Merge pull request #137 from woocommerce/PCP-75-validate-form-before-sending-paypal-request

Validate checkout form before sending request to PayPal
2025-09-05 08:59:14 +08:00 · 2021-04-06 11:20:46 +02:00 · 2021-04-06 11:20:46 +02:00 · 5d1979b2fe
commit 5d1979b2fe
parent 9d2079bfc6 468008db9d
9 changed files with 148 additions and 110 deletions
--- a/modules/ppcp-api-client/src/Repository/class-cartrepository.php
+++ b/modules/ppcp-api-client/src/Repository/class-cartrepository.php
@ -9,7 +9,6 @@ declare(strict_types=1);

 namespace WooCommerce\PayPalCommerce\ApiClient\Repository;

-use WooCommerce\PayPalCommerce\ApiClient\Entity\Item;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\PurchaseUnit;
 use WooCommerce\PayPalCommerce\ApiClient\Factory\PurchaseUnitFactory;

--- a/modules/ppcp-button/src/Endpoint/class-createorderendpoint.php
+++ b/modules/ppcp-button/src/Endpoint/class-createorderendpoint.php
@ -13,12 +13,15 @@ use WooCommerce\PayPalCommerce\ApiClient\Endpoint\OrderEndpoint;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\Order;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\Payer;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\PaymentMethod;
+use WooCommerce\PayPalCommerce\ApiClient\Entity\PurchaseUnit;
 use WooCommerce\PayPalCommerce\ApiClient\Exception\PayPalApiException;
+use WooCommerce\PayPalCommerce\ApiClient\Exception\RuntimeException;
 use WooCommerce\PayPalCommerce\ApiClient\Factory\PayerFactory;
 use WooCommerce\PayPalCommerce\ApiClient\Factory\PurchaseUnitFactory;
 use WooCommerce\PayPalCommerce\ApiClient\Repository\CartRepository;
 use WooCommerce\PayPalCommerce\Button\Helper\EarlyOrderHandler;
 use WooCommerce\PayPalCommerce\Session\SessionHandler;
+use WooCommerce\PayPalCommerce\WcGateway\Exception\NotFoundException;
 use WooCommerce\PayPalCommerce\WcGateway\Settings\Settings;

 /**
@ -86,11 +89,18 @@ class CreateOrderEndpoint implements EndpointInterface {
 	private $early_order_handler;

 	/**
-	 * The current PayPal order in a process.
+	 * Data from the request.
 	 *
-	 * @var Order|null
+	 * @var array
 	 */
-	private $order;
+	private $parsed_request_data;
+
+	/**
+	 * The array of purchase units for order.
+	 *
+	 * @var PurchaseUnit[]
+	 */
+	private $purchase_units;

 	/**
 	 * CreateOrderEndpoint constructor.
@ -138,12 +148,12 @@ class CreateOrderEndpoint implements EndpointInterface {
 	 * Handles the request.
 	 *
 	 * @return bool
-	 * @throws \WooCommerce\PayPalCommerce\WcGateway\Exception\NotFoundException In case a setting was not found.
 	 */
 	public function handle_request(): bool {
 		try {
-			$data     = $this->request_data->read_request( $this->nonce() );
-			$wc_order = null;
+			$data                      = $this->request_data->read_request( $this->nonce() );
+			$this->parsed_request_data = $data;
+			$wc_order                  = null;
 			if ( 'pay-now' === $data['context'] ) {
 				$wc_order = wc_get_order( (int) $data['order_id'] );
 				if ( ! is_a( $wc_order, \WC_Order::class ) ) {
@ -156,28 +166,23 @@ class CreateOrderEndpoint implements EndpointInterface {
 						)
 					);
 				}
-				$purchase_units = array( $this->purchase_unit_factory->from_wc_order( $wc_order ) );
+				$this->purchase_units = array( $this->purchase_unit_factory->from_wc_order( $wc_order ) );
 			} else {
-				$purchase_units = $this->cart_repository->all();
+				$this->purchase_units = $this->cart_repository->all();
 			}

 			$this->set_bn_code( $data );
-			$needs_shipping          = WC()->cart && WC()->cart->needs_shipping();
-			$shipping_address_is_fix = $needs_shipping && 'checkout' === $data['context'];
-			$order                   = $this->api_endpoint->create(
-				$purchase_units,
-				$this->payer( $data, $wc_order ),
-				null,
-				$this->payment_method(),
-				'',
-				$shipping_address_is_fix
-			);
+
 			if ( 'checkout' === $data['context'] ) {
-					$this->process_checkout_form( $data['form'], $order );
+					$this->process_checkout_form( $data['form'] );
 			}
 			if ( 'pay-now' === $data['context'] && get_option( 'woocommerce_terms_page_id', '' ) !== '' ) {
 				$this->validate_paynow_form( $data['form'] );
 			}
+
+			// if we are here so the context is not 'checkout' as it exits before. Therefore, a PayPal order is not created yet.
+			// It would be a good idea to refactor the checkout process in the future.
+			$order = $this->create_paypal_order( $wc_order );
 			wp_send_json_success( $order->to_array() );
 			return true;
 		} catch ( \RuntimeException $error ) {
@ -189,15 +194,41 @@ class CreateOrderEndpoint implements EndpointInterface {
 					'details' => is_a( $error, PayPalApiException::class ) ? $error->details() : array(),
 				)
 			);
-			return false;
+		} catch ( \Exception $exception ) {
+			wc_add_notice( $exception->getMessage(), 'error' );
 		}
+
+		return false;
+	}
+
+	/**
+	 * Creates the order in the PayPal, uses data from WC order if provided.
+	 *
+	 * @param \WC_Order|null $wc_order WC order to get data from.
+	 *
+	 * @return Order Created PayPal order.
+	 *
+	 * @throws RuntimeException If create order request fails.
+	 */
+	private function create_paypal_order( \WC_Order $wc_order = null ): Order {
+		$needs_shipping          = WC()->cart && WC()->cart->needs_shipping();
+		$shipping_address_is_fix = $needs_shipping && 'checkout' === $this->parsed_request_data['context'];
+
+		return $this->api_endpoint->create(
+			$this->purchase_units,
+			$this->payer( $this->parsed_request_data, $wc_order ),
+			null,
+			$this->payment_method(),
+			'',
+			$shipping_address_is_fix
+		);
 	}

 	/**
 	 * Returns the Payer entity based on the request data.
 	 *
-	 * @param array     $data The request data.
-	 * @param \WC_Order $wc_order The order.
+	 * @param array          $data The request data.
+	 * @param \WC_Order|null $wc_order The order.
 	 *
 	 * @return Payer|null
 	 */
@ -245,13 +276,17 @@ class CreateOrderEndpoint implements EndpointInterface {
 	 * Returns the PaymentMethod object for the order.
 	 *
 	 * @return PaymentMethod
-	 * @throws \WooCommerce\PayPalCommerce\WcGateway\Exception\NotFoundException In case a setting would not be found.
 	 */
 	private function payment_method() : PaymentMethod {
-		$payee_preferred = $this->settings->has( 'payee_preferred' ) && $this->settings->get( 'payee_preferred' ) ?
-			PaymentMethod::PAYEE_PREFERRED_IMMEDIATE_PAYMENT_REQUIRED
-			: PaymentMethod::PAYEE_PREFERRED_UNRESTRICTED;
-		$payment_method  = new PaymentMethod( $payee_preferred );
+		try {
+			$payee_preferred = $this->settings->has( 'payee_preferred' ) && $this->settings->get( 'payee_preferred' ) ?
+				PaymentMethod::PAYEE_PREFERRED_IMMEDIATE_PAYMENT_REQUIRED
+				: PaymentMethod::PAYEE_PREFERRED_UNRESTRICTED;
+		} catch ( NotFoundException $exception ) {
+			$payee_preferred = PaymentMethod::PAYEE_PREFERRED_UNRESTRICTED;
+		}
+
+		$payment_method = new PaymentMethod( $payee_preferred );
 		return $payment_method;
 	}

@ -259,12 +294,10 @@ class CreateOrderEndpoint implements EndpointInterface {
 	 * Prepare the Request parameter and process the checkout form and validate it.
 	 *
 	 * @param string $form_values The values of the form.
-	 * @param Order  $order The Order.
 	 *
 	 * @throws \Exception On Error.
 	 */
-	private function process_checkout_form( string $form_values, Order $order ) {
-		$this->order = $order;
+	private function process_checkout_form( string $form_values ) {
 		$form_values = explode( '&', $form_values );

 		$parsed_values = array();
@ -316,10 +349,10 @@ class CreateOrderEndpoint implements EndpointInterface {
 	 * @return array
 	 */
 	public function after_checkout_validation( array $data, \WP_Error $errors ): array {
-
-		$order = $this->order;
 		if ( ! $errors->errors ) {

+			$order = $this->create_paypal_order();
+
 			/**
 			 * In case we are onboarded and everything is fine with the \WC_Order
 			 * we want this order to be created. We will intercept it and leave it
--- a/modules/ppcp-wc-gateway/services.php
+++ b/modules/ppcp-wc-gateway/services.php
@ -130,9 +130,7 @@ return array(
 	'wcgateway.order-processor'                    => static function ( $container ): OrderProcessor {

 		$session_handler              = $container->get( 'session.handler' );
-		$cart_repository              = $container->get( 'api.repository.cart' );
 		$order_endpoint               = $container->get( 'api.endpoint.order' );
-		$payments_endpoint            = $container->get( 'api.endpoint.payments' );
 		$order_factory                = $container->get( 'api.factory.order' );
 		$threed_secure                = $container->get( 'button.helper.three-d-secure' );
 		$authorized_payments_processor = $container->get( 'wcgateway.processor.authorized-payments' );
@ -142,9 +140,7 @@ return array(

 		return new OrderProcessor(
 			$session_handler,
-			$cart_repository,
 			$order_endpoint,
-			$payments_endpoint,
 			$order_factory,
 			$threed_secure,
 			$authorized_payments_processor,
--- a/modules/ppcp-wc-gateway/src/Gateway/class-processpaymenttrait.php
+++ b/modules/ppcp-wc-gateway/src/Gateway/class-processpaymenttrait.php
@ -21,13 +21,23 @@ trait ProcessPaymentTrait {
 	 *
 	 * @param int $order_id The WooCommerce order id.
 	 *
-	 * @return array|null
+	 * @return array
 	 */
 	public function process_payment( $order_id ) {
-		global $woocommerce;
+
+		$failure_data = array(
+			'result'   => 'failure',
+			'redirect' => wc_get_checkout_url(),
+		);
+
 		$wc_order = wc_get_order( $order_id );
 		if ( ! is_a( $wc_order, \WC_Order::class ) ) {
-			return null;
+			wc_add_notice(
+				__( 'Couldn\'t find order to process', 'woocommerce-paypal-payments' ),
+				'error'
+			);
+
+			return $failure_data;
 		}

 		/**
@ -44,7 +54,7 @@ trait ProcessPaymentTrait {
 		//phpcs:enable WordPress.Security.NonceVerification.Recommended

 		try {
-			if ( $this->order_processor->process( $wc_order, $woocommerce ) ) {
+			if ( $this->order_processor->process( $wc_order ) ) {
 				$this->session_handler->destroy_session_data();
 				return array(
 					'result'   => 'success',
@ -63,7 +73,7 @@ trait ProcessPaymentTrait {
 						__( 'Please use a different payment method.', 'woocommerce-paypal-payments' ),
 						'error'
 					);
-					return null;
+					return $failure_data;
 				}
 				return array(
 					'result'   => 'success',
@ -75,7 +85,7 @@ trait ProcessPaymentTrait {
 		} catch ( RuntimeException $error ) {
 			$this->session_handler->destroy_session_data();
 			wc_add_notice( $error->getMessage(), 'error' );
-			return null;
+			return $failure_data;
 		}

 		wc_add_notice(
@ -83,6 +93,6 @@ trait ProcessPaymentTrait {
 			'error'
 		);

-		return null;
+		return $failure_data;
 	}
 }
--- a/modules/ppcp-wc-gateway/src/Processor/class-orderprocessor.php
+++ b/modules/ppcp-wc-gateway/src/Processor/class-orderprocessor.php
@ -11,11 +11,9 @@ namespace WooCommerce\PayPalCommerce\WcGateway\Processor;

 use Psr\Log\LoggerInterface;
 use WooCommerce\PayPalCommerce\ApiClient\Endpoint\OrderEndpoint;
-use WooCommerce\PayPalCommerce\ApiClient\Endpoint\PaymentsEndpoint;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\Order;
 use WooCommerce\PayPalCommerce\ApiClient\Entity\OrderStatus;
 use WooCommerce\PayPalCommerce\ApiClient\Factory\OrderFactory;
-use WooCommerce\PayPalCommerce\ApiClient\Repository\CartRepository;
 use WooCommerce\PayPalCommerce\Button\Helper\ThreeDSecure;
 use WooCommerce\PayPalCommerce\Session\SessionHandler;
 use WooCommerce\PayPalCommerce\WcGateway\Gateway\PayPalGateway;
@ -40,13 +38,6 @@ class OrderProcessor {
 	 */
 	private $session_handler;

-	/**
-	 * The Cart Repository.
-	 *
-	 * @var CartRepository
-	 */
-	private $cart_repository;
-
 	/**
 	 * The Order Endpoint.
 	 *
@ -54,13 +45,6 @@ class OrderProcessor {
 	 */
 	private $order_endpoint;

-	/**
-	 * The Payments Endpoint.
-	 *
-	 * @var PaymentsEndpoint
-	 */
-	private $payments_endpoint;
-
 	/**
 	 * The Order Factory.
 	 *
@ -107,9 +91,7 @@ class OrderProcessor {
 	 * OrderProcessor constructor.
 	 *
 	 * @param SessionHandler              $session_handler The Session Handler.
-	 * @param CartRepository              $cart_repository The Cart Repository.
 	 * @param OrderEndpoint               $order_endpoint The Order Endpoint.
-	 * @param PaymentsEndpoint            $payments_endpoint The Payments Endpoint.
 	 * @param OrderFactory                $order_factory The Order Factory.
 	 * @param ThreeDSecure                $three_d_secure The ThreeDSecure Helper.
 	 * @param AuthorizedPaymentsProcessor $authorized_payments_processor The Authorized Payments Processor.
@ -119,9 +101,7 @@ class OrderProcessor {
 	 */
 	public function __construct(
 		SessionHandler $session_handler,
-		CartRepository $cart_repository,
 		OrderEndpoint $order_endpoint,
-		PaymentsEndpoint $payments_endpoint,
 		OrderFactory $order_factory,
 		ThreeDSecure $three_d_secure,
 		AuthorizedPaymentsProcessor $authorized_payments_processor,
@ -131,9 +111,7 @@ class OrderProcessor {
 	) {

 		$this->session_handler               = $session_handler;
-		$this->cart_repository               = $cart_repository;
 		$this->order_endpoint                = $order_endpoint;
-		$this->payments_endpoint             = $payments_endpoint;
 		$this->order_factory                 = $order_factory;
 		$this->threed_secure                 = $three_d_secure;
 		$this->authorized_payments_processor = $authorized_payments_processor;
@ -145,12 +123,11 @@ class OrderProcessor {
 	/**
 	 * Processes a given WooCommerce order and captured/authorizes the connected PayPal orders.
 	 *
-	 * @param \WC_Order    $wc_order The WooCommerce order.
-	 * @param \WooCommerce $woocommerce The WooCommerce object.
+	 * @param \WC_Order $wc_order The WooCommerce order.
 	 *
 	 * @return bool
 	 */
-	public function process( \WC_Order $wc_order, \WooCommerce $woocommerce ): bool {
+	public function process( \WC_Order $wc_order ): bool {
 		$order = $this->session_handler->order();
 		if ( ! $order ) {
 			return false;
@ -212,7 +189,7 @@ class OrderProcessor {
 			$wc_order->update_meta_data( PayPalGateway::CAPTURED_META_KEY, 'true' );
 			$wc_order->update_status( 'processing' );
 		}
-		$woocommerce->cart->empty_cart();
+		WC()->cart->empty_cart();
 		$this->session_handler->destroy_session_data();
 		$this->last_error = '';
 		return true;