From f6aa64a9f79c061758b0b3b34baa2adbae6cf5c5 Mon Sep 17 00:00:00 2001
From: Nghia Tran <n.tran@shopmacher.de>
Date: Fri, 19 Jul 2024 13:01:57 +0700
Subject: [PATCH 1/3] Fix: Securing create payment params

---
 processor/.env.jest                     |  2 ++
 processor/src/utils/map.utils.ts        | 23 +++++++++++++++---
 processor/tests/utils/map.utils.spec.ts | 31 +++++++++++++++++++++----
 3 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/processor/.env.jest b/processor/.env.jest
index d2f0642..b8d116f 100644
--- a/processor/.env.jest
+++ b/processor/.env.jest
@@ -9,3 +9,5 @@ CTP_REGION=europe-west1.gcp
 MOLLIE_API_KEY=12345678901234567890123456789012
 MOLLIE_PROFILE_ID=pfl_12345
 DEBUG=0
+
+CONNECT_SERVICE_URL=http://localhost:3000/processor
diff --git a/processor/src/utils/map.utils.ts b/processor/src/utils/map.utils.ts
index ec42368..2e48df8 100644
--- a/processor/src/utils/map.utils.ts
+++ b/processor/src/utils/map.utils.ts
@@ -4,7 +4,7 @@ import { makeMollieAmount } from './mollie.utils';
 import { ParsedMethodsRequestType } from '../types/mollie.types';
 import { Payment } from '@commercetools/platform-sdk';
 import CustomError from '../errors/custom.error';
-import { PaymentCreateParams, MethodsListParams } from '@mollie/api-client';
+import { PaymentCreateParams, MethodsListParams, PaymentMethod } from '@mollie/api-client';
 
 /**
  * Extracts method list parameters from a Commercetools Payment object and returns a Promise resolving to a MethodsListParams object.
@@ -72,14 +72,31 @@ export const mapCommercetoolsPaymentCustomFieldsToMollieListParams = async (
 export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreateParams => {
   const { amountPlanned, paymentMethodInfo, custom } = payment;
 
+  const [method, issuer] = paymentMethodInfo?.method?.split(',') ?? [null, null];
+
   const requestCustomField = custom?.fields?.[CustomFields.createPayment.request];
 
   const paymentRequest = requestCustomField ? JSON.parse(requestCustomField) : {};
 
+  const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+
   const molliePaymentParams: PaymentCreateParams = {
-    ...paymentRequest,
-    method: paymentMethodInfo.method,
+    description: paymentRequest.description ?? '',
     amount: makeMollieAmount(amountPlanned),
+    redirectUrl: paymentRequest.redirectUrl ?? null,
+    webhookUrl: paymentRequest.webhookUrl ?? defaultWebhookEndpoint,
+    billingAddress: paymentRequest.billingAddress ?? {},
+    shippingAddress: paymentRequest.shippingAddress ?? {},
+    locale: paymentRequest.locale ?? null,
+    method: method as PaymentMethod,
+    issuer: issuer ?? '',
+    restrictPaymentMethodsToCountry: paymentRequest.restrictPaymentMethodsToCountry ?? null,
+    metadata: paymentRequest.metadata ?? null,
+    // captureMode: paymentRequest.captureMode ?? null, PICT-204 is on hold
+    // captureDelay: paymentRequest.captureMode ?? null, PICT-204 is on hold
+    applicationFee: paymentRequest.applicationFee ?? {},
+    profileId: paymentRequest.profileId ?? null,
+    testmode: paymentRequest.testmode ?? null,
   };
 
   return molliePaymentParams;
diff --git a/processor/tests/utils/map.utils.spec.ts b/processor/tests/utils/map.utils.spec.ts
index caef926..7285a91 100644
--- a/processor/tests/utils/map.utils.spec.ts
+++ b/processor/tests/utils/map.utils.spec.ts
@@ -5,6 +5,7 @@ import {
 } from '../../src/utils/map.utils';
 import { Payment } from '@commercetools/platform-sdk';
 import { MethodsListParams } from '@mollie/api-client';
+import { makeMollieAmount } from '../../src/utils/mollie.utils';
 
 describe('Test map.utils.ts', () => {
   let mockCtPayment: Payment;
@@ -74,12 +75,27 @@ describe('createMollieCreatePaymentParams', () => {
     };
 
     const mollieCreatePaymentParams = createMollieCreatePaymentParams(CTPayment);
+    const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+    const mollieAmount = makeMollieAmount(CTPayment.amountPlanned);
+
     expect(mollieCreatePaymentParams).toEqual({
-      method: 'creditcard',
+      method: CTPayment.paymentMethodInfo.method,
       amount: {
-        currency: 'EUR',
-        value: '10.00',
+        currency: mollieAmount.currency,
+        value: mollieAmount.value,
       },
+      locale: null,
+      redirectUrl: null,
+      webhookUrl: defaultWebhookEndpoint,
+      description: '',
+      applicationFee: {},
+      billingAddress: {},
+      issuer: '',
+      metadata: null,
+      profileId: null,
+      restrictPaymentMethodsToCountry: null,
+      shippingAddress: {},
+      testmode: null,
     });
   });
 
@@ -130,8 +146,15 @@ describe('createMollieCreatePaymentParams', () => {
       locale: customFieldObject.locale,
       redirectUrl: customFieldObject.redirectUrl,
       webhookUrl: customFieldObject.webhookUrl,
-      cancelUrl: customFieldObject.cancelUrl,
       description: customFieldObject.description,
+      applicationFee: {},
+      billingAddress: {},
+      issuer: '',
+      metadata: null,
+      profileId: null,
+      restrictPaymentMethodsToCountry: null,
+      shippingAddress: {},
+      testmode: null,
     });
   });
 });

From 6087c2f584e6809c7613a9f3eac6b5abcfc9c04f Mon Sep 17 00:00:00 2001
From: Nghia Tran <n.tran@shopmacher.de>
Date: Fri, 19 Jul 2024 13:05:06 +0700
Subject: [PATCH 2/3] Specific param for creditcard payment

---
 processor/src/utils/map.utils.ts        | 12 ++++++++++++
 processor/tests/utils/map.utils.spec.ts |  3 +++
 2 files changed, 15 insertions(+)

diff --git a/processor/src/utils/map.utils.ts b/processor/src/utils/map.utils.ts
index 2e48df8..197c3fc 100644
--- a/processor/src/utils/map.utils.ts
+++ b/processor/src/utils/map.utils.ts
@@ -80,6 +80,17 @@ export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreate
 
   const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
 
+  let specificParam;
+  switch (method) {
+    case PaymentMethod.creditcard:
+      specificParam = {
+        cardToken: paymentRequest.cardToken ?? '',
+      };
+      break;
+    default:
+      break;
+  }
+
   const molliePaymentParams: PaymentCreateParams = {
     description: paymentRequest.description ?? '',
     amount: makeMollieAmount(amountPlanned),
@@ -97,6 +108,7 @@ export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreate
     applicationFee: paymentRequest.applicationFee ?? {},
     profileId: paymentRequest.profileId ?? null,
     testmode: paymentRequest.testmode ?? null,
+    ...specificParam,
   };
 
   return molliePaymentParams;
diff --git a/processor/tests/utils/map.utils.spec.ts b/processor/tests/utils/map.utils.spec.ts
index 7285a91..e26d4c0 100644
--- a/processor/tests/utils/map.utils.spec.ts
+++ b/processor/tests/utils/map.utils.spec.ts
@@ -96,6 +96,7 @@ describe('createMollieCreatePaymentParams', () => {
       restrictPaymentMethodsToCountry: null,
       shippingAddress: {},
       testmode: null,
+      cardToken: '',
     });
   });
 
@@ -106,6 +107,7 @@ describe('createMollieCreatePaymentParams', () => {
       redirectUrl: 'https://example.com/success',
       webhookUrl: 'https://example.com/webhook',
       cancelUrl: 'https://example.com/cancel',
+      cardToken: 'card_token_12345',
     };
 
     const CTPayment: Payment = {
@@ -155,6 +157,7 @@ describe('createMollieCreatePaymentParams', () => {
       restrictPaymentMethodsToCountry: null,
       shippingAddress: {},
       testmode: null,
+      cardToken: customFieldObject.cardToken,
     });
   });
 });

From 9f4d89a6a69e215a7415239ba7dbeab20014ed90 Mon Sep 17 00:00:00 2001
From: Nghia Tran <n.tran@shopmacher.de>
Date: Fri, 19 Jul 2024 13:36:53 +0700
Subject: [PATCH 3/3] Fix: Always use default connector webhook

---
 processor/src/utils/map.utils.ts        | 2 +-
 processor/tests/utils/map.utils.spec.ts | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/processor/src/utils/map.utils.ts b/processor/src/utils/map.utils.ts
index 197c3fc..f865ab2 100644
--- a/processor/src/utils/map.utils.ts
+++ b/processor/src/utils/map.utils.ts
@@ -95,7 +95,7 @@ export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreate
     description: paymentRequest.description ?? '',
     amount: makeMollieAmount(amountPlanned),
     redirectUrl: paymentRequest.redirectUrl ?? null,
-    webhookUrl: paymentRequest.webhookUrl ?? defaultWebhookEndpoint,
+    webhookUrl: defaultWebhookEndpoint,
     billingAddress: paymentRequest.billingAddress ?? {},
     shippingAddress: paymentRequest.shippingAddress ?? {},
     locale: paymentRequest.locale ?? null,
diff --git a/processor/tests/utils/map.utils.spec.ts b/processor/tests/utils/map.utils.spec.ts
index e26d4c0..980aa98 100644
--- a/processor/tests/utils/map.utils.spec.ts
+++ b/processor/tests/utils/map.utils.spec.ts
@@ -139,6 +139,9 @@ describe('createMollieCreatePaymentParams', () => {
     };
 
     const mollieCreatePaymentParams = createMollieCreatePaymentParams(CTPayment);
+    // Always use our default webhook endpoint
+    const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook';
+
     expect(mollieCreatePaymentParams).toEqual({
       method: 'creditcard',
       amount: {
@@ -147,7 +150,7 @@ describe('createMollieCreatePaymentParams', () => {
       },
       locale: customFieldObject.locale,
       redirectUrl: customFieldObject.redirectUrl,
-      webhookUrl: customFieldObject.webhookUrl,
+      webhookUrl: defaultWebhookEndpoint,
       description: customFieldObject.description,
       applicationFee: {},
       billingAddress: {},