From 9a50e2dc6c4c88eefb4a795103708a8745154650 Mon Sep 17 00:00:00 2001
From: Stephen Paul Weber <singpolyma@singpolyma.net>
Date: Wed, 31 Mar 2021 14:37:43 -0500
Subject: [PATCH] Prevent double-activate

We're seeing trouble in production where users activate more than once, which
results in suboptimal DB contents.  If they're already active, just redirect
them back to complete registration.
---
 config.ru | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/config.ru b/config.ru
index d1ba6edff32d23f4702139c6ea7723c946052a37..c04f33f6e457aa8da6f08a323836a454223dd471 100644
--- a/config.ru
+++ b/config.ru
@@ -53,6 +53,13 @@ class Plan
 		BRAINTREE_CONFIG[:merchant_accounts][currency]
 	end
 
+	def self.active?(customer_id)
+		DB.exec_params(<<~SQL, [customer_id]).first&.[]("count").to_i > 0
+			SELECT count(1) AS count FROM customer_plans
+			WHERE customer_id=$1 AND expires_at > NOW()
+		SQL
+	end
+
 	def activate(customer_id, months)
 		DB.exec_params(
 			"INSERT INTO plan_log VALUES ($1, $2, $3, $4)",
@@ -232,15 +239,21 @@ class JmpPay < Roda
 				end
 
 				r.get do
-					render.call
+					if Plan.active?(gateway.customer_id)
+						r.redirect request.params["return_to"], 303
+					else
+						render.call
+					end
 				end
 
 				r.post do
-					result = gateway.buy_plan(
-						request.params["plan_name"],
-						5,
-						request.params["braintree_nonce"]
-					)
+					result = DB.transaction do
+						Plan.active?(gateway.customer_id) || gateway.buy_plan(
+							request.params["plan_name"],
+							5,
+							request.params["braintree_nonce"]
+						)
+					end
 					if result
 						r.redirect request.params["return_to"], 303
 					else