Merge pull request #658 from magento-mpi/MAGETWO-43348

[MPI] Sprint 72
magento · Oct 1, 2015 · b4d2cb5 · b4d2cb5
2 parents 45863d7 + 57750e2
commit b4d2cb5
Show file tree

Hide file tree

Showing 60 changed files with 1,361 additions and 482 deletions.
diff --git a/app/code/Magento/Authorizenet/Model/Authorizenet.php b/app/code/Magento/Authorizenet/Model/Authorizenet.php
@@ -104,6 +104,11 @@ abstract class Authorizenet extends \Magento\Payment\Model\Method\Cc
  */
  protected $_debugReplacePrivateDataKeys = ['merchantAuthentication', 'x_login'];
 
+ /**
+ * @var \Magento\Framework\Xml\Security
+ */
+ protected $xmlSecurityHelper;
+
  /**
  * @param \Magento\Framework\Model\Context $context
  * @param \Magento\Framework\Registry $registry
@@ -117,6 +122,7 @@ abstract class Authorizenet extends \Magento\Payment\Model\Method\Cc
  * @param \Magento\Authorizenet\Helper\Data $dataHelper
  * @param \Magento\Authorizenet\Model\Request\Factory $requestFactory
  * @param \Magento\Authorizenet\Model\Response\Factory $responseFactory
+ * @param \Magento\Framework\Xml\Security $xmlSecurityHelper
  * @param \Magento\Framework\Model\Resource\AbstractResource $resource
  * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
  * @param array $data
@@ -135,13 +141,15 @@ public function __construct(
  \Magento\Authorizenet\Helper\Data $dataHelper,
  \Magento\Authorizenet\Model\Request\Factory $requestFactory,
  \Magento\Authorizenet\Model\Response\Factory $responseFactory,
+ \Magento\Framework\Xml\Security $xmlSecurityHelper,
  \Magento\Framework\Model\Resource\AbstractResource $resource = null,
  \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
  array $data = []
  ) {
  $this->dataHelper = $dataHelper;
  $this->requestFactory = $requestFactory;
  $this->responseFactory = $responseFactory;
+ $this->xmlSecurityHelper = $xmlSecurityHelper;
 
  parent::__construct(
  $context,
@@ -489,6 +497,10 @@ protected function loadTransactionDetails($transactionId)
 
  try {
  $responseBody = $client->request()->getBody();
+ if (!$this->xmlSecurityHelper->scan($responseBody)) {
+ $this->_logger->critical('Attempt loading of external XML entities in response from Authorizenet.');
+ throw new \Exception();
+ }
  $debugData['response'] = $responseBody;
  libxml_use_internal_errors(true);
  $responseXmlDocument = new \Magento\Framework\Simplexml\Element($responseBody);

diff --git a/app/code/Magento/Authorizenet/Model/Directpost.php b/app/code/Magento/Authorizenet/Model/Directpost.php
@@ -130,6 +130,7 @@ class Directpost extends \Magento\Authorizenet\Model\Authorizenet implements Tra
  * @param \Magento\Authorizenet\Helper\Data $dataHelper
  * @param \Magento\Authorizenet\Model\Directpost\Request\Factory $requestFactory
  * @param \Magento\Authorizenet\Model\Directpost\Response\Factory $responseFactory
+ * @param \Magento\Framework\Xml\Security $xmlSecurityHelper
  * @param \Magento\Sales\Model\OrderFactory $orderFactory
  * @param \Magento\Store\Model\StoreManagerInterface $storeManager
  * @param \Magento\Quote\Model\QuoteRepository $quoteRepository
@@ -153,6 +154,7 @@ public function __construct(
  \Magento\Authorizenet\Helper\Data $dataHelper,
  \Magento\Authorizenet\Model\Directpost\Request\Factory $requestFactory,
  \Magento\Authorizenet\Model\Directpost\Response\Factory $responseFactory,
+ \Magento\Framework\Xml\Security $xmlSecurityHelper,
  \Magento\Sales\Model\OrderFactory $orderFactory,
  \Magento\Store\Model\StoreManagerInterface $storeManager,
  \Magento\Quote\Model\QuoteRepository $quoteRepository,
@@ -183,6 +185,7 @@ public function __construct(
  $dataHelper,
  $requestFactory,
  $responseFactory,
+ $xmlSecurityHelper,
  $resource,
  $resourceCollection,
  $data

diff --git a/app/code/Magento/Authorizenet/etc/adminhtml/system.xml b/app/code/Magento/Authorizenet/etc/adminhtml/system.xml
@@ -45,7 +45,7 @@
  <label>Gateway URL</label>
  </field>
  <field id="cgi_url_td" translate="label" type="text" sortOrder="100" showInDefault="1" showInWebsite="1" showInStore="0">
- <label>Transaction Details Url</label>
+ <label>Transaction Details URL</label>
  </field>
  <field id="currency" translate="label" type="select" sortOrder="110" showInDefault="1" showInWebsite="1" showInStore="0">
  <label>Accepted Currency</label>

diff --git a/...Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js b/...Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js
@@ -48,7 +48,7 @@ define(
  var self = this;
  if (this.validateHandler() && additionalValidators.validate()) {
  this.isPlaceOrderActionAllowed(false);
- $.when(setPaymentInformationAction(this.messageContainer)).done(function() {
+ $.when(setPaymentInformationAction(this.messageContainer, {'method': self.getCode()})).done(function() {
  self.placeOrderHandler();
  }).fail(function() {
  self.isPlaceOrderActionAllowed(true);

diff --git a/app/code/Magento/Braintree/Block/Creditcard/Management.php b/app/code/Magento/Braintree/Block/Creditcard/Management.php
@@ -258,7 +258,7 @@ public function currentCustomerLastName()
  */
  public function getEditUrl($token)
  {
- return $this->getUrl('braintree/creditcard/edit', ['token' => $token]);
+ return $this->getUrl('braintree/creditcard/edit', ['token' => $token, '_secure' => true]);
  }
 
  /**
@@ -269,7 +269,7 @@ public function getEditUrl($token)
  */
  public function getDeleteUrl($token)
  {
- return $this->getUrl('braintree/creditcard/delete', ['token' => $token]);
+ return $this->getUrl('braintree/creditcard/delete', ['token' => $token, '_secure' => true]);
  }
 
  /**
@@ -279,7 +279,7 @@ public function getDeleteUrl($token)
  */
  public function getAddUrl()
  {
- return $this->getUrl('braintree/creditcard/newcard');
+ return $this->getUrl('braintree/creditcard/newcard', ['_secure' => true]);
  }
 
  /**
@@ -289,7 +289,7 @@ public function getAddUrl()
  */
  public function getDeleteConfirmUrl()
  {
- return $this->getUrl('braintree/creditcard/deleteconfirm');
+ return $this->getUrl('braintree/creditcard/deleteconfirm', ['_secure' => true]);
  }
 
  /**
@@ -299,7 +299,7 @@ public function getDeleteConfirmUrl()
  */
  public function getAjaxSaveUrl()
  {
- return $this->getUrl('braintree/creditcard/ajaxsave');
+ return $this->getUrl('braintree/creditcard/ajaxsave', ['_secure' => true]);
  }
 
  /**
@@ -309,7 +309,7 @@ public function getAjaxSaveUrl()
  */
  public function getFormAction()
  {
- return $this->getUrl('braintree/creditcard/save');
+ return $this->getUrl('braintree/creditcard/save', ['_secure' => true]);
  }
 
  /**
@@ -319,7 +319,7 @@ public function getFormAction()
  */
  public function getBackUrl()
  {
- return $this->getUrl('braintree/creditcard/index');
+ return $this->getUrl('braintree/creditcard/index', ['_secure' => true]);
  }
 
  /**

diff --git a/app/code/Magento/Braintree/Block/PayPal/Shortcut.php b/app/code/Magento/Braintree/Block/PayPal/Shortcut.php
@@ -125,7 +125,7 @@ public function getAmount()
  */
  public function getReviewPageUrl()
  {
- return $this->_urlBuilder->getUrl('braintree/paypal/review');
+ return $this->_urlBuilder->getUrl('braintree/paypal/review', ['_secure' => true]);
  }
 
  /**

diff --git a/app/code/Magento/Braintree/Controller/PayPal/SaveShippingMethod.php b/app/code/Magento/Braintree/Controller/PayPal/SaveShippingMethod.php
@@ -38,11 +38,11 @@ public function execute()
  if ($isAjax) {
  $this->getResponse()->setBody(
  '<script>window.location.href = '
- . $this->_url->getUrl('*/*/review')
+ . $this->_url->getUrl('*/*/review', ['_secure' => true])
  . ';</script>'
  );
  } else {
- $this->_redirect('*/*/review');
+ $this->_redirect('*/*/review', ['_secure' => true]);
  }
  }
 }
diff --git a/app/code/Magento/Braintree/Model/ConfigProvider.php b/app/code/Magento/Braintree/Model/ConfigProvider.php
@@ -134,7 +134,7 @@ public function show3dSecure()
  */
  public function getAjaxGenerateNonceUrl()
  {
- return $this->urlBuilder->getUrl('braintree/creditcard/generate');
+ return $this->urlBuilder->getUrl('braintree/creditcard/generate', ['_secure' => true]);
  }
 
  /**

diff --git a/app/code/Magento/Braintree/Model/PaymentMethod.php b/app/code/Magento/Braintree/Model/PaymentMethod.php
@@ -95,7 +95,7 @@ class PaymentMethod extends \Magento\Payment\Model\Method\Cc
  * @var bool
  */
  protected $_canRefundInvoicePartial = true;
- 
+
  /**
  * @var string
  */
@@ -289,7 +289,7 @@ public function validate()
  throw new LocalizedException($error);
  }
  }
- 
+
  return $this;
  }
 
@@ -474,7 +474,7 @@ protected function braintreeAuthorize(InfoInterface $payment, $amount, $capture,
  $this->_debug($transactionParams);
  try {
  $result = $this->braintreeTransaction->sale($transactionParams);
- $this->_debug($result);
+ $this->_debug($this->_convertObjToArray($result));
  } catch (\Exception $e) {
  $this->_logger->critical($e);
  throw new LocalizedException(__('Please try again later'));
@@ -589,8 +589,8 @@ public function capture(InfoInterface $payment, $amount)
  $this->partialCapture($payment, $amount);
  } else {
  $result = $this->braintreeTransaction->submitForSettlement($payment->getCcTransId(), $amount);
- $this->_debug($payment->getCcTransId().' - '.$amount);
- $this->_debug($result);
+ $this->_debug([$payment->getCcTransId().' - '.$amount]);
+ $this->_debug($this->_convertObjToArray($result));
  if ($result->success) {
  $payment->setIsTransactionClosed(0)
  ->setShouldCloseParentTransaction(false);
@@ -621,8 +621,8 @@ public function refund(InfoInterface $payment, $amount)
  $transactionId = $this->braintreeHelper->clearTransactionId($payment->getRefundTransactionId());
  try {
  $transaction = $this->braintreeTransaction->find($transactionId);
- $this->_debug($payment->getCcTransId());
- $this->_debug($transaction);
+ $this->_debug([$payment->getCcTransId()]);
+ $this->_debug($this->_convertObjToArray($transaction));
  if ($transaction->status === \Braintree_Transaction::SUBMITTED_FOR_SETTLEMENT) {
  if ($transaction->amount != $amount) {
  $message = __('This refund is for a partial amount but the Transaction has not settled.')
@@ -641,7 +641,7 @@ public function refund(InfoInterface $payment, $amount)
  $result = $canVoid
  ? $this->braintreeTransaction->void($transactionId)
  : $this->braintreeTransaction->refund($transactionId, $amount);
- $this->_debug($result);
+ $this->_debug($this->_convertObjToArray($result));
  if ($result->success) {
  $payment->setIsTransactionClosed(1);
  } else {
@@ -711,9 +711,9 @@ public function void(InfoInterface $payment)
  }
  $errors = '';
  foreach ($transactionIds as $transactionId) {
- $this->_debug('void-' . $transactionId);
+ $this->_debug(['void-' . $transactionId]);
  $result = $this->braintreeTransaction->void($transactionId);
- $this->_debug($result);
+ $this->_debug($this->_convertObjToArray($result));
  if (!$result->success) {
  $errors .= ' ' . $this->errorHelper->parseBraintreeError($result)->getText();
  } elseif ($message) {
@@ -853,7 +853,7 @@ protected function getChannel()
  */
  protected function cloneTransaction($amount, $transactionId)
  {
- $this->_debug('clone-' . $transactionId . ' amount=' . $amount);
+ $this->_debug(['clone-' . $transactionId . ' amount=' . $amount]);
  $result = $this->braintreeTransaction->cloneTransaction(
  $transactionId,
  [
@@ -863,7 +863,7 @@ protected function cloneTransaction($amount, $transactionId)
  ]
  ]
  );
- $this->_debug($result);
+ $this->_debug($this->_convertObjToArray($result));
  return $result;
  }
 
@@ -907,28 +907,6 @@ public function canVoid()
  return $this->_canVoid;
  }
 
- /**
- * Log debug data to file
- *
- * @param mixed $debugData
- * @return $this
- */
- protected function _debug($debugData)
- {
- if (!$this->config->isDebugEnabled()) {
- return $this;
- }
- if (!is_array($debugData)) {
- if (is_object($debugData)) {
- $debugData = var_export($debugData, true);
- } else {
- $debugData = [$debugData];
- }
- }
- parent::_debug((array)$debugData);
- return $this;
- }
-
  /**
  * Return replace keys for debug data
  *
@@ -957,4 +935,14 @@ public function getConfigData($field, $storeId = null)
  }
  return $this->config->getConfigData($field, $storeId);
  }
+
+ /**
+ * Convert response from Braintree to array
+ * @param \Braintree_Result_Successful|\Braintree_Result_Error|\Braintree_Transaction $data
+ * @return array
+ */
+ protected function _convertObjToArray($data)
+ {
+ return json_decode(json_encode($data), true);
+ }
 }
diff --git a/app/code/Magento/Braintree/Model/PaymentMethod/PayPal.php b/app/code/Magento/Braintree/Model/PaymentMethod/PayPal.php
@@ -290,8 +290,8 @@ public function capture(InfoInterface $payment, $amount)
  try {
  if ($payment->getCcTransId()) {
  $result = $this->braintreeTransaction->submitForSettlement($payment->getCcTransId(), $amount);
- $this->_debug($payment->getCcTransId().' - '.$amount);
- $this->_debug($result);
+ $this->_debug([$payment->getCcTransId().' - '.$amount]);
+ $this->_debug($this->_convertObjToArray($result));
  if ($result->success) {
  $payment->setIsTransactionClosed(0)
  ->setShouldCloseParentTransaction(false);

diff --git a/app/code/Magento/Braintree/etc/adminhtml/system.xml b/app/code/Magento/Braintree/etc/adminhtml/system.xml
@@ -8,7 +8,7 @@
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../Config/etc/system_file.xsd">
  <system>
  <section id="payment">
- <group id="braintree_section" translate="label" type="text" sortOrder="25" showInDefault="1" showInWebsite="1" showInStore="1">
+ <group id="braintree_section" translate="label" type="text" sortOrder="2" showInDefault="1" showInWebsite="1" showInStore="1">
  <label>Braintree</label>
  <comment><![CDATA[Accept credit/debit cards and PayPal in your Magento store. No setup or monthly fees and your customers never leave your store to complete the purchase.]]></comment>
  <attribute type="expanded">1</attribute>
@@ -19,15 +19,15 @@
  <frontend_model>Magento\Paypal\Block\Adminhtml\System\Config\Fieldset\Payment</frontend_model>
  <attribute type="activity_path">payment/braintree/active</attribute>
  <field id="active" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="0">
- <label>Enabled Braintree</label>
+ <label>Enable this Solution</label>
  <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
  <config_path>payment/braintree/active</config_path>
  <requires>
  <group id="braintree_required"/>
  </requires>
  </field>
  <field id="active_braintree_pay_pal" translate="label" type="select" sortOrder="11" showInDefault="1" showInWebsite="1" showInStore="0">
- <label>Enabled PayPal through Braintree</label>
+ <label>Enable PayPal through Braintree</label>
  <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
  <config_path>payment/braintree_paypal/active</config_path>
  <requires>
@@ -221,10 +221,10 @@
  </field>
  </group>
  <group id="braintree_3dsecure" translate="label" showInDefault="1" showInWebsite="1" sortOrder="41">
- <label>3d Secure Verification Settings</label>
+ <label>3D Secure Verification Settings</label>
  <frontend_model>Magento\Config\Block\System\Config\Form\Fieldset</frontend_model>
  <field id="verify_3dsecure" translate="label" type="select" sortOrder="150" showInDefault="1" showInWebsite="1" showInStore="0">
- <label>3d Secure Verification</label>
+ <label>3D Secure Verification</label>
  <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
  <config_path>payment/braintree/verify_3dsecure</config_path>
  </field>

diff --git a/app/code/Magento/Braintree/i18n/en_US.csv b/app/code/Magento/Braintree/i18n/en_US.csv
@@ -282,3 +282,7 @@
 "Invalid request format","Invalid request format"
 "Cannot update subscription to a plan with a different billing frequency.","Cannot update subscription to a plan with a different billing frequency."
 "Mismatch currency iso code","Mismatch currency iso code"
+"Enable this Solution","Enable this Solution"
+"Enable PayPal through Braintree","Enable PayPal through Braintree"
+"3D Secure Verification Settings","3D Secure Verification Settings"
+"3D Secure Verification","3D Secure Verification"