org billing email, restrict plan downgrades, card expiry check #5312
Conversation
| } | ||
|
|
||
| func comparableInt(v *int) int { | ||
| if v == nil || *v < 0 { |
There was a problem hiding this comment.
if a quota is not set (nil) the we should use the default value instead of unlimited ? can just change the plan creation logic to use default value instead of nil in case a quota is not set
There was a problem hiding this comment.
Not sure, but I think I'm fine with having unlimited when a quota is not explicitly set – it reduces user pain if we mess up, and should help in dev and testing. What do you think?
There was a problem hiding this comment.
makes sense but current logic uses default value during org creation if any quota is not set and during plan change it uses the persisted quota in database if not present in plan. Should I change this logic then ?
admin/billing/payment/stripe.go
Outdated
| // very basic check if the customer has a payment method and if it's a card then is not expired | ||
| for i.Next() { | ||
| hasPaymentMethod = true | ||
| pm := i.PaymentMethod() | ||
| if pm.Type == stripe.PaymentMethodTypeCard { | ||
| isCardValid = new(bool) | ||
| *isCardValid = int(pm.Card.ExpYear) > time.Now().Year() || (int(pm.Card.ExpYear) == time.Now().Year() && int(pm.Card.ExpMonth) >= int(time.Now().Month())) | ||
| } | ||
| } |
There was a problem hiding this comment.
Does Stripe have an API for this? There are other factors than just expiry, and Stripe might know about them (like probably they track cards they have detected to be blocked)
There was a problem hiding this comment.
I could not find any such API but added specifically this check because Eric O mentioned that we want to show a banner if the card expires.
admin/billing/payment/stripe.go
Outdated
| var isCardValid *bool | ||
| // very basic check if the customer has a payment method and if it's a card then is not expired | ||
| for it.Next() { | ||
| hasPaymentMethod = true | ||
| pm := it.PaymentMethod() | ||
| isCardValid = new(bool) | ||
| if pm.Type == stripe.PaymentMethodTypeCard { | ||
| *isCardValid = int(pm.Card.ExpYear) > time.Now().Year() || (int(pm.Card.ExpYear) == time.Now().Year() && int(pm.Card.ExpMonth) >= int(time.Now().Month())) | ||
| } | ||
| } |
There was a problem hiding this comment.
Since this is duplicated twice and non-trivial, can we pull it into a util func?
admin/server/organizations.go
Outdated
| // don't allow plan downgrades, only superuser can downgrade | ||
| if planDowngrade(plan, org) && !claims.Superuser(ctx) { | ||
| return nil, status.Errorf(codes.FailedPrecondition, "plan downgrade not allowed") | ||
| } |
There was a problem hiding this comment.
Why do we not allow downgrades? What if someone doesn't use a bigger plan and wants to switch to a smaller one?
There was a problem hiding this comment.
@nishantmonu51 suggested we should not allow downgrades, for this they should contact us. Downgrades can be tricky if they are already over some quotas.
There was a problem hiding this comment.
I wonder if it would be better to let people downgrade, and then in the beginning just have a job that checks/alerts if they don't get within the lower quotas within a day or so. Then we can just contact or hibernate non-compliant projects without causing trouble for people who want to downgrade for legitimate reasons.
There was a problem hiding this comment.
@nishantmonu51 any thoughts here ?
There was a problem hiding this comment.
removed the restriction, just logging in case of downgrade
There was a problem hiding this comment.
Yes, we intentionally wanted to keep the scope limited here and not allow downgrade, as downgrade would require checking if the quotas for the lower plan are met and only allow to downgrade. The expected flow here for a user would be to create a support ticket, FE team will manually verify the quotas and then downgrade directly in orb.
Other reasons for not allowing downgrade is for enterprise users who have signed a multi-year contract and we don't want them to downgrade unless explicitly approved. Since its not going to be a common case and in many such cases we want to have manual intervention. We do not allow downgrade at present.
proto/rill/admin/v1/api.proto
Outdated
| enum PaymentCardStatus { | ||
| PAYMENT_CARD_STATUS_UNSPECIFIED = 0; | ||
| PAYMENT_CARD_STATUS_OK = 1; | ||
| PAYMENT_CARD_STATUS_EXPIRED = 2; | ||
| } |
There was a problem hiding this comment.
What is the goal of exposing this? Just wondering if we could just track whether they have a valid payment method or not, and direct them to the Stripe portal if they want more details?
As stated elsewhere, I'm also guessing there are many other conditions that could cause a card to be invalid than just expiry.
There was a problem hiding this comment.
using the api we can just check if there exists a payment method or not for the customer, does explicitly say if its a valid or not.
There was a problem hiding this comment.
The goal is Eric O mentioned that we want to show a banner if the card expires.
There was a problem hiding this comment.
Okay, maybe not completely related, but do you think it would make sense to have generic billing_warning and billing_error fields on an org, and then show those in banners instead? Then we could populate billing_warning if it looks like the card will expire within the next 3 months or so, and set billing_error if we get a webhook from Stripe that tells us that a payment actually failed or a card has become invalid for some reason.
There was a problem hiding this comment.
sure that makes sense, however we will need some background jobs to clear out these warnings/errors once they are resolved.
There was a problem hiding this comment.
or we just rely on webhooks to clear these warnings like payment card updated for expired card warning or payment succeeded for payment failed error. Looks fragile though because webhook delivery may fail or our service may be unavailable at that point etc.
There was a problem hiding this comment.
ok I see webhooks are retried upto 3 days by stripe but we may need async queue to process the webhooks internally and prevent processing duplicate webhooks
There was a problem hiding this comment.
should webhook support be added in separate PR ?
There was a problem hiding this comment.
Yeah we can add it in a separate PR, but I think we should do it sooner rather than later.
Webhooks should be very stable, as you say they are usually retried until ack'ed, but if you worry about inconsistencies you can also have a background job once per day or so that checks and syncs statuses in case a webhook was dropped.
There was a problem hiding this comment.
Removed checking of card expiry, just keeping check of presence of a payment method so that we can disallow plan change if no payment is present. This is all internal and not exposed in any API so that once we have billing warnings and errors, will just make sure no billing errors present instead of this payment method check.
No description provided.