From 934acce6d4e157f540ac6076ed42a08017875e8e Mon Sep 17 00:00:00 2001
From: Joseph Schorr <jschorr@gmail.com>
Date: Wed, 6 Nov 2013 14:48:59 -0500
Subject: [PATCH] Fix bug around free business plan and verify that a plan
 requested is in the correct set

---
 endpoints/api.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/endpoints/api.py b/endpoints/api.py
index 7cb599429..37b58563b 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -1081,9 +1081,17 @@ def subscribe_api():
   plan = request_data['plan']
   token = request_data['token'] if 'token' in request_data else None
   user = current_user.db_user()
-  return subscribe(user, plan, token)
+  return subscribe(user, plan, token, USER_PLANS)
   
-def subscribe(user, plan, token = None):
+def subscribe(user, plan, token, accepted_plans):
+  plan_found = None
+  for plan_obj in accepted_plans:
+    if plan_obj['stripeId'] == plan:
+      plan_found = plan_obj
+
+  if not plan_found:
+    abort(404)
+
   private_repos = model.get_private_repo_count(user.username)
 
   if not user.stripe_id:
@@ -1101,12 +1109,12 @@ def subscribe(user, plan, token = None):
     # Change the plan
     cus = stripe.Customer.retrieve(user.stripe_id)
 
-    if plan == 'free':
+    if plan_found['price'] == 0:
       cus.cancel_subscription()
       cus.save()
 
       response_json = {
-        'plan': 'free',
+        'plan': plan,
         'usedPrivateRepos': private_repos,
       }
 
@@ -1131,7 +1139,7 @@ def subscribe_org_api(orgname):
     plan = request_data['plan']
     token = request_data['token'] if 'token' in request_data else None
     organization = model.get_organization(orgname)
-    return subscribe(organization, plan, token)
+    return subscribe(organization, plan, token, BUSINESS_PLANS)
 
   abort(403)