merge magento/2.3-develop into magento-techdivision/varnish6_update

app/code/Magento/AuthorizenetAcceptjs/etc/adminhtml/di.xml

@@ -31,4 +31,9 @@
             </argument>
         </arguments>
     </virtualType>
+    <virtualType name="AuthorizenetAcceptjsAuthorizeCommand" type="Magento\Payment\Gateway\Command\GatewayCommand">
+        <arguments>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
+        </arguments>
+    </virtualType>
 </config>

app/code/Magento/AuthorizenetAcceptjs/etc/di.xml

@@ -134,6 +134,7 @@
         <arguments>
             <argument name="requestBuilder" xsi:type="object">AuthorizenetAcceptjsRefundRequest</argument>
             <argument name="handler" xsi:type="object">AuthorizenetAcceptjsRefundSettledHandler</argument>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
         </arguments>
     </virtualType>
     <virtualType name="AuthorizenetAcceptjsCaptureCommand" type="Magento\AuthorizenetAcceptjs\Gateway\Command\CaptureStrategyCommand">
@@ -145,6 +146,7 @@
         <arguments>
             <argument name="requestBuilder" xsi:type="object">AuthorizenetAcceptjsCaptureRequest</argument>
             <argument name="handler" xsi:type="object">AuthorizenetAcceptjsCaptureTransactionHandler</argument>
+            <argument name="validator" xsi:type="object">AuthorizenetAcceptjsTransactionValidator</argument>
         </arguments>
     </virtualType>
     <virtualType name="AuthorizenetAcceptjsVoidCommand" type="Magento\Payment\Gateway\Command\GatewayCommand">

app/code/Magento/AuthorizenetAcceptjs/view/frontend/web/template/payment/authorizenet-acceptjs.html

@@ -35,6 +35,7 @@
                 <button class="action primary checkout"
                         type="submit"
                         click="beforePlaceOrder"
+                        css="disabled: !isPlaceOrderActionAllowed()"
                         attr="title: $t('Place Order')"
                 >
                     <span translate="'Place Order'"></span>

app/code/Magento/AuthorizenetCardinal/Gateway/Request/Authorize3DSecureBuilder.php

@@ -10,7 +10,7 @@
 
 use Magento\AuthorizenetAcceptjs\Gateway\SubjectReader;
 use Magento\AuthorizenetCardinal\Model\Config;
-use Magento\CardinalCommerce\Model\Response\JwtParser;
+use Magento\CardinalCommerce\Model\Response\JwtParserInterface;
 use Magento\Payment\Gateway\Request\BuilderInterface;
 use Magento\Sales\Model\Order\Payment;
 
@@ -30,19 +30,19 @@ class Authorize3DSecureBuilder implements BuilderInterface
     private $config;
 
     /**
-     * @var JwtParser
+     * @var JwtParserInterface
      */
     private $jwtParser;
 
     /**
      * @param SubjectReader $subjectReader
      * @param Config $config
-     * @param JwtParser $jwtParser
+     * @param JwtParserInterface $jwtParser
      */
     public function __construct(
         SubjectReader $subjectReader,
         Config $config,
-        JwtParser $jwtParser
+        JwtParserInterface $jwtParser
     ) {
         $this->subjectReader = $subjectReader;
         $this->config = $config;

app/code/Magento/AuthorizenetCardinal/Gateway/Validator/CavvResponseValidator.php

@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\AuthorizenetCardinal\Gateway\Validator;
+
+use Magento\AuthorizenetAcceptjs\Gateway\SubjectReader;
+use Magento\AuthorizenetCardinal\Model\Config;
+use Magento\Payment\Gateway\Validator\AbstractValidator;
+use Magento\Payment\Gateway\Validator\ResultInterface;
+use Magento\Payment\Gateway\Validator\ResultInterfaceFactory;
+
+/**
+ * Validates cardholder authentication verification response code.
+ */
+class CavvResponseValidator extends AbstractValidator
+{
+    /**
+     * The result code that authorize.net returns if CAVV passed validation.
+     */
+    private const RESULT_CODE_SUCCESS = '2';
+
+    /**
+     * @var SubjectReader
+     */
+    private $subjectReader;
+
+    /**
+     * @var ResultInterfaceFactory
+     */
+    private $resultFactory;
+
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * @param ResultInterfaceFactory $resultFactory
+     * @param SubjectReader $subjectReader
+     * @param Config $config
+     */
+    public function __construct(
+        ResultInterfaceFactory $resultFactory,
+        SubjectReader $subjectReader,
+        Config $config
+    ) {
+        parent::__construct($resultFactory);
+
+        $this->resultFactory = $resultFactory;
+        $this->subjectReader = $subjectReader;
+        $this->config = $config;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function validate(array $validationSubject): ResultInterface
+    {
+        if ($this->config->isActive() === false) {
+            return $this->createResult(true);
+        }
+
+        $response = $this->subjectReader->readResponse($validationSubject);
+        $transactionResponse = $response['transactionResponse'];
+
+        $cavvResultCode = $transactionResponse['cavvResultCode'] ?? '';
+        $isValid = $cavvResultCode === self::RESULT_CODE_SUCCESS;
+        $errorCodes = [];
+        $errorMessages = [];
+
+        if (!$isValid) {
+            $errorCodes[] = $transactionResponse['cavvResultCode'];
+            $errorMessages[] = 'CAVV failed validation';
+        }
+
+        return $this->createResult($isValid, $errorMessages, $errorCodes);
+    }
+}

app/code/Magento/AuthorizenetCardinal/etc/di.xml

@@ -13,4 +13,20 @@
             </argument>
         </arguments>
     </virtualType>
+    <virtualType name="Magento\AuthorizenetCardinal\Gateway\Validator\VirtualTransactionValidator" type="Magento\Payment\Gateway\Validator\ValidatorComposite">
+        <arguments>
+            <argument name="chainBreakingValidators" xsi:type="array">
+                <item name="general" xsi:type="boolean">true</item>
+            </argument>
+            <argument name="validators" xsi:type="array">
+                <item name="general" xsi:type="string">AuthorizenetAcceptjsTransactionValidator</item>
+                <item name="cavv_response" xsi:type="string">Magento\AuthorizenetCardinal\Gateway\Validator\CavvResponseValidator</item>
+            </argument>
+        </arguments>
+    </virtualType>
+    <virtualType name="AuthorizenetAcceptjsAuthorizeCommand">
+        <arguments>
+            <argument name="validator" xsi:type="object">Magento\AuthorizenetCardinal\Gateway\Validator\VirtualTransactionValidator</argument>
+        </arguments>
+    </virtualType>
 </config>

app/code/Magento/AuthorizenetCardinal/view/frontend/web/js/authorizenet-accept-mixin.js

@@ -56,6 +56,8 @@ define([
             },
 
             /**
+             * Adds cardinal response JWT to payment additional data.
+             *
              * @returns {Object}
              */
             getData: function () {

app/code/Magento/Braintree/view/frontend/requirejs-config.js

@@ -6,11 +6,11 @@
 var config = {
     map: {
         '*': {
-            braintreeClient: 'https://js.braintreegateway.com/web/3.44.1/js/client.min.js',
-            braintreeHostedFields: 'https://js.braintreegateway.com/web/3.44.1/js/hosted-fields.min.js',
-            braintreePayPal: 'https://js.braintreegateway.com/web/3.44.1/js/paypal-checkout.min.js',
-            braintree3DSecure: 'https://js.braintreegateway.com/web/3.44.1/js/three-d-secure.min.js',
-            braintreeDataCollector: 'https://js.braintreegateway.com/web/3.44.1/js/data-collector.min.js'
+            braintreeClient: 'https://js.braintreegateway.com/web/3.46.0-beta-3ds.8/js/client.min.js',
+            braintreeHostedFields: 'https://js.braintreegateway.com/web/3.46.0-beta-3ds.8/js/hosted-fields.min.js',
+            braintreePayPal: 'https://js.braintreegateway.com/web/3.46.0-beta-3ds.8/js/paypal-checkout.min.js',
+            braintree3DSecure: 'https://js.braintreegateway.com/web/3.46.0-beta-3ds.8/js/three-d-secure.min.js',
+            braintreeDataCollector: 'https://js.braintreegateway.com/web/3.46.0-beta-3ds.8/js/data-collector.min.js'
         }
     },
     paths: {

app/code/Magento/Braintree/view/frontend/web/js/view/payment/3d-secure.js

@@ -41,6 +41,7 @@ define([
             braintreeAdapter.getApiClient()
                 .then(function (clientInstance) {
                     return braintree3DSecure.create({
+                        version: 2, // Will use 3DS 2 whenever possible
                         client: clientInstance
                     });
                 })
@@ -49,6 +50,7 @@ define([
                     promise.resolve(self.threeDSecureInstance);
                 })
                 .catch(function (err) {
+                    fullScreenLoader.stopLoader();
                     promise.reject(err);
                 });
 
@@ -84,30 +86,55 @@ define([
             var self = this,
                 totalAmount = quote.totals()['base_grand_total'],
                 billingAddress = quote.billingAddress(),
+                shippingAddress = quote.shippingAddress(),
                 options = {
                     amount: totalAmount,
                     nonce: context.paymentPayload.nonce,
-
-                    /**
-                     * Adds iframe to page
-                     * @param {Object} err
-                     * @param {Object} iframe
-                     */
-                    addFrame: function (err, iframe) {
-                        self.createModal($(iframe));
-                        fullScreenLoader.stopLoader();
-                        self.modal.openModal();
+                    billingAddress: {
+                        givenName: billingAddress.firstname,
+                        surname: billingAddress.lastname,
+                        phoneNumber: billingAddress.telephone,
+                        streetAddress: billingAddress.street[0],
+                        extendedAddress: billingAddress.street[1],
+                        locality: billingAddress.city,
+                        region: billingAddress.regionCode,
+                        postalCode: billingAddress.postcode,
+                        countryCodeAlpha2: billingAddress.countryId
                     },
 
                     /**
-                     * Removes iframe from page
+                     * Will be called after receiving ThreeDSecure response, before completing the flow.
+                     *
+                     * @param {Object} data - ThreeDSecure data to consume before continuing
+                     * @param {Function} next - callback to continue flow
                      */
-                    removeFrame: function () {
-                        self.modal.closeModal();
+                    onLookupComplete: function (data, next) {
+                        next();
+                    }
+                };
+
+            if (context.paymentPayload.details) {
+                options.bin = context.paymentPayload.details.bin;
+            }
+
+            if (shippingAddress) {
+                options.additionalInformation = {
+                    shippingGivenName: shippingAddress.firstname,
+                    shippingSurname: shippingAddress.lastname,
+                    shippingPhone: shippingAddress.telephone,
+                    shippingAddress: {
+                        streetAddress: shippingAddress.street[0],
+                        extendedAddress: shippingAddress.street[1],
+                        locality: shippingAddress.city,
+                        region: shippingAddress.regionCode,
+                        postalCode: shippingAddress.postcode,
+                        countryCodeAlpha2: shippingAddress.countryId
                     }
                 };
+            }
 
             if (!this.isAmountAvailable(totalAmount) || !this.isCountryAvailable(billingAddress.countryId)) {
+                self.state = $.Deferred();
                 self.state.resolve();
 
                 return self.state.promise();
@@ -118,6 +145,7 @@ define([
                 .then(function () {
                     self.threeDSecureInstance.verifyCard(options, function (err, payload) {
                         if (err) {
+                            fullScreenLoader.stopLoader();
                             self.state.reject(err.message);
 
                             return;
@@ -129,6 +157,7 @@ define([
                             context.paymentPayload.nonce = payload.nonce;
                             self.state.resolve();
                         } else {
+                            fullScreenLoader.stopLoader();
                             self.state.reject($t('Please try again with another form of payment.'));
                         }
                     });
@@ -141,42 +170,6 @@ define([
             return self.state.promise();
         },
 
-        /**
-         * Creates modal window
-         *
-         * @param {Object} $context
-         * @private
-         */
-        createModal: function ($context) {
-            var self = this,
-                options = {
-                    clickableOverlay: false,
-                    buttons: [],
-                    modalCloseBtnHandler: self.cancelFlow.bind(self),
-                    keyEventHandlers: {
-                        escapeKey: self.cancelFlow.bind(self)
-                    }
-                };
-
-            // adjust iframe styles
-            $context.attr('width', '100%');
-            self.modal = Modal(options, $context);
-        },
-
-        /**
-         * Cancels 3D Secure flow
-         *
-         * @private
-         */
-        cancelFlow: function () {
-            var self = this;
-
-            self.threeDSecureInstance.cancelVerifyCard(function () {
-                self.modal.closeModal();
-                self.state.reject();
-            });
-        },
-
         /**
          * Checks minimal amount for 3D Secure activation
          *

app/code/Magento/CardinalCommerce/Model/Response/JwtParser.php

@@ -14,9 +14,9 @@
 use Magento\Payment\Model\Method\Logger as PaymentLogger;
 
 /**
- * Parse content of CardinalCommerce response JWT.
+ * Parses content of CardinalCommerce response JWT.
  */
-class JwtParser
+class JwtParser implements JwtParserInterface
 {
     /**
      * @var JwtManagement

app/code/Magento/CardinalCommerce/Model/Response/JwtParserInterface.php

@@ -0,0 +1,21 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\CardinalCommerce\Model\Response;
+
+/**
+ * Parses content of CardinalCommerce response JWT.
+ */
+interface JwtParserInterface
+{
+    /**
+     * Returns response JWT content.
+     *
+     * @param string $jwt
+     * @return array
+     */
+    public function execute(string $jwt): array;
+}

app/code/Magento/CardinalCommerce/etc/adminhtml/system.xml

@@ -13,9 +13,8 @@
             <resource>Magento_Sales::three_d_secure</resource>
             <group id="cardinal" type="text" sortOrder="13" showInDefault="1" showInWebsite="1" showInStore="0">
                 <group id="config" translate="label comment" sortOrder="15" showInDefault="1" showInWebsite="1" showInStore="0">
-                    <label>Configuration</label>
-                    <comment><![CDATA[For support contact <a href="mailto:[email protected]">[email protected]</a>.]]>
-                    </comment>
+                    <label>CardinalCommerce</label>
+                    <comment><![CDATA[Please visit <a href="https://www.cardinalcommerce.com/" target="_blank">www.cardinalcommerce.com</a> to get the CardinalCommerce credentials and find out more details about PSD2 SCA requirements. For support contact <a href="mailto:[email protected]">[email protected]</a>.]]></comment>
                     <field id="environment" translate="label" type="select" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="0">
                         <label>Environment</label>
                         <source_model>Magento\CardinalCommerce\Model\Adminhtml\Source\Environment</source_model>

app/code/Magento/CardinalCommerce/etc/di.xml

@@ -7,4 +7,5 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
     <preference for="Magento\CardinalCommerce\Model\Response\JwtPayloadValidatorInterface" type="Magento\CardinalCommerce\Model\Response\JwtPayloadValidator" />
+    <preference for="Magento\CardinalCommerce\Model\Response\JwtParserInterface" type="Magento\CardinalCommerce\Model\Response\JwtParser" />
 </config>