Merge pull request #10 from mollie/refactor

Fix: Securing create payment params

processor/.env.jest

@@ -9,3 +9,5 @@ CTP_REGION=europe-west1.gcp
 MOLLIE_API_KEY=12345678901234567890123456789012
 MOLLIE_PROFILE_ID=pfl_12345
 DEBUG=0
+
+CONNECT_SERVICE_URL=http://localhost:3000/processor

processor/src/utils/map.utils.ts

@@ -4,7 +4,7 @@ import { makeMollieAmount } from './mollie.utils';
 import { ParsedMethodsRequestType } from '../types/mollie.types';
 import { Payment } from '@commercetools/platform-sdk';
 import CustomError from '../errors/custom.error';
-import { PaymentCreateParams, MethodsListParams } from '@mollie/api-client';
+import { PaymentCreateParams, MethodsListParams, PaymentMethod } from '@mollie/api-client';
 
 /**
  * Extracts method list parameters from a Commercetools Payment object and returns a Promise resolving to a MethodsListParams object.
@@ -72,14 +72,43 @@ export const mapCommercetoolsPaymentCustomFieldsToMollieListParams = async (
 export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreateParams => {
   const { amountPlanned, paymentMethodInfo, custom } = payment;
 
+  const [method, issuer] = paymentMethodInfo?.method?.split(',') ?? [null, null];
+
   const requestCustomField = custom?.fields?.[CustomFields.createPayment.request];
 
   const paymentRequest = requestCustomField ? JSON.parse(requestCustomField) : {};
 
+  const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+
+  let specificParam;
+  switch (method) {
+    case PaymentMethod.creditcard:
+      specificParam = {
+        cardToken: paymentRequest.cardToken ?? '',
+      };
+      break;
+    default:
+      break;
+  }
+
   const molliePaymentParams: PaymentCreateParams = {
-    ...paymentRequest,
-    method: paymentMethodInfo.method,
+    description: paymentRequest.description ?? '',
     amount: makeMollieAmount(amountPlanned),
+    redirectUrl: paymentRequest.redirectUrl ?? null,
+    webhookUrl: defaultWebhookEndpoint,
+    billingAddress: paymentRequest.billingAddress ?? {},
+    shippingAddress: paymentRequest.shippingAddress ?? {},
+    locale: paymentRequest.locale ?? null,
+    method: method as PaymentMethod,
+    issuer: issuer ?? '',
+    restrictPaymentMethodsToCountry: paymentRequest.restrictPaymentMethodsToCountry ?? null,
+    metadata: paymentRequest.metadata ?? null,
+    // captureMode: paymentRequest.captureMode ?? null, PICT-204 is on hold
+    // captureDelay: paymentRequest.captureMode ?? null, PICT-204 is on hold
+    applicationFee: paymentRequest.applicationFee ?? {},
+    profileId: paymentRequest.profileId ?? null,
+    testmode: paymentRequest.testmode ?? null,
+    ...specificParam,
   };
 
   return molliePaymentParams;

processor/tests/utils/map.utils.spec.ts

@@ -5,6 +5,7 @@ import {
 } from '../../src/utils/map.utils';
 import { Payment } from '@commercetools/platform-sdk';
 import { MethodsListParams } from '@mollie/api-client';
+import { makeMollieAmount } from '../../src/utils/mollie.utils';
 
 describe('Test map.utils.ts', () => {
   let mockCtPayment: Payment;
@@ -74,12 +75,28 @@ describe('createMollieCreatePaymentParams', () => {
     };
 
     const mollieCreatePaymentParams = createMollieCreatePaymentParams(CTPayment);
+    const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+    const mollieAmount = makeMollieAmount(CTPayment.amountPlanned);
+
     expect(mollieCreatePaymentParams).toEqual({
-      method: 'creditcard',
+      method: CTPayment.paymentMethodInfo.method,
       amount: {
-        currency: 'EUR',
-        value: '10.00',
+        currency: mollieAmount.currency,
+        value: mollieAmount.value,
       },
+      locale: null,
+      redirectUrl: null,
+      webhookUrl: defaultWebhookEndpoint,
+      description: '',
+      applicationFee: {},
+      billingAddress: {},
+      issuer: '',
+      metadata: null,
+      profileId: null,
+      restrictPaymentMethodsToCountry: null,
+      shippingAddress: {},
+      testmode: null,
+      cardToken: '',
     });
   });
 
@@ -90,6 +107,7 @@ describe('createMollieCreatePaymentParams', () => {
       redirectUrl: 'https://example.com/success',
       webhookUrl: 'https://example.com/webhook',
       cancelUrl: 'https://example.com/cancel',
+      cardToken: 'card_token_12345',
     };
 
     const CTPayment: Payment = {
@@ -121,6 +139,9 @@ describe('createMollieCreatePaymentParams', () => {
     };
 
     const mollieCreatePaymentParams = createMollieCreatePaymentParams(CTPayment);
+    // Always use our default webhook endpoint
+    const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+
     expect(mollieCreatePaymentParams).toEqual({
       method: 'creditcard',
       amount: {
@@ -129,9 +150,17 @@ describe('createMollieCreatePaymentParams', () => {
       },
       locale: customFieldObject.locale,
       redirectUrl: customFieldObject.redirectUrl,
-      webhookUrl: customFieldObject.webhookUrl,
-      cancelUrl: customFieldObject.cancelUrl,
+      webhookUrl: defaultWebhookEndpoint,
       description: customFieldObject.description,
+      applicationFee: {},
+      billingAddress: {},
+      issuer: '',
+      metadata: null,
+      profileId: null,
+      restrictPaymentMethodsToCountry: null,
+      shippingAddress: {},
+      testmode: null,
+      cardToken: customFieldObject.cardToken,
     });
   });
 });