Page MenuHomePhabricator

Phortune "enterprise" update errata
Open, LowPublic

Description

  • Invoices should have a formal void state which merchants can put them into.
  • The "Account Managers" screen should support removal of managers (other than yourself, at least).
  • The "Merchant" profile screen is now somewhat inconsistent with the "Account" profile screen, and uses different icons for "Subscriptions" and "Orders".
  • "Edit Autopay" is MFA-gated on the read side. Preferable would be to MFA-gate this with one-shot when saving. But this should also switch to transactions.

Add Payment Method: This is touched on elsewhere, but it's currently very difficult to add a payment method. This is sort-of-quasi-intentional to make it difficult to validate payment methods, and sort-of-quasi-intentional because some payment processors may not involve real payment methods (I think the Paypal flow was checkout-only?) ,but I assume Stripe (and other processors) do appropriate sets of checks here for managing fraud, and if this is really an issue we could likely throw a rate limit on the action. You can already do it anyway (and we don't see abuse today), it's just a little tricky to find.

Event Timeline

epriestley triaged this task as Low priority.Fri, Aug 2, 6:49 PM
epriestley created this task.
epriestley updated the task description. (Show Details)Fri, Aug 2, 6:52 PM
epriestley updated the task description. (Show Details)Thu, Aug 15, 5:54 PM
epriestley updated the task description. (Show Details)Thu, Aug 15, 11:00 PM

This is sort-of-quasi-intentional

Another issue here is that payment methods are bound to a particular merchant -- but the generic interface can just prompt the user, and we know which merchant we're dealing with if we're coming from the context of a subscription.

if this is really an issue we could likely throw a rate limit on the action

This is already rate-limited since D20158.