Update only allowed cards

modules/ppcp-save-payment-methods/src/Helper/RealTimeAccountUpdaterHelper.php

@@ -25,6 +25,13 @@ class RealTimeAccountUpdaterHelper {
 	 * @return void
 	 */
 	public function update_wc_token_from_paypal_response( stdClass $order, WC_Payment_Token $token ): void {
+		if (
+			$token->get_type() !== 'CC'
+			|| ! in_array( $token->get_card_type(), array( 'VISA', 'MASTERCARD' ), true )
+		) {
+			return;
+		}
+
 		$expiry    = $order->payment_source->card->expiry ?? '';
 		$wc_expiry = $token->get_expiry_month() . '-' . $token->get_expiry_year();
 

tests/e2e/PHPUnit/RealTimeAccountUpdaterTest.php

@@ -41,11 +41,31 @@ class RealTimeAccountUpdaterTest extends TestCase
 		$this->assertTrue($token->get_last4() === '0004');
 	}
 
+	public function testUpdateOnlyAllowedCards()
+	{
+		$response = (object)[
+			'payment_source' => (object)[
+				'card' => (object)[
+					'last_digits' => '0004',
+					'expiry' => '2042-02',
+					'brand' => 'AMEX',
+				]
+			]
+		];
+
+		$token = $this->createToken('AMEX');
+
+		(new RealTimeAccountUpdaterHelper())->update_wc_token_from_paypal_response($response, $token);
+
+		$this->assertTrue($token->get_expiry_year() === '2025');
+		$this->assertTrue($token->get_expiry_month() === '01');
+		$this->assertTrue($token->get_last4() === '1234');
+	}
 
 	/**
 	 * @return WC_Payment_Token_CC
 	 */
-	private function createToken(): \WC_Payment_Token_CC
+	private function createToken($brand = 'VISA'): \WC_Payment_Token_CC
 	{
 		$token = new WC_Payment_Token_CC();
 		$token->set_token('abc123');
@@ -55,7 +75,7 @@ class RealTimeAccountUpdaterTest extends TestCase
 		$token->set_last4('1234');
 		$token->set_expiry_month('01');
 		$token->set_expiry_year('2025');
-		$token->set_card_type('VISA');
+		$token->set_card_type($brand);
 
 		$token->save();