Validate available payment methods before attempting payment or updating order statuses

[mikejolley]

Fixes an issue where orders would be set pending before first validating the given payment method was available.

In this PR we:

1. Removed the PUT endpoint. This was not being used and it confused validation further because payment method was optional. There is no reason to call the checkout route early because data is updated via /cart/ routes. By removing this, we can force the payment_method to be required on all requests. I removed the PUT example from docs.
2. Made payment_method required. It was required anyway for POST requests, but I've made it required in the schema so validation happens early on.
3. Flipped get_request_payment_method and get_request_payment_method_id so get_request_payment_method is always used. get_request_payment_method validates the given request payment_method against those that are available.

Fixes #5405

Testing

Prerequisites:

1. Add add_filter( 'woocommerce_store_api_disable_nonce_check', '__return_true' ); to the bottom of your wp-config.php file to disable nonce checking
2. Enable basic auth.
3. Use a REST client such as Insomnia.
4. Use your WP login credentials when making API requests.
5. Add this code somewhere to disable the COD method:

add_filter( 'woocommerce_available_payment_gateways', function( $methods ) {
	unset( $methods['cod'] );
	return $methods;
} );

Add an item to the cart:

POST https://store.local/wp-json/wc/store/cart/add-item

{
	"id": 19,
	"quantity": 10
}

Testing invalid Methods

For each of these tests, confirm there is an error message response (400) and the order remains in draft status.

1. Invalid method:

POST https://store.local/wp-json/wc/store/checkout

{
	"billing_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
	"shipping_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
	"payment_method": "invalid"
}

2. Missing method:

POST https://store.local/wp-json/wc/store/checkout

{
	"billing_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
	"shipping_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	}
}

3. Non-available method:

POST https://store.local/wp-json/wc/store/checkout

{
	"billing_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
	"shipping_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
        "payment_method": "cod"
}

Testing valid Methods

Do the following request and confirm the order processes and goes to on-hold status.

POST https://store.local/wp-json/wc/store/checkout

{
	"billing_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
	"shipping_address": {
		"first_name": "Steve",
		"last_name": "Stevenson",
		"address_1": "41 Some Street",
		"city": "Townford",
		"postcode": "CB25 6FG",
		"country": "GB"
	},
        "payment_method": "bacs"
}

Dev Note

In the StoreAPI we've removed the unused PUT method from wc/store/checkout to fix some validation issues in POST requests. Like the Block Checkout, wc/store/cart/ routes should be used to update address data instead.

Changelog

Store API: Throw errors when attempting to pay with a non-available payment method.

[github-actions]

Size Change: 0 B

Total Size: 819 kB

ℹ️ View Unchanged

Filename	Size
build/active-filters-frontend.js	6.22 kB
build/active-filters.js	7.05 kB
build/all-products-frontend.js	18.6 kB
build/all-products.js	34.4 kB
build/all-reviews.js	8.35 kB
build/atomic-block-components/add-to-cart--atomic-block-components/button--atomic-block-components/image---a7e2bb9b.js	2.76 kB
build/atomic-block-components/add-to-cart--atomic-block-components/button.js	1.48 kB
build/atomic-block-components/add-to-cart-frontend.js	6.87 kB
build/atomic-block-components/add-to-cart.js	6.42 kB
build/atomic-block-components/button-frontend.js	1.48 kB
build/atomic-block-components/button.js	851 B
build/atomic-block-components/category-list-frontend.js	457 B
build/atomic-block-components/category-list.js	458 B
build/atomic-block-components/image-frontend.js	1.37 kB
build/atomic-block-components/image.js	1.05 kB
build/atomic-block-components/price-frontend.js	1.74 kB
build/atomic-block-components/price.js	1.7 kB
build/atomic-block-components/rating-frontend.js	552 B
build/atomic-block-components/rating.js	554 B
build/atomic-block-components/sale-badge-frontend.js	625 B
build/atomic-block-components/sale-badge.js	622 B
build/atomic-block-components/sku-frontend.js	386 B
build/atomic-block-components/sku.js	385 B
build/atomic-block-components/stock-indicator-frontend.js	584 B
build/atomic-block-components/stock-indicator.js	585 B
build/atomic-block-components/summary-frontend.js	872 B
build/atomic-block-components/summary.js	871 B
build/atomic-block-components/tag-list-frontend.js	458 B
build/atomic-block-components/tag-list.js	458 B
build/atomic-block-components/title-frontend.js	1.11 kB
build/atomic-block-components/title.js	1.1 kB
build/attribute-filter-frontend.js	16.3 kB
build/attribute-filter.js	12.6 kB
build/blocks-checkout.js	17.6 kB
build/cart-blocks/accepted-payment-methods-frontend.js	1.15 kB
build/cart-blocks/checkout-button-frontend.js	1.14 kB
build/cart-blocks/empty-cart-frontend.js	345 B
build/cart-blocks/express-payment-frontend.js	4.86 kB
build/cart-blocks/filled-cart-frontend.js	766 B
build/cart-blocks/items-frontend.js	298 B
build/cart-blocks/line-items-frontend.js	5.13 kB
build/cart-blocks/order-summary-frontend.js	8.95 kB
build/cart-blocks/totals-frontend.js	320 B
build/cart-frontend.js	45.5 kB
build/cart.js	44.3 kB
build/checkout-blocks/actions-frontend.js	1.44 kB
build/checkout-blocks/billing-address--checkout-blocks/shipping-address-frontend.js	4.22 kB
build/checkout-blocks/billing-address-frontend.js	884 B
build/checkout-blocks/contact-information-frontend.js	2.94 kB
build/checkout-blocks/express-payment-frontend.js	5.15 kB
build/checkout-blocks/fields-frontend.js	343 B
build/checkout-blocks/order-note-frontend.js	1.13 kB
build/checkout-blocks/order-summary-frontend.js	11.4 kB
build/checkout-blocks/payment-frontend.js	7.41 kB
build/checkout-blocks/shipping-address-frontend.js	971 B
build/checkout-blocks/shipping-methods-frontend.js	4.81 kB
build/checkout-blocks/terms-frontend.js	1.21 kB
build/checkout-blocks/totals-frontend.js	324 B
build/checkout-frontend.js	47.6 kB
build/checkout.js	47.1 kB
build/featured-category.js	8.55 kB
build/featured-product.js	9.9 kB
build/handpicked-products.js	7.32 kB
build/legacy-template.js	2.08 kB
build/mini-cart-component-frontend.js	14.2 kB
build/mini-cart-contents.js	3.59 kB
build/mini-cart-frontend.js	1.76 kB
build/mini-cart.js	6.46 kB
build/price-filter-frontend.js	12.4 kB
build/price-filter.js	8.6 kB
build/price-format.js	1.18 kB
build/product-best-sellers.js	7.51 kB
build/product-categories.js	3.47 kB
build/product-category.js	8.36 kB
build/product-new.js	7.66 kB
build/product-on-sale.js	8.05 kB
build/product-search.js	2.47 kB
build/product-tag.js	7.76 kB
build/product-top-rated.js	7.63 kB
build/products-by-attribute.js	8.48 kB
build/reviews-by-category.js	11.9 kB
build/reviews-by-product.js	12.9 kB
build/reviews-frontend.js	7.25 kB
build/single-product-frontend.js	22.1 kB
build/single-product.js	10.4 kB
build/stock-filter-frontend.js	6.81 kB
build/stock-filter.js	6.82 kB
build/vendors--atomic-block-components/add-to-cart--cart-blocks/order-summary--checkout-blocks/billing-ad--c5eb4dcd-frontend.js	19 kB
build/vendors--atomic-block-components/add-to-cart-frontend.js	6.82 kB
build/vendors--atomic-block-components/price--cart-blocks/line-items--cart-blocks/order-summary--checkout--8a3571de-frontend.js	5.71 kB
build/vendors--cart-blocks/line-items--checkout-blocks/order-summary-frontend.js	3.14 kB
build/vendors--cart-blocks/order-summary--checkout-blocks/billing-address--checkout-blocks/order-summary---eb4d2cec-frontend.js	4.75 kB
build/wc-blocks-data.js	8.84 kB
build/wc-blocks-editor-style-rtl.css	4.46 kB
build/wc-blocks-editor-style.css	4.46 kB
build/wc-blocks-google-analytics.js	1.56 kB
build/wc-blocks-middleware.js	949 B
build/wc-blocks-registry.js	2.7 kB
build/wc-blocks-shared-context.js	1.51 kB
build/wc-blocks-shared-hocs.js	1.14 kB
build/wc-blocks-style-rtl.css	21.6 kB
build/wc-blocks-style.css	21.6 kB
build/wc-blocks-vendors-style-rtl.css	1.28 kB
build/wc-blocks-vendors-style.css	1.28 kB
build/wc-blocks-vendors.js	65.5 kB
build/wc-blocks.js	2.96 kB
build/wc-payment-method-bacs.js	820 B
build/wc-payment-method-cheque.js	816 B
build/wc-payment-method-cod.js	912 B
build/wc-payment-method-paypal.js	838 B
build/wc-payment-method-stripe.js	11.1 kB
build/wc-settings.js	2.61 kB

_{compressed-size-action}

[opr]

Tests well and the code changes look good to me, cheers Mike!