Add view to accept card token instead of full card details. (Fueled#2)

* Add view to accept card token instead of full card details.

* Use generic error handling for non-present tokens case.

Author: zemekeneng

README.rst

@@ -18,13 +18,14 @@ Endpoints
 * current-user/ (GET)
 * subscription/ (GET/POST)
 * change-card/  (GET/POST)
+* change-card-token/ (POST)
 * charges/      (GET)
 * invoices/     (GET)
 * plans/        (GET)
 * events/       (GET)
 * webhook/      (POST)
 * cancel/       (POST)
 
-**ALL TEMPLATES AND AJAX VIEWS HAS BEEN REMOVED, USE ADDED ENDPOINTS**
+**ALL TEMPLATES AND AJAX VIEWS HAVE BEEN REMOVED, USE ADDED ENDPOINTS**
 
 Documentation can be found at http://django-stripe-payments.readthedocs.org

payments/api/serializers.py

@@ -97,6 +97,10 @@ class CardSerializer(Serializer):
     address_country = serializers.CharField(required=False, allow_null=True)
 
 
+class CardTokenSerializer(Serializer):
+    token = serializers.CharField(required=True, help_text=u'Card token generated by stripe.js, or other api call.')
+
+
 class CancelSerializer(Serializer):
     confirm = serializers.BooleanField(required=True)
 

payments/api/urls.py

@@ -6,6 +6,7 @@
     url(r'^current-user/$', views.CurrentCustomerDetailView.as_view(), name='stripe-current-customer-detail'),
     url(r'^subscription/$', views.SubscriptionView.as_view(), name='stripe-subscription'),
     url(r'^change-card/$', views.ChangeCardView.as_view(), name='stripe-change-card'),
+    url(r'^change-card-token/$', views.ChangeCardTokenView.as_view(), name='stripe-change-card-token'),
     url(r'^charges/$', views.ChargeListView.as_view(), name='stripe-charges'),
     url(r'^invoices/$', views.InvoiceListView.as_view(), name='stripe-invoices'),
     url(r'^plans/$', views.PlanListView.as_view(), name='stripe-plans'),

payments/api/views.py

@@ -15,6 +15,7 @@
     CurrentCustomerSerializer,
     SubscriptionSerializer,
     CardSerializer,
+    CardTokenSerializer,
     CancelSerializer,
     ChargeSerializer,
     InvoiceSerializer,
@@ -120,6 +121,42 @@ def post(self, request, *args, **kwargs):
             return Response(error_data, status=status.HTTP_400_BAD_REQUEST)
 
 
+class ChangeCardTokenView(StripeView):
+    """
+    Add or update customer card token
+
+    This is useful if you are planing to use strip.js to
+    retrieve the card token. This isolates the full credit
+    card number from your server.
+    """
+    serializer_class = CardTokenSerializer
+
+    def post(self, request, *args, **kwargs):
+        try:
+            serializer = self.serializer_class(data=request.data)
+
+            if serializer.is_valid():
+                validated_data = serializer.validated_data
+
+                customer = self.get_customer()
+
+                token = validated_data['token']
+                customer.update_card(token)
+                send_invoice = customer.card_fingerprint == ""
+
+                if send_invoice:
+                    customer.send_invoice()
+                    customer.retry_unpaid_invoices()
+
+                return Response(validated_data, status=status.HTTP_201_CREATED)
+            else:
+                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+        except stripe.StripeError as e:
+            error_data = {u'error': smart_str(e) or u'Unknown error'}
+            return Response(error_data, status=status.HTTP_400_BAD_REQUEST)
+            
+
 class CancelView(StripeView):
     """ Cancel customer subscription """
     serializer_class = CancelSerializer