Fix a Phortune billing issue where subscription autopay could charge disabled cards

Summary:
See support email. There's nothing tricky here, we were just missing a check. The different parts of this got built at different times so I think this was simply overlooked.

Also add a redundant check just to future-proof this and be on the safe side.

Test Plan: Used `bin/phortune invoice` to charge a pact subscription. After deleting the card, the charge failed with an appropriate error.

Reviewers: amckinley

Differential Revision: https://secure.phabricator.com/D19020

src/applications/phortune/query/PhortunePaymentMethodQuery.php

@@ -34,19 +34,12 @@ final class PhortunePaymentMethodQuery
     return $this;
   }
 
+  public function newResultObject() {
+    return new PhortunePaymentMethod();
+  }
+
   protected function loadPage() {
-    $table = new PhortunePaymentMethod();
-    $conn = $table->establishConnection('r');
-
-    $rows = queryfx_all(
-      $conn,
-      'SELECT * FROM %T %Q %Q %Q',
-      $table->getTableName(),
-      $this->buildWhereClause($conn),
-      $this->buildOrderClause($conn),
-      $this->buildLimitClause($conn));
-
-    return $table->loadAllFromArray($rows);
+    return $this->loadStandardPage($this->newResultObject());
   }
 
   protected function willFilterPage(array $methods) {
@@ -106,8 +99,8 @@ final class PhortunePaymentMethodQuery
     return $methods;
   }
 
-  protected function buildWhereClause(AphrontDatabaseConnection $conn) {
-    $where = array();
+  protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
+    $where = parent::buildWhereClauseParts($conn);
 
     if ($this->ids !== null) {
       $where[] = qsprintf(
@@ -144,9 +137,7 @@ final class PhortunePaymentMethodQuery
         $this->statuses);
     }
 
-    $where[] = $this->buildPagingClause($conn);
-
-    return $this->formatWhereClause($where);
+    return $where;
   }
 
   public function getQueryApplicationClass() {

src/applications/phortune/storage/PhortuneCart.php

@@ -118,6 +118,13 @@ final class PhortuneCart extends PhortuneDAO
       ->setAmountAsCurrency($this->getTotalPriceAsCurrency());
 
     if ($method) {
+      if (!$method->isActive()) {
+        throw new Exception(
+          pht(
+            'Attempting to apply a charge using an inactive '.
+            'payment method ("%s")!',
+            $method->getPHID()));
+      }
       $charge->setPaymentMethodPHID($method->getPHID());
     }
 

src/applications/phortune/storage/PhortunePaymentMethod.php

@@ -128,6 +128,10 @@ final class PhortunePaymentMethod extends PhortuneDAO
     return $month.'/'.$year;
   }
 
+  public function isActive() {
+    return ($this->getStatus() === self::STATUS_ACTIVE);
+  }
+
 
 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
 

src/applications/phortune/worker/PhortuneSubscriptionWorker.php

@@ -141,6 +141,10 @@ final class PhortuneSubscriptionWorker extends PhabricatorWorker {
     $method = id(new PhortunePaymentMethodQuery())
       ->setViewer($viewer)
       ->withPHIDs(array($subscription->getDefaultPaymentMethodPHID()))
+      ->withStatuses(
+        array(
+          PhortunePaymentMethod::STATUS_ACTIVE,
+        ))
       ->executeOne();
     if (!$method) {
       $issues[] = pht(