From 6460327372a1608fed0090178bc1e5cef63865b3 Mon Sep 17 00:00:00 2001
From: Ravi Khadiwala <ravi@signal.org>
Date: Mon, 16 Dec 2024 14:20:24 -0600
Subject: [PATCH] Return 409 when setting a payment method that hasn't finished
 initialization

---
 .../textsecuregcm/controllers/SubscriptionController.java    | 5 +++++
 .../textsecuregcm/subscriptions/StripeManager.java           | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SubscriptionController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SubscriptionController.java
index b9ae7dd26..6d93d4d01 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SubscriptionController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SubscriptionController.java
@@ -712,6 +712,11 @@ public class SubscriptionController {
                 // a missing customer ID indicates the client made requests out of order,
                 // and needs to call create_payment_method to create a customer for the given payment method
                 new ClientErrorException(Status.CONFLICT)))
+        .exceptionally(ExceptionUtils.exceptionallyHandler(SubscriptionException.InvalidArguments.class, e -> {
+          // Here, invalid arguments must mean that the client has made requests out of order, and needs to finish
+          // setting up the paymentMethod first
+          throw new ClientErrorException(Status.CONFLICT);
+        }))
         .thenApply(customer -> Response.ok().build());
   }
 
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/subscriptions/StripeManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/subscriptions/StripeManager.java
index 2f217d667..bb55325ac 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/subscriptions/StripeManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/subscriptions/StripeManager.java
@@ -10,6 +10,7 @@ import com.google.common.collect.Lists;
 import com.stripe.StripeClient;
 import com.stripe.exception.CardException;
 import com.stripe.exception.IdempotencyException;
+import com.stripe.exception.InvalidRequestException;
 import com.stripe.exception.StripeException;
 import com.stripe.model.Charge;
 import com.stripe.model.Customer;
@@ -171,6 +172,9 @@ public class StripeManager implements CustomerAwareSubscriptionPaymentProcessor
       try {
         stripeClient.customers().update(customerId, params, commonOptions());
         return null;
+      } catch (InvalidRequestException e) {
+        // Could happen if the paymentMethodId was bunk or the client didn't actually finish setting it up
+        throw ExceptionUtils.wrap(new SubscriptionException.InvalidArguments(e.getMessage()));
       } catch (StripeException e) {
         throw new CompletionException(e);
       }