+    end
+
+    @payment.save
+
     # Execute the payment via the Crowdtilt API, if it fails, redirect user
     begin
       payment = {
@@ -150,8 +171,9 @@ def checkout_process
       logger.info "CROWDTILT API RESPONSE:"
       logger.info response
     rescue => exception
+      @payment.update_attribute(:status, 'error')
       logger.info "ERROR WITH POST TO /payments: #{exception.message}"
-      redirect_to checkout_amount_url(@campaign), flash: { error: "There was an error processing your payment, please try again or contact support by emailing [email protected]" } and return
+      redirect_to checkout_amount_url(@campaign), flash: { error: "There was an error processing your payment. Please try again or contact support by emailing [email protected]" } and return
     end
 
     # Sync payment data
@@ -163,22 +185,22 @@ def checkout_process
     @campaign.update_api_data(response['payment']['campaign'])
     @campaign.save
 
-    # Send a confirmation email
-    begin
-      UserMailer.payment_confirmation(@payment, @campaign).deliver
-    rescue => exception
-      logger.info "ERROR WITH EMAIL RECEIPT: #{exception.message}"
-    end
+    # Send confirmation emails
+    UserMailer.payment_confirmation(@payment, @campaign).deliver rescue 
+      logger.info "ERROR WITH EMAIL RECEIPT: #{$!.message}"
+
+    AdminMailer.payment_notification(@payment.id).deliver rescue 
+      logger.info "ERROR WITH ADMIN NOTIFICATION EMAIL: #{$!.message}"
 
     redirect_to checkout_confirmation_url(@campaign), :status => 303, :flash => { payment_guid: @payment.ct_payment_id }
 
   end
 
   def checkout_confirmation
     @payment = Payment.where(:ct_payment_id => flash[:payment_guid]).first
-    flash[:payment_guid] = nil # Unset flash because application renders all flash vars (long-term should be refactored)
+    flash.keep(:payment_guid) # Preserve on refresh of this page only
 
-    if !@payment
+    if flash[:payment_guid].nil? || !@payment
       redirect_to campaign_home_url(@campaign)
     end
   end

app/models/campaign.rb

@@ -68,12 +68,21 @@ def rewards?
     (self.payment_type != 'fixed' && self.rewards.length > 0)
   end
 
+  def payments_completed
+    self.payments.where(:status => %w(authorized charged released rejected refunded offline))
+  end
+
+  def payments_successful
+    # 'rejected' is a post-tilt state, so they are included in successful payments.
+    self.payments.where(:status => %w(authorized charged released rejected offline))
+  end
+
   def raised_amount
-    payments.where("payments.status!='refunded'").sum(:amount)/100.0
+    self.payments_successful.sum(:amount)/100.0
   end
 
   def number_of_contributions
-    payments.where("payments.status!='refunded'").count
+    self.payments_successful.count
   end
 
   def tilt_percent

app/models/payment.rb

@@ -2,16 +2,14 @@ class Payment < ActiveRecord::Base
   attr_accessible :ct_payment_id, :status, :amount, :user_fee_amount, :admin_fee_amount, :fullname, :email,
                   :card_type, :card_last_four, :card_expiration_month, :card_expiration_year, :billing_postal_code,
                   :address_one, :address_two, :city, :state, :postal_code, :country, :quantity,
-                  :additional_info
+                  :additional_info, :client_timestamp
 
   validates :fullname, :quantity, presence: true
   validates :email, presence: true, email: true
 
   belongs_to :campaign
   belongs_to :reward
 
-  after_create :send_admin_notification
-
   def self.to_csv(options={})
     #db_columns = %w{fullname email quantity amount user_fee_amount created_at status ct_payment_id}
     csv_columns = ['Name', 'Email', 'Quantity', 'Amount', 'User Fee', 'Date', 'Reward',
@@ -60,10 +58,6 @@ def update_api_data(payment)
     self.card_expiration_year = payment['card']['expiration_year']
   end
 
-  def send_admin_notification
-    AdminMailer.payment_notification(self.id).deliver
-  end
-
   def refund!
     self.campaign.production_flag ? Crowdtilt.production(Settings.first) : Crowdtilt.sandbox
     Crowdtilt.post("/campaigns/#{self.campaign.ct_campaign_id}/payments/#{self.ct_payment_id}/refund")

app/views/admin/admin_bank_setup.html.erb → app/views/admin/admin_bank_account.html.erb

@@ -5,7 +5,7 @@
 
     <ul class="nav nav-tabs nav-bank-setup">
       <li><a href="<%= admin_processor_setup_path %>">Payment Processor</a></li>
-      <li class="active"><a href="<%= admin_bank_setup_path %>">Bank Setup</a></li>
+      <li class="active"><a href="<%= admin_bank_account_path %>">Bank Setup</a></li>
     </ul>
 
   <div id="admin_bank_setup">
@@ -21,14 +21,14 @@
       </div>
       <div class="more_info">
         <p>Campaign funds are transferred automatically to your account within 2 business days of campaign expiration. </p>
-        <p>Need to change your bank account? <a href="mailto:[email protected]?subject=Please reset my bank account info&body=Hi! I'd like to change my bank account. Please reset it for the Crowdhoster site named:">Send us an email</a>.</p>
+        <p>Need to change your bank account? <%= link_to 'Delete bank account', delete_admin_bank_account_path, :confirm => 'Are you sure you want to delete this bank account?', :method => :delete %></p>
       </div>
 
       <% else %>
 
-      <%= form_tag(admin_bank_setup_path, method: "post", id: "admin_bank_form") %>
+      <%= form_tag(create_admin_bank_account_path, method: "post", id: "admin_bank_form") %>
 
-      <h4>Personal Information <span class="label show_tooltip" data-placement="right" data-title="BUSINESS ACCOUNTS: <br>To prevent fraud, we verify your personal identity independently of your business bank account. <br> Please enter your personal details here and your business account routing and account numbers in the 'Banking Information' section below.">Business Account?</span></h4>
+      <h4>Personal Information <span class="label show_tooltip" data-placement="right" data-title="BUSINESS ACCOUNTS: <br>To prevent fraud, we verify your personal identity independently of your business bank account. <br> DO NOT ENTER YOUR BUSINESS ADDRESS / PHONE. Please enter your personal details here and your business account routing and account numbers in the 'Banking Information' section below.">Using a business account?</span></h4>
       <fieldset>
 
           <div class="form-row clearfix">

app/views/admin/admin_processor_setup.html.erb

@@ -5,7 +5,7 @@
 
     <ul class="nav nav-tabs nav-processor-setup">
       <li class="active"><a href="<%= admin_processor_setup_path %>">Payment Processor</a></li>
-      <li><a href="<%= admin_bank_setup_path %>">Bank Setup</a></li>
+      <li><a href="<%= admin_bank_account_path %>">Bank Setup</a></li>
     </ul>
 
   <div id="admin_processor_setup">