Skip to content

refactor(authentication): moved cavv storing from table to temp locker #7978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 12, 2025
Merged

refactor(authentication): moved cavv storing from table to temp locker #7978

merged 8 commits into from
May 12, 2025

Conversation

sahkal
Copy link
Contributor

@sahkal sahkal commented May 7, 2025
edited
Loading

Type of Change

  • Refactoring

Description

moved cavv storing from table to temp locker

Motivation and Context

Currently we are storing CAVV value in authentication table which might cause a security issue to resolve that we will be storing the CAVV in temp locker and fetch it in the current session while proceeding with the transaction.

How did you test it?

Check sanity of 3ds flows such as Netcetera, 3dsecure.io

Do Payments Create

curl --location 'localhost:8080/payments' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_ChBq2jsHNemvjysRrur7R62Xlk5acxmaneYdGdYu05Rn4yPtnj8uySMIVd8qnqBa' \
--data-raw '{
    "amount": 6540,
    "currency": "USD",
    "confirm": false,
    "capture_method": "automatic",
    "capture_on": "2022-09-10T10:11:12Z",
    "amount_to_capture": 6540,
    "customer_id": "StripeCustomer",
    "email": "[email protected]",
    "name": "John Doe",
    "phone": "999999999",
    "phone_country_code": "+65",
    "description": "Its my first payment request",
    "authentication_type": "three_ds",
    "return_url": "https://duck.com",
    "billing": {
        "address": {
            "line1": "1467",
            "line2": "Harrison Street",
            "line3": "Harrison Street",
            "city": "San Fransico",
            "state": "California",
            "zip": "94122",
            "country": "US",
            "first_name": "PiX",
            "last_name": "ieuhfuqe"
        },
        "phone": {
            "number": "123456789",
            "country_code": "12"
        }
    },
    "shipping": {
        "address": {
            "line1": "1467",
            "line2": "Harrison Street",
            "line3": "Harrison Street",
            "city": "San Fransico",
            "state": "California",
            "zip": "94122",
            "country": "US",
            "first_name": "PiX"
        },
        "phone": {
            "number": "123456789",
            "country_code": "12"
        }
    },
    "request_external_three_ds_authentication": true,
    "statement_descriptor_name": "joseph",
    "statement_descriptor_suffix": "JS",
    "metadata": {
        "udf1": "value1",
        "new_customer": "true",
        "login_date": "2019-09-10T10:11:12Z"
    },
    "force_3ds_challenge": false
}'

Do version call in payments confirm

curl --location 'localhost:8080/payments/pay_FMW9BlITyGdXbkqFqGCr/confirm' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: dev_ChBq2jsHNemvjysRrur7R62Xlk5acxmaneYdGdYu05Rn4yPtnj8uySMIVd8qnqBa' \
--data '{
    "browser_info": {
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
        "accept_header": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
        "language": "nl-NL",
        "color_depth": 24,
        "screen_height": 723,
        "screen_width": 1536,
        "time_zone": 0,
        "java_enabled": true,
        "java_script_enabled": true,
        "ip_address": "115.99.183.2"
    },
    
    "payment_method": "card",
    "payment_method_data": {
        "card": {
            "card_number": "card_number", 
            "card_exp_month": "10",
            "card_exp_year": "25",
            "card_holder_name": "joseph Doe",
            "card_cvc": "cvc"
        }
    }
}'

authenticate via browser

curl --location 'http://localhost:8080/payments/pay_FMW9BlITyGdXbkqFqGCr/3ds/authentication' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: pk_dev_9dd8d1dc9c24494ab149ee4364874671' \
--data '{
    "client_secret": "pay_FMW9BlITyGdXbkqFqGCr_secret_HcardpDpDtFO0wOpi8nA",
    "device_channel": "BRW",
    "threeds_method_comp_ind": "N"
}'

Authorise

curl --location 'localhost:8080/payments/pay_FMW9BlITyGdXbkqFqGCr/sahkal/authorize/cybersource' \
--header 'Content-Type: application/json' \
--header 'api-key: pk_dev_9dd8d1dc9c24494ab149ee4364874671' \
--data '{
    "client_secret": "pay_FMW9BlITyGdXbkqFqGCr_secret_HcardpDpDtFO0wOpi8nA"
}'

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code

@sahkal sahkal self-assigned this May 7, 2025
@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented May 7, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/core/payments/transformers.rs  73% smaller
  crates/router/src/core/payments.rs  71% smaller
  crates/router/src/types/transformers.rs  71% smaller
  crates/hyperswitch_connectors/src/connectors/gpayments/gpayments_types.rs  63% smaller
  crates/hyperswitch_connectors/src/connectors/netcetera/transformers.rs  63% smaller
  crates/hyperswitch_domain_models/src/router_request_types/unified_authentication_service.rs  63% smaller
  crates/router/src/connector/threedsecureio/transformers.rs  63% smaller
  crates/router/src/core/payments/types.rs  62% smaller
  crates/router/src/core/authentication.rs  58% smaller
  crates/hyperswitch_domain_models/src/router_response_types.rs  50% smaller
  crates/hyperswitch_interfaces/src/authentication.rs  50% smaller
  crates/router/src/types/api/authentication.rs  50% smaller
  crates/router/src/core/payments/operations/payment_confirm.rs  46% smaller
  crates/router/src/core/payments/operations/payment_status.rs  20% smaller
  crates/router/src/core/payments/operations/payment_response.rs  8% smaller
  crates/diesel_models/src/authentication.rs  0% smaller
  crates/hyperswitch_domain_models/src/router_request_types/authentication.rs  0% smaller
  crates/router/src/core/authentication/utils.rs Unsupported file format
  crates/router/src/core/unified_authentication_service/utils.rs Unsupported file format
  crates/router/src/core/webhooks/incoming.rs  0% smaller
  crates/router/src/types/domain.rs  0% smaller

@sahkal sahkal added A-core Area: Core flows S-waiting-on-review Status: This PR has been implemented and needs to be reviewed labels May 9, 2025
@sahkal sahkal added this to the May 2025 Release milestone May 9, 2025
@sahkal sahkal requested a review from sai-harsha-vardhan May 9, 2025 06:29
@sahkal sahkal marked this pull request as ready for review May 9, 2025 06:29
@sahkal sahkal requested review from a team as code owners May 9, 2025 06:29
sai-harsha-vardhan
sai-harsha-vardhan reviewed May 9, 2025
View reviewed changes
@sahkal sahkal requested a review from sai-harsha-vardhan May 9, 2025 10:59
deepanshu-iiitu
deepanshu-iiitu reviewed May 9, 2025
View reviewed changes
Copy link
Contributor

@deepanshu-iiitu deepanshu-iiitu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Connector changes look good

@SanchithHegde SanchithHegde merged commit dbaf567 into main May 12, 2025
15 of 20 checks passed
@SanchithHegde SanchithHegde deleted the 9426-stop-storing-cavv-value-in-authentication-table branch May 12, 2025 11:24
@SanchithHegde SanchithHegde removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label May 12, 2025
sahkal added a commit that referenced this pull request May 12, 2025
@sahkal @hyperswitch-bot
refactor(authentication): moved cavv storing from table to temp locker (
899a248 
#7978)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
@sahkal sahkal mentioned this pull request May 12, 2025
Merged
8 tasks
pixincreate added a commit that referenced this pull request May 12, 2025
@pixincreate
Merge branch 'main' of github.com:juspay/hyperswitch into ci/cypress-…
ab409bd 
…adyen-ideal

* 'main' of github.com:juspay/hyperswitch: (62 commits)
  fix(core): language consumption from locale in payment and payout links (#7993)
  feat(refunds_v2): Add refunds list flow in v2 apis (#7966)
  refactor(connector): [Noon] auth header (#7977)
  fix(connector): [Novalnet] send decoded token for apple pay payment (#7973)
  feat(business_profile): add business_profile config to enable external vault (#7876)
  feat(vsaas): integrate onboarding flow for vertical saas (#7884)
  feat(connector): Introduce connector template code for WorldpayXML  (#7968)
  feat(connector): [ADYEN, CHECKOUT] Added In Feature Matrix API (#7914)
  feat(core): add psync support for recovery external payments (#7855)
  refactor(open_router): call elimination routing of open router if enabled instead of dynamo (#7961)
  feat(payment_methods): add v2 api for fetching token data (#7629)
  ci(cypress): Fix Bank Redirects for stripe test (#8004)
  chore(version): 2025.05.12.0
  refactor(authentication): moved cavv storing from table to temp locker (#7978)
  chore(version): 2025.05.09.0
  feat(connector): [paypal, trustpay] add in feature matrix (#7911)
  fix(update_metadata): Update Metadata for any connectors other than stripe gives 500 error (#7984)
  fix(router): Fixed stack over flow for session call in authentication connectors (#7983)
  chore(version): 2025.05.08.0
  fix(payment): disable payment update via client config (#7970)
  ...
This was referenced May 14, 2025
Merged
Merged
Closed
sahkal added a commit that referenced this pull request May 15, 2025
@sahkal @hyperswitch-bot
refactor(authentication): moved cavv storing from table to temp locker (
7b26ff2 
#7978)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This was referenced May 15, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepanshu-iiitu deepanshu-iiitu deepanshu-iiitu approved these changes

@sai-harsha-vardhan sai-harsha-vardhan sai-harsha-vardhan approved these changes

@su-shivanshmathur su-shivanshmathur su-shivanshmathur approved these changes

Assignees

@sahkal sahkal

Labels
A-core Area: Core flows
Projects
None yet
Milestone
May 2025 Release
Development

Successfully merging this pull request may close these issues.
6 participants
@sahkal @deepanshu-iiitu @sai-harsha-vardhan @su-shivanshmathur @SanchithHegde @Gnanasundari24