Hypernova-Oy
diff --git a/‎CHANGELOG.md
+612 b/‎CHANGELOG.md
+612
diff --git a/‎app/code/Magento/Authorization/Model/Role.php
+1-11 b/‎app/code/Magento/Authorization/Model/Role.php
+1-11
diff --git a/‎app/code/Magento/Authorizenet/Test/Mftf/Test/StorefrontVerifySecureURLRedirectAuthorizenetTest.xml
+42 b/‎app/code/Magento/Authorizenet/Test/Mftf/Test/StorefrontVerifySecureURLRedirectAuthorizenetTest.xml
+42
diff --git a/‎app/code/Magento/AuthorizenetAcceptjs/etc/adminhtml/di.xml
+5 b/‎app/code/Magento/AuthorizenetAcceptjs/etc/adminhtml/di.xml
+5
diff --git a/‎app/code/Magento/AuthorizenetAcceptjs/etc/di.xml
+2 b/‎app/code/Magento/AuthorizenetAcceptjs/etc/di.xml
+2
diff --git a/‎app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/templates/payment/script.phtml
+16-9 b/‎app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/templates/payment/script.phtml
+16-9
diff --git a/‎app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/web/js/payment-form.js
+2-3 b/‎app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/web/js/payment-form.js
+2-3
diff --git a/‎app/code/Magento/AuthorizenetAcceptjs/view/frontend/web/template/payment/authorizenet-acceptjs.html
+1 b/‎app/code/Magento/AuthorizenetAcceptjs/view/frontend/web/template/payment/authorizenet-acceptjs.html
+1
diff --git a/‎app/code/Magento/AuthorizenetCardinal/Gateway/Request/Authorize3DSecureBuilder.php
+4-4 b/‎app/code/Magento/AuthorizenetCardinal/Gateway/Request/Authorize3DSecureBuilder.php
+4-4
diff --git a/‎app/code/Magento/AuthorizenetCardinal/Gateway/Validator/CavvResponseValidator.php
+83 b/‎app/code/Magento/AuthorizenetCardinal/Gateway/Validator/CavvResponseValidator.php
+83
diff --git a/‎app/code/Magento/AuthorizenetCardinal/etc/di.xml
+16 b/‎app/code/Magento/AuthorizenetCardinal/etc/di.xml
+16
diff --git a/‎app/code/Magento/AuthorizenetCardinal/view/frontend/web/js/authorizenet-accept-mixin.js
+2 b/‎app/code/Magento/AuthorizenetCardinal/view/frontend/web/js/authorizenet-accept-mixin.js
+2
diff --git a/‎app/code/Magento/AuthorizenetGraphQl/etc/schema.graphqls
+1-1 b/‎app/code/Magento/AuthorizenetGraphQl/etc/schema.graphqls
+1-1
diff --git a/‎app/code/Magento/Backend/Block/Context.php
+9-4 b/‎app/code/Magento/Backend/Block/Context.php
+9-4
@@ -40,7 +40,7 @@ class Role extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Authorization\Model\ResourceModel\Role\Collection $resourceCollection
      * @param array $data
      */
-    public function __construct(
+    public function __construct( //phpcs:ignore Generic.CodeAnalysis.UselessOverridingMethod
         \Magento\Framework\Model\Context $context,
         \Magento\Framework\Registry $registry,
         \Magento\Authorization\Model\ResourceModel\Role $resource,
@@ -52,28 +52,18 @@ public function __construct(
 
     /**
      * @inheritDoc
-     *
-     * @SuppressWarnings(PHPMD.SerializationAware)
-     * @deprecated Do not use PHP serialization.
      */
     public function __sleep()
     {
-        trigger_error('Using PHP serialization is deprecated', E_USER_DEPRECATED);
-
         $properties = parent::__sleep();
         return array_diff($properties, ['_resource', '_resourceCollection']);
     }
 
     /**
      * @inheritDoc
-     *
-     * @SuppressWarnings(PHPMD.SerializationAware)
-     * @deprecated Do not use PHP serialization.
      */
     public function __wakeup()
     {
-        trigger_error('Using PHP serialization is deprecated', E_USER_DEPRECATED);
-
         parent::__wakeup();
         $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
         $this->_resource = $objectManager->get(\Magento\Authorization\Model\ResourceModel\Role::class);
 
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="StorefrontVerifySecureURLRedirectAuthorizenet">
+        <annotations>
+            <features value="Authorizenet"/>
+            <stories value="Storefront Secure URLs"/>
+            <title value="Verify Secure URLs For Storefront Authorizenet Pages"/>
+            <description value="Verify that the Secure URL configuration applies to the Authorizenet pages on the Storefront"/>
+            <severity value="MAJOR"/>
+            <testCaseId value="MC-15610"/>
+            <group value="authorizenet"/>
+            <group value="configuration"/>
+            <group value="secure_storefront_url"/>
+        </annotations>
+        <before>
+            <createData entity="Simple_US_Customer" stepKey="customer"/>
+            <actionGroup ref="LoginToStorefrontActionGroup" stepKey="loginToStorefront">
+                <argument name="Customer" value="$$customer$$"/>
+            </actionGroup>
+            <executeJS function="return window.location.host" stepKey="hostname"/>
+            <magentoCLI command="config:set web/secure/base_url https://{$hostname}/" stepKey="setSecureBaseURL"/>
+            <magentoCLI command="config:set web/secure/use_in_frontend 1" stepKey="useSecureURLsOnStorefront"/>
+            <magentoCLI command="cache:flush" stepKey="flushCache"/>
+        </before>
+        <after>
+            <magentoCLI command="config:set web/secure/use_in_frontend 0" stepKey="dontUseSecureURLsOnStorefront"/>
+            <magentoCLI command="cache:flush" stepKey="flushCache"/>
+            <deleteData createDataKey="customer" stepKey="deleteCustomer"/>
+        </after>
+        <executeJS function="return window.location.host" stepKey="hostname"/>
+        <amOnUrl url="http://{$hostname}/authorizenet" stepKey="goToUnsecureAuthorizenetURL"/>
+        <seeCurrentUrlEquals url="https://{$hostname}/authorizenet" stepKey="seeSecureAuthorizenetURL"/>
+    </test>
+</tests>
@@ -31,4 +31,9 @@
             </argument>
         </arguments>
     </virtualType>
+    <virtualType name="AuthorizenetAcceptjsAuthorizeCommand" type="Magento\Payment\Gateway\Command\GatewayCommand">
+        <arguments>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
+        </arguments>
+    </virtualType>
 </config>
@@ -134,6 +134,7 @@
         <arguments>
             <argument name="requestBuilder" xsi:type="object">AuthorizenetAcceptjsRefundRequest</argument>
             <argument name="handler" xsi:type="object">AuthorizenetAcceptjsRefundSettledHandler</argument>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
         </arguments>
     </virtualType>
     <virtualType name="AuthorizenetAcceptjsCaptureCommand" type="Magento\AuthorizenetAcceptjs\Gateway\Command\CaptureStrategyCommand">
@@ -145,6 +146,7 @@
         <arguments>
             <argument name="requestBuilder" xsi:type="object">AuthorizenetAcceptjsCaptureRequest</argument>
             <argument name="handler" xsi:type="object">AuthorizenetAcceptjsCaptureTransactionHandler</argument>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
         </arguments>
     </virtualType>
     <virtualType name="AuthorizenetAcceptjsVoidCommand" type="Magento\Payment\Gateway\Command\GatewayCommand">
 
@@ -6,12 +6,19 @@
 
 /** @var Magento\AuthorizenetAcceptjs\Block\Payment $block */
 ?>
-<script type="text/x-magento-init">
-    {
-        "#payment_form_<?= $block->escapeJs($block->escapeHtml($block->getMethodCode())) ?>": {
-            "Magento_AuthorizenetAcceptjs/js/payment-form": {
-                "config": <?= /* @noEscape */ $block->getPaymentConfig() ?>
-            }
-        }
-    }
-</script>
+<script>
+    //<![CDATA[
+    require(
+        [
+            'Magento_AuthorizenetAcceptjs/js/authorizenet',
+            'jquery',
+            'domReady!'
+        ], function(AuthorizenetAcceptjs, $) {
+            var config = <?= /* @noEscape */ $block->getPaymentConfig() ?>,
+                form = $('#payment_form_<?= /* @noEscape */ $block->escapeJs($block->escapeHtml($block->getMethodCode())) ?>');
+
+            config.active = form.length > 0 && !form.is(':hidden');
+            new AuthorizenetAcceptjs(config);
+        });
+    //]]>
+</script>
@@ -8,9 +8,8 @@ define([
 ], function (AuthorizenetAcceptjs, $) {
     'use strict';
 
-    return function (data, element) {
-        var $form = $(element),
-            config = data.config;
+    return function (config, element) {
+        var $form = $(element);
 
         config.active = $form.length > 0 && !$form.is(':hidden');
         new AuthorizenetAcceptjs(config);
 
@@ -35,6 +35,7 @@
                 <button class="action primary checkout"
                         type="submit"
                         click="beforePlaceOrder"
+                        css="disabled: !isPlaceOrderActionAllowed()"
                         attr="title: $t('Place Order')"
                 >
                     <span translate="'Place Order'"></span>
 
@@ -10,7 +10,7 @@
 
 use Magento\AuthorizenetAcceptjs\Gateway\SubjectReader;
 use Magento\AuthorizenetCardinal\Model\Config;
-use Magento\CardinalCommerce\Model\Response\JwtParser;
+use Magento\CardinalCommerce\Model\Response\JwtParserInterface;
 use Magento\Payment\Gateway\Request\BuilderInterface;
 use Magento\Sales\Model\Order\Payment;
 
@@ -30,19 +30,19 @@ class Authorize3DSecureBuilder implements BuilderInterface
     private $config;
 
     /**
-     * @var JwtParser
+     * @var JwtParserInterface
      */
     private $jwtParser;
 
     /**
      * @param SubjectReader $subjectReader
      * @param Config $config
-     * @param JwtParser $jwtParser
+     * @param JwtParserInterface $jwtParser
      */
     public function __construct(
         SubjectReader $subjectReader,
         Config $config,
-        JwtParser $jwtParser
+        JwtParserInterface $jwtParser
     ) {
         $this->subjectReader = $subjectReader;
         $this->config = $config;
 
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AuthorizenetCardinal\Gateway\Validator;
+
+use Magento\AuthorizenetAcceptjs\Gateway\SubjectReader;
+use Magento\AuthorizenetCardinal\Model\Config;
+use Magento\Payment\Gateway\Validator\AbstractValidator;
+use Magento\Payment\Gateway\Validator\ResultInterface;
+use Magento\Payment\Gateway\Validator\ResultInterfaceFactory;
+
+/**
+ * Validates cardholder authentication verification response code.
+ */
+class CavvResponseValidator extends AbstractValidator
+{
+    /**
+     * The result code that authorize.net returns if CAVV passed validation.
+     */
+    private const RESULT_CODE_SUCCESS = '2';
+
+    /**
+     * @var SubjectReader
+     */
+    private $subjectReader;
+
+    /**
+     * @var ResultInterfaceFactory
+     */
+    private $resultFactory;
+
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * @param ResultInterfaceFactory $resultFactory
+     * @param SubjectReader $subjectReader
+     * @param Config $config
+     */
+    public function __construct(
+        ResultInterfaceFactory $resultFactory,
+        SubjectReader $subjectReader,
+        Config $config
+    ) {
+        parent::__construct($resultFactory);
+
+        $this->resultFactory = $resultFactory;
+        $this->subjectReader = $subjectReader;
+        $this->config = $config;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function validate(array $validationSubject): ResultInterface
+    {
+        if ($this->config->isActive() === false) {
+            return $this->createResult(true);
+        }
+
+        $response = $this->subjectReader->readResponse($validationSubject);
+        $transactionResponse = $response['transactionResponse'];
+
+        $cavvResultCode = $transactionResponse['cavvResultCode'] ?? '';
+        $isValid = $cavvResultCode === self::RESULT_CODE_SUCCESS;
+        $errorCodes = [];
+        $errorMessages = [];
+
+        if (!$isValid) {
+            $errorCodes[] = $transactionResponse['cavvResultCode'];
+            $errorMessages[] = 'CAVV failed validation';
+        }
+
+        return $this->createResult($isValid, $errorMessages, $errorCodes);
+    }
+}
@@ -13,4 +13,20 @@
             </argument>
         </arguments>
     </virtualType>
+    <virtualType name="Magento\AuthorizenetCardinal\Gateway\Validator\VirtualTransactionValidator" type="Magento\Payment\Gateway\Validator\ValidatorComposite">
+        <arguments>
+            <argument name="chainBreakingValidators" xsi:type="array">
+                <item name="general" xsi:type="boolean">true</item>
+            </argument>
+            <argument name="validators" xsi:type="array">
+                <item name="general" xsi:type="string">AuthorizenetAcceptjsTransactionValidator</item>
+                <item name="cavv_response" xsi:type="string">Magento\AuthorizenetCardinal\Gateway\Validator\CavvResponseValidator</item>
+            </argument>
+        </arguments>
+    </virtualType>
+    <virtualType name="AuthorizenetAcceptjsAuthorizeCommand">
+        <arguments>
+            <argument name="validator" xsi:type="object">Magento\AuthorizenetCardinal\Gateway\Validator\VirtualTransactionValidator</argument>
+        </arguments>
+    </virtualType>
 </config>
@@ -56,6 +56,8 @@ define([
             },
 
             /**
+             * Adds cardinal response JWT to payment additional data.
+             *
              * @returns {Object}
              */
             getData: function () {
 
@@ -1,7 +1,7 @@
 # Copyright © Magento, Inc. All rights reserved.
 # See COPYING.txt for license details.
 
-input PaymentMethodAdditionalDataInput {
+input PaymentMethodInput {
     authorizenet_acceptjs: AuthorizenetInput @doc(description: "Defines the required attributes for Authorize.Net payments")
 }
 
 
@@ -5,6 +5,8 @@
  */
 namespace Magento\Backend\Block;
 
+use Magento\Framework\Cache\LockGuardedCacheLoader;
+
 /**
  * Constructor modification point for Magento\Backend\Block\AbstractBlock.
  *
@@ -17,7 +19,7 @@
  * the classes they were introduced for.
  *
  * @api
- * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings(PHPMD)
  * @since 100.0.2
  */
 class Context extends \Magento\Framework\View\Element\Context
@@ -44,8 +46,9 @@ class Context extends \Magento\Framework\View\Element\Context
      * @param \Magento\Framework\Escaper $escaper
      * @param \Magento\Framework\Filter\FilterManager $filterManager
      * @param \Magento\Framework\Stdlib\DateTime\TimezoneInterface $localeDate
-     * @param \Magento\Framework\AuthorizationInterface $authorization
      * @param \Magento\Framework\Translate\Inline\StateInterface $inlineTranslation
+     * @param \Magento\Framework\AuthorizationInterface $authorization
+     * @param LockGuardedCacheLoader|null $lockQuery
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -67,7 +70,8 @@ public function __construct(
         \Magento\Framework\Filter\FilterManager $filterManager,
         \Magento\Framework\Stdlib\DateTime\TimezoneInterface $localeDate,
         \Magento\Framework\Translate\Inline\StateInterface $inlineTranslation,
-        \Magento\Framework\AuthorizationInterface $authorization
+        \Magento\Framework\AuthorizationInterface $authorization,
+        LockGuardedCacheLoader $lockQuery = null
     ) {
         $this->_authorization = $authorization;
         parent::__construct(
@@ -87,7 +91,8 @@ public function __construct(
             $escaper,
             $filterManager,
             $localeDate,
-            $inlineTranslation
+            $inlineTranslation,
+            $lockQuery
         );
     }
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`	`<button class="action primary checkout"`
`36`	`36`	`type="submit"`
`37`	`37`	`click="beforePlaceOrder"`
	`38`	`+ css="disabled: !isPlaceOrderActionAllowed()"`
`38`	`39`	`attr="title: $t('Place Order')"`
`39`	`40`	`>`
`40`	`41`	`<span translate="'Place Order'"></span>`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`# Copyright © Magento, Inc. All rights reserved.`
`2`	`2`	`# See COPYING.txt for license details.`
`3`	`3`
`4`		`-input PaymentMethodAdditionalDataInput {`
	`4`	`+input PaymentMethodInput {`
`5`	`5`	`authorizenet_acceptjs: AuthorizenetInput @doc(description: "Defines the required attributes for Authorize.Net payments")`
`6`	`6`	`}`
`7`	`7`