From 934acce6d4e157f540ac6076ed42a08017875e8e Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Wed, 6 Nov 2013 14:48:59 -0500 Subject: [PATCH] Fix bug around free business plan and verify that a plan requested is in the correct set --- endpoints/api.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/endpoints/api.py b/endpoints/api.py index 7cb599429..37b58563b 100644 --- a/endpoints/api.py +++ b/endpoints/api.py @@ -1081,9 +1081,17 @@ def subscribe_api(): plan = request_data['plan'] token = request_data['token'] if 'token' in request_data else None user = current_user.db_user() - return subscribe(user, plan, token) + return subscribe(user, plan, token, USER_PLANS) -def subscribe(user, plan, token = None): +def subscribe(user, plan, token, accepted_plans): + plan_found = None + for plan_obj in accepted_plans: + if plan_obj['stripeId'] == plan: + plan_found = plan_obj + + if not plan_found: + abort(404) + private_repos = model.get_private_repo_count(user.username) if not user.stripe_id: @@ -1101,12 +1109,12 @@ def subscribe(user, plan, token = None): # Change the plan cus = stripe.Customer.retrieve(user.stripe_id) - if plan == 'free': + if plan_found['price'] == 0: cus.cancel_subscription() cus.save() response_json = { - 'plan': 'free', + 'plan': plan, 'usedPrivateRepos': private_repos, } @@ -1131,7 +1139,7 @@ def subscribe_org_api(orgname): plan = request_data['plan'] token = request_data['token'] if 'token' in request_data else None organization = model.get_organization(orgname) - return subscribe(organization, plan, token) + return subscribe(organization, plan, token, BUSINESS_PLANS) abort(403)