Merge pull request #23 from cybersource-tpi/develop

Release v23.3.0

Author: ohernandovisa

README.md

@@ -9,7 +9,7 @@ Please refer to the [official documentation](documentation/occ.md) to get all de
 ## Prerequisites
 
 - Yarn version: [1.22.4](https://classic.yarnpkg.com/en/docs/install/#mac-stable)
-- NodeJS version: 16.15.0, You could use [NVM](https://github.com/nvm-sh/nvm) to manage multiple versions locally
+- NodeJS version: 18.16.1, You could use [NVM](https://github.com/nvm-sh/nvm) to manage multiple versions locally
 
 
 ## Install dependencies

documentation/Oracle Commerce Cloud Installation Guide v23.2.0.pdf

@@ -27,8 +27,8 @@ Please pay attention to installation steps documented for both SSE and widgets (
 
 The following is required before going through installation steps:
 
-1. Yarn version: [1.22.18](https://classic.yarnpkg.com/en/docs/install/#mac-stable)
-2. NodeJS version: 16.15.0, You could use [NVM](https://github.com/nvm-sh/nvm) to manage multiple versions locally
+1. Yarn version: [1.22.4](https://classic.yarnpkg.com/en/docs/install/#mac-stable)
+2. NodeJS version: 18.16.1, You could use [NVM](https://github.com/nvm-sh/nvm) to manage multiple versions locally
 3. OCC environment
     - OCC Admin interface: https://asbx80c1dev-admin-{env}.oraclecloud.com/occs-admin/
     - OCC Storefront: https://asbx80c1dev-store-{env}.oraclecloud.com
@@ -91,8 +91,8 @@ After successful deployment you will need to enable payment gateway:
 - Configure gateway settings by providing values (e.g. merchant credentials) for particular channel (Preview, Storefront, Agent)
 - Save Changes
 - Go back to the 'Payment Types' type
-- Select supported credit card types from the list
-- You might want  to also provide list of supported billing countries as well as default one
+- Select supported credit card types from the list [Possible card types: VISA, MASTERCARD, AMEX, DISCOVER, DINERSCLUB, JCB, CARTESBANCAIRES, MAESTRO, CARNET, CUP]
+- You might want to also provide list of supported billing countries as well as default one
 - Save Changes
 
 ## Configure Generic Webhooks
@@ -198,16 +198,16 @@ yarn occ deploy
 ### Add widget to the Checkout layout
 
 1. Go to the OCC admin design tab and replace the default checkout-continue-to-review-order-button component with the IsvCheckoutContinueToReviewOrderButton on the checkout-payment page
-![isf review order path](images/isv-review-order-path.png)
-Drag ![isf review order button](images/isv-review-order-button.png) from the Components tray into the layout container.
+![isv review order path](images/isv-review-order-path.png)
+Drag ![isv review order button](images/isv-review-order-button.png) from the Components tray into the layout container.
 
 2. Go to the OCC admin design tab and replace the default checkout-place-order-button component with the IsvCheckoutPlaceOrderButton on the checkout-review-order page
-![isf place order path](images/isv-place-order-path.png)
-Drag ![isf place order button](images/isv-place-order-button.png) from the Components tray into the layout container.
+![isv place order path](images/isv-place-order-path.png)
+Drag ![isv place order button](images/isv-place-order-button.png) from the Components tray into the layout container.
 
 3. Layout the IsvPaymentMethod component on the checkout payments container
-![isf payment method path](images/isv-payment-method-path.png)
-Remove the checkout-credit-card component from the layout and replace it with ![isf payment method](images/isv-payment-method.png).
+![isv payment method path](images/isv-payment-method-path.png)
+Remove the checkout-credit-card component from the layout and replace it with ![isv payment method](images/isv-payment-method.png).
 
 4. Publish all changes
 

documentation/Oracle Commerce Cloud Installation Guide.pdf

@@ -14,8 +14,9 @@ The custom payment plugin solution provides an integration layer between OCC and
         - Void (Authorization Reversal)
         - Capture
         - Refund
-    - Tokenized card payment based on FlexMicroform v0.11
+    - Tokenized card payment based on FlexMicroform v2
     - Payer authentication support (3D Secure)
+    - Network tokenization
     - Store tokenized credit card against user profile
         - Payments using stored credit cards
 2. Online Authorizations

documentation/Oracle Commerce Cloud- Cybersource User Installation Guide v23.2.0.pdf documentation/Oracle Commerce Cloud- Cybersource User Installation Guide.pdf

@@ -64,6 +64,8 @@ This document is written for merchants who want to use Payment and Value added B
 
 - Supplemental Technical Resource Guide for OCC ( [HTML](https://community.oracle.com/docs/DOC-1038707) )
 - Generic Payment Gateway Integration ( [HTML](https://docs.oracle.com/en/cloud/saas/cx-commerce/20c/ccdev/create-generic-payment-gateway-integration1.html) )
-- SSE Development Best Practices ( [HTML](https://community.oracle.com/customerconnect/discussion/630679/server-side-extension-development-best-practices) )
-- Developing OSF in OCC ( [HTML](https://docs.oracle.com/en/cloud/saas/cx-commerce/dosfa/index.html ) )
+- Payment Integration with OCC ( [HTML](https://community.oracle.com/docs/DOC-1032741) )
+- OCC Payment FAQ ( [HTML](https://community.oracle.com/docs/DOC-1032746) )
+- SSE Development Best Practices ( [HTML](https://community.oracle.com/groups/oracle-commerce-cloud-group/blog/2018/11/08/server-side-extension-development-best-practices) )
+- Developing Widgets in OCC ( [HTML](https://docs.oracle.com/en/cloud/saas/cx-commerce/20c/widge/create-widget1.html) )
 - Cybersource REST API Reference ( [HTML](https://developer.cybersource.com/api-reference-assets/index.html) )

documentation/Release Notes v23.2.0.docx

@@ -21,7 +21,7 @@ The CLI tool is a combined version of utilities shared in the following communit
 By running `yarn occ` you will get the list of supported commands
 
 ```bash
-yarn run v1.22.18
+yarn run v1.22.4
 $ node ./bin/index.js
 Usage: index [options] [command]
 
@@ -107,6 +107,7 @@ The following settings can be configured in gateway:
 | **Credit Card**                     |                                                                                                                                                                                                                                                                                                                   |
 | **payerAuthEnabled**                | Enables payer authentication for credit cards                                                                                                                                                                                                                                                                     |
 | **scaEnabled**                | If enabled card holder will be 3DS Challenged when saving a card                                                                                                                                                                                                                                                                      |
+| **networkTokenUpdates**                | Subscribe to Network Token Life cycle updates                                                                                                                                                                                                                                                                      |
 | **flexSdkUrl**                      | Credit Card Flex SDK URL                                                                                                                                                                                                                                                                                          |
 | **isCVVRequiredForSavedCards**      | Is the CVV required when using a saved card.                                                                                                                                                                                                                                                                      |
 | **isCVVRequiredForScheduledOrders** | Is the CVV required for a Scheduled Order                                                                                                                                                                                                                                                                         |
@@ -199,7 +200,8 @@ server-extension
  ┃ ┃ ┣ paymentMethods.ts
  ┃ ┃ ┣ paymentRefund.ts
  ┃ ┃ ┣ paymentRouter.js
- ┃ ┃ ┗ report.ts
+ ┃ ┃ ┣ report.ts
+ ┃ ┃ ┗ webhookRouter.ts
  ┃ ┣ errors
  ┃ ┃ ┣ handlers
  ┃ ┃ ┃ ┣ api400ResponseHandler.ts
@@ -294,7 +296,8 @@ server-extension
  ┃ ┃ ┃ ┃ ┃ ┣ captureEndpoint.ts
  ┃ ┃ ┃ ┃ ┃ ┣ common.ts
  ┃ ┃ ┃ ┃ ┃ ┣ index.ts
- ┃ ┃ ┃ ┃ ┃ ┗ refundEndpoint.ts
+ ┃ ┃ ┃ ┃ ┃ ┣ refundEndpoint.ts
+ ┃ ┃ ┃ ┃ ┃ ┗ subscribeApi.js
  ┃ ┃ ┃ ┃ ┗ common.ts
  ┃ ┃ ┃ ┣ paymentMethod
  ┃ ┃ ┃ ┃ ┣ configBuilder.ts
@@ -318,7 +321,8 @@ server-extension
  ┃ ┃ ┣ cacheService.ts
  ┃ ┃ ┣ cryptoService.ts
  ┃ ┃ ┣ jwtService.ts
- ┃ ┃ ┗ loggingService.ts
+ ┃ ┃ ┣ loggingService.ts
+ ┃ ┃ ┗ publicKeyApi.js
  ┃ ┣ types
  ┃ ┃ ┗ occ-sdk.d.ts
  ┃ ┣ app.ts
@@ -405,7 +409,7 @@ The table below lists available middleware components
 
 Additional configuration properties managed by 'nconf' library available in OCC environment are located at `packages/server-extension/config`. Please notice there are version for local and production (deployed) environments
 
-SSE communicates with PSP using client [NodeJS SDK v0.0.20](https://github.com/CyberSource/cybersource-rest-client-node). Typescript friendly SDK wrapper is located in the `packages/payment-sdk`. It declares TS type definition's for the PSP API. You can manage generated type definitions by tweaking `packages/payment-sdk/generator/cybersource-ts-template/api.mustache` template. In order to generate new types from the updated template run the following:
+SSE communicates with PSP using client [NodeJS SDK v0.0.43](https://github.com/CyberSource/cybersource-rest-client-node). Typescript friendly SDK wrapper is located in the `packages/payment-sdk`. It declares TS type definition's for the PSP API. You can manage generated type definitions by tweaking `packages/payment-sdk/generator/cybersource-ts-template/api.mustache` template. In order to generate new types from the updated template run the following:
 
 ```bash
 cd packages/payment-sdk

documentation/images/extension-version.png

@@ -10,7 +10,8 @@
       1. [UI integration details](#ui-integration-details-1)
       2. [Backend (SSE) integration details](#backend-sse-integration-details-1)
       3. [Strong Customer Authentication (SCA)](#strong-customer-authentication-sca)
-   4. [Capturing funds during authorization (SALE)](#capturing-funds-during-authorization-sale)
+   4. [Network Tokenization](#network-tokenization)
+   5. [Capturing funds during authorization (SALE)](#capturing-funds-during-authorization-sale)
 
 ## Description
 
@@ -26,9 +27,10 @@ The Credit Card payment service provides the following operations:
 
 The following applies to credit card payments:
 
-- Credit card payments using [FlexMicroform v0.11](https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html). The transient token represents both card number (PAN) and CVV. Only token, card expiration date and masked card number going to be sent in a webhook request.
+- Credit card payments using [FlexMicroform v2](https://developer.cybersource.com/api/developer-guides/dita-flex/SAFlexibleToken/FlexMicroform.html). The transient token represents both card number (PAN) and CVV. Only token, card expiration date and masked card number going to be sent in a webhook request.
 - Payer Authentication (3D Secure)
 - Shopper can choose to save credit card as part of profile
+- Subscribe to Network Token life cycle updates
 - Shopper can pay with a saved card
 
 ![Note](../images/note.jpg)  With Flex Microform, the capture of card number and security code (CVV) are fully outsourced to the payment provider, which can qualify merchants for SAQ A-based assessments. Flex Microform provides the most secure method for tokenizing card data. Sensitive data is encrypted on the customer's device before HTTPS transmission to the payment provider. This method mitigates any compromise of the HTTPS connection through a man in the middle attack.
@@ -45,6 +47,7 @@ The following gateway settings apply to credit card payments
 | **paymentOptions**                  | Payment options enabled for payment using Payment Widget. 'Credit & Debit Card' should be enabled |
 | **payerAuthEnabled**                | Enables payer authentication (3D Secure) for credit cards                                         |
 | **scaEnabled**                      | If enabled card holder will be 3DS Challenged when saving a card                                  |
+| **networkTokenUpdates**             | Subscribe to Network Token Life cycle updates                               |
 | **saleEnabled**                     | Indicates if authorizing and taking payment will be done at the same time                         |
 | **isCVVRequiredForSavedCards**      | Should be disabled as CVV is not required in backend                                              |
 | **isCVVRequiredForScheduledOrders** | Should be disabled as CVV is not required in backend                                              |
@@ -53,6 +56,7 @@ Default values:
 
 - `payerAuthEnabled`: true. Payer authentication is enabled by default
 - `scaEnabled` : false
+- `networkTokenUpdates` : false
 - `isCVVRequiredForSavedCards`: false
 - `isCVVRequiredForScheduledOrders`: false
 - `saleEnabled` - by default SALE is disabled for Card payments. Can be enabled in OCC Admin
@@ -99,7 +103,7 @@ Understand OSF applications [CX-Commerce](https://docs.oracle.com/en/cloud/saas/
 
 REST API for Oracle Commerce Cloud 22D [Oracle Commerce Cloud](https://docs.oracle.com/en/cloud/saas/cx-commerce/22d/cxocc/op-ccadmin-v1-merchant-paymenttypes-get.html)
 
-Microform Integration 0.11 Documentation [Microform 0.11](https://developer.cybersource.com/api/developer-guides/dita-flex/da-microform-integ/microform-integ.html)
+Microform Integration v2 Documentation [Microform v2](https://developer.cybersource.com/docs/cybs/en-us/digital-accept-flex/developer/all/rest/digital-accept-flex/microform-integ-v2.html)
 
 The structure that follows contain all the components necessary to run Credit Card Payment in OSF.
 
@@ -279,6 +283,25 @@ In case 'Strong Customer Authentication' is enabled for credit cards, '10000' re
 
 *Note:* The `scaEnabled` setting is applicable only if `Payer Authentication` is enabled.
 
+### Network Tokenization
+
+A Network Token is a network scheme generated token, that represents customer card information for secure transactions that references a customer’s actual PAN.  
+
+Before a MID can be enabled for Network Tokenization, it must be provisioned with a Token Requestor ID (TRID) for each card scheme. 
+
+Plug-in would need to subscribe to the necessary webhook notifications and ingest them for changes to the card. Subscription is created automatically when Authorization is processed, while the Webhook Subscription feature is enabled.  
+
+The following describes the Network Token update process:
+
+1. Once the authorization is successful, check for the field PAR number in the response, if exists make a key generation request.
+2. Create a Webhook subscription call and save the details from the response.
+3. When the plugin receives a webhook notification for an update,validate the request and then fetch the payment instrument and instrument identifier from the notification payload.
+4. The "Retrieve Instrument Identifier" service will be called to fetch card details using the payment instrument and instrument identifier obtained above.
+5. The expiry month, expiry year, and card suffix will be updated with the latest details.
+6. The updated card details will be saved in OCC.
+
+![Network Tokenization](images/network-token.png)
+
 ### Capturing funds during authorization (SALE)
 
 In case merchants would like funds to be captured (settled) during card authorizations `saleEnabled` gateway setting can be updated to enable it for credit cards.

documentation/images/merchant-id.png documentation/images/merchantId.png

@@ -8,7 +8,7 @@ If you require support with this software, please contact GlobalPartnerSolutions
 - Plugin/ Extension version: Under Settings->Extension, find the version of the installed ISV Payment Gateway extension.
 ![Extension Version](images/extension-version.png)
 - Cybersource Merchant ID: Under Settings->Payment Processing, Select the ISV OCC Payment from the Service Type dropdown, find the Merchant Id
-![Merchant Id](images/merchant-id.png)
+![Merchant Id](images/merchantId.png)
 - Order ID/ Merchant Reference Number: Order ID can be found in Order Confirmation Page or under Order History.
 - Configuration screenshots: Please provide screenshots of ISV OCC Gateway Configurations.
 - Log file and other relevant data: Download the **debug** and **error** logs from Oracle Commerce Cloud using getExtensionServerLogs admin endpoint.

documentation/images/payment-widget-checkout.png

@@ -1,6 +1,5 @@
 {
     "npmClient": "yarn",
-    "useWorkspaces": true,
-    "version": "23.2.0",
+    "version": "23.3.0",
     "packages": ["packages/*"]
 }

documentation/images/saved-cards-widget-profile.png

@@ -1,6 +1,6 @@
 {
   "name": "isv-occ-payment",
-  "version": "23.2.0",
+  "version": "23.3.0",
   "description": "ISV Oracle Commerce Cloud Payment Plugin",
   "main": "index.js",
   "repository": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git",
@@ -63,59 +63,59 @@
     "test:unit": "lerna run test:unit --stream",
     "tsc": "tsc -p ./tsconfig.json",
     "upload-custom-typeahead-keywords": "occ upload-custom-typeahead-keywords",
-    "upload-search-config": "occ upload-search-config"
+    "upload-search-config": "occ upload-search-config",
+    "start-sse": "yarn workspace @isv-occ-payment/server-extension start:watch --inspect"
   },
   "dependencies": {
     "@popperjs/core": "^2.11.6",
-    "jwt-decode": "^3.1.2",
+    "jwt-decode": "^4.0.0",
     "tsc-alias": "^1.7.1"
-    
   },
   "devDependencies": {
-    "@ts-tools/node": "^4.0.0",
+    "@ts-tools/node": "^5.0.2",
     "@types/compression": "^1.7.2",
     "@types/crypto-js": "^4.1.1",
-    "@types/googlepay": "^0.6.4",
+    "@types/googlepay": "^0.7.3",
     "@types/jest": "^29.2.3",
     "@types/jwt-decode": "^3.1.0",
-    "@types/node": "18.11.9",
+    "@types/node": "^20.8.9",
     "@types/node-fetch": "^2.6.2",
     "@types/supertest": "^2.0.12",
-    "@typescript-eslint/eslint-plugin": "^5.43.0",
-    "@typescript-eslint/parser": "^5.43.0",
+    "@typescript-eslint/eslint-plugin": "^6.9.1",
+    "@typescript-eslint/parser": "^6.9.1",
     "JSONStream": "^1.3.5",
-    "archiver": "^5.3.1",
-    "commander": "^9.4.1",
+    "archiver": "^6.0.1",
+    "commander": "^11.1.0",
     "eslint": "^8.27.0",
-    "eslint-config-prettier": "^8.5.0",
+    "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-import": "^2.26.0",
     "eslint-plugin-jest": "^27.1.5",
     "eslint-plugin-json": "^3.1.0",
     "eslint-plugin-jsx-a11y": "^6.6.1",
     "eslint-plugin-markdown": "^3.0.0",
     "eslint-plugin-no-only-tests": "^3.1.0",
-    "eslint-plugin-prettier": "^4.2.1",
-    "eslint-plugin-react": "7.31.10",
+    "eslint-plugin-prettier": "^5.0.1",
+    "eslint-plugin-react": "7.33.2",
     "eslint-plugin-react-hooks": "^4.6.0",
-    "eslint-plugin-spellcheck": "0.0.19",
-    "eslint-plugin-unicorn": "44.0.2",
-    "fs-extra": "^10.1.0",
+    "eslint-plugin-spellcheck": "0.0.20",
+    "eslint-plugin-unicorn": "49.0.0",
+    "fs-extra": "^11.1.1",
     "husky": "^8.0.2",
     "jest": "^29.3.1",
     "jest-html-reporters": "^3.0.11",
     "jest-mock-extended": "^3.0.1",
     "jszip": "^3.10.1",
-    "lerna": "^6.0.3",
-    "lint-staged": "^13.0.3",
-    "mkdirp": "^1.0.4",
+    "lerna": "^7.4.2",
+    "lint-staged": "^15.0.2",
+    "mkdirp": "^3.0.1",
     "npm-run-all": "^4.1.5",
-    "prettier": "^2.7.1",
-    "rimraf": "^3.0.2",
+    "prettier": "^3.0.3",
+    "rimraf": "^5.0.5",
     "supertest": "^6.3.1",
     "symlink-dir": "^5.0.1",
     "ts-jest": "^29.0.3",
     "tsconfig-paths": "^4.1.0",
-    "typescript": "~4.9.3",
+    "typescript": "~5.2.2",
     "yauzl": "^2.10.0"
   },
   "husky": {