Prevent WooPay from modifying non-WooPay Webhooks

changelog/fix-redundant-webhooks-modifications

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Prevent WooPay-related implementation to modify non-WooPay-specific webhooks by changing their data.

includes/woopay/class-woopay-order-status-sync.php

@@ -135,6 +135,12 @@ public static function add_topics( $topic_hooks ) {
 	 * @param integer $id          ID of the webhook.
 	 */
 	public static function create_payload( $payload, $resource, $resource_id, $id ) {
+		$webhook = wc_get_webhook( $id );
+		if ( 0 !== strpos( $webhook->get_delivery_url(), WooPay_Utilities::get_woopay_rest_url( 'merchant-notification' ) ) ) {
+			// This is not a WooPay webhook, so we don't need to modify the payload.
+			return $payload;
+		}
+
 		return [
 			'blog_id'      => \Jetpack_Options::get_option( 'id' ),
 			'order_id'     => $resource_id,

tests/unit/woopay/test-class-woopay-order-status-sync.php

@@ -43,6 +43,69 @@ public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
 		self::$admin_user = $factory->user->create_and_get( [ 'role' => 'administrator' ] );
 	}
 
+	/**
+	 * Tests that WooPay-specific webhooks are modified as expected.
+	 */
+	public function test_woopay_specific_webhook_payload_is_updated() {
+		wp_set_current_user( self::$admin_user->ID );
+		$pre_processing_payload = [
+			'status'             => 'publish',
+			'average_rating'     => '0.00',
+			'catalog_visibility' => 'visible',
+			'categories'         => [
+				[
+					'id'   => 9,
+					'name' => 'Clothing',
+					'slug' => 'clothing',
+				],
+			],
+		];
+
+		$woopay_specific_payload = [
+			'blog_id'      => false,
+			'order_id'     => 1,
+			'order_status' => 'publish',
+		];
+
+		wp_set_current_user( self::$admin_user->ID );
+		// Create the WebHook with WooPay specific delivery URL.
+		$this->webhook_sync_mock->maybe_create_woopay_order_webhook();
+
+		$post_processing_payload = $this->webhook_sync_mock->create_payload( $pre_processing_payload, 'product', 1, 1 );
+		$this->assertNotEquals( $pre_processing_payload, $post_processing_payload );
+		$this->assertEquals( $post_processing_payload, $woopay_specific_payload );
+
+		$this->webhook_sync_mock->remove_webhook();
+		$this->assertEmpty( WooPay_Order_Status_Sync::get_webhook() );
+	}
+
+	/**
+	 * Tests that non WooPay webhooks (e.g. Product Updated, Order created) are filtered out and eventually not modified.
+	 */
+	public function test_non_woopay_specific_webhook_payload_remains_unaffected() {
+		wp_set_current_user( self::$admin_user->ID );
+		$pre_processing_payload = [
+			'status'             => 'publish',
+			'average_rating'     => '0.00',
+			'catalog_visibility' => 'visible',
+			'categories'         => [
+				[
+					'id'   => 9,
+					'name' => 'Clothing',
+					'slug' => 'clothing',
+				],
+			],
+		];
+
+		$this->create_non_woopay_specific_webhook();
+
+		$post_processing_payload = $this->webhook_sync_mock->create_payload( $pre_processing_payload, 'product', 1, 2 );
+		$this->assertEquals( $pre_processing_payload, $post_processing_payload );
+
+		$this->webhook_sync_mock->remove_webhook();
+		$this->assertEmpty( WooPay_Order_Status_Sync::get_webhook() );
+	}
+
 	/**
 	 * Tests that the webhook is created succesfuly if the logged in user has the capability manage_woocommerce.
 	 */
@@ -83,4 +146,17 @@ private function set_is_woopay_eligible( $is_woopay_eligible ) {
 		$this->mock_cache->method( 'get' )->willReturn( [ 'platform_checkout_eligible' => $is_woopay_eligible ] );
 	}
 
+	private function create_non_woopay_specific_webhook() {
+		$delivery_url_non_specific_for_woopay = 'some-woocommerce-core-webhook-delivery-url';
+
+		$webhook = new \WC_Webhook();
+		$webhook->set_name( 'WCPay woopay order status sync' );
+		$webhook->set_user_id( get_current_user_id() );
+		$webhook->set_topic( 'order.status_changed' );
+		$webhook->set_secret( wp_generate_password( 50, false ) );
+		$webhook->set_delivery_url( $delivery_url_non_specific_for_woopay );
+		$webhook->set_status( 'active' );
+		$webhook->save();
+	}
+
 }