PISHPS-328: added ApplePayDirectDomainAllowList #790
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ault saleschannel urls, integrated allow list into applepay validate route
src/Resources/config/config.xml
Outdated
| @@ -152,6 +152,15 @@ | |||
| </option> | |||
| </options> | |||
| </input-field> | |||
| <input-field type="text"> | |||
| <name>ApplePayValidationAllowList</name> | |||
There was a problem hiding this comment.
just for consistency, i think other settings start with lower case?
There was a problem hiding this comment.
and please use applePayDirect as prefix, because non-direct would be another payment method
src/Resources/config/config.xml
Outdated
| <input-field type="text"> | ||
| <name>ApplePayValidationAllowList</name> | ||
| <label>Allowed Domains for Apple Pay Validation</label> | ||
| <label lang="de-DE">Zulässige Domains für die Apple Pay Validierung</label> |
There was a problem hiding this comment.
could you add something like "leave empty if no separate headless ...stuff with additional domain is used"
or "only required if a custom domain is used for a headless storefront"
just to avoid people getting confused and thinking this needs to be added
one of the mollie usps is a plugn'play approach without lots of required configs
There was a problem hiding this comment.
currently it is always required but the ApplePayConfigSubscriber adds all associated domains of the shop automatically to the configuration on install/update
| * @throws ApplePayValidationUrlNotInAllowListException | ||
| * @return string | ||
| */ | ||
| public function validateValidationUrl(string $validationUrl): string |
There was a problem hiding this comment.
validate DOMAIN? or?
validation URL is something else, we need to validate the domain
which also means we should rename the whole member variables and probably classes?
(we can talk in zoom if you want)
There was a problem hiding this comment.
also why do we require a string return value? its no "getter" it just validates with exception approach, meaning void is totally fine?
so sanitizing might be better as a second function? function naming and content is a bit different i think?
| */ | ||
| public function getAllowList(): ApplePayValidationUrlAllowList | ||
| { | ||
| $allowList = $this->systemConfigService->get('MolliePayments.config.ApplePayValidationAllowList'); |
There was a problem hiding this comment.
please use our own SettingsService to avoid duplicate hardcoded config strings
| * @param SystemConfigService $systemConfigService | ||
| * @param EntityRepository $salesChannelDomainRepository | ||
| */ | ||
| public function __construct(SystemConfigService $systemConfigService, EntityRepository $salesChannelDomainRepository) |
There was a problem hiding this comment.
i dont see any benefit in this?
we get the string anyway if we use the settings service when we need this?!
| @@ -117,6 +117,7 @@ public function createPaymentSession(RequestDataBag $data, SalesChannelContext $ | |||
| throw new \Exception('Please provide a validation url!'); | |||
| } | |||
|
|
|||
| $validationURL = $this->applePay->validateValidationUrl($validationURL); | |||
There was a problem hiding this comment.
i think thats wrong
ApplePayDirect.php::createPaymentSession
in this fucntion we should verify the domain,
the validationUrl comes as response from apple and must not be touched
|
|
||
| public function testProvidesAllowList(): void | ||
| { | ||
| $allowListString = 'https://example.com,https://example-url.org'; |
There was a problem hiding this comment.
great test
could you also add a simple domain or a separate unit test where it loads just domains without https scheme?
|
|
||
| class ApplePayValidationUrlAllowListTest extends TestCase | ||
| { | ||
| public function canDetermineIfValueIsContainedInList(): void |
There was a problem hiding this comment.
attention
tests without "test" prefix will not be executed
| public function sanitationTestDataProvider(): array | ||
| { | ||
| return [ | ||
| 'keeps http value if provided' => ['http://example.com', 'http://example.com/'], |
There was a problem hiding this comment.
not quite sure if trailing slash is good?
| ->willReturn(ApplePayValidationUrlAllowList::create()); | ||
|
|
||
| $this->expectException(ApplePayValidationUrlAllowListCanNotBeEmptyException::class); | ||
| $this->expectExceptionMessage('The Apple Pay validation URL allow list can not be empty. Please check the configuration.'); |
There was a problem hiding this comment.
thats wrong, it can be empty
There was a problem hiding this comment.
ok sorry misleading title, only throws exception if custom domain is provided but allow list is empty :)
m-muxfeld-diw
changed the title
| public function getAllowList(SalesChannelContext $context): ApplePayDirectDomainAllowList | ||
| { | ||
| $settings = $this->settingsService->getSettings($context->getSalesChannel()->getId()); | ||
| $allowList = $settings->applePayDirectDomainAllowList ?? ''; |
There was a problem hiding this comment.
achtung, hier sollte ein getter das schon machen, direkt member-access sollte nicht erlaubt sein
|
|
||
| # we need to have a protocol before the parse url command | ||
| # in order to have it work correctly | ||
| if (strpos($value, 'http') !== 0) { |
There was a problem hiding this comment.
i think you could use the sanitizer in here?
src/Service/SettingsService.php
Outdated
| @@ -18,6 +18,7 @@ class SettingsService implements PluginSettingsServiceInterface | |||
| const TEST_API_KEY = 'testApiKey'; | |||
| const LIVE_PROFILE_ID = 'liveProfileId'; | |||
| const TEST_PROFILE_ID = 'testProfileId'; | |||
| const APPLE_PAY_DIRECT_DOMAIN_ALLOW_LIST = 'applePayDirectDomainAllowList'; | |||
There was a problem hiding this comment.
glaub das ist nicht notwendig
There was a problem hiding this comment.
aaaa, MollieSettingsStruct is the correct one
m-muxfeld-diw
force-pushed
the
users/mm/PISHPS-328
branch
from
d7c73ee to
f792781
Compare
|
|
||
| public function testProvidesEmptyAllowList(): void | ||
| { | ||
| $struct = $this->createConfiguredMock(MollieSettingStruct::class, ['getApplePayDirectDomainAllowList' => '']); |
There was a problem hiding this comment.
just a styling thing, but maybe something for the future
you dont always need to mock things
you could just create a new setting struct, set your value and use it :)
| public function sanitationTestDataProvider(): array | ||
| { | ||
| return [ | ||
| 'removes http value if provided' => ['http://example.com', 'example.com'], |
There was a problem hiding this comment.
can you add a subdomain too? that would be good
boxblinkracer
approved these changes
Jul 11, 2024
BlackScorp
pushed a commit
to BlackScorp/Shopware6
that referenced
this pull request
Aug 20, 2024
commit d61758c Author: m-muxfeld-diw <[email protected]> Date: Thu Aug 8 10:06:03 2024 +0200 PISHPS-329: added UrlParsingService to separate tracking code from tracking url when not entered correctly (mollie#805) commit 1549c12 Author: Marcus <[email protected]> Date: Thu Aug 8 10:01:00 2024 +0200 Check for database connection during logger creation instead of dsn (mollie#804) Resolves mollie#803 commit 9f8b001 Author: m-muxfeld-diw <[email protected]> Date: Thu Aug 8 10:00:14 2024 +0200 PISHPS-259: MollieLineItemBuilder now checks if the price definition is a AbsolutePriceDefinition and will set quantity to 1 if it is (mollie#800) commit 4faed11 Author: Niklas Wolf <[email protected]> Date: Tue Aug 6 12:33:24 2024 +0200 fix: load order delivery state machine state (mollie#799) commit 9558e0d Author: Vitalij Mik <[email protected]> Date: Tue Jul 30 14:33:56 2024 +0200 NTR: fix buid zip (mollie#797) Co-authored-by: Vitalij Mik <[email protected]> commit 9fbf487 Author: Vitalij Mik <[email protected]> Date: Tue Jul 30 07:03:44 2024 +0200 NTR: fix cypress for 6.4 (mollie#796) Co-authored-by: Vitalij Mik <[email protected]> commit 5668b08 Author: Vitalij Mik <[email protected]> Date: Mon Jul 29 12:49:21 2024 +0200 NTR: fix cypress for payconiq (mollie#794) Co-authored-by: Vitalij Mik <[email protected]> commit 8b3253b Author: Vitalij Mik <[email protected]> Date: Mon Jul 29 12:38:41 2024 +0200 NTR: fix polyfill autoloading (mollie#795) fix mollie#791 Co-authored-by: Vitalij Mik <[email protected]> commit f2436dc Author: m-muxfeld-diw <[email protected]> Date: Fri Jul 26 16:01:44 2024 +0200 PISHPS-303: extended LineItemDataExtractor. It now also sanitizes query parameters (mollie#789) * PISHPS-303: extended LineItemDataExtractor. It now also sanitizes query parameters * PISHPS-303: removed redundant comments * PISHPS-303: removed debug line * PISHPS-303: fixed phpstan error * PISHPS-303: added missing space commit 39ebd2e Author: m-muxfeld-diw <[email protected]> Date: Fri Jul 26 08:22:42 2024 +0200 PISHPS-328: added ApplePayDirectDomainAllowList (mollie#790) * PISHPS-328: added ApplePayValidationAllowList, subscriber to list default saleschannel urls, integrated allow list into applepay validate route * PISHPS-303: applied requested todos * PISHPS-328: applied requested todos * PISHPS-328: added test case to ApplePayDirectDomainSanitizerTest for sub domains commit 99f0e81 Author: Marcus <[email protected]> Date: Wed Jul 24 13:09:17 2024 +0200 RefundAdminSearchIndexer: Fix MySQL syntax (mollie#792) commit 79e8e7f Author: Christian <[email protected]> Date: Tue Jul 16 10:21:15 2024 +0200 NTR: Add Shopware 6.6.4.1 to pipeline commit b2b7361 Author: Vitalij Mik <[email protected]> Date: Fri Jul 5 09:31:38 2024 +0200 PISHPS-301: add elastic indexer for entities (mollie#786) * NTR: PISHPS-301: add elastic indexer for entities * NTR: update --------- Co-authored-by: Vitalij Mik <[email protected]> commit c843557 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 11:03:07 2024 +0200 NTR: PISHPS-291: do not create new guest accounts (mollie#784) Co-authored-by: Vitalij Mik <[email protected]> commit eab675b Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 09:47:10 2024 +0200 NTR: fix settings commit e8a5832 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 09:34:37 2024 +0200 NTR: fix settings commit 72be783 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 08:12:43 2024 +0200 NTR: prepare hotfix commit 7feec11 Author: Vitalij Mik <[email protected]> Date: Wed Jul 3 12:27:42 2024 +0200 NTR: fix apple pay without phone (mollie#783) Co-authored-by: Vitalij Mik <[email protected]> commit ac6407d Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 14:14:28 2024 +0200 NTR: prepare release commit a04bacb Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 13:23:46 2024 +0200 NTR: cs fix commit 9241ea6 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 13:15:12 2024 +0200 NTR: fix save/delete settings commit d51a4c3 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 12:14:25 2024 +0200 NTR: use get to reduce db requests (mollie#782) Co-authored-by: Vitalij Mik <[email protected]> commit 4a72cb8 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 11:35:37 2024 +0200 NTR: add payconiq payment (mollie#781) * NTR: added payconiq payment * NTR: csfix * NTR: fix stylelint * NTR: stylelint fix --------- Co-authored-by: Vitalij Mik <[email protected]> commit 3dd7db6 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 10:27:26 2024 +0200 NTR: PISHPS-300: add trustly payment (mollie#780) Co-authored-by: Vitalij Mik <[email protected]>
BlackScorp
added a commit
that referenced
this pull request
Aug 20, 2024
* NTR: PISHPS-288: add riverty * NTR: Squashed commit of the following: commit d61758c Author: m-muxfeld-diw <[email protected]> Date: Thu Aug 8 10:06:03 2024 +0200 PISHPS-329: added UrlParsingService to separate tracking code from tracking url when not entered correctly (#805) commit 1549c12 Author: Marcus <[email protected]> Date: Thu Aug 8 10:01:00 2024 +0200 Check for database connection during logger creation instead of dsn (#804) Resolves #803 commit 9f8b001 Author: m-muxfeld-diw <[email protected]> Date: Thu Aug 8 10:00:14 2024 +0200 PISHPS-259: MollieLineItemBuilder now checks if the price definition is a AbsolutePriceDefinition and will set quantity to 1 if it is (#800) commit 4faed11 Author: Niklas Wolf <[email protected]> Date: Tue Aug 6 12:33:24 2024 +0200 fix: load order delivery state machine state (#799) commit 9558e0d Author: Vitalij Mik <[email protected]> Date: Tue Jul 30 14:33:56 2024 +0200 NTR: fix buid zip (#797) Co-authored-by: Vitalij Mik <[email protected]> commit 9fbf487 Author: Vitalij Mik <[email protected]> Date: Tue Jul 30 07:03:44 2024 +0200 NTR: fix cypress for 6.4 (#796) Co-authored-by: Vitalij Mik <[email protected]> commit 5668b08 Author: Vitalij Mik <[email protected]> Date: Mon Jul 29 12:49:21 2024 +0200 NTR: fix cypress for payconiq (#794) Co-authored-by: Vitalij Mik <[email protected]> commit 8b3253b Author: Vitalij Mik <[email protected]> Date: Mon Jul 29 12:38:41 2024 +0200 NTR: fix polyfill autoloading (#795) fix #791 Co-authored-by: Vitalij Mik <[email protected]> commit f2436dc Author: m-muxfeld-diw <[email protected]> Date: Fri Jul 26 16:01:44 2024 +0200 PISHPS-303: extended LineItemDataExtractor. It now also sanitizes query parameters (#789) * PISHPS-303: extended LineItemDataExtractor. It now also sanitizes query parameters * PISHPS-303: removed redundant comments * PISHPS-303: removed debug line * PISHPS-303: fixed phpstan error * PISHPS-303: added missing space commit 39ebd2e Author: m-muxfeld-diw <[email protected]> Date: Fri Jul 26 08:22:42 2024 +0200 PISHPS-328: added ApplePayDirectDomainAllowList (#790) * PISHPS-328: added ApplePayValidationAllowList, subscriber to list default saleschannel urls, integrated allow list into applepay validate route * PISHPS-303: applied requested todos * PISHPS-328: applied requested todos * PISHPS-328: added test case to ApplePayDirectDomainSanitizerTest for sub domains commit 99f0e81 Author: Marcus <[email protected]> Date: Wed Jul 24 13:09:17 2024 +0200 RefundAdminSearchIndexer: Fix MySQL syntax (#792) commit 79e8e7f Author: Christian <[email protected]> Date: Tue Jul 16 10:21:15 2024 +0200 NTR: Add Shopware 6.6.4.1 to pipeline commit b2b7361 Author: Vitalij Mik <[email protected]> Date: Fri Jul 5 09:31:38 2024 +0200 PISHPS-301: add elastic indexer for entities (#786) * NTR: PISHPS-301: add elastic indexer for entities * NTR: update --------- Co-authored-by: Vitalij Mik <[email protected]> commit c843557 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 11:03:07 2024 +0200 NTR: PISHPS-291: do not create new guest accounts (#784) Co-authored-by: Vitalij Mik <[email protected]> commit eab675b Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 09:47:10 2024 +0200 NTR: fix settings commit e8a5832 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 09:34:37 2024 +0200 NTR: fix settings commit 72be783 Author: Vitalij Mik <[email protected]> Date: Thu Jul 4 08:12:43 2024 +0200 NTR: prepare hotfix commit 7feec11 Author: Vitalij Mik <[email protected]> Date: Wed Jul 3 12:27:42 2024 +0200 NTR: fix apple pay without phone (#783) Co-authored-by: Vitalij Mik <[email protected]> commit ac6407d Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 14:14:28 2024 +0200 NTR: prepare release commit a04bacb Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 13:23:46 2024 +0200 NTR: cs fix commit 9241ea6 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 13:15:12 2024 +0200 NTR: fix save/delete settings commit d51a4c3 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 12:14:25 2024 +0200 NTR: use get to reduce db requests (#782) Co-authored-by: Vitalij Mik <[email protected]> commit 4a72cb8 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 11:35:37 2024 +0200 NTR: add payconiq payment (#781) * NTR: added payconiq payment * NTR: csfix * NTR: fix stylelint * NTR: stylelint fix --------- Co-authored-by: Vitalij Mik <[email protected]> commit 3dd7db6 Author: Vitalij Mik <[email protected]> Date: Tue Jul 2 10:27:26 2024 +0200 NTR: PISHPS-300: add trustly payment (#780) Co-authored-by: Vitalij Mik <[email protected]> * NTR: csfix --------- Co-authored-by: Vitalij Mik <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
added ApplePayDirectDomainAllowList, integrated allow list into applepay direct validate route, updated documentation