Merge pull request #32 from cybersource-tpi/checkmarx

Checkmarx

Author: cybersource-tpi

Jenkinsfile

@@ -109,7 +109,7 @@ podTemplate(
                 reportName           : 'Code Coverage Reports'
             ])
 
-            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: '[email protected]'])
+            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: ''])
             notifySlack(this, "cybersource-jenkins", false)
         }
     }

Jenkinsfile.publish

@@ -145,7 +145,7 @@ podTemplate(
         currentBuild.result = 'FAILURE'
         throw any
     } finally {
-        step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: '[email protected]'])
+        step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: ''])
         notifySlack(this, "cybersource-jenkins", false)
     }
 }}

README.md

@@ -1,4 +1,4 @@
-# ISV OCC Payment
+# Cybersource Official
 
 ## Documentation
 

documentation/Oracle Commerce Cloud Installation Guide.pdf

@@ -86,7 +86,7 @@ Once the module is installed, head back to the Oracle Commerce Cloud Admin to co
 After successful deployment you will need to enable payment gateway:
 
 - Go to OCC Admin -> Settings -> Payment Processing
-- Open 'Payment gateways' tab and choose 'ISV OCC Gateway' from the list
+- Open 'Payment gateways' tab and choose 'Cybersource Official' from the list
 - Select 'Payment Gateway Enabled' option
 - Configure gateway settings by providing values (e.g. merchant credentials) for particular channel (Preview, Storefront, Agent)
 - Save Changes

documentation/Oracle Commerce Cloud- Cybersource User Installation Guide.pdf renamed to documentation/Oracle Commerce Cloud- Cybersource Official User Installation Guide.pdf

@@ -1,5 +1,5 @@
 
-# ISV OCC Payment Plugin
+# Cybersource Official Payment Plugin
 
 ## Oracle Commerce Cloud
 
@@ -23,7 +23,7 @@
 
 ## Audience and Purpose
 
-This document is written for merchants who want to use Payment and Value added Business services. This document provides an overview for integrating ISV OCC payment services into Oracle Commerce Cloud platform.
+This document is written for merchants who want to use Payment and Value added Business services. This document provides an overview for integrating Cybersource Official payment services into Oracle Commerce Cloud platform.
 
 ## Conventions
 

documentation/images/extension-version.png

@@ -56,7 +56,7 @@ The `payment-gateway` package hold gateway settings definition according to [Sup
 .
 ├── ext.json
 ├── gateway
-│   └── isv-occ-gateway // name of the  gateway
+│   └── isv-occ-gateway 
 │       ├── config
 │       │   ├── config.json // configuration properties
 │       │   └── locales
@@ -69,7 +69,7 @@ The `gateway/isv-occ-gateway/gateway.json` file has the following definition:
 
 ```json
 {
-  "provider": "ISV OCC Gateway",
+  "provider": "Cybersource Official",
   "paymentMethodTypes": ["generic", "card"],
   "transactionTypes": {
     "generic": ["initiate", "retrieve", "authorization", "void", "refund"],

documentation/images/merchantId.png

@@ -9,7 +9,8 @@
    3. [Payer Authentication](#payer-authentication)
       1. [UI integration details](#ui-integration-details-1)
       2. [Backend (SSE) integration details](#backend-sse-integration-details-1)
-      3. [Strong Customer Authentication (SCA)](#strong-customer-authentication-sca)
+      3. [Decision Manager with Payer Authentication](#decision-manager-with-payer-authentication)
+      4. [Strong Customer Authentication (SCA)](#strong-customer-authentication-sca)
    4. [Network Tokens](#network-tokenization)
    5. [Capturing funds during authorization (SALE)](#capturing-funds-during-authorization-sale)
 
@@ -273,6 +274,10 @@ The following UI component contains Payer Authentication integration logic `plug
 - `server-extension/src/services/payments/converters/request/mappers/payerAuthEnrollMapper.ts` Including payer auth reference id into PSP card authorization request
 - `server-extension/src/services/payments/converters/request/mappers/payerAuthValidationMapper.ts` Including payer auth validation token into PSP card authorization request
 
+#### Decision Manager with Payer Authentication
+You can use Decision Manager with payer authentication services to allow the risk of an order to determine when you need to invoke payer authentication.
+[Decision Manager with Payer Authentication](https://ebc.cybersource.com/content/ebc/docs/cybs/en-us/html/dm-develop/developer/all/so/oxy_ex-1/topics/c_Using_DM_With_Payer_Auth.html)
+
 #### Strong Customer Authentication (SCA)
 
 When `Payer Authentication` is enabled, if a transaction gets declined with the reason as Strong Customer Authentication required, then another request will be sent from Oracle Commerce Cloud automatically for the same order and the customer will be 3DS challenged. 

documentation/installation.md

@@ -5,10 +5,10 @@ If you require support with this software, please contact GlobalPartnerSolutions
 - Steps to reproduce the issue
 - Oracle Commerce Cloud Platform version: You can find Oracle Commerce Cloud Platform Version in Oracle Commerce Cloud Backoffice dashboard.
 ![Version](images/version.png)
-- Plugin/ Extension version: Under Settings->Extension, find the version of the installed ISV Payment Gateway extension.
+- Plugin/ Extension version: Under Settings->Extension, find the version of the installed Cybersource Official Payment Gateway extension.
 ![Extension Version](images/extension-version.png)
-- Cybersource Merchant ID: Under Settings->Payment Processing, Select the ISV OCC Payment from the Service Type dropdown, find the Merchant Id
+- Cybersource Merchant ID: Under Settings->Payment Processing, Select Cybersource Official from the Service Type dropdown, find the Merchant Id.
 ![Merchant Id](images/merchantId.png)
 - Order ID/ Merchant Reference Number: Order ID can be found in Order Confirmation Page or under Order History.
-- Configuration screenshots: Please provide screenshots of ISV OCC Gateway Configurations.
+- Configuration screenshots: Please provide screenshots of Cybersource Official Configurations.
 - Log file and other relevant data: Download the **debug** and **error** logs from Oracle Commerce Cloud using getExtensionServerLogs admin endpoint.

documentation/occ.md

@@ -3,7 +3,7 @@
   "version": "24.1.1",
   "description": "ISV Oracle Commerce Cloud Payment Plugin",
   "main": "index.js",
-  "repository": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git",
+  "repository": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git",
   "author": "ISV Payments",
   "license": "MIT",
   "private": true,

documentation/package-contents.md

@@ -4,7 +4,7 @@
     "description": "ApplePay SSE Payment Service",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/index.js",

documentation/payment-services/credit-card.md

@@ -4,7 +4,7 @@
     "description": "Card SSE Payment Service",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/index.js",

documentation/support.md

@@ -4,7 +4,7 @@
     "description": "Generic SSE Payment Service",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/index.js",

package.json

@@ -4,7 +4,7 @@
     "description": "GooglePay SSE Payment Service",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/index.js",

packages/applepay-payment-service/package.json

@@ -5,7 +5,7 @@
   "description": "Mock OCC APIs",
   "repository": {
     "type": "git",
-    "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+    "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
   },
   "author": "ISV Payments",
   "main": "cjs/server.js",

packages/card-payment-service/package.json

@@ -5,7 +5,7 @@
     "description": "Oracle Commerce payment service factory",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/indexPaymentFactory.js",

packages/generic-payment-service/package.json

@@ -4,7 +4,7 @@
     "description": "Oracle Commerce payment service",
     "repository": {
         "type": "git",
-        "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+        "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
     },
     "author": "ISV Payments",
     "main": "cjs/indexPaymentService.js",

packages/googlepay-payment-service/package.json

@@ -5,7 +5,7 @@
   "description": "OCC SDK",
   "repository": {
     "type": "git",
-    "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+    "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
   },
   "author": "ISV Payments",
   "main": "cjs/occSdk.js",

packages/occ-mock-server/package.json

@@ -5,7 +5,7 @@
   "description": "Oracle Commerce SSE payment gateway",
   "repository": {
     "type": "git",
-    "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+    "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
   },
   "author": "ISV Payments",
   "main": "cjs/indexGateway.js",

packages/occ-payment-factory/package.json

@@ -1,9 +1,9 @@
 {
     "extensionID": "",
     "developerID": "999",
-    "createdBy": "ISV Plugins",
+    "createdBy": "Cybersource Official",
     "name": "payment-gateway-24.1.1",
     "version": 2411,
     "timeCreated": "2024-04-04",
-    "description": "ISV Payment Gateway"    
-}
+    "description": "Cybersource Official Payment Gateway"    
+}

packages/occ-payment-service/package.json

@@ -1,7 +1,7 @@
 {
   "resources": {
-    "title": "ISV Payment Gateway",
-    "description": "ISV Payment Gateway configuration",
+    "title": "Cybersource Official",
+    "description": "Cybersource Official configuration",
     "agentInstanceLabel": "Agent Configuration",
     "previewInstanceLabel": "Preview Configuration",
     "storefrontInstanceLabel": "Storefront Configuration",

packages/occ-sdk/package.json

@@ -1,5 +1,5 @@
 {
-  "provider": "ISV OCC Gateway",
+  "provider": "Cybersource Official",
   "paymentMethodTypes": ["generic", "card"],
   "transactionTypes": {
     "generic": ["initiate", "retrieve", "authorization", "void", "refund"],

packages/occ-sse-gateway/package.json

@@ -2,7 +2,7 @@
     "name": "@isv-occ-payment/payment-gateway",
     "version": "24.1.1",
     "private": true,
-    "description": "ISV OCC Payment Gateway",
+    "description": "Cybersource Official Payment Gateway",
     "repository": "",
-    "author": "ISV Plugins"
-}
+    "author": "Cybersource Official"
+}

packages/payment-gateway/ext.json

@@ -5,7 +5,7 @@
   "description": "Payment SDK",
   "repository": {
     "type": "git",
-    "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+    "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
   },
   "author": "ISV Payments",
   "types": "index.d.ts",

packages/payment-gateway/gateway/isv-occ-gateway/config/locales/en.json

@@ -1,7 +1,7 @@
 {
 	"info": {
 		"_postman_id": "439b9e2b-4d72-4655-9ff5-b8fc7c28d9ec",
-		"name": "ISV OCC Payment SSE Copy",
+		"name": "ISV OCC Payment SSE",
 		"description": "This collection is included into SSE package which can be used for testing and exploring the endpoints.\n\nThe following collection variables should be updated prior its running:\n\nOCC_ENVIRONMENT\nAPP_KEY\napplePayInitiativeContext",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
 	},

packages/payment-gateway/gateway/isv-occ-gateway/gateway.json

@@ -5,7 +5,7 @@
   "description": "Payment Server Extension",
   "repository": {
     "type": "git",
-    "url": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git"
+    "url": "[email protected]:CyberSource/cybersource-plugins-oraclecxcommerce.git"
   },
   "author": "ISV Payments",
   "main": "cjs/indexServerExtension.js",

packages/payment-gateway/package.json

@@ -18,13 +18,11 @@ router.post('/setup', asyncMiddleware(
 );
 
 router.post('/returnUrl', (req: Request, res: Response) => {
-  const transactionId = JSON.stringify(req.body?.TransactionId);
+  const transactionValidationId = JSON.stringify(req.body?.TransactionId); 
   res.send(`<script>
-     window.parent.postMessage({
-    'messageType':'transactionValidation',
-    'message':'${transactionId}'
-  },'*');
-  </script>`);
+  let transactionId = '${transactionValidationId}'; 
+  let messageObj = { 'messageType':'transactionValidation', 'message': transactionId }; 
+  window.parent.postMessage(messageObj, \'*\'); </script> `);
 });
 
 export default router;

packages/payment-sdk/package.json

@@ -2,9 +2,10 @@ import { RequestContext, asyncMiddleware, maskRequestData } from '@server-extens
 import { validateISVWebhook } from '@server-extension/middlewares/validateWebhook';
 import occClientStorefront from '@server-extension/services/occ/occClientStorefront';
 import makeRequest from '@server-extension/services/payments/api/paymentCommand';
+import { WEBHOOK_SUBSCRIPTION } from '@server-extension/services/payments/converters/request/common';
+import { getSavedNetworkTokenConfigurations } from '@server-extension/services/payments/converters/response/mappers';
 import { InstrumentIdentifierApi, PostInstrumentIdentifierRequest } from 'cybersource-rest-client';
 import { NextFunction, Request, Response, Router } from 'express';
-import nconf from 'nconf';
 const { LogFactory } = require('@isv-occ-payment/occ-payment-factory');
 const logger = LogFactory.logger();
 const router = Router();
@@ -14,12 +15,12 @@ router.get('/tokenUpdate', asyncMiddleware(async (req: Request, res: Response, n
     return res.status(200).send();
 }))
 
-router.post('/tokenUpdate', validateISVWebhook, asyncMiddleware(async (req: Request, res: Response, next: NextFunction) => {
+router.post('/tokenUpdate', asyncMiddleware(validateISVWebhook), asyncMiddleware(async (req: Request, res: Response, next: NextFunction) => {
     try {
         const webhookRequestData: OCC.Notification = req.body;
         const requestContext: RequestContext = req.app.locals;
-        const savedWebhookConfiguration = nconf.get("networkSubscriptionConfigurations") || [];
-        if (requestContext.gatewaySettings?.networkTokenUpdates && "tms.networktoken.updated" === webhookRequestData?.eventType && webhookRequestData?.payload[0]?.data) {
+        const savedWebhookConfiguration = await getSavedNetworkTokenConfigurations();
+        if (requestContext.gatewaySettings?.networkTokenUpdates && WEBHOOK_SUBSCRIPTION.EVENT_TYPE === webhookRequestData?.eventType && webhookRequestData?.payload[0]?.data) {
             for (const payload of webhookRequestData.payload) {
                     const isConfigurationMatch = savedWebhookConfiguration.find((configuration: any) => configuration.merchantId === payload.organizationId) || false;
                     if (isConfigurationMatch) {
@@ -44,7 +45,7 @@ router.post('/tokenUpdate', validateISVWebhook, asyncMiddleware(async (req: Requ
         }
     }
     catch (error) {
-        logger.debug("WebhookRouter tokenUpdate: " + error.message);
+        logger.error("WebhookRouter tokenUpdate: " + error.message + `STACK TRACE: ${error.stack}`);
         res.status(404).send(); 
     };
 }
@@ -86,7 +87,7 @@ async function updateCardDetails(instrumentIdentifier: string, paymentInstrument
     }
 }
 catch (error) {
-    logger.debug(("WebhookRouter tokenUpdate: " + error.message));
+    logger.error(("WebhookRouter tokenUpdate: " + error.message + `STACK TRACE: ${error.stack}`));
 }
 }
 

packages/server-extension/docs/ISV OCC Payment SSE postman_collection.json

@@ -6,8 +6,7 @@ export default function errorHandler(err: any, req: Request, res: Response, next
   if (!err) {
     if (next) {
       return next();
-    }
-    
+    }  
     return res.end();
   }
 

packages/server-extension/package.json

@@ -2,6 +2,7 @@ import { NextFunction, Request, Response } from 'express';
 import nconf from 'nconf';
 import validateWebHookPayloadSignature from '../services/occ/webhookSignatureValidation';
 import { LogFactory } from '@isv-occ-payment/occ-payment-factory';
+import { getSavedNetworkTokenConfigurations } from '@server-extension/services/payments/converters/response/mappers';
 
 const SKIP_HOSTS = ['localhost', '127.0.0.1'];
 const WEBHOOK_OCC_SIGNATURE_HEADER = 'x-oracle-cc-webhook-signature-sha512';
@@ -29,7 +30,7 @@ export default function validateOCCWebhook(req: Request, res: Response, next: Ne
   next();
 }
 
-export function validateISVWebhook(req: Request, res: Response, next: NextFunction) {
+export async function validateISVWebhook(req: Request, res: Response, next: NextFunction) {
   const vCSignatureHeader = <string>req.headers[WEBHOOK_ISV_SIGNATURE_HEADER];
   logger.debug("ISV Webhook Signature: vcSignatureHeader: " + vCSignatureHeader)
   if (vCSignatureHeader) {
@@ -40,7 +41,7 @@ export function validateISVWebhook(req: Request, res: Response, next: NextFuncti
     if (!timestamp || !keyId || !signature) {
       throw new Error(`ISV Webhook Signature: missing timeStamp, keyId or signature : timeStamp: ${timestamp} keyId: ${keyId} signature: ${signature}`);
     }
-    const webhookConfigurations: [] = nconf.get("networkSubscriptionConfigurations") || [];
+    const webhookConfigurations = await getSavedNetworkTokenConfigurations();
     logger.debug('ISV Webhook Signature: Saved Configurations ' + JSON.stringify(webhookConfigurations));
     const { key } = webhookConfigurations.find((configuration: any) => configuration.keyId === keyId) || {} as { key?: string };
     if (!key) { throw new Error("No key available in saved configuration") };