diff --git a/.secrets.baseline b/.secrets.baseline index b0223ed87b..74be8e87d9 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -75,6 +75,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -591,7 +595,7 @@ "filename": "test/cypress/integration/settings/your-psp.cy.js", "hashed_secret": "0ea7458942ab65e0a340cf4fd28ca00d93c494f3", "is_verified": false, - "line_number": 463 + "line_number": 456 } ], "test/cypress/integration/switch-psp/organisation-url.cy.js": [ @@ -899,5 +903,5 @@ } ] }, - "generated_at": "2023-10-19T14:35:18Z" + "generated_at": "2023-11-27T13:23:06Z" } diff --git a/app/controllers/your-psp/index.js b/app/controllers/your-psp/index.js index d3760ad763..e0cd0ce6c2 100644 --- a/app/controllers/your-psp/index.js +++ b/app/controllers/your-psp/index.js @@ -1,6 +1,5 @@ 'use strict' exports.getIndex = require('./get.controller') -exports.postToggleWorldpay3dsFlex = require('./post-toggle-worldpay-3ds-flex.controller') exports.getFlex = require('./get-flex.controller') exports.postFlex = require('./post-flex.controller') diff --git a/app/controllers/your-psp/post-flex.controller.js b/app/controllers/your-psp/post-flex.controller.js index 791e3a222d..3272af8ab4 100644 --- a/app/controllers/your-psp/post-flex.controller.js +++ b/app/controllers/your-psp/post-flex.controller.js @@ -72,10 +72,7 @@ module.exports = async function submit3dsFlexCredentials (req, res, next) { } await connector.post3dsFlexAccountCredentials(flexParams) - - if (req.account.type === 'live') { - await connector.updateIntegrationVersion3ds(accountId, INTEGRATION_VERSION_3DS) - } + await connector.updateIntegrationVersion3ds(accountId, INTEGRATION_VERSION_3DS) req.flash('generic', 'Your Worldpay 3DS Flex settings have been updated') return res.redirect(indexUrl) diff --git a/app/controllers/your-psp/post-flex.controller.test.js b/app/controllers/your-psp/post-flex.controller.test.js index f4b27e58f1..dd78fa002f 100644 --- a/app/controllers/your-psp/post-flex.controller.test.js +++ b/app/controllers/your-psp/post-flex.controller.test.js @@ -52,14 +52,16 @@ describe('Post 3DS Flex controller', () => { sinon.assert.calledWith(res.redirect, `/account/${gatewayAccountExternalId}/your-psp/${credentialId}`) }) - it('should NOT set 3DS integration version to 2 for TEST account', async () => { + it('should set 3DS integration version to 2 for TEST account', async () => { req.account = getGatewayAcountWithType('test') const controller = getControllerWithMocks() await controller(req, res, next) - sinon.assert.notCalled(updateIntegrationVersion3dsMock) + sinon.assert.calledWith(updateIntegrationVersion3dsMock, req.account.gateway_account_id, 2) + sinon.assert.calledWith(req.flash, 'generic', 'Your Worldpay 3DS Flex settings have been updated') + sinon.assert.calledWith(res.redirect, `/account/${gatewayAccountExternalId}/your-psp/${credentialId}`) }) it('should call next when there is an error checking flex credentials', async () => { diff --git a/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.js b/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.js deleted file mode 100644 index 1989097614..0000000000 --- a/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.js +++ /dev/null @@ -1,33 +0,0 @@ -'use strict' - -const paths = require('../../paths') -const formatAccountPathsFor = require('../../utils/format-account-paths-for') -const { renderErrorView } = require('../../utils/response') -const { ConnectorClient } = require('../../services/clients/connector.client') -const { getCredentialByExternalId } = require('../../utils/credentials') -const connector = new ConnectorClient(process.env.CONNECTOR_URL) - -module.exports = async function toggleWorldpay3dsFlex (req, res, next) { - const accountId = req.account.gateway_account_id - const toggleWorldpay3dsFlex = req.body['toggle-worldpay-3ds-flex'] - - if (req.account.type === 'live') { - return next(new Error(`Cannot toggle Worldpay 3DS flex for live gateway account: ${req.account.external_id}`)) - } - - if (req.body['toggle-worldpay-3ds-flex'] === 'on' || req.body['toggle-worldpay-3ds-flex'] === 'off') { - const enabling3dsFlex = toggleWorldpay3dsFlex === 'on' - const message = enabling3dsFlex ? '3DS Flex has been turned on.' : '3DS Flex has been turned off. Your payments will now use 3DS only.' - const integrationVersion3ds = enabling3dsFlex ? 2 : 1 - try { - const credential = getCredentialByExternalId(req.account, req.params.credentialId) - await connector.updateIntegrationVersion3ds(accountId, integrationVersion3ds) - req.flash('generic', message) - return res.redirect(303, formatAccountPathsFor(paths.account.yourPsp.index, req.account.external_id, credential.external_id)) - } catch (err) { - next(err) - } - } else { - return renderErrorView(req, res, false, 400) - } -} diff --git a/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.test.js b/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.test.js deleted file mode 100644 index 65532be0f6..0000000000 --- a/app/controllers/your-psp/post-toggle-worldpay-3ds-flex.controller.test.js +++ /dev/null @@ -1,141 +0,0 @@ -'use strict' - -const proxyquire = require('proxyquire') -const sinon = require('sinon') - -const gatewayAccountFixtures = require('../../../test/fixtures/gateway-account.fixtures') - -describe('Toggle Worldpay 3DS Flex controller', () => { - const gatewayAccountExternalId = 'a-gateway-account-external-id' - const credentialId = 'a-valid-credential-id' - let req - let res - let next - let updateIntegrationVersion3dsMock - let renderErrorViewMock - - beforeEach(() => { - req = { - account: gatewayAccountFixtures.validGatewayAccount({ - gateway_account_id: '1', - external_id: gatewayAccountExternalId, - gateway_account_credentials: [{ - payment_provider: 'worldpay', - external_id: credentialId - }], - type: 'test' - }), - params: { credentialId }, - flash: sinon.spy(), - body: {} - } - res = { - setHeader: sinon.stub(), - status: sinon.spy(), - redirect: sinon.spy(), - render: sinon.spy() - } - next = sinon.spy() - }) - - describe('Test gateway account', () => { - it('should toggle 3DS Flex on by setting 3DS integration version to 2', async () => { - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - req.body['toggle-worldpay-3ds-flex'] = 'on' - await controller(req, res, next) - - sinon.assert.calledWith(updateIntegrationVersion3dsMock, req.account.gateway_account_id, 2) - sinon.assert.calledWith(req.flash, 'generic', '3DS Flex has been turned on.') - sinon.assert.calledWith(res.redirect, 303, `/account/${gatewayAccountExternalId}/your-psp/${credentialId}`) - }) - - it('should toggle 3DS Flex off by setting 3DS integration version to 1', async () => { - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - req.body['toggle-worldpay-3ds-flex'] = 'off' - await controller(req, res, next) - - sinon.assert.calledWith(updateIntegrationVersion3dsMock, req.account.gateway_account_id, 1) - sinon.assert.calledWith(req.flash, 'generic', '3DS Flex has been turned off. Your payments will now use 3DS only.') - sinon.assert.calledWith(res.redirect, 303, `/account/${gatewayAccountExternalId}/your-psp/${credentialId}`) - }) - - it('should call next with error if problem calling connector', async () => { - const error = new Error() - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.reject(error)) - renderErrorViewMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - req.body['toggle-worldpay-3ds-flex'] = 'on' - await controller(req, res, next) - - sinon.assert.calledWith(updateIntegrationVersion3dsMock, req.account.gateway_account_id, 2) - const expectedError = sinon.match.instanceOf(Error) - sinon.assert.calledWith(next, expectedError) - - sinon.assert.notCalled(req.flash) - sinon.assert.notCalled(res.redirect) - }) - - it('should render an error if an invalid value is provided', async () => { - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.reject(new Error())) - renderErrorViewMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - req.body['toggle-worldpay-3ds-flex'] = 'oof' - await controller(req, res, next) - - sinon.assert.calledWith(renderErrorViewMock, req, res, false, 400) - - sinon.assert.notCalled(updateIntegrationVersion3dsMock) - sinon.assert.notCalled(req.flash) - sinon.assert.notCalled(res.redirect) - }) - - it('should render an error if no value is provided', async () => { - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.reject(new Error())) - renderErrorViewMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - await controller(req, res, next) - - sinon.assert.calledWith(renderErrorViewMock, req, res, false, 400) - - sinon.assert.notCalled(updateIntegrationVersion3dsMock) - sinon.assert.notCalled(req.flash) - sinon.assert.notCalled(res.redirect) - }) - }) - - describe('Live gateway account', () => { - it('should call next with error if trying to toggle 3DS on a live gateway account', async () => { - req.account.type = 'live' - - updateIntegrationVersion3dsMock = sinon.spy(() => Promise.resolve()) - const controller = getControllerWithMocks() - - req.body['toggle-worldpay-3ds-flex'] = 'on' - await controller(req, res, next) - - const expectedError = sinon.match.instanceOf(Error) - .and(sinon.match.has('message', `Cannot toggle Worldpay 3DS flex for live gateway account: ${req.account.external_id}`)) - sinon.assert.calledWith(next, expectedError) - }) - }) - - function getControllerWithMocks () { - return proxyquire('./post-toggle-worldpay-3ds-flex.controller', { - '../../services/clients/connector.client': { - ConnectorClient: function () { - this.updateIntegrationVersion3ds = updateIntegrationVersion3dsMock - } - }, - '../../utils/response': { - renderErrorView: renderErrorViewMock - } - }) - } -}) diff --git a/app/routes.js b/app/routes.js index c69b048037..12ba9a48cf 100644 --- a/app/routes.js +++ b/app/routes.js @@ -323,7 +323,6 @@ module.exports.bind = function (app) { // Your PSP account.get(yourPsp.index, permission('gateway-credentials:read'), yourPspController.getIndex) - account.post(yourPsp.worldpay3dsFlex, permission('toggle-3ds:update'), yourPspController.postToggleWorldpay3dsFlex) account.get([yourPsp.flex, switchPSP.flex], permission('gateway-credentials:update'), yourPspController.getFlex) account.post([yourPsp.flex, switchPSP.flex], permission('gateway-credentials:update'), yourPspController.postFlex) diff --git a/app/views/your-psp/_worldpay-flex.njk b/app/views/your-psp/_worldpay-flex.njk index 37a12a8034..6403dcb8c7 100644 --- a/app/views/your-psp/_worldpay-flex.njk +++ b/app/views/your-psp/_worldpay-flex.njk @@ -1,51 +1,3 @@ -{% set paymentProvider = 'worldpay' %} -{% set isTest = currentGatewayAccount.type === "test" %} - -{% if isTest %} -
-

3DS Flex

- - {{ govukInsetText({ - "attributes": { - "id": "worldpay-3ds-flex-is-on" if isWorldpay3dsFlexEnabled else "worldpay-3ds-flex-is-off" - }, - text: "3DS Flex is turned on." if isWorldpay3dsFlexEnabled else "3DS Flex is turned off." - }) }} - - {% if (not isWorldpay3dsFlexCredentialsConfigured) %} -

- To set up 3DS Flex on your Worldpay test account, you need to enter the following test details to turn 3DS Flex on. -

- {% endif %} - - {% if (is3dsEnabled and isWorldpay3dsFlexCredentialsConfigured) or isWorldpay3dsFlexEnabled %} -
- - {% if is3dsEnabled and isWorldpay3dsFlexCredentialsConfigured and not isWorldpay3dsFlexEnabled %} - - {{ govukButton({ - attributes: { - id: "enable-worldpay-3ds-flex-button" - }, - text: "Turn on 3DS Flex", - classes: "govuk-button--secondary" - }) }} - {% elif isWorldpay3dsFlexEnabled %} - - {{ govukButton({ - attributes: { - id: "disable-worldpay-3ds-flex-button" - }, - text: "Turn off 3DS Flex", - classes: "govuk-button--secondary" - }) }} - {% endif %} -
- {% endif %} - -
-{% endif %} - {{govukSummaryList({ attributes: {'data-cy': 'worldpay-flex-settings-summary-list'}, card: { diff --git a/test/cypress/integration/settings/switch-psp.cy.js b/test/cypress/integration/settings/switch-psp.cy.js index 7e96552e52..b44475bc1a 100644 --- a/test/cypress/integration/settings/switch-psp.cy.js +++ b/test/cypress/integration/settings/switch-psp.cy.js @@ -163,7 +163,8 @@ describe('Switch PSP settings page', () => { organisational_unit_id: organisationalUnitId, issuer: issuer, jwt_mac_key: jwtMacKey - }) + }), + gatewayAccountStubs.patchUpdate3dsVersionSuccess(gatewayAccountId, 2) ]) cy.visit(`/account/${gatewayAccountExternalId}/switch-psp`) diff --git a/test/cypress/integration/settings/your-psp.cy.js b/test/cypress/integration/settings/your-psp.cy.js index 940cc15a58..45e240ceea 100644 --- a/test/cypress/integration/settings/your-psp.cy.js +++ b/test/cypress/integration/settings/your-psp.cy.js @@ -177,13 +177,11 @@ describe('Your PSP settings page', () => { cy.task('setupStubs', [ ...getUserAndGatewayAccountStubs(gatewayAccountOpts), gatewayAccountStubs.postCheckWorldpay3dsFlexCredentials({ gatewayAccountId, result: 'valid' }), - gatewayAccountStubs.postUpdateWorldpay3dsFlexCredentials({ gatewayAccountId, ...testFlexCredentials }) + gatewayAccountStubs.postUpdateWorldpay3dsFlexCredentials({ gatewayAccountId, ...testFlexCredentials }), + gatewayAccountStubs.patchUpdate3dsVersionSuccess(gatewayAccountId, 2) ]) cy.visit(`${yourPspPath}/${credentialExternalId}`) - cy.get('[data-cy=set-up-3ds-flex-credentials-text]').should('exist') - cy.get('[data-cy=toggle-3ds-button]').should('not.exist') - cy.get('#flex-credentials-change-link').click() cy.get('#removeFlexCredentials').should('not.exist') cy.get('#organisational-unit-id').type('Invalid organisational unit ID') @@ -286,9 +284,6 @@ describe('Your PSP settings page', () => { cy.visit(`${yourPspPath}/${credentialExternalId}`) - cy.get('[data-cy=set-up-3ds-flex-credentials-text]').should('not.exist') - cy.get('[data-cy=toggle-3ds-button]').should('exist') - cy.get('.value-merchant-id').should('contain', merchantCode) cy.get('.value-username').should('contain', username) cy.get('.value-password').should('contain', '●●●●●●●●') @@ -322,8 +317,6 @@ describe('Your PSP settings page', () => { cy.get('#worldpay-3ds-flex-is-off').should('not.exist') cy.get('#worldpay-3ds-flex-is-off').should('not.exist') cy.get('#worldpay-3ds-flex-is-on').should('not.exist') - cy.get('#disable-worldpay-3ds-flex-button').should('not.exist') - cy.get('#enable-worldpay-3ds-flex-button').should('not.exist') }) it('should not allow non-MOTO merchant account code', () => { @@ -522,151 +515,6 @@ describe('Your PSP settings page', () => { }) }) - describe('When using a Worldpay account to toggle 3DS Flex', () => { - describe('Test gateway account', () => { - it('should show button to turn on 3DS flex when it is disabled', () => { - const gatewayAccountOpts = { - gateway: 'worldpay', - requires3ds: true, - integrationVersion3ds: 1, - gatewayAccountCredentials: [{ - payment_provider: 'worldpay', - credentials: testCredentials, - external_id: credentialExternalId, - id: credentialsId - }], - worldpay3dsFlex: testFlexCredentials - } - cy.task('setupStubs', [ - ...getUserAndGatewayAccountStubs(gatewayAccountOpts), - gatewayAccountStubs.patchUpdate3dsVersionSuccess(gatewayAccountId, 2) - ]) - - cy.visit(`${yourPspPath}/${credentialExternalId}`) - - cy.get('[data-cy=3ds-flex-section-for-test-worldpay-accounts]').should('exist') - - cy.get('#toggle-worldpay-3ds-flex').should('exist') - - cy.get('#worldpay-3ds-flex-is-off').should('exist') - cy.get('#worldpay-3ds-flex-is-on').should('not.exist') - - cy.get('#disable-worldpay-3ds-flex-button').should('not.exist') - cy.get('#enable-worldpay-3ds-flex-button') - .should('exist') - .click() - - cy.location().should((location) => { - expect(location.pathname).to.eq(`${yourPspPath}/${credentialExternalId}`) - }) - }) - - it('should have a button to disable 3DS Flex if 3DS is enabled and 3DS integration version is 2', () => { - const gatewayAccountOpts = { - gateway: 'worldpay', - requires3ds: true, - integrationVersion3ds: 2, - gatewayAccountCredentials: [{ - payment_provider: 'worldpay', - credentials: testCredentials, - external_id: credentialExternalId, - id: credentialsId - }], - worldpay3dsFlex: testFlexCredentials - } - cy.task('setupStubs', [ - ...getUserAndGatewayAccountStubs(gatewayAccountOpts), - gatewayAccountStubs.patchUpdate3dsVersionSuccess(gatewayAccountId, 1) - ]) - - cy.visit(`${yourPspPath}/${credentialExternalId}`) - - cy.get('[data-cy=set-up-3ds-flex-credentials-text]').should('not.exist') - - cy.get('#worldpay-3ds-flex-is-on').should('exist') - cy.get('#worldpay-3ds-flex-is-off').should('not.exist') - - cy.get('#enable-worldpay-3ds-flex-button').should('not.exist') - cy.get('#disable-worldpay-3ds-flex-button') - .should('exist') - .click() - - cy.location().should((location) => { - expect(location.pathname).to.eq(`${yourPspPath}/${credentialExternalId}`) - }) - }) - - it('should have not have a button to enable 3DS Flex if 3DS is enabled, 3DS integration version is 1 but there are no 3DS Flex credentials', () => { - cy.task('setupStubs', getUserAndGatewayAccountStubs({ - gateway: 'worldpay', - requires3ds: false, - integrationVersion3ds: 1, - gatewayAccountCredentials: [{ - payment_provider: 'worldpay', - credentials: testCredentials, - external_id: credentialExternalId, - id: credentialsId - }] - })) - - cy.visit(`${yourPspPath}/${credentialExternalId}`) - - cy.get('[data-cy=set-up-3ds-flex-credentials-text]').should('exist') - - cy.get('#worldpay-3ds-flex-is-off').should('exist') - cy.get('#worldpay-3ds-flex-is-on').should('not.exist') - cy.get('#disable-worldpay-3ds-flex-button').should('not.exist') - cy.get('#enable-worldpay-3ds-flex-button').should('not.exist') - }) - - it('should have not have a button to enable or disable 3DS Flex if 3DS is disabled', () => { - cy.task('setupStubs', getUserAndGatewayAccountStubs({ - gateway: 'worldpay', - requires3ds: false, - integrationVersion3ds: 1, - gatewayAccountCredentials: [{ - payment_provider: 'worldpay', - credentials: testCredentials, - external_id: credentialExternalId, - id: credentialsId - }], - worldpay3dsFlex: testFlexCredentials - })) - - cy.visit(`${yourPspPath}/${credentialExternalId}`) - - cy.get('[data-cy=set-up-3ds-flex-credentials-text]').should('not.exist') - - cy.get('#worldpay-3ds-flex-is-off').should('exist') - cy.get('#worldpay-3ds-flex-is-on').should('not.exist') - cy.get('#disable-worldpay-3ds-flex-button').should('not.exist') - cy.get('#enable-worldpay-3ds-flex-button').should('not.exist') - }) - }) - - describe('Live gateway account', () => { - it('should display the page correctly for live gateway accounts', () => { - cy.task('setupStubs', getUserAndGatewayAccountStubs({ - gateway: 'worldpay', - requires3ds: true, - integrationVersion3ds: 2, - gatewayAccountCredentials: [{ - payment_provider: 'worldpay', - credentials: testCredentials, - external_id: credentialExternalId, - id: credentialsId - }], - worldpay3dsFlex: testFlexCredentials, - type: 'live' - })) - - cy.visit(`${yourPspPath}/${credentialExternalId}`) - - cy.get('[data-cy=3ds-flex-section-for-test-worldpay-accounts]').should('not.exist') - }) - }) - }) - describe('When using an ePDQ account', () => { const gatewayAccountOpts = { gateway: 'epdq',