Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RPP - Payment request class for loading, sanitizing, and escaping data #7054

Merged
merged 15 commits into from
Aug 29, 2023
Merged

RPP - Payment request class for loading, sanitizing, and escaping data #7054

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
c24277d
Handle wcpay-fraud-prevention-token and is-woopay-preflight-check
htdat Aug 23, 2023
8be90a5
Exclude WordPress.Security.NonceVerification.Missing for tests
htdat Aug 23, 2023
0d06630
Merge branch 'develop' into rpp/6684-request-class
htdat Aug 25, 2023
6759f97
Address feedback: change to non-static classes/methods.
htdat Aug 25, 2023
e419305
Add request data as dependency for Request.php
htdat Aug 25, 2023
03703f8
Use empty for is_woopay_preflight_check
htdat Aug 25, 2023
0b4c2dc
Add $request property
htdat Aug 25, 2023
b10164f
Revert phpcs.xml.dist as the approach changed.
htdat Aug 25, 2023
55117da
Add new methods and tests
htdat Aug 25, 2023
2e2df34
add changelog
htdat Aug 25, 2023
291b76d
Use sanitize_text_field directly
htdat Aug 25, 2023
2ce6974
Merge branch 'develop' into rpp/6684-request-class
htdat Aug 26, 2023
1f7b895
Change Request to PaymentRequest
htdat Aug 26, 2023
13e49c3
is_woopay_preflight_check - change from empty to isset
htdat Aug 26, 2023
61fef48
Use sanitize_text_field with wp_unslash
htdat Aug 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelog/rpp-6684-request-class
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: minor
Type: add

Add payment request class for loading, sanitizing, and escaping data (reengineering payment process)
92 changes: 92 additions & 0 deletions src/Internal/Payment/PaymentRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
<?php
/**
* Class PaymentRequest
*
* @package WooCommerce\Payments
*/

namespace WCPay\Internal\Payment;

/**
* Class for loading, sanitizing, and escaping data from payment requests.
*/
class PaymentRequest {
/**
* Request data.
*
* @var array
*/
private $request;

/**
* The request array.
*
* @param array|null $request Request data, this can be $_POST, or WP_REST_Request::get_params().
*/
public function __construct( array $request = null ) {
// phpcs:ignore WordPress.Security.NonceVerification.Missing
$this->request = $request ?? $_POST;
}

/**
* Get the fraud prevention token from the request.
*
* @return string|null
*/
public function get_fraud_prevention_token(): ?string {
return isset( $this->request['wcpay-fraud-prevention-token'] )
? sanitize_text_field( wp_unslash( ( $this->request['wcpay-fraud-prevention-token'] ) ) )
: null;
}

/**
* Check if the request is a WooPay preflight check.
*
* @return bool
*/
public function is_woopay_preflight_check(): bool {
return isset( $this->request['is-woopay-preflight-check'] );
}

/**
* Gets the provided WooPay intent ID from POST, if any.
*
* @return ?string
*/
public function get_woopay_intent_id(): ?string {
return isset( $this->request['platform-checkout-intent'] )
? sanitize_text_field( wp_unslash( ( $this->request['platform-checkout-intent'] ) ) )
: null;
}

/**
* Gets the ID of an order from the request.
*
* @return int|null
*/
public function get_order_id(): ?int {
return isset( $this->request['order_id'] ) ? absint( $this->request['order_id'] ) : null;
}

/**
* Gets intent ID if any.
*
* @return string|null
*/
public function get_intent_id(): ?string {
return isset( $this->request['intent_id'] )
? sanitize_text_field( wp_unslash( ( $this->request['intent_id'] ) ) )
: null;
}

/**
* Gets the ID of the provided payment method.
*
* @return string|null
*/
public function get_payment_method_id(): ?string {
return isset( $this->request['payment_method_id'] )
? sanitize_text_field( wp_unslash( ( $this->request['payment_method_id'] ) ) )
: null;
}
}
132 changes: 132 additions & 0 deletions tests/unit/src/Internal/Payment/PaymentRequestTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
<?php
/**
* Class PaymentRequestTest
*
* @package WooCommerce\Payments
*/

namespace WCPay\Tests\Internal\Payment;

use WCPay\Internal\Payment\PaymentRequest;
use WCPAY_UnitTestCase;

/**
* Tests for class PaymentRequestUtilTest
*/
class PaymentRequestTest extends WCPAY_UnitTestCase {
/**
* System under test.
*
* @var PaymentRequest
*/
private $sut;

/**
* @dataProvider provider_text_string_param
*/
public function test_get_fraud_prevention_token( ?string $value, ?string $expected ) {
$request = is_null( $value ) ? [] : [ 'wcpay-fraud-prevention-token' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->get_fraud_prevention_token() );
}

/**
* @dataProvider provider_text_string_param
*/
public function test_get_woopay_intent_id( ?string $value, ?string $expected ) {
$request = is_null( $value ) ? [] : [ 'platform-checkout-intent' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->get_woopay_intent_id() );
}

/**
* @dataProvider provider_text_string_param
*/
public function test_get_intent_id( ?string $value, ?string $expected ) {
$request = is_null( $value ) ? [] : [ 'intent_id' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->get_intent_id() );
}

/**
* @dataProvider provider_text_string_param
*/
public function test_get_payment_method_id( ?string $value, ?string $expected ) {
$request = is_null( $value ) ? [] : [ 'payment_method_id' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->get_payment_method_id() );
}

public function provider_text_string_param(): array {
return [
'Param is not set' => [
'value' => null,
'expected' => null,
],
'empty string' => [
'value' => '',
'expected' => '',
],
'normal string' => [
'value' => 'String-with-dash_and_underscore',
'expected' => 'String-with-dash_and_underscore',
],
'string will be changed after sanitization' => [
'value' => " \n<tag>String-with_special_chars__@.#$%^&*()",
'expected' => 'String-with_special_chars__@.#$%^&*()',
],
];
}

public function provider_text_string_for_bool_representation(): array {
return [
'Param is not set' => [
'value' => null,
'expected' => false,
],
'empty string' => [
'value' => '',
'expected' => true,
],
'any string' => [
'value' => 'any string',
'expected' => true,
],
];
}

/**
* @dataProvider provider_text_string_for_bool_representation
*/
public function test_is_woopay_preflight_check( ?string $value, bool $expected ) {
$request = is_null( $value ) ? [] : [ 'is-woopay-preflight-check' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->is_woopay_preflight_check() );
}

/**
* @dataProvider provider_test_order_id
*/
public function test_get_order_id( ?string $value, ?int $expected ) {
$request = is_null( $value ) ? [] : [ 'order_id' => $value ];
$this->sut = new PaymentRequest( $request );
$this->assertSame( $expected, $this->sut->get_order_id() );
}

public function provider_test_order_id(): array {
return [
'Param is not set' => [
'value' => null,
'expected' => null,
],
'normal id' => [
'value' => '123',
'expected' => 123,
],
'id will be sanitized' => [
'value' => '123abc',
'expected' => 123,
],
];
}
}