From 14415dfa905dd983f1509f488c40f33b1279e32c Mon Sep 17 00:00:00 2001
From: Prakhar Pratyush <prakhar@zulip.com>
Date: Tue, 16 Apr 2024 20:50:25 +0530
Subject: [PATCH] invoice_paid_event: Verify invoice before activating
 fixed-price plan. Earlier, we were not verifying that the invoice which got
 paid is for the fixed-price plan.

That could result in a bug where another support invoice with
collection_method = "send_invoice" got paid while a fixed-price
plam is already configured. The fixed-price plan would be falsely
activated.

This commit verifies the invoice before activating the fixed-price
plan.
---
 corporate/lib/stripe_event_handler.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/corporate/lib/stripe_event_handler.py b/corporate/lib/stripe_event_handler.py
index 993bc7cdb2..b01ab02ee8 100644
--- a/corporate/lib/stripe_event_handler.py
+++ b/corporate/lib/stripe_event_handler.py
@@ -133,7 +133,11 @@ def handle_invoice_paid_event(stripe_invoice: stripe.Invoice, invoice: Invoice)
             customer, customer.required_plan_tier
         )
 
-    if stripe_invoice.collection_method == "send_invoice" and configured_fixed_price_plan:
+    if (
+        stripe_invoice.collection_method == "send_invoice"
+        and configured_fixed_price_plan
+        and configured_fixed_price_plan.sent_invoice_id == invoice.stripe_invoice_id
+    ):
         billing_session = get_billing_session_for_stripe_webhook(customer, user_id=None)
         remote_server_legacy_plan = billing_session.get_remote_server_legacy_plan(customer)
         assert customer.required_plan_tier is not None