mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-05 20:57:12 +00:00
774 lines
29 KiB
PHP
774 lines
29 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Sylius package.
|
|
*
|
|
* (c) Sylius Sp. z o.o.
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Sylius\Tests\Api\Shop;
|
|
|
|
use PHPUnit\Framework\Attributes\DataProvider;
|
|
use PHPUnit\Framework\Attributes\Test;
|
|
use Sylius\Component\Core\Model\PaymentInterface;
|
|
use Sylius\Component\Payment\Model\PaymentRequestInterface;
|
|
use Sylius\Tests\Api\JsonApiTestCase;
|
|
use Sylius\Tests\Api\Utils\OrderPlacerTrait;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
final class PaymentRequestsTest extends JsonApiTestCase
|
|
{
|
|
use OrderPlacerTrait;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->setUpOrderPlacer();
|
|
$this->setUpShopUserContext();
|
|
|
|
parent::setUp();
|
|
}
|
|
|
|
#[Test]
|
|
public function it_gets_a_payment_request(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
);
|
|
|
|
$this->assertResponseSuccessful('shop/payment_request/get_payment_request');
|
|
}
|
|
|
|
/**
|
|
* @param string[] $fixturesPaths
|
|
*
|
|
* @throws \JsonException
|
|
*/
|
|
#[DataProvider('createPaymentRequestProvider')]
|
|
#[Test]
|
|
public function it_creates_a_payment_request(array $fixturesPaths, string $responsePath): void
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles($fixturesPaths);
|
|
|
|
$tokenValue = 'nAWw2jewpA';
|
|
$order = $this->placeOrder($tokenValue, 'oliver@doe.com');
|
|
$payment = $order->getLastPayment();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $tokenValue),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponse(
|
|
$this->client->getResponse(),
|
|
$responsePath,
|
|
Response::HTTP_CREATED,
|
|
);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_create_a_payment_request_for_not_existent_order(): void
|
|
{
|
|
$this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'cart.yaml',
|
|
'country.yaml',
|
|
'shipping_method.yaml',
|
|
'payment_method.yaml',
|
|
]);
|
|
|
|
$order = $this->placeOrder('nAWw2jewpA', 'oliver@doe.com');
|
|
$payment = $order->getLastPayment();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: '/api/v2/shop/orders/invalid_token/payment-requests',
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_create_a_payment_request_without_required_data(): void
|
|
{
|
|
$this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'cart.yaml',
|
|
'country.yaml',
|
|
'shipping_method.yaml',
|
|
'payment_method.yaml',
|
|
]);
|
|
|
|
$tokenValue = 'nAWw2jewpA';
|
|
$this->placeOrder($tokenValue, 'oliver@doe.com');
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $tokenValue),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponse(
|
|
$this->client->getResponse(),
|
|
'shop/payment_request/post_payment_request_without_required_data',
|
|
Response::HTTP_UNPROCESSABLE_ENTITY,
|
|
);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_create_a_payment_request_with_not_existent_action(): void
|
|
{
|
|
$this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'cart.yaml',
|
|
'country.yaml',
|
|
'shipping_method.yaml',
|
|
'payment_method.yaml',
|
|
]);
|
|
|
|
$tokenValue = 'nAWw2jewpA';
|
|
$order = $this->placeOrder($tokenValue, 'oliver@doe.com');
|
|
$payment = $order->getLastPayment();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $tokenValue),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'action' => 'invalid_action',
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseContainsViolations([
|
|
['propertyPath' => '', 'message' => sprintf('The payment request (method code: %s and payment id: %d) has no handler. Please choose another payment method.', $payment->getMethod()->getCode(), $payment->getId())],
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_create_a_payment_request_for_an_order_that_is_not_placed(): void
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/order_not_placed.yaml',
|
|
]);
|
|
|
|
/** @var PaymentInterface $payment */
|
|
$payment = $fixtures['payment_not_placed'];
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: '/api/v2/shop/orders/notPlacedOrderToken/payment-requests',
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => 'CASH_ON_DELIVERY',
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseContainsViolations([
|
|
['propertyPath' => '', 'message' => 'Payment requests can only be created for placed orders.'],
|
|
]);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_update_a_payment_request_for_an_order_that_is_not_placed(): void
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/order_not_placed.yaml',
|
|
'payment_request/payment_request_not_placed.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_not_placed'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode(['payload' => ['some' => 'payload']], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseContainsViolations([
|
|
['propertyPath' => '', 'message' => 'Payment requests can only be created for placed orders.'],
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* @param array<string> $fixturesPaths
|
|
*
|
|
* @throws \JsonException
|
|
*/
|
|
#[DataProvider('updatePaymentRequestProvider')]
|
|
#[Test]
|
|
public function it_updates_a_payment_request(array $fixturesPaths, string $responsePath): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles($fixturesPaths);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/new-target-path',
|
|
'after_path' => 'https://myshop.tld/new-after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseSuccessful($responsePath);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_update_a_payment_request_in_wrong_state(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_authorize'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/new-target-path',
|
|
'after_path' => 'https://myshop.tld/new-after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
$response = $this->client->getResponse();
|
|
|
|
$this->assertSame(Response::HTTP_NOT_FOUND, $response->getStatusCode());
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_an_anonymous_customer_to_get_a_payment_request_owned_by_a_customer(): void
|
|
{
|
|
$paymentRequest = $this->loadPaymentRequestOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->build(),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_customer_to_get_a_payment_request_owned_by_another_customer(): void
|
|
{
|
|
$paymentRequest = $this->loadPaymentRequestOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withShopUserAuthorization('dave@doe.com')->build(),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_an_anonymous_customer_to_update_a_payment_request_owned_by_a_customer(): void
|
|
{
|
|
$paymentRequest = $this->loadPaymentRequestOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://attacker.tld/target-path',
|
|
'after_path' => 'https://attacker.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_customer_to_update_a_payment_request_owned_by_another_customer(): void
|
|
{
|
|
$paymentRequest = $this->loadPaymentRequestOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('dave@doe.com')->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://attacker.tld/target-path',
|
|
'after_path' => 'https://attacker.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_shop_user_to_get_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_shop_user_to_update_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_get_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->build(),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_OK);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_update_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'channel/channel.yaml',
|
|
'gateway_config_payment_request.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/new-target-path',
|
|
'after_path' => 'https://myshop.tld/new-after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_OK);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_get_a_payment_request_for_an_order_created_as_guest_by_a_registered_customer(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer_created_as_guest.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'GET',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->build(),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_OK);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_update_a_payment_request_for_an_order_created_as_guest_by_a_registered_customer(): void
|
|
{
|
|
$this->setUpDefaultGetHeaders();
|
|
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'gateway_config_payment_request.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer_created_as_guest.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
$this->client->request(
|
|
method: 'PUT',
|
|
uri: sprintf('/api/v2/shop/payment-requests/%s', $paymentRequest->getHash()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/new-target-path',
|
|
'after_path' => 'https://myshop.tld/new-after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_OK);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_an_anonymous_customer_to_create_a_payment_request_for_an_order_owned_by_a_customer(): void
|
|
{
|
|
$payment = $this->loadOrderOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://attacker.tld/target-path',
|
|
'after_path' => 'https://attacker.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_customer_to_create_a_payment_request_for_an_order_owned_by_another_customer(): void
|
|
{
|
|
$payment = $this->loadOrderOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('dave@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://attacker.tld/target-path',
|
|
'after_path' => 'https://attacker.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_does_not_allow_a_shop_user_to_create_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$payment = $this->loadGuestOrder();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_NOT_FOUND);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_a_customer_to_create_a_payment_request_for_their_own_order(): void
|
|
{
|
|
$payment = $this->loadOrderOwnedByOliver();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->withShopUserAuthorization('oliver@doe.com')->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_CREATED);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_create_a_payment_request_for_a_guest_order(): void
|
|
{
|
|
$payment = $this->loadGuestOrder();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_CREATED);
|
|
}
|
|
|
|
#[Test]
|
|
public function it_allows_an_anonymous_user_to_create_a_payment_request_for_an_order_created_as_guest_by_a_registered_customer(): void
|
|
{
|
|
$payment = $this->loadOrderCreatedAsGuestByRegisteredCustomer();
|
|
|
|
$this->client->request(
|
|
method: 'POST',
|
|
uri: sprintf('/api/v2/shop/orders/%s/payment-requests', $payment->getOrder()->getTokenValue()),
|
|
server: $this->headerBuilder()->withJsonLdAccept()->withJsonLdContentType()->build(),
|
|
content: json_encode([
|
|
'paymentId' => $payment->getId(),
|
|
'paymentMethodCode' => $payment->getMethod()->getCode(),
|
|
'payload' => [
|
|
'target_path' => 'https://myshop.tld/target-path',
|
|
'after_path' => 'https://myshop.tld/after-path',
|
|
],
|
|
], \JSON_THROW_ON_ERROR),
|
|
);
|
|
|
|
$this->assertResponseCode($this->client->getResponse(), Response::HTTP_CREATED);
|
|
}
|
|
|
|
private function loadOrderOwnedByOliver(): PaymentInterface
|
|
{
|
|
return $this->loadOrderPayment('payment_request/order_with_customer.yaml');
|
|
}
|
|
|
|
private function loadGuestOrder(): PaymentInterface
|
|
{
|
|
return $this->loadOrderPayment('payment_request/order.yaml');
|
|
}
|
|
|
|
private function loadOrderCreatedAsGuestByRegisteredCustomer(): PaymentInterface
|
|
{
|
|
return $this->loadOrderPayment('payment_request/order_with_customer_created_as_guest.yaml');
|
|
}
|
|
|
|
private function loadOrderPayment(string $orderFixture): PaymentInterface
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
$orderFixture,
|
|
]);
|
|
|
|
/** @var PaymentInterface $payment */
|
|
$payment = $fixtures['payment'];
|
|
|
|
return $payment;
|
|
}
|
|
|
|
private function loadPaymentRequestOwnedByOliver(): PaymentRequestInterface
|
|
{
|
|
$fixtures = $this->loadFixturesFromFiles([
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer.yaml',
|
|
]);
|
|
|
|
/** @var PaymentRequestInterface $paymentRequest */
|
|
$paymentRequest = $fixtures['payment_request_capture'];
|
|
|
|
return $paymentRequest;
|
|
}
|
|
|
|
public static function createPaymentRequestProvider(): iterable
|
|
{
|
|
yield 'Payment request' => [
|
|
[
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'cart.yaml',
|
|
'country.yaml',
|
|
'shipping_method.yaml',
|
|
'gateway_config_payment_request.yaml',
|
|
'payment_method.yaml',
|
|
],
|
|
'shop/payment_request/post_payment_request',
|
|
];
|
|
|
|
yield 'Payum' => [
|
|
[
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'cart.yaml',
|
|
'country.yaml',
|
|
'shipping_method.yaml',
|
|
'payment_method.yaml',
|
|
],
|
|
'shop/payment_request/post_payment_request_payum',
|
|
];
|
|
}
|
|
|
|
public static function updatePaymentRequestProvider(): iterable
|
|
{
|
|
yield 'Payment Request' => [
|
|
[
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'gateway_config_payment_request.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request.yaml',
|
|
'payment_request/order_with_customer.yaml',
|
|
],
|
|
'shop/payment_request/put_payment_request',
|
|
];
|
|
|
|
yield 'Payum' => [
|
|
[
|
|
'authentication/shop_user.yaml',
|
|
'channel/channel.yaml',
|
|
'payment_method.yaml',
|
|
'payment_request/payment_request_payum.yaml',
|
|
'payment_request/order_with_customer.yaml',
|
|
],
|
|
'shop/payment_request/put_payment_request_payum',
|
|
];
|
|
}
|
|
}
|