Stripe PI: add optional ability for 3DS exemption on verify calls

CHANGELOG

@@ -15,6 +15,7 @@
 * RedsysRest: Add support for stored credentials & 3DS exemptions [jherreraa] #5132
 * CheckoutV2: Truncate the reference id for amex transactions [yunnydang] #5151
 * CommerceHub: Add billing address name override [yunnydang] #5157
+* StripePI: Add optional ability for 3DS exemption on verify calls [yunnydang] #5160
 
 == Version 1.136.0 (June 3, 2024)
 * Shift4V2: Add new gateway based on SecurionPay adapter [heavyblade] #4860

lib/active_merchant/billing/gateways/stripe_payment_intents.rb

@@ -172,6 +172,7 @@ def create_setup_intent(payment_method, options = {})
             add_fulfillment_date(post, options)
             request_three_d_secure(post, options)
             add_card_brand(post, options)
+            add_exemption(post, options)
             post[:on_behalf_of] = options[:on_behalf_of] if options[:on_behalf_of]
             post[:usage] = options[:usage] if %w(on_session off_session).include?(options[:usage])
             post[:description] = options[:description] if options[:description]
@@ -531,7 +532,7 @@ def add_payment_method_types(post, options)
       end
 
       def add_exemption(post, options = {})
-        return unless options[:confirm]
+        return unless options[:confirm] && options[:moto]
 
         post[:payment_method_options] ||= {}
         post[:payment_method_options][:card] ||= {}

test/remote/gateways/remote_stripe_payment_intents_test.rb

@@ -670,6 +670,30 @@ def test_create_setup_intent_with_setup_future_usage_and_card_brand
     assert_not_empty si_response.params.dig('latest_attempt', 'payment_method_details', 'card')
   end
 
+  def test_create_setup_intent_with_setup_future_usage_and_moto_exemption
+    response = @gateway.create_setup_intent(@visa_card_brand_choice, {
+      address: {
+        email: 'test@example.com',
+        name: 'John Doe',
+        line1: '1 Test Ln',
+        city: 'Durham',
+        tracking_number: '123456789'
+      },
+      currency: 'USD',
+      confirm: true,
+      moto: true,
+      return_url: 'https://example.com'
+    })
+
+    assert_equal 'succeeded', response.params['status']
+    # since we cannot "click" the stripe hooks URL to confirm the authorization
+    # we will at least confirm we can retrieve the created setup_intent and it contains the structure we expect
+    setup_intent_id = response.params['id']
+    assert si_response = @gateway.retrieve_setup_intent(setup_intent_id)
+    assert_equal 'succeeded', si_response.params['status']
+    assert_not_empty si_response.params.dig('latest_attempt', 'payment_method_details', 'card')
+  end
+
   def test_create_setup_intent_with_connected_account
     [@three_ds_credit_card, @three_ds_authentication_required_setup_for_off_session].each do |card_to_use|
       assert authorize_response = @gateway.create_setup_intent(card_to_use, {

test/unit/gateways/stripe_payment_intents_test.rb

@@ -926,6 +926,16 @@ def test_successful_avs_and_cvc_check
     assert_equal 'Y', purchase.avs_result.dig('code')
   end
 
+  def test_create_setup_intent_with_moto_exemption
+    options = @options.merge(moto: true, confirm: true)
+
+    stub_comms(@gateway, :ssl_request) do
+      @gateway.create_setup_intent(@visa_token, options)
+    end.check_request do |_method, _endpoint, data, _headers|
+      assert_match(/\[moto\]=true/, data)
+    end.respond_with(successful_verify_response)
+  end
+
   private
 
   def successful_setup_purchase