Merge pull request #2125 from woocommerce/PCP-285-feature-request-more-fraud-prevention-capabilities-by-storing-additional-data-in-the-order

feature request: more fraud prevention capabilities by storing additional data in the order (285)
2025-09-05 08:59:14 +08:00 · 2024-04-02 16:09:05 +02:00 · 2024-04-02 16:09:05 +02:00 · bb8734d788
commit bb8734d788
parent 5cdb1bbce0 48f9efbfd4
13 changed files with 156 additions and 21 deletions
--- a/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php
+++ b/modules/ppcp-wc-gateway/src/Gateway/PayPalGateway.php
@ -48,12 +48,18 @@ class PayPalGateway extends \WC_Payment_Gateway {
 	const ORDER_ID_META_KEY             = '_ppcp_paypal_order_id';
 	const ORDER_PAYMENT_MODE_META_KEY   = '_ppcp_paypal_payment_mode';
 	const ORDER_PAYMENT_SOURCE_META_KEY = '_ppcp_paypal_payment_source';
+	const ORDER_PAYER_EMAIL_META_KEY    = '_ppcp_paypal_payer_email';
 	const FEES_META_KEY                 = '_ppcp_paypal_fees';
 	const REFUND_FEES_META_KEY          = '_ppcp_paypal_refund_fees';
 	const REFUNDS_META_KEY              = '_ppcp_refunds';
 	const THREE_D_AUTH_RESULT_META_KEY  = '_ppcp_paypal_3DS_auth_result';
 	const FRAUD_RESULT_META_KEY         = '_ppcp_paypal_fraud_result';

+	/**
+	 * List of payment sources wich we are expected to store the payer email in the WC Order metadata.
+	 */
+	const PAYMENT_SOURCES_WITH_PAYER_EMAIL = array( 'paypal', 'paylater', 'venmo' );
+
 	/**
 	 * The Settings Renderer.
 	 *
--- a/modules/ppcp-wc-gateway/src/Processor/CreditCardOrderInfoHandlingTrait.php
+++ b/modules/ppcp-wc-gateway/src/Processor/CreditCardOrderInfoHandlingTrait.php
@ -76,7 +76,7 @@ trait CreditCardOrderInfoHandlingTrait {
 			/**
 			 * Fired when the 3DS information is added to WC order.
 			 */
-			do_action( 'woocommerce_paypal_payments_thee_d_secure_added', $wc_order, $order );
+			do_action( 'woocommerce_paypal_payments_three_d_secure_added', $wc_order, $order );
 		}
 	}

@ -96,8 +96,9 @@ trait CreditCardOrderInfoHandlingTrait {
 			return;
 		}

-		$fraud_responses = $fraud->to_array();
-		$card_brand      = $payment_source->properties()->brand ?? __( 'N/A', 'woocommerce-paypal-payments' );
+		$fraud_responses  = $fraud->to_array();
+		$card_brand       = $payment_source->properties()->brand ?? __( 'N/A', 'woocommerce-paypal-payments' );
+		$card_last_digits = $payment_source->properties()->last_digits ?? __( 'N/A', 'woocommerce-paypal-payments' );

 		$avs_response_order_note_title = __( 'Address Verification Result', 'woocommerce-paypal-payments' );
 		/* translators: %1$s is AVS order note title, %2$s is AVS order note result markup */
@ -109,6 +110,7 @@ trait CreditCardOrderInfoHandlingTrait {
                                                                    <li>%3$s</li>
                                                                </ul>
                                                                <li>%4$s</li>
+                                                                <li>%5$s</li>
                                                            </ul>';
 		$avs_response_order_note_result        = sprintf(
 			$avs_response_order_note_result_format,
@ -119,7 +121,9 @@ trait CreditCardOrderInfoHandlingTrait {
 			/* translators: %s is fraud AVS postal match */
 			sprintf( __( 'Postal Match: %s', 'woocommerce-paypal-payments' ), esc_html( $fraud_responses['postal_match'] ) ),
 			/* translators: %s is card brand */
-			sprintf( __( 'Card Brand: %s', 'woocommerce-paypal-payments' ), esc_html( $card_brand ) )
+			sprintf( __( 'Card Brand: %s', 'woocommerce-paypal-payments' ), esc_html( $card_brand ) ),
+			/* translators: %s card last digits */
+			sprintf( __( 'Card Last Digits: %s', 'woocommerce-paypal-payments' ), esc_html( $card_last_digits ) )
 		);
 		$avs_response_order_note = sprintf(
 			$avs_response_order_note_format,
--- a/modules/ppcp-wc-gateway/src/Processor/OrderMetaTrait.php
+++ b/modules/ppcp-wc-gateway/src/Processor/OrderMetaTrait.php
@ -45,6 +45,18 @@ trait OrderMetaTrait {
 			$wc_order->update_meta_data( PayPalGateway::ORDER_PAYMENT_SOURCE_META_KEY, $payment_source );
 		}

+		$payer = $order->payer();
+		if (
+			$payer
+			&& $payment_source
+			&& in_array( $payment_source, PayPalGateway::PAYMENT_SOURCES_WITH_PAYER_EMAIL, true )
+		) {
+			$payer_email = $payer->email_address();
+			if ( $payer_email ) {
+				$wc_order->update_meta_data( PayPalGateway::ORDER_PAYER_EMAIL_META_KEY, $payer_email );
+			}
+		}
+
 		$wc_order->save();

 		do_action( 'woocommerce_paypal_payments_woocommerce_order_created', $wc_order, $order );
--- a/modules/ppcp-wc-gateway/src/WCGatewayModule.php
+++ b/modules/ppcp-wc-gateway/src/WCGatewayModule.php
@ -448,6 +448,49 @@ class WCGatewayModule implements ModuleInterface {
 				delete_transient( 'ppcp_reference_transaction_enabled' );
 			}
 		);
+
+		/**
+		 * Param types removed to avoid third-party issues.
+		 *
+		 * @psalm-suppress MissingClosureParamType
+		 */
+		add_filter(
+			'woocommerce_admin_billing_fields',
+			function ( $fields ) {
+				global $theorder;
+
+				if ( ! is_array( $fields ) ) {
+					return $fields;
+				}
+
+				if ( ! $theorder instanceof WC_Order ) {
+					return $fields;
+				}
+
+				$email = $theorder->get_meta( PayPalGateway::ORDER_PAYER_EMAIL_META_KEY ) ?: '';
+
+				if ( ! $email ) {
+					return $fields;
+				}
+
+				// Is payment source is paypal exclude all non paypal funding sources.
+				$payment_source           = $theorder->get_meta( PayPalGateway::ORDER_PAYMENT_SOURCE_META_KEY ) ?: '';
+				$is_paypal_funding_source = ( strpos( $theorder->get_payment_method_title(), '(via PayPal)' ) === false );
+
+				if ( $payment_source === 'paypal' && ! $is_paypal_funding_source ) {
+					return $fields;
+				}
+
+				$fields['paypal_email'] = array(
+					'label'             => __( 'PayPal email address', 'woocommerce-paypal-payments' ),
+					'value'             => $email,
+					'wrapper_class'     => 'form-field-wide',
+					'custom_attributes' => array( 'disabled' => 'disabled' ),
+				);
+
+				return $fields;
+			}
+		);
 	}

 	/**