I just can't...the boss just told me that we don't need to make sure that the user is logged in order to make a subscription payment...I tried ( in 3 diff ways )... but his reponse was :

- don't worry, we will figure it out later

now I can't properly finish the task and have to remove the force login... so if the user is not logged he just give us his money for nothing...

then after some tume will come the next dev and will start curse me...

why should I bother to think forward and try to predict the edge cases when we don't even start it the right way...

He is too smart for humble farmers like us to comprehend

Only thing I can think off is typing the subscription to the credit card information and then allowing the user to link his credit card number to his account at a later date if he wants to...

It's not ideal, but I think it might work? The obvious big problem with this is security, since you'll be holding users credit card info without even knowing who the user or any way to verify, and if the credit card info leaks it will be a huge problem. Also you better make sure the user knows and understands that you're storing this (but he probably is, since it's probably a periodic subscription payment?) so eh? Maybe?

Also if someone else links the card to their account, because they got the credit card info somehow (maybe a 3rd party leak or just physical theft/copy) then not sure how you could handle recovery there without *at least* also knowing the email address of the user, at which point the credit card info essentially works like a password... dunno it's a mess, I don't like it

@Hazarth me neither. his don't worry has the opposite effect on me...

@Hazarth but since he is THE boss I have the perfect alibi for when asked ;)

@We3D Even better if there's a lead engineer above you, but even if not, as long as you save some chat logs or email thread proving that this was his decision and that you tried to dissuade him, the responsibility will lie on him.

Just try to make sure it's not just passed down by word or that there is a reliable witness, because otherwise you can totally just be "let go" if something happens ^^; At least with a proof that it wasn't your fault you can pursue legal action if the company refuses to pay you leave or something

@Hazarth I always use the chat where the lead dev is too, and he didn't say anything ( but he is still informed ) so...

You can fix it in the database after every support ticket :D Job guaranteed!

@retoor yeah, who doesn't love the manual labor in db :D... the problem is that almost every dev can do that. if you want to secure your job position you obfuscate your code as hell so only u can make sense of it ;)

This is the most popular business model currently. They want us to subscribe this and that, they make it 'automatic renewal', and they hope us forget to unsubscribe. I have never met a honest company who let us untick 'automatic renewal'.

@daniel-wu I'm mostly on the backend part of the subscription activity but this is the 1st such case for me and I just don't get his logic...

I like all the solutions here, but there is one very important thing to do first. Clearly state in the code comment why you did it like this. Comment it in the code, in the tickets, in the commits, whatever, just make sure that people know who ordered you to do it. Shitty code stays, but so do comments and commits.

@CodingTripledad I did a separate commit with only the removal of the force login part ( although w/o the blame part ) so it can be easier restoration when the time comes... it is not his 1st delaying things ( which might be / have dropped ) but this one I doubt will be removed from the project that's why I'm a bit confused. The good part is that as of now I'm the only one working on it ;)

@CodingTripledad but the confirmation of the payment and the db update is still hanging and when he bring me back to that I have to 1st refeesh my memories about the unfinished state of this affairs and then find that commit...as much I try to be productive and save mine and his time...

So you work for a scam company.

@We3D don't see it as blaming, see it as information concerning the source of the request. ;)

@Oktokolo can't confirm yet. the have online shops and most of their projects are arond increasing the sales, and I'm still sorta fresh and don't know much

I had a similar situation! But it works out with limitations
If we enforce user's email can only have 1 paying account, once the payment happens and a webhook says "so n so email paid", the email's user is retrieved and the subscription added

When the now-defunct-company's boss asked me to do it I had similar reservations, but I guess he really didnt want to deter the user from dropping off from the payments page ._. "we take the money first, rest can follow later" lol

PS: This assumes ur using some 3rd party payment gateway like Razorpay/Stripe/Zoho and not implementing it 1st hand, hence the external webhook when the payment is sucessful

@azuredivay yep u r correct, we do use 3rd party payments