From f6aa64a9f79c061758b0b3b34baa2adbae6cf5c5 Mon Sep 17 00:00:00 2001 From: Nghia Tran Date: Fri, 19 Jul 2024 13:01:57 +0700 Subject: [PATCH] Fix: Securing create payment params --- processor/.env.jest | 2 ++ processor/src/utils/map.utils.ts | 23 +++++++++++++++--- processor/tests/utils/map.utils.spec.ts | 31 +++++++++++++++++++++---- 3 files changed, 49 insertions(+), 7 deletions(-) diff --git a/processor/.env.jest b/processor/.env.jest index d2f0642..b8d116f 100644 --- a/processor/.env.jest +++ b/processor/.env.jest @@ -9,3 +9,5 @@ CTP_REGION=europe-west1.gcp MOLLIE_API_KEY=12345678901234567890123456789012 MOLLIE_PROFILE_ID=pfl_12345 DEBUG=0 + +CONNECT_SERVICE_URL=http://localhost:3000/processor diff --git a/processor/src/utils/map.utils.ts b/processor/src/utils/map.utils.ts index ec42368..2e48df8 100644 --- a/processor/src/utils/map.utils.ts +++ b/processor/src/utils/map.utils.ts @@ -4,7 +4,7 @@ import { makeMollieAmount } from './mollie.utils'; import { ParsedMethodsRequestType } from '../types/mollie.types'; import { Payment } from '@commercetools/platform-sdk'; import CustomError from '../errors/custom.error'; -import { PaymentCreateParams, MethodsListParams } from '@mollie/api-client'; +import { PaymentCreateParams, MethodsListParams, PaymentMethod } from '@mollie/api-client'; /** * Extracts method list parameters from a Commercetools Payment object and returns a Promise resolving to a MethodsListParams object. @@ -72,14 +72,31 @@ export const mapCommercetoolsPaymentCustomFieldsToMollieListParams = async ( export const createMollieCreatePaymentParams = (payment: Payment): PaymentCreateParams => { const { amountPlanned, paymentMethodInfo, custom } = payment; + const [method, issuer] = paymentMethodInfo?.method?.split(',') ?? [null, null]; + const requestCustomField = custom?.fields?.[CustomFields.createPayment.request]; const paymentRequest = requestCustomField ? JSON.parse(requestCustomField) : {}; + const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook'; + const molliePaymentParams: PaymentCreateParams = { - ...paymentRequest, - method: paymentMethodInfo.method, + description: paymentRequest.description ?? '', amount: makeMollieAmount(amountPlanned), + redirectUrl: paymentRequest.redirectUrl ?? null, + webhookUrl: paymentRequest.webhookUrl ?? defaultWebhookEndpoint, + billingAddress: paymentRequest.billingAddress ?? {}, + shippingAddress: paymentRequest.shippingAddress ?? {}, + locale: paymentRequest.locale ?? null, + method: method as PaymentMethod, + issuer: issuer ?? '', + restrictPaymentMethodsToCountry: paymentRequest.restrictPaymentMethodsToCountry ?? null, + metadata: paymentRequest.metadata ?? null, + // captureMode: paymentRequest.captureMode ?? null, PICT-204 is on hold + // captureDelay: paymentRequest.captureMode ?? null, PICT-204 is on hold + applicationFee: paymentRequest.applicationFee ?? {}, + profileId: paymentRequest.profileId ?? null, + testmode: paymentRequest.testmode ?? null, }; return molliePaymentParams; diff --git a/processor/tests/utils/map.utils.spec.ts b/processor/tests/utils/map.utils.spec.ts index caef926..7285a91 100644 --- a/processor/tests/utils/map.utils.spec.ts +++ b/processor/tests/utils/map.utils.spec.ts @@ -5,6 +5,7 @@ import { } from '../../src/utils/map.utils'; import { Payment } from '@commercetools/platform-sdk'; import { MethodsListParams } from '@mollie/api-client'; +import { makeMollieAmount } from '../../src/utils/mollie.utils'; describe('Test map.utils.ts', () => { let mockCtPayment: Payment; @@ -74,12 +75,27 @@ describe('createMollieCreatePaymentParams', () => { }; const mollieCreatePaymentParams = createMollieCreatePaymentParams(CTPayment); + const defaultWebhookEndpoint = new URL(process.env.CONNECT_SERVICE_URL ?? '').origin + '/webhook'; + const mollieAmount = makeMollieAmount(CTPayment.amountPlanned); + expect(mollieCreatePaymentParams).toEqual({ - method: 'creditcard', + method: CTPayment.paymentMethodInfo.method, amount: { - currency: 'EUR', - value: '10.00', + currency: mollieAmount.currency, + value: mollieAmount.value, }, + locale: null, + redirectUrl: null, + webhookUrl: defaultWebhookEndpoint, + description: '', + applicationFee: {}, + billingAddress: {}, + issuer: '', + metadata: null, + profileId: null, + restrictPaymentMethodsToCountry: null, + shippingAddress: {}, + testmode: null, }); }); @@ -130,8 +146,15 @@ describe('createMollieCreatePaymentParams', () => { locale: customFieldObject.locale, redirectUrl: customFieldObject.redirectUrl, webhookUrl: customFieldObject.webhookUrl, - cancelUrl: customFieldObject.cancelUrl, description: customFieldObject.description, + applicationFee: {}, + billingAddress: {}, + issuer: '', + metadata: null, + profileId: null, + restrictPaymentMethodsToCountry: null, + shippingAddress: {}, + testmode: null, }); }); });