Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Magento 2.4.6-p6 Csp bugfix (jquery getScript bug) #56

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 4 additions & 9 deletions .github/workflows/pull_request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:

permissions:
contents: write
pull-requests: write

jobs:
check:
Expand All @@ -19,13 +20,7 @@ jobs:
name: 'tpay-magento2-basic'
path: './'

- uses: actions/github-script@v6
- uses: mshick/add-pr-comment@v2
with:
github-token: ${{ secrets.TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Tpay Magento2 plugin - ${{ steps.plugin-upload.outputs.artifact-url }}'
})
message: |
Tpay Magento2 plugin - ${{ steps.plugin-upload.outputs.artifact-url }}
39 changes: 28 additions & 11 deletions Model/ApiFacade/TpayConfig/CardConfigFacade.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
namespace Tpay\Magento2\Model\ApiFacade\TpayConfig;

use Exception;
use Magento\Csp\Helper\CspNonceProvider;
use Magento\Framework\Escaper;
use Magento\Framework\View\Asset\Repository;
use Tpay\Magento2\Api\TpayConfigInterface;
use Tpay\Magento2\Api\TpayInterface;
Expand Down Expand Up @@ -36,13 +38,28 @@ class CardConfigFacade
/** @var bool */
private $useOpenApi;

public function __construct(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService, TpayService $tpayService)
{
/** @var CspNonceProvider */
private $cspNonceProvider;

/** @var Escaper */
private $escaper;

public function __construct(
TpayInterface $tpay,
TpayConfigInterface $tpayConfig,
Repository $assetRepository,
TpayTokensService $tokensService,
TpayService $tpayService,
CspNonceProvider $cspNonceProvider,
Escaper $escaper
) {
$this->tpay = $tpay;
$this->tpayConfig = $tpayConfig;
$this->assetRepository = $assetRepository;
$this->tokensService = $tokensService;
$this->tpayService = $tpayService;
$this->cspNonceProvider = $cspNonceProvider;
$this->escaper = $escaper;
}

public function getConfig(): array
Expand All @@ -60,29 +77,29 @@ private function getCurrentApi()
private function connectApi()
{
if (null == $this->openApi && null === $this->originApi) {
$originAuthorization = $this->createOriginApiInstance($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService, $this->tpayService);
$originAuthorization = $this->createOriginApiInstance();

if (isset($originAuthorization['content']) && 'correct' == $originAuthorization['content']) {
$this->useOpenApi = false;

return;
}

$this->createOpenApiInstance($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService);
$this->createOpenApiInstance();
}
}

private function createOriginApiInstance(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService, TpayService $tpayService): array
private function createOriginApiInstance(): array
{
if (!$tpayConfig->isCardEnabled()) {
if (!$this->tpayConfig->isCardEnabled()) {
$this->originApi = null;

return [];
}

try {
$cardOrigin = new CardOrigin($tpay, $tpayConfig, $tokensService, $tpayService);
$this->originApi = new ConfigOrigin($tpay, $tpayConfig, $assetRepository, $tokensService);
$cardOrigin = new CardOrigin($this->tpay, $this->tpayConfig, $this->tokensService, $this->tpayService);
$this->originApi = new ConfigOrigin($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService, $this->cspNonceProvider, $this->escaper);

return $cardOrigin->requests($cardOrigin->cardsApiURL.$this->tpayConfig->getCardApiKey(), ['api_password' => $this->tpayConfig->getCardApiPassword(), 'method' => 'check']);
} catch (Exception $exception) {
Expand All @@ -92,17 +109,17 @@ private function createOriginApiInstance(TpayInterface $tpay, TpayConfigInterfac
}
}

private function createOpenApiInstance(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService)
private function createOpenApiInstance()
{
if (!$tpayConfig->isOpenApiEnabled() || !$tpayConfig->isPlnPayment()) {
if (!$this->tpayConfig->isOpenApiEnabled() || !$this->tpayConfig->isPlnPayment()) {
$this->openApi = null;
$this->useOpenApi = false;

return;
}

try {
$this->openApi = new ConfigOpen($tpay, $tpayConfig, $assetRepository, $tokensService);
$this->openApi = new ConfigOpen($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService, $this->cspNonceProvider, $this->escaper);
$this->openApi->authorization();
$this->useOpenApi = true;
} catch (Exception $exception) {
Expand Down
53 changes: 17 additions & 36 deletions Model/ApiFacade/TpayConfig/ConfigFacade.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,49 +3,36 @@
namespace Tpay\Magento2\Model\ApiFacade\TpayConfig;

use Exception;
use Magento\Framework\View\Asset\Repository;
use Tpay\Magento2\Api\TpayConfigInterface;
use Tpay\Magento2\Api\TpayInterface;
use Tpay\Magento2\Model\ApiFacade\Transaction\TransactionOriginApi;
use Tpay\Magento2\Service\TpayService;
use Tpay\Magento2\Service\TpayTokensService;

class ConfigFacade
{
/** @var ConfigOrigin */
/** @var ConfigOrigin\Proxy */
private $originConfig;

/** @var ConfigOpen */
/** @var ConfigOpen\Proxy */
private $openApi;

/** @var CardConfigFacade */
/** @var CardConfigFacade\Proxy */
private $cardConfig;

/** @var TpayInterface */
private $tpay;

/** @var TpayConfigInterface */
private $tpayConfig;

/** @var Repository */
private $assetRepository;

/** @var TpayTokensService */
private $tokensService;

/** @var TpayService */
private $tpayService;

/** @var bool */
private $useOpenApi;

public function __construct(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService, TpayService $tpayService)
{
$this->tpay = $tpay;
public function __construct(
TpayConfigInterface $tpayConfig,
ConfigOrigin\Proxy $originConfig,
ConfigOpen\Proxy $openApi,
CardConfigFacade\Proxy $cardConfig
) {
$this->tpayConfig = $tpayConfig;
$this->assetRepository = $assetRepository;
$this->tokensService = $tokensService;
$this->tpayService = $tpayService;
$this->originConfig = $originConfig;
$this->openApi = $openApi;
$this->cardConfig = $cardConfig;
}

public function getConfig(): array
Expand All @@ -63,29 +50,25 @@ private function getCurrentApi()
private function connectApi()
{
if (null == $this->openApi && null === $this->originConfig) {
$this->createOriginApiInstance($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService);
$this->createOpenApiInstance($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService);
$this->cardConfig = new CardConfigFacade($this->tpay, $this->tpayConfig, $this->assetRepository, $this->tokensService, $this->tpayService);
$this->createOriginApiInstance($this->tpayConfig);
$this->createOpenApiInstance($this->tpayConfig);
}
}

private function createOriginApiInstance(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService)
private function createOriginApiInstance(TpayConfigInterface $tpayConfig)
{
if (!$tpayConfig->isOriginApiEnabled()) {
$this->originConfig = null;

return;
}

try {
new TransactionOriginApi($tpayConfig->getApiPassword(), $tpayConfig->getApiKey(), $tpayConfig->getMerchantId(), $tpayConfig->getSecurityCode(), !$tpayConfig->useSandboxMode());
$this->originConfig = new ConfigOrigin($tpay, $tpayConfig, $assetRepository, $tokensService);
} catch (Exception $exception) {
$this->originConfig = null;
return;
}
}

private function createOpenApiInstance(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService)
private function createOpenApiInstance(TpayConfigInterface $tpayConfig)
{
if (!$tpayConfig->isPlnPayment() || !$tpayConfig->isOpenApiEnabled()) {
$this->openApi = null;
Expand All @@ -95,11 +78,9 @@ private function createOpenApiInstance(TpayInterface $tpay, TpayConfigInterface
}

try {
$this->openApi = new ConfigOpen($tpay, $tpayConfig, $assetRepository, $tokensService);
$this->openApi->authorization();
$this->useOpenApi = true;
} catch (Exception $exception) {
$this->openApi = null;
$this->useOpenApi = false;
}
}
Expand Down
27 changes: 23 additions & 4 deletions Model/ApiFacade/TpayConfig/ConfigOpen.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

namespace Tpay\Magento2\Model\ApiFacade\TpayConfig;

use Magento\Csp\Helper\CspNonceProvider;
use Magento\Framework\Escaper;
use Magento\Framework\View\Asset\Repository;
use Tpay\Magento2\Api\TpayConfigInterface;
use Tpay\Magento2\Api\TpayInterface;
Expand All @@ -23,12 +25,26 @@ class ConfigOpen extends TpayApi
/** @var Repository */
private $assetRepository;

public function __construct(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService)
{
/** @var CspNonceProvider */
private $cspNonceProvider;

/** @var Escaper */
private $escaper;

public function __construct(
TpayInterface $tpay,
TpayConfigInterface $tpayConfig,
Repository $assetRepository,
TpayTokensService $tokensService,
CspNonceProvider $cspNonceProvider,
Escaper $escaper
) {
$this->tpay = $tpay;
$this->tpayConfig = $tpayConfig;
$this->assetRepository = $assetRepository;
$this->tokensService = $tokensService;
$this->cspNonceProvider = $cspNonceProvider;
$this->escaper = $escaper;
parent::__construct($tpayConfig->getOpenApiClientId(), $tpayConfig->getOpenApiPassword(), !$tpayConfig->useSandboxMode());
}

Expand Down Expand Up @@ -70,9 +86,12 @@ public function createScript(string $script): string
{
return <<<EOD

<script type="text/javascript">
<script nonce='{$this->cspNonceProvider->generateNonce()}'>
require(['jquery'], function ($) {
$.getScript('{$this->generateURL($script)}');
let script = document.createElement('script');
script.nonce = '{$this->cspNonceProvider->generateNonce()}';
script.textContent = '{$this->escaper->escapeJs($this->assetRepository->createAsset($script)->getContent())}';
document.head.appendChild(script);

});
</script>
Expand Down
27 changes: 23 additions & 4 deletions Model/ApiFacade/TpayConfig/ConfigOrigin.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

namespace Tpay\Magento2\Model\ApiFacade\TpayConfig;

use Magento\Csp\Helper\CspNonceProvider;
use Magento\Framework\Escaper;
use Magento\Framework\View\Asset\Repository;
use Tpay\Magento2\Api\TpayConfigInterface;
use Tpay\Magento2\Api\TpayInterface;
Expand All @@ -22,12 +24,26 @@ class ConfigOrigin
/** @var TpayConfigInterface */
private $tpayConfig;

public function __construct(TpayInterface $tpay, TpayConfigInterface $tpayConfig, Repository $assetRepository, TpayTokensService $tokensService)
{
/** @var CspNonceProvider */
private $cspNonceProvider;

/** @var Escaper */
private $escaper;

public function __construct(
TpayInterface $tpay,
TpayConfigInterface $tpayConfig,
Repository $assetRepository,
TpayTokensService $tokensService,
CspNonceProvider $cspNonceProvider,
Escaper $escaper
) {
$this->tpay = $tpay;
$this->tpayConfig = $tpayConfig;
$this->assetRepository = $assetRepository;
$this->tokensService = $tokensService;
$this->cspNonceProvider = $cspNonceProvider;
$this->escaper = $escaper;
}

public function getConfig(): array
Expand Down Expand Up @@ -71,9 +87,12 @@ public function createScript(string $script): string
{
return <<<EOD

<script type="text/javascript">
<script nonce='{$this->cspNonceProvider->generateNonce()}'>
require(['jquery'], function ($) {
$.getScript('{$this->generateURL($script)}');
let script = document.createElement('script');
script.nonce = '{$this->cspNonceProvider->generateNonce()}';
script.textContent = '{$this->escaper->escapeJs($this->assetRepository->createAsset($script)->getContent())}';
document.head.appendChild(script);

});
</script>
Expand Down
15 changes: 4 additions & 11 deletions Model/TpayConfigProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,10 @@
namespace Tpay\Magento2\Model;

use Magento\Checkout\Model\ConfigProviderInterface;
use Magento\Framework\View\Asset\Repository;
use Magento\Payment\Helper\Data as PaymentHelper;
use Tpay\Magento2\Api\TpayConfigInterface;
use Tpay\Magento2\Api\TpayInterface;
use Tpay\Magento2\Model\ApiFacade\TpayConfig\ConfigFacade;
use Tpay\Magento2\Model\ApiFacade\Transaction\TransactionApiFacade;
use Tpay\Magento2\Service\TpayService;
use Tpay\Magento2\Service\TpayTokensService;

class TpayConfigProvider implements ConfigProviderInterface
{
Expand All @@ -22,28 +18,25 @@ class TpayConfigProvider implements ConfigProviderInterface
/** @var TpayInterface */
protected $paymentMethod;

/** @var ConfigFacade */
/** @var ConfigFacade\Proxy */
protected $configFacade;

/** @var TransactionApiFacade */
protected $transactionApi;

public function __construct(
PaymentHelper $paymentHelper,
Repository $assetRepository,
TpayTokensService $tokensService,
TransactionApiFacade $transactionApiFacade,
TpayService $tpayService,
TpayConfigInterface $tpayConfig
ConfigFacade\Proxy $configFacade
) {
$this->paymentHelper = $paymentHelper;
$this->transactionApi = $transactionApiFacade;
$this->configFacade = new ConfigFacade($this->getPaymentMethodInstance(), $tpayConfig, $assetRepository, $tokensService, $tpayService);
$this->configFacade = $configFacade;
}

public function getConfig(): array
{
if (!$this->paymentMethod->isAvailable()) {
if (!$this->getPaymentMethodInstance()->isAvailable()) {
return [];
}

Expand Down
Loading