move create-setup-intent to graphql api

api/internal/owner/serializers.py

@@ -109,11 +109,8 @@ class StripeCardSerializer(serializers.Serializer):
 
 
 class StripeUSBankAccountSerializer(serializers.Serializer):
-    account_holder_type = serializers.CharField()
-    account_type = serializers.CharField()
     bank_name = serializers.CharField()
     last4 = serializers.CharField()
-    routing_number = serializers.CharField()
 
 
 class StripePaymentMethodSerializer(serializers.Serializer):

api/internal/owner/views.py

@@ -80,13 +80,31 @@ def update_payment(self, request, *args, **kwargs):
     @action(detail=False, methods=["patch"])
     @stripe_safe
     def update_email(self, request, *args, **kwargs):
+        """
+        Update the email address associated with the owner's billing account.
+
+        Args:
+            request: The HTTP request object containing:
+                - new_email: The new email address to update to
+                - should_propagate_to_payment_methods: Optional boolean flag to update email on payment methods (default False)
+
+        Returns:
+            Response with serialized owner data
+
+        Raises:
+            ValidationError: If no new_email is provided in the request
+        """
         new_email = request.data.get("new_email")
         if not new_email:
             raise ValidationError(detail="No new_email sent")
         owner = self.get_object()
         billing = BillingService(requesting_user=request.current_owner)
-        should_propagate = request.data.get("should_propagate_to_payment_methods", False)
-        billing.update_email_address(owner, new_email, should_propagate_to_payment_methods=should_propagate)
+        should_propagate = request.data.get(
+            "should_propagate_to_payment_methods", False
+        )
+        billing.update_email_address(
+            owner, new_email, should_propagate_to_payment_methods=should_propagate
+        )
         return Response(self.get_serializer(owner).data)
 
     @action(detail=False, methods=["patch"])
@@ -113,16 +131,21 @@ def update_billing_address(self, request, *args, **kwargs):
         billing.update_billing_address(owner, name, billing_address=formatted_address)
         return Response(self.get_serializer(owner).data)
 
-
-    @action(detail=False, methods=["get"])
+    @action(detail=False, methods=["post"])
     @stripe_safe
     def setup_intent(self, request, *args, **kwargs):
         """
-        GET a Stripe setupIntent clientSecret for updating payment method
+        Create a Stripe SetupIntent to securely collect payment details.
+
+        Returns:
+            Response with SetupIntent client_secret for frontend payment method setup.
+
+        Raises:
+            ValidationError: If SetupIntent creation fails
         """
         try:
             billing = BillingService(requesting_user=request.current_owner)
-            client_secret = billing.get_setup_intent(self.owner)
+            client_secret = billing.create_setup_intent(self.owner)
             return Response({"client_secret": client_secret})
         except Exception as e:
             log.error(
@@ -131,6 +154,7 @@ def setup_intent(self, request, *args, **kwargs):
             )
             raise ValidationError(detail="Unable to create setup intent")
 
+
 class UsersOrderingFilter(filters.OrderingFilter):
     def get_valid_fields(self, queryset, view, context=None):
         fields = super().get_valid_fields(queryset, view, context=context or {})

billing/views.py

@@ -312,7 +312,6 @@ def customer_subscription_created(self, subscription: stripe.Subscription) -> No
         self._log_updated([owner])
 
     def customer_subscription_updated(self, subscription: stripe.Subscription) -> None:
-        print("CUSTOMER SUBSCRIPTION UPDATED", subscription)
         owners: QuerySet[Owner] = Owner.objects.filter(
             stripe_subscription_id=subscription.id,
             stripe_customer_id=subscription.customer,
@@ -409,8 +408,6 @@ def customer_subscription_updated(self, subscription: stripe.Subscription) -> No
         )
 
     def customer_updated(self, customer: stripe.Customer) -> None:
-        print("CUSTOMER UPDATED", customer)
-
         new_default_payment_method = customer["invoice_settings"][
             "default_payment_method"
         ]

codecov/settings_base.py

@@ -98,7 +98,9 @@
     "setup", "graphql", "query_cost_threshold", default=10000
 )
 
-GRAPHQL_RATE_LIMIT_ENABLED = get_config("setup", "graphql", "rate_limit_enabled", default=True)
+GRAPHQL_RATE_LIMIT_ENABLED = get_config(
+    "setup", "graphql", "rate_limit_enabled", default=True
+)
 
 GRAPHQL_RATE_LIMIT_RPM = get_config("setup", "graphql", "rate_limit_rpm", default=300)
 
@@ -426,7 +428,9 @@
 SHELTER_PUBSUB_PROJECT_ID = get_config("setup", "shelter", "pubsub_project_id")
 SHELTER_PUBSUB_SYNC_REPO_TOPIC_ID = get_config("setup", "shelter", "sync_repo_topic_id")
 
-STRIPE_PAYMENT_METHOD_CONFIGURATION_ID = get_config("setup", "stripe", "payment_method_configuration", default=None)
+STRIPE_PAYMENT_METHOD_CONFIGURATION_ID = get_config(
+    "setup", "stripe", "payment_method_configuration", default=None
+)
 
 # Allows to do migrations from another module
 MIGRATION_MODULES = {

codecov_auth/commands/owner/interactors/create_stripe_setup_intent.py

@@ -0,0 +1,38 @@
+import logging
+
+import stripe
+
+from codecov.commands.base import BaseInteractor
+from codecov.commands.exceptions import Unauthenticated, Unauthorized, ValidationError
+from codecov.db import sync_to_async
+from codecov_auth.helpers import current_user_part_of_org
+from codecov_auth.models import Owner
+from services.billing import BillingService
+
+log = logging.getLogger(__name__)
+
+class CreateStripeSetupIntentInteractor(BaseInteractor):
+    def validate(self, owner_obj: Owner) -> None:
+        if not self.current_user.is_authenticated:
+            raise Unauthenticated()
+        if not owner_obj:
+            raise ValidationError("Owner not found")
+        if not current_user_part_of_org(self.current_owner, owner_obj):
+            raise Unauthorized()
+
+    def create_setup_intent(self, owner_obj: Owner) -> stripe.SetupIntent:
+        try:
+            billing = BillingService(requesting_user=self.current_owner)
+            return billing.create_setup_intent(owner_obj)
+        except Exception as e:
+            log.error(
+                f"Error getting setup intent for owner {owner_obj.ownerid}",
+                extra={"error": str(e)},
+            )
+            raise ValidationError("Unable to create setup intent")
+
+    @sync_to_async
+    def execute(self, owner: str) -> stripe.SetupIntent:
+        owner_obj = Owner.objects.filter(username=owner, service=self.service).first()
+        self.validate(owner_obj)
+        return self.create_setup_intent(owner_obj)

codecov_auth/commands/owner/owner.py

@@ -2,6 +2,7 @@
 
 from .interactors.cancel_trial import CancelTrialInteractor
 from .interactors.create_api_token import CreateApiTokenInteractor
+from .interactors.create_stripe_setup_intent import CreateStripeSetupIntentInteractor
 from .interactors.create_user_token import CreateUserTokenInteractor
 from .interactors.delete_session import DeleteSessionInteractor
 from .interactors.fetch_owner import FetchOwnerInteractor
@@ -28,6 +29,9 @@ class OwnerCommands(BaseCommand):
     def create_api_token(self, name):
         return self.get_interactor(CreateApiTokenInteractor).execute(name)
 
+    def create_stripe_setup_intent(self, owner):
+        return self.get_interactor(CreateStripeSetupIntentInteractor).execute(owner)
+
     def delete_session(self, sessionid: int):
         return self.get_interactor(DeleteSessionInteractor).execute(sessionid)
 

graphql_api/tests/mutation/test_create_stripe_setup_intent.py

@@ -0,0 +1,34 @@
+from unittest.mock import patch
+from django.test import TransactionTestCase
+from shared.django_apps.core.tests.factories import OwnerFactory
+
+from codecov_auth.models import Session
+from graphql_api.tests.helper import GraphQLTestHelper
+
+query = """
+mutation($input: CreateStripeSetupIntentInput!) {
+  createStripeSetupIntent(input: $input) {
+    error {
+      __typename
+    }
+    clientSecret
+  }
+}
+"""
+
+
+class CreateStripeSetupIntentTestCase(GraphQLTestHelper, TransactionTestCase):
+    def setUp(self):
+        self.owner = OwnerFactory(username="codecov-user")
+
+    def test_when_unauthenticated(self):
+        data = self.gql_request(query, variables={"input": {"owner": "somename"}})
+        assert data["createStripeSetupIntent"]["error"]["__typename"] == "UnauthenticatedError"
+
+    @patch("services.billing.stripe.SetupIntent.create")
+    def test_when_authenticated(self, setup_intent_create_mock):
+        setup_intent_create_mock.return_value = {"client_secret": "test-client-secret"}
+        data = self.gql_request(
+            query, owner=self.owner, variables={"input": {"owner": self.owner.username}}
+        )
+        assert data["createStripeSetupIntent"]["clientSecret"] == "test-client-secret"

graphql_api/types/inputs/create_stripe_setup_intent.graphql

@@ -0,0 +1,3 @@
+input CreateStripeSetupIntentInput {
+    owner: String!
+}

graphql_api/types/invoice/invoice.graphql

@@ -34,6 +34,7 @@ type Period {
 type PaymentMethod {
   billingDetails: BillingDetails
   card: Card
+  usBankAccount: USBankAccount
 }
 
 type Card {
@@ -43,12 +44,9 @@ type Card {
   last4: String
 }
 
-type BankAccount {
-  accountHolderType: String
-  accountType: String
+type USBankAccount {
   bankName: String
   last4: String
-  routingNumber: String
 }
 
 type BillingDetails {

graphql_api/types/mutation/__init__.py

@@ -3,6 +3,7 @@
 from .activate_measurements import gql_activate_measurements
 from .cancel_trial import gql_cancel_trial
 from .create_api_token import gql_create_api_token
+from .create_stripe_setup_intent import gql_create_stripe_setup_intent
 from .create_user_token import gql_create_user_token
 from .delete_component_measurements import gql_delete_component_measurements
 from .delete_flag import gql_delete_flag
@@ -30,6 +31,7 @@
 
 mutation = ariadne_load_local_graphql(__file__, "mutation.graphql")
 mutation = mutation + gql_create_api_token
+mutation = mutation + gql_create_stripe_setup_intent
 mutation = mutation + gql_sync_with_git_provider
 mutation = mutation + gql_delete_session
 mutation = mutation + gql_set_yaml_on_owner

graphql_api/types/mutation/create_stripe_setup_intent/__init__.py

@@ -0,0 +1,12 @@
+from graphql_api.helpers.ariadne import ariadne_load_local_graphql
+
+from .create_stripe_setup_intent import (
+    error_create_stripe_setup_intent,
+    resolve_create_stripe_setup_intent,
+)
+
+gql_create_stripe_setup_intent = ariadne_load_local_graphql(
+    __file__, "create_stripe_setup_intent.graphql"
+)
+
+__all__ = ["error_create_stripe_setup_intent", "resolve_create_stripe_setup_intent"]

graphql_api/types/mutation/create_stripe_setup_intent/create_stripe_setup_intent.graphql

@@ -0,0 +1,6 @@
+union CreateStripeSetupIntentError = UnauthenticatedError | ValidationError
+
+type CreateStripeSetupIntentPayload {
+    error: CreateStripeSetupIntentError
+    clientSecret: String
+}

graphql_api/types/mutation/create_stripe_setup_intent/create_stripe_setup_intent.py

@@ -0,0 +1,24 @@
+from typing import Dict
+
+from ariadne import UnionType
+from ariadne.types import GraphQLResolveInfo
+
+from graphql_api.helpers.mutation import (
+    resolve_union_error_type,
+    wrap_error_handling_mutation,
+)
+
+
+@wrap_error_handling_mutation
+async def resolve_create_stripe_setup_intent(
+    _, info: GraphQLResolveInfo, input: Dict[str, any]
+) -> Dict[str, any]:
+    command = info.context["executor"].get_command("owner")
+    resp = await command.create_stripe_setup_intent(input.get("owner"))
+    return {
+        "client_secret": resp["client_secret"],
+    }
+
+
+error_create_stripe_setup_intent = UnionType("CreateStripeSetupIntentError")
+error_create_stripe_setup_intent.type_resolver(resolve_union_error_type)

graphql_api/types/mutation/mutation.graphql

@@ -1,5 +1,6 @@
 type Mutation {
   createApiToken(input: CreateApiTokenInput!): CreateApiTokenPayload
+  createStripeSetupIntent(input: CreateStripeSetupIntentInput!): CreateStripeSetupIntentPayload
   createUserToken(input: CreateUserTokenInput!): CreateUserTokenPayload
   revokeUserToken(input: RevokeUserTokenInput!): RevokeUserTokenPayload
   setYamlOnOwner(input: SetYamlOnOwnerInput!): SetYamlOnOwnerPayload

graphql_api/types/mutation/mutation.py

@@ -6,6 +6,10 @@
 )
 from .cancel_trial import error_cancel_trial, resolve_cancel_trial
 from .create_api_token import error_create_api_token, resolve_create_api_token
+from .create_stripe_setup_intent import (
+    error_create_stripe_setup_intent,
+    resolve_create_stripe_setup_intent,
+)
 from .create_user_token import error_create_user_token, resolve_create_user_token
 from .delete_component_measurements import (
     error_delete_component_measurements,
@@ -64,6 +68,7 @@
 
 # Here, bind the resolvers from each subfolder to the Mutation type
 mutation_bindable.field("createApiToken")(resolve_create_api_token)
+mutation_bindable.field("createStripeSetupIntent")(resolve_create_stripe_setup_intent)
 mutation_bindable.field("createUserToken")(resolve_create_user_token)
 mutation_bindable.field("revokeUserToken")(resolve_revoke_user_token)
 mutation_bindable.field("setYamlOnOwner")(resolve_set_yaml_on_owner)
@@ -103,6 +108,7 @@
 mutation_resolvers = [
     mutation_bindable,
     error_create_api_token,
+    error_create_stripe_setup_intent,
     error_create_user_token,
     error_revoke_user_token,
     error_set_yaml_error,