Restrict use of amount when creating paymentIntents

CRM/Stripe/AJAX.php

@@ -50,13 +50,12 @@ class CRM_Stripe_AJAX {
     $paymentMethodID = CRM_Utils_Request::retrieveValue('payment_method_id', 'String');
     $paymentIntentID = CRM_Utils_Request::retrieveValue('payment_intent_id', 'String');
     $amount = CRM_Utils_Request::retrieveValue('amount', 'String');
+    if (empty($amount)) {
+      self::returnInvalid();
+    }
     $capture = CRM_Utils_Request::retrieveValue('capture', 'Boolean', FALSE);
     $title = CRM_Utils_Request::retrieveValue('description', 'String');
     $confirm = TRUE;
-    if (empty($amount)) {
-      $amount = 1;
-      $confirm = FALSE;
-    }
     $currency = CRM_Utils_Request::retrieveValue('currency', 'String', CRM_Core_Config::singleton()->defaultCurrency);
     $processorID = CRM_Utils_Request::retrieveValue('id', 'Positive');
     !empty($processorID) ?: self::returnInvalid();

js/civicrm_stripe.js

@@ -102,7 +102,10 @@ CRM.$(function($) {
         displayError(result.error, true);
       }
       else {
-        if (getIsRecur() || isEventAdditionalParticipants()) {
+        // For recur, additional participants we do NOT know the final amount so must create a paymentMethod and only create the paymentIntent
+        //   once the form is finally submitted.
+        // We should never get here with amount=0 as we should be doing a "nonStripeSubmit()" instead. This may become needed when we save cards
+        if (getIsRecur() || isEventAdditionalParticipants() || (getTotalAmount() === 0.0)) {
           // Submit the form, if we need to do 3dsecure etc. we do it at the end (thankyou page) once subscription etc has been created
           successHandler('paymentMethodID', result.paymentMethod);
         }