npm - @defra/forms-engine-plugin - Versions diffs - 4.8.0 → 4.9.0 - Mend

@defra/forms-engine-plugin 4.8.0 → 4.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/.server/server/plugins/payment/service.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"service.js","names":["StatusCodes","createLogger","buildPaymentInfo","convertPenceToPounds","get","post","postJson","PAYMENT_BASE_URL","PAYMENT_ENDPOINT","logger","getAuthHeaders","apiKey","Authorization","PaymentService","constructor","createPayment","amount","description","returnUrl","reference","isLivePayment","metadata","response","postToPayProvider","return_url","delayed_capture","info","payment_id","paymentId","paymentUrl","_links","next_url","href","err","error","output","payload","message","undefined","getPaymentStatus","getByType","headers","json","errorMessage","Error","JSON","stringify","state","status","code","email","capturePayment","statusCode","res","OK","NO_CONTENT","event","category","action","outcome","reason","postJsonByType","includes"],"sources":["../../../../src/server/plugins/payment/service.js"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { createLogger } from '~/src/server/common/helpers/logging/logger.js'\nimport {\n buildPaymentInfo,\n convertPenceToPounds\n} from '~/src/server/plugins/engine/routes/payment-helper.js'\nimport { get, post, postJson } from '~/src/server/services/httpService.js'\n\nconst PAYMENT_BASE_URL = 'https://publicapi.payments.service.gov.uk'\nconst PAYMENT_ENDPOINT = '/v1/payments'\n\nconst logger = createLogger()\n\n/*\n @param {string} apiKey\n * @returns {{ Authorization: string }}\n /\nfunction getAuthHeaders(apiKey) {\n return {\n Authorization: `Bearer ${apiKey}`\n }\n}\n\nexport class PaymentService {\n /* @type {string} /\n #apiKey\n\n /\n @param {string} apiKey - API key to use (global config for test value, per-form config for live value)\n /\n constructor(apiKey) {\n this.#apiKey = apiKey\n }\n\n /\n Creates a payment with delayed capture (pre-authorisation)\n * @param {number} amount - in pence\n * @param {string} description\n * @param {string} returnUrl\n * @param {string} reference\n * @param {boolean} isLivePayment\n * @param {{ formId: string, slug: string } \| undefined } metadata\n /\n async createPayment(\n amount,\n description,\n returnUrl,\n reference,\n isLivePayment,\n metadata\n ) {\n try {\n const response = await this.postToPayProvider({\n amount,\n description,\n reference,\n metadata,\n return_url: returnUrl,\n delayed_capture: true\n })\n\n logger.info(\n buildPaymentInfo(\n 'create-payment',\n 'success',\n `amount=${convertPenceToPounds(amount)}`,\n isLivePayment,\n response.payment_id\n ),\n `[payment] Created payment and user taken to enter pre-auth details for paymentId=${response.payment_id}`\n )\n\n return {\n paymentId: response.payment_id,\n paymentUrl: response._links.next_url.href\n }\n } catch (err) {\n const error =\n /* @type {{ output?: { payload?: any }, message?: any }} / (err)\n if (isLivePayment) {\n logger.error(\n error.output?.payload ?? error.message,\n `[payment] Failed to create payment session for reference ${reference}`\n )\n }\n }\n return undefined\n }\n\n /\n @param {string} paymentId\n * @param {boolean} isLivePayment\n * @returns {Promise<GetPaymentResponse>}\n /\n async getPaymentStatus(paymentId, isLivePayment) {\n const getByType = /* @type {typeof get<GetPaymentApiResponse>} / (get)\n\n try {\n const response = await getByType(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}/${paymentId}`,\n {\n headers: getAuthHeaders(this.#apiKey),\n json: true\n }\n )\n\n if (response.error) {\n const errorMessage =\n response.error instanceof Error\n ? response.error.message\n : JSON.stringify(response.error)\n throw new Error(`Failed to get payment status: ${errorMessage}`)\n }\n\n const state = response.payload.state\n logger.info(\n buildPaymentInfo(\n 'get-payment-status',\n state.status === 'capturable' \|\| state.status === 'success'\n ? 'success'\n : 'failure',\n `status:${state.status} code:${state.code ?? 'N/A'} message:${state.message ?? 'N/A'}`,\n isLivePayment,\n paymentId\n ),\n `[payment] Got payment status for paymentId=${paymentId}: status=${state.status}`\n )\n\n return {\n state,\n _links: response.payload._links,\n email: response.payload.email,\n paymentId: response.payload.payment_id,\n amount: response.payload.amount\n }\n } catch (err) {\n const error = /* @type {Error} / (err)\n logger.error(\n error,\n `[payment] Error getting payment status for paymentId=${paymentId}: ${error.message}`\n )\n throw err\n }\n }\n\n /\n Captures a payment that is in 'capturable' status\n * @param {string} paymentId\n * @param {number} amount\n * @returns {Promise<boolean>}\n /\n async capturePayment(paymentId, amount) {\n try {\n const response = await post(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}/${paymentId}/capture`,\n {\n headers: getAuthHeaders(this.#apiKey)\n }\n )\n\n const statusCode = response.res.statusCode\n\n if (\n statusCode === StatusCodes.OK \|\|\n statusCode === StatusCodes.NO_CONTENT\n ) {\n logger.info(\n {\n event: {\n category: 'payment',\n action: 'capture-payment',\n outcome: 'success',\n reason: `amount=${convertPenceToPounds(amount)}`,\n reference: paymentId\n }\n },\n `[payment] Successfully captured payment for paymentId=${paymentId}`\n )\n return true\n }\n\n logger.error(\n `[payment] Capture failed for paymentId=${paymentId}: HTTP ${statusCode}`\n )\n return false\n } catch (err) {\n const error = /* @type {Error} / (err)\n logger.error(\n error,\n `[payment] Error capturing payment for paymentId=${paymentId}: ${error.message}`\n )\n throw err\n }\n }\n\n /\n @param {CreatePaymentRequest} payload\n /\n async postToPayProvider(payload) {\n const postJsonByType =\n /* @type {typeof postJson<CreatePaymentResponse>} / (postJson)\n\n try {\n const response = await postJsonByType(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}`,\n {\n payload,\n headers: getAuthHeaders(this.#apiKey)\n }\n )\n\n if (response.payload?.state.status !== 'created') {\n throw new Error(\n `Failed to create payment for reference=${payload.reference}`\n )\n }\n\n return response.payload\n } catch (err) {\n const error = /* @type {Error} / (err)\n if (!error.message.includes('401 Unauthorized')) {\n logger.error(\n error,\n `[payment] Error creating payment for reference=${payload.reference}: ${error.message}`\n )\n }\n throw err\n }\n }\n}\n\n/\n @import { CreatePaymentRequest, CreatePaymentResponse, GetPaymentApiResponse, GetPaymentResponse } from '~/src/server/plugins/payment/types.js'\n */\n"],"mappings":"AAAA,SAASA,WAAW,QAAQ,mBAAmB;AAE/C,SAASC,YAAY;AACrB,SACEC,gBAAgB,EAChBC,oBAAoB;AAEtB,SAASC,GAAG,EAAEC,IAAI,EAAEC,QAAQ;AAE5B,MAAMC,gBAAgB,GAAG,2CAA2C;AACpE,MAAMC,gBAAgB,GAAG,cAAc;AAEvC,MAAMC,MAAM,GAAGR,YAAY,CAAC,CAAC;;AAE7B;AACA;AACA;AACA;AACA,SAASS,cAAcA,CAACC,MAAM,EAAE;EAC9B,OAAO;IACLC,aAAa,EAAE,UAAUD,MAAM;EACjC,CAAC;AACH;AAEA,OAAO,MAAME,cAAc,CAAC;EAC1B;EACA,CAACF,MAAM;;EAEP;AACF;AACA;EACEG,WAAWA,CAACH,MAAM,EAAE;IAClB,IAAI,CAAC,CAACA,MAAM,GAAGA,MAAM;EACvB;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMI,aAAaA,CACjBC,MAAM,EACNC,WAAW,EACXC,SAAS,EACTC,SAAS,EACTC,aAAa,EACbC,QAAQ,EACR;IACA,IAAI;MACF,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAACC,iBAAiB,CAAC;QAC5CP,MAAM;QACNC,WAAW;QACXE,SAAS;QACTE,QAAQ;QACRG,UAAU,EAAEN,SAAS;QACrBO,eAAe,EAAE;MACnB,CAAC,CAAC;MAEFhB,MAAM,CAACiB,IAAI,CACTxB,gBAAgB,CACd,gBAAgB,EAChB,SAAS,EACT,UAAUC,oBAAoB,CAACa,MAAM,CAAC,EAAE,EACxCI,aAAa,EACbE,QAAQ,CAACK,UACX,CAAC,EACD,oFAAoFL,QAAQ,CAACK,UAAU,EACzG,CAAC;MAED,OAAO;QACLC,SAAS,EAAEN,QAAQ,CAACK,UAAU;QAC9BE,UAAU,EAAEP,QAAQ,CAACQ,MAAM,CAACC,QAAQ,CAACC;MACvC,CAAC;IACH,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,MAAMC,KAAK,GACT,4DAA8DD,GAAI;MACpE,IAAIb,aAAa,EAAE;QACjBX,MAAM,CAACyB,KAAK,CACVA,KAAK,CAACC,MAAM,EAAEC,OAAO,IAAIF,KAAK,CAACG,OAAO,EACtC,4DAA4DlB,SAAS,EACvE,CAAC;MACH;IACF;IACA,OAAOmB,SAAS;EAClB;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CAACX,SAAS,EAAER,aAAa,EAAE;IAC/C,MAAMoB,SAAS,GAAG,gDAAkDpC,GAAI;IAExE,IAAI;MACF,MAAMkB,QAAQ,GAAG,MAAMkB,SAAS,CAC9B,GAAGjC,gBAAgB,GAAGC,gBAAgB,IAAIoB,SAAS,EAAE,EACrD;QACEa,OAAO,EAAE/B,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM,CAAC;QACrC+B,IAAI,EAAE;MACR,CACF,CAAC;MAED,IAAIpB,QAAQ,CAACY,KAAK,EAAE;QAClB,MAAMS,YAAY,GAChBrB,QAAQ,CAACY,KAAK,YAAYU,KAAK,GAC3BtB,QAAQ,CAACY,KAAK,CAACG,OAAO,GACtBQ,IAAI,CAACC,SAAS,CAACxB,QAAQ,CAACY,KAAK,CAAC;QACpC,MAAM,IAAIU,KAAK,CAAC,iCAAiCD,YAAY,EAAE,CAAC;MAClE;MAEA,MAAMI,KAAK,GAAGzB,QAAQ,CAACc,OAAO,CAACW,KAAK;MACpCtC,MAAM,CAACiB,IAAI,CACTxB,gBAAgB,CACd,oBAAoB,EACpB6C,KAAK,CAACC,MAAM,KAAK,YAAY,IAAID,KAAK,CAACC,MAAM,KAAK,SAAS,GACvD,SAAS,GACT,SAAS,EACb,UAAUD,KAAK,CAACC,MAAM,SAASD,KAAK,CAACE,IAAI,IAAI,KAAK,YAAYF,KAAK,CAACV,OAAO,IAAI,KAAK,EAAE,EACtFjB,aAAa,EACbQ,SACF,CAAC,EACD,8CAA8CA,SAAS,YAAYmB,KAAK,CAACC,MAAM,EACjF,CAAC;MAED,OAAO;QACLD,KAAK;QACLjB,MAAM,EAAER,QAAQ,CAACc,OAAO,CAACN,MAAM;QAC/BoB,KAAK,EAAE5B,QAAQ,CAACc,OAAO,CAACc,KAAK;QAC7BtB,SAAS,EAAEN,QAAQ,CAACc,OAAO,CAACT,UAAU;QACtCX,MAAM,EAAEM,QAAQ,CAACc,OAAO,CAACpB;MAC3B,CAAC;IACH,CAAC,CAAC,OAAOiB,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxCxB,MAAM,CAACyB,KAAK,CACVA,KAAK,EACL,wDAAwDN,SAAS,KAAKM,KAAK,CAACG,OAAO,EACrF,CAAC;MACD,MAAMJ,GAAG;IACX;EACF;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMkB,cAAcA,CAACvB,SAAS,EAAEZ,MAAM,EAAE;IACtC,IAAI;MACF,MAAMM,QAAQ,GAAG,MAAMjB,IAAI,CACzB,GAAGE,gBAAgB,GAAGC,gBAAgB,IAAIoB,SAAS,UAAU,EAC7D;QACEa,OAAO,EAAE/B,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM;MACtC,CACF,CAAC;MAED,MAAMyC,UAAU,GAAG9B,QAAQ,CAAC+B,GAAG,CAACD,UAAU;MAE1C,IACEA,UAAU,KAAKpD,WAAW,CAACsD,EAAE,IAC7BF,UAAU,KAAKpD,WAAW,CAACuD,UAAU,EACrC;QACA9C,MAAM,CAACiB,IAAI,CACT;UACE8B,KAAK,EAAE;YACLC,QAAQ,EAAE,SAAS;YACnBC,MAAM,EAAE,iBAAiB;YACzBC,OAAO,EAAE,SAAS;YAClBC,MAAM,EAAE,UAAUzD,oBAAoB,CAACa,MAAM,CAAC,EAAE;YAChDG,SAAS,EAAES;UACb;QACF,CAAC,EACD,yDAAyDA,SAAS,EACpE,CAAC;QACD,OAAO,IAAI;MACb;MAEAnB,MAAM,CAACyB,KAAK,CACV,0CAA0CN,SAAS,UAAUwB,UAAU,EACzE,CAAC;MACD,OAAO,KAAK;IACd,CAAC,CAAC,OAAOnB,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxCxB,MAAM,CAACyB,KAAK,CACVA,KAAK,EACL,mDAAmDN,SAAS,KAAKM,KAAK,CAACG,OAAO,EAChF,CAAC;MACD,MAAMJ,GAAG;IACX;EACF;;EAEA;AACF;AACA;EACE,MAAMV,iBAAiBA,CAACa,OAAO,EAAE;IAC/B,MAAMyB,cAAc,GAClB,qDAAuDvD,QAAS;IAElE,IAAI;MACF,MAAMgB,QAAQ,GAAG,MAAMuC,cAAc,CACnC,GAAGtD,gBAAgB,GAAGC,gBAAgB,EAAE,EACxC;QACE4B,OAAO;QACPK,OAAO,EAAE/B,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM;MACtC,CACF,CAAC;MAED,IAAIW,QAAQ,CAACc,OAAO,EAAEW,KAAK,CAACC,MAAM,KAAK,SAAS,EAAE;QAChD,MAAM,IAAIJ,KAAK,CACb,0CAA0CR,OAAO,CAACjB,SAAS,EAC7D,CAAC;MACH;MAEA,OAAOG,QAAQ,CAACc,OAAO;IACzB,CAAC,CAAC,OAAOH,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxC,IAAI,CAACC,KAAK,CAACG,OAAO,CAACyB,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QAC/CrD,MAAM,CAACyB,KAAK,CACVA,KAAK,EACL,kDAAkDE,OAAO,CAACjB,SAAS,KAAKe,KAAK,CAACG,OAAO,EACvF,CAAC;MACH;MACA,MAAMJ,GAAG;IACX;EACF;AACF;;AAEA;AACA;AACA","ignoreList":[]}
1	+ {"version":3,"file":"service.js","names":["StatusCodes","createLogger","buildPaymentInfo","convertPenceToPounds","get","post","postJson","PAYMENT_BASE_URL","PAYMENT_ENDPOINT","logger","getAuthHeaders","apiKey","Authorization","PaymentService","constructor","createPayment","amount","description","returnUrl","reference","isLivePayment","metadata","email","payload","return_url","delayed_capture","response","postToPayProvider","info","payment_id","paymentId","paymentUrl","_links","next_url","href","err","error","output","message","undefined","getPaymentStatus","getByType","headers","json","errorMessage","Error","JSON","stringify","state","status","code","capturePayment","statusCode","res","OK","NO_CONTENT","event","category","action","outcome","reason","postJsonByType","includes"],"sources":["../../../../src/server/plugins/payment/service.js"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { createLogger } from '~/src/server/common/helpers/logging/logger.js'\nimport {\n buildPaymentInfo,\n convertPenceToPounds\n} from '~/src/server/plugins/engine/routes/payment-helper.js'\nimport { get, post, postJson } from '~/src/server/services/httpService.js'\n\nconst PAYMENT_BASE_URL = 'https://publicapi.payments.service.gov.uk'\nconst PAYMENT_ENDPOINT = '/v1/payments'\n\nconst logger = createLogger()\n\n/*\n @param {string} apiKey\n * @returns {{ Authorization: string }}\n /\nfunction getAuthHeaders(apiKey) {\n return {\n Authorization: `Bearer ${apiKey}`\n }\n}\n\nexport class PaymentService {\n /* @type {string} /\n #apiKey\n\n /\n @param {string} apiKey - API key to use (global config for test value, per-form config for live value)\n /\n constructor(apiKey) {\n this.#apiKey = apiKey\n }\n\n /\n Creates a payment with delayed capture (pre-authorisation)\n * @param {number} amount - in pence\n * @param {string} description\n * @param {string} returnUrl\n * @param {string} reference\n * @param {boolean} isLivePayment\n * @param {{ formId: string, slug: string } \| undefined } metadata\n * @param {string} [email] - optional email to prepopulate on GOV.UK Pay\n /\n async createPayment(\n amount,\n description,\n returnUrl,\n reference,\n isLivePayment,\n metadata,\n email\n ) {\n try {\n /* @type {CreatePaymentRequest} /\n const payload = {\n amount,\n description,\n reference,\n metadata,\n return_url: returnUrl,\n delayed_capture: true\n }\n\n // Prepopulate email on GOV.UK Pay if provided\n if (email) {\n payload.email = email\n }\n\n const response = await this.postToPayProvider(payload)\n\n logger.info(\n buildPaymentInfo(\n 'create-payment',\n 'success',\n `amount=${convertPenceToPounds(amount)}`,\n isLivePayment,\n response.payment_id\n ),\n `[payment] Created payment and user taken to enter pre-auth details for paymentId=${response.payment_id}`\n )\n\n return {\n paymentId: response.payment_id,\n paymentUrl: response._links.next_url.href\n }\n } catch (err) {\n const error =\n /* @type {{ output?: { payload?: any }, message?: any }} / (err)\n if (isLivePayment) {\n logger.error(\n error.output?.payload ?? error.message,\n `[payment] Failed to create payment session for reference ${reference}`\n )\n }\n }\n return undefined\n }\n\n /\n @param {string} paymentId\n * @param {boolean} isLivePayment\n * @returns {Promise<GetPaymentResponse>}\n /\n async getPaymentStatus(paymentId, isLivePayment) {\n const getByType = /* @type {typeof get<GetPaymentApiResponse>} / (get)\n\n try {\n const response = await getByType(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}/${paymentId}`,\n {\n headers: getAuthHeaders(this.#apiKey),\n json: true\n }\n )\n\n if (response.error) {\n const errorMessage =\n response.error instanceof Error\n ? response.error.message\n : JSON.stringify(response.error)\n throw new Error(`Failed to get payment status: ${errorMessage}`)\n }\n\n const state = response.payload.state\n logger.info(\n buildPaymentInfo(\n 'get-payment-status',\n state.status === 'capturable' \|\| state.status === 'success'\n ? 'success'\n : 'failure',\n `status:${state.status} code:${state.code ?? 'N/A'} message:${state.message ?? 'N/A'}`,\n isLivePayment,\n paymentId\n ),\n `[payment] Got payment status for paymentId=${paymentId}: status=${state.status}`\n )\n\n return {\n state,\n _links: response.payload._links,\n email: response.payload.email,\n paymentId: response.payload.payment_id,\n amount: response.payload.amount\n }\n } catch (err) {\n const error = /* @type {Error} / (err)\n logger.error(\n error,\n `[payment] Error getting payment status for paymentId=${paymentId}: ${error.message}`\n )\n throw err\n }\n }\n\n /\n Captures a payment that is in 'capturable' status\n * @param {string} paymentId\n * @param {number} amount\n * @returns {Promise<boolean>}\n /\n async capturePayment(paymentId, amount) {\n try {\n const response = await post(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}/${paymentId}/capture`,\n {\n headers: getAuthHeaders(this.#apiKey)\n }\n )\n\n const statusCode = response.res.statusCode\n\n if (\n statusCode === StatusCodes.OK \|\|\n statusCode === StatusCodes.NO_CONTENT\n ) {\n logger.info(\n {\n event: {\n category: 'payment',\n action: 'capture-payment',\n outcome: 'success',\n reason: `amount=${convertPenceToPounds(amount)}`,\n reference: paymentId\n }\n },\n `[payment] Successfully captured payment for paymentId=${paymentId}`\n )\n return true\n }\n\n logger.error(\n `[payment] Capture failed for paymentId=${paymentId}: HTTP ${statusCode}`\n )\n return false\n } catch (err) {\n const error = /* @type {Error} / (err)\n logger.error(\n error,\n `[payment] Error capturing payment for paymentId=${paymentId}: ${error.message}`\n )\n throw err\n }\n }\n\n /\n @param {CreatePaymentRequest} payload\n /\n async postToPayProvider(payload) {\n const postJsonByType =\n /* @type {typeof postJson<CreatePaymentResponse>} / (postJson)\n\n try {\n const response = await postJsonByType(\n `${PAYMENT_BASE_URL}${PAYMENT_ENDPOINT}`,\n {\n payload,\n headers: getAuthHeaders(this.#apiKey)\n }\n )\n\n if (response.payload?.state.status !== 'created') {\n throw new Error(\n `Failed to create payment for reference=${payload.reference}`\n )\n }\n\n return response.payload\n } catch (err) {\n const error = /* @type {Error} / (err)\n if (!error.message.includes('401 Unauthorized')) {\n logger.error(\n error,\n `[payment] Error creating payment for reference=${payload.reference}: ${error.message}`\n )\n }\n throw err\n }\n }\n}\n\n/\n @import { CreatePaymentRequest, CreatePaymentResponse, GetPaymentApiResponse, GetPaymentResponse } from '~/src/server/plugins/payment/types.js'\n */\n"],"mappings":"AAAA,SAASA,WAAW,QAAQ,mBAAmB;AAE/C,SAASC,YAAY;AACrB,SACEC,gBAAgB,EAChBC,oBAAoB;AAEtB,SAASC,GAAG,EAAEC,IAAI,EAAEC,QAAQ;AAE5B,MAAMC,gBAAgB,GAAG,2CAA2C;AACpE,MAAMC,gBAAgB,GAAG,cAAc;AAEvC,MAAMC,MAAM,GAAGR,YAAY,CAAC,CAAC;;AAE7B;AACA;AACA;AACA;AACA,SAASS,cAAcA,CAACC,MAAM,EAAE;EAC9B,OAAO;IACLC,aAAa,EAAE,UAAUD,MAAM;EACjC,CAAC;AACH;AAEA,OAAO,MAAME,cAAc,CAAC;EAC1B;EACA,CAACF,MAAM;;EAEP;AACF;AACA;EACEG,WAAWA,CAACH,MAAM,EAAE;IAClB,IAAI,CAAC,CAACA,MAAM,GAAGA,MAAM;EACvB;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMI,aAAaA,CACjBC,MAAM,EACNC,WAAW,EACXC,SAAS,EACTC,SAAS,EACTC,aAAa,EACbC,QAAQ,EACRC,KAAK,EACL;IACA,IAAI;MACF;MACA,MAAMC,OAAO,GAAG;QACdP,MAAM;QACNC,WAAW;QACXE,SAAS;QACTE,QAAQ;QACRG,UAAU,EAAEN,SAAS;QACrBO,eAAe,EAAE;MACnB,CAAC;;MAED;MACA,IAAIH,KAAK,EAAE;QACTC,OAAO,CAACD,KAAK,GAAGA,KAAK;MACvB;MAEA,MAAMI,QAAQ,GAAG,MAAM,IAAI,CAACC,iBAAiB,CAACJ,OAAO,CAAC;MAEtDd,MAAM,CAACmB,IAAI,CACT1B,gBAAgB,CACd,gBAAgB,EAChB,SAAS,EACT,UAAUC,oBAAoB,CAACa,MAAM,CAAC,EAAE,EACxCI,aAAa,EACbM,QAAQ,CAACG,UACX,CAAC,EACD,oFAAoFH,QAAQ,CAACG,UAAU,EACzG,CAAC;MAED,OAAO;QACLC,SAAS,EAAEJ,QAAQ,CAACG,UAAU;QAC9BE,UAAU,EAAEL,QAAQ,CAACM,MAAM,CAACC,QAAQ,CAACC;MACvC,CAAC;IACH,CAAC,CAAC,OAAOC,GAAG,EAAE;MACZ,MAAMC,KAAK,GACT,4DAA8DD,GAAI;MACpE,IAAIf,aAAa,EAAE;QACjBX,MAAM,CAAC2B,KAAK,CACVA,KAAK,CAACC,MAAM,EAAEd,OAAO,IAAIa,KAAK,CAACE,OAAO,EACtC,4DAA4DnB,SAAS,EACvE,CAAC;MACH;IACF;IACA,OAAOoB,SAAS;EAClB;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CAACV,SAAS,EAAEV,aAAa,EAAE;IAC/C,MAAMqB,SAAS,GAAG,gDAAkDrC,GAAI;IAExE,IAAI;MACF,MAAMsB,QAAQ,GAAG,MAAMe,SAAS,CAC9B,GAAGlC,gBAAgB,GAAGC,gBAAgB,IAAIsB,SAAS,EAAE,EACrD;QACEY,OAAO,EAAEhC,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM,CAAC;QACrCgC,IAAI,EAAE;MACR,CACF,CAAC;MAED,IAAIjB,QAAQ,CAACU,KAAK,EAAE;QAClB,MAAMQ,YAAY,GAChBlB,QAAQ,CAACU,KAAK,YAAYS,KAAK,GAC3BnB,QAAQ,CAACU,KAAK,CAACE,OAAO,GACtBQ,IAAI,CAACC,SAAS,CAACrB,QAAQ,CAACU,KAAK,CAAC;QACpC,MAAM,IAAIS,KAAK,CAAC,iCAAiCD,YAAY,EAAE,CAAC;MAClE;MAEA,MAAMI,KAAK,GAAGtB,QAAQ,CAACH,OAAO,CAACyB,KAAK;MACpCvC,MAAM,CAACmB,IAAI,CACT1B,gBAAgB,CACd,oBAAoB,EACpB8C,KAAK,CAACC,MAAM,KAAK,YAAY,IAAID,KAAK,CAACC,MAAM,KAAK,SAAS,GACvD,SAAS,GACT,SAAS,EACb,UAAUD,KAAK,CAACC,MAAM,SAASD,KAAK,CAACE,IAAI,IAAI,KAAK,YAAYF,KAAK,CAACV,OAAO,IAAI,KAAK,EAAE,EACtFlB,aAAa,EACbU,SACF,CAAC,EACD,8CAA8CA,SAAS,YAAYkB,KAAK,CAACC,MAAM,EACjF,CAAC;MAED,OAAO;QACLD,KAAK;QACLhB,MAAM,EAAEN,QAAQ,CAACH,OAAO,CAACS,MAAM;QAC/BV,KAAK,EAAEI,QAAQ,CAACH,OAAO,CAACD,KAAK;QAC7BQ,SAAS,EAAEJ,QAAQ,CAACH,OAAO,CAACM,UAAU;QACtCb,MAAM,EAAEU,QAAQ,CAACH,OAAO,CAACP;MAC3B,CAAC;IACH,CAAC,CAAC,OAAOmB,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxC1B,MAAM,CAAC2B,KAAK,CACVA,KAAK,EACL,wDAAwDN,SAAS,KAAKM,KAAK,CAACE,OAAO,EACrF,CAAC;MACD,MAAMH,GAAG;IACX;EACF;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMgB,cAAcA,CAACrB,SAAS,EAAEd,MAAM,EAAE;IACtC,IAAI;MACF,MAAMU,QAAQ,GAAG,MAAMrB,IAAI,CACzB,GAAGE,gBAAgB,GAAGC,gBAAgB,IAAIsB,SAAS,UAAU,EAC7D;QACEY,OAAO,EAAEhC,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM;MACtC,CACF,CAAC;MAED,MAAMyC,UAAU,GAAG1B,QAAQ,CAAC2B,GAAG,CAACD,UAAU;MAE1C,IACEA,UAAU,KAAKpD,WAAW,CAACsD,EAAE,IAC7BF,UAAU,KAAKpD,WAAW,CAACuD,UAAU,EACrC;QACA9C,MAAM,CAACmB,IAAI,CACT;UACE4B,KAAK,EAAE;YACLC,QAAQ,EAAE,SAAS;YACnBC,MAAM,EAAE,iBAAiB;YACzBC,OAAO,EAAE,SAAS;YAClBC,MAAM,EAAE,UAAUzD,oBAAoB,CAACa,MAAM,CAAC,EAAE;YAChDG,SAAS,EAAEW;UACb;QACF,CAAC,EACD,yDAAyDA,SAAS,EACpE,CAAC;QACD,OAAO,IAAI;MACb;MAEArB,MAAM,CAAC2B,KAAK,CACV,0CAA0CN,SAAS,UAAUsB,UAAU,EACzE,CAAC;MACD,OAAO,KAAK;IACd,CAAC,CAAC,OAAOjB,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxC1B,MAAM,CAAC2B,KAAK,CACVA,KAAK,EACL,mDAAmDN,SAAS,KAAKM,KAAK,CAACE,OAAO,EAChF,CAAC;MACD,MAAMH,GAAG;IACX;EACF;;EAEA;AACF;AACA;EACE,MAAMR,iBAAiBA,CAACJ,OAAO,EAAE;IAC/B,MAAMsC,cAAc,GAClB,qDAAuDvD,QAAS;IAElE,IAAI;MACF,MAAMoB,QAAQ,GAAG,MAAMmC,cAAc,CACnC,GAAGtD,gBAAgB,GAAGC,gBAAgB,EAAE,EACxC;QACEe,OAAO;QACPmB,OAAO,EAAEhC,cAAc,CAAC,IAAI,CAAC,CAACC,MAAM;MACtC,CACF,CAAC;MAED,IAAIe,QAAQ,CAACH,OAAO,EAAEyB,KAAK,CAACC,MAAM,KAAK,SAAS,EAAE;QAChD,MAAM,IAAIJ,KAAK,CACb,0CAA0CtB,OAAO,CAACJ,SAAS,EAC7D,CAAC;MACH;MAEA,OAAOO,QAAQ,CAACH,OAAO;IACzB,CAAC,CAAC,OAAOY,GAAG,EAAE;MACZ,MAAMC,KAAK,GAAG,oBAAsBD,GAAI;MACxC,IAAI,CAACC,KAAK,CAACE,OAAO,CAACwB,QAAQ,CAAC,kBAAkB,CAAC,EAAE;QAC/CrD,MAAM,CAAC2B,KAAK,CACVA,KAAK,EACL,kDAAkDb,OAAO,CAACJ,SAAS,KAAKiB,KAAK,CAACE,OAAO,EACvF,CAAC;MACH;MACA,MAAMH,GAAG;IACX;EACF;AACF;;AAEA;AACA;AACA","ignoreList":[]}

package/.server/server/plugins/payment/types.d.ts CHANGED Viewed

@@ -54,6 +54,10 @@ export type CreatePaymentRequest = {
         formId: string;
         slug: string;
     } | undefined;
+    /**
+     * - Email to prepopulate on GOV.UK Pay (max 254 chars)
+     */
+    email?: string | undefined;
 };
 export type CreatePaymentResponse = {
     /**

package/.server/server/plugins/payment/types.js CHANGED Viewed

@@ -20,6 +20,7 @@
  * @property {string} return_url - URL to redirect the user to after payment
  * @property {boolean} [delayed_capture] - Whether to delay capturing the payment
  * @property {{ formId: string, slug: string }} [metadata] - Additional metadata for the payment
+ * @property {string} [email] - Email to prepopulate on GOV.UK Pay (max 254 chars)
  */
 /**

package/.server/server/plugins/payment/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.js","names":[],"sources":["../../../../src/server/plugins/payment/types.js"],"sourcesContent":["/*\n @typedef {object} PaymentResponseState\n * @property {'created' \| 'started' \| 'submitted' \| 'capturable' \| 'success' \| 'failed' \| 'cancelled' \| 'error'} status - Current status of the payment\n * @property {boolean} finished - Whether the payment process has completed\n * @property {string} [message] - Human-readable message about the payment state\n * @property {string} [code] - Error or status code for the payment state\n /\n\n/\n @typedef {object} PaymentLink\n * @property {string} href - URL of the linked resource\n * @property {string} method - HTTP method to use for the link\n /\n\n/\n @typedef {object} CreatePaymentRequest\n * @property {number} amount - Payment amount in pence\n * @property {string} reference - Unique reference for the payment\n * @property {string} description - Human-readable description of the payment\n * @property {string} return_url - URL to redirect the user to after payment\n * @property {boolean} [delayed_capture] - Whether to delay capturing the payment\n * @property {{ formId: string, slug: string }} [metadata] - Additional metadata for the payment\n /\n\n/\n @typedef {object} CreatePaymentResponse\n * @property {string} payment_id - Unique identifier for the created payment\n * @property {PaymentResponseState} state - Current state of the payment\n * @property {{ next_url: PaymentLink }} _links - HATEOAS links for the payment\n /\n\n/\n Base response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint\n * @typedef {object} GetPaymentResponseBase\n * @property {PaymentResponseState} state - Current state of the payment\n * @property {{ self: PaymentLink, next_url?: PaymentLink }} _links - HATEOAS links for the payment\n * @property {string} [email] - The paying user's email address\n /\n\n/\n Response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint - not underscore in property name\n * @typedef {object} GetPaymentApiResponsePaymentProp\n * @property {string} payment_id - Unique identifier for the payment\n * @property {number} amount - amount of the payment\n /\n\n/\n Response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint\n * @typedef {GetPaymentResponseBase & GetPaymentApiResponsePaymentProp} GetPaymentApiResponse\n /\n\n/\n Response returned from getPaymentStatus - subtley different from GetPaymentApiResponse\n * @typedef {object} GetPaymentResponsePaymentProp\n * @property {string} paymentId - Unique identifier for the payment - note no underscore in property name\n * @property {number} amount - amount of the payment\n /\n\n/\n Response returned from getPaymentStatus - subtley different from GetPaymentApiResponse\n * @typedef {GetPaymentResponseBase & GetPaymentResponsePaymentProp} GetPaymentResponse\n /\n\n/\n Payment session data stored when dispatching to GOV.UK Pay\n * @typedef {object} PaymentSessionData\n * @property {string} uuid - unique identifier for this payment attempt\n * @property {string} formId - id of the form\n * @property {string} reference - form reference number\n * @property {number} amount - amount in pounds\n * @property {string} description - payment description\n * @property {string} paymentId - GOV.UK Pay payment ID\n * @property {string} componentName - name of the PaymentField component\n * @property {string} returnUrl - URL to redirect to after successful payment\n * @property {string} failureUrl - URL to redirect to after failed/cancelled payment\n * @property {boolean} isLivePayment - whether the payment is using live API key\n */\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","ignoreList":[]}
1	+ {"version":3,"file":"types.js","names":[],"sources":["../../../../src/server/plugins/payment/types.js"],"sourcesContent":["/*\n @typedef {object} PaymentResponseState\n * @property {'created' \| 'started' \| 'submitted' \| 'capturable' \| 'success' \| 'failed' \| 'cancelled' \| 'error'} status - Current status of the payment\n * @property {boolean} finished - Whether the payment process has completed\n * @property {string} [message] - Human-readable message about the payment state\n * @property {string} [code] - Error or status code for the payment state\n /\n\n/\n @typedef {object} PaymentLink\n * @property {string} href - URL of the linked resource\n * @property {string} method - HTTP method to use for the link\n /\n\n/\n @typedef {object} CreatePaymentRequest\n * @property {number} amount - Payment amount in pence\n * @property {string} reference - Unique reference for the payment\n * @property {string} description - Human-readable description of the payment\n * @property {string} return_url - URL to redirect the user to after payment\n * @property {boolean} [delayed_capture] - Whether to delay capturing the payment\n * @property {{ formId: string, slug: string }} [metadata] - Additional metadata for the payment\n * @property {string} [email] - Email to prepopulate on GOV.UK Pay (max 254 chars)\n /\n\n/\n @typedef {object} CreatePaymentResponse\n * @property {string} payment_id - Unique identifier for the created payment\n * @property {PaymentResponseState} state - Current state of the payment\n * @property {{ next_url: PaymentLink }} _links - HATEOAS links for the payment\n /\n\n/\n Base response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint\n * @typedef {object} GetPaymentResponseBase\n * @property {PaymentResponseState} state - Current state of the payment\n * @property {{ self: PaymentLink, next_url?: PaymentLink }} _links - HATEOAS links for the payment\n * @property {string} [email] - The paying user's email address\n /\n\n/\n Response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint - not underscore in property name\n * @typedef {object} GetPaymentApiResponsePaymentProp\n * @property {string} payment_id - Unique identifier for the payment\n * @property {number} amount - amount of the payment\n /\n\n/\n Response from GOV.UK Pay GET /v1/payments/{PAYMENT_ID} endpoint\n * @typedef {GetPaymentResponseBase & GetPaymentApiResponsePaymentProp} GetPaymentApiResponse\n /\n\n/\n Response returned from getPaymentStatus - subtley different from GetPaymentApiResponse\n * @typedef {object} GetPaymentResponsePaymentProp\n * @property {string} paymentId - Unique identifier for the payment - note no underscore in property name\n * @property {number} amount - amount of the payment\n /\n\n/\n Response returned from getPaymentStatus - subtley different from GetPaymentApiResponse\n * @typedef {GetPaymentResponseBase & GetPaymentResponsePaymentProp} GetPaymentResponse\n /\n\n/\n Payment session data stored when dispatching to GOV.UK Pay\n * @typedef {object} PaymentSessionData\n * @property {string} uuid - unique identifier for this payment attempt\n * @property {string} formId - id of the form\n * @property {string} reference - form reference number\n * @property {number} amount - amount in pounds\n * @property {string} description - payment description\n * @property {string} paymentId - GOV.UK Pay payment ID\n * @property {string} componentName - name of the PaymentField component\n * @property {string} returnUrl - URL to redirect to after successful payment\n * @property {string} failureUrl - URL to redirect to after failed/cancelled payment\n * @property {boolean} isLivePayment - whether the payment is using live API key\n */\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","ignoreList":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@defra/forms-engine-plugin",
-  "version": "4.8.0",
+  "version": "4.9.0",
   "description": "Defra forms engine",
   "type": "module",
   "files": [
@@ -86,7 +86,7 @@
   },
   "license": "SEE LICENSE IN LICENSE",
   "dependencies": {
-    "@defra/forms-model": "^3.0.647",
+    "@defra/forms-model": "^3.0.648",
     "@defra/hapi-tracing": "^1.29.0",
     "@defra/interactive-map": "^0.0.17-alpha",
     "@elastic/ecs-pino-format": "^1.5.0",

package/src/server/forms/payment-v2-test.yaml ADDED Viewed

@@ -0,0 +1,341 @@
+---
+# Based on "Apply for a lock and weir fishing permit" production form.
+# Extended with duration and site access to demonstrate complex compound conditions.
+# Pricing matrix: duration x permit type x site access
+schema: 2
+name: Apply for a lock and weir fishing permit (v2 payment test)
+engine: V2
+declaration: I apply for permission to fish at the sites listed on this application for the duration of the permit, subject to the normal closed seasons.
+startPage: '/fishing-sites'
+options:
+  showReferenceNumber: true
+pages:
+  - title: Fishing sites
+    path: '/fishing-sites'
+    components:
+      - id: '1fb84634-86f2-477b-affa-c7ace61aec26'
+        type: Markdown
+        content: "The fishing sites include:\n\n* Buscot\n* Grafton\n* Rushey\n* Sandford\n* Abingdon\n* Benson\n* Goring\n* Hurley\n* Bell Weir\n* Molesey"
+        options: {}
+        schema: {}
+        name: fishingSites
+    next: []
+  - title: Contact details
+    path: '/contact-details'
+    components:
+      - id: '3598ed25-1b9a-4ce6-8432-5676063b96ec'
+        type: TextField
+        title: What is your full name?
+        name: fullName
+        shortDescription: Full name
+        options:
+          required: true
+        schema: {}
+      - id: '9c4f0158-8f87-4cbd-a3a1-960166f015e4'
+        type: TelephoneNumberField
+        title: What is your phone number?
+        name: phoneNumber
+        shortDescription: Phone number
+        options:
+          required: true
+        schema: {}
+      - id: '9b83dc1e-e385-4cd3-b642-dcc247f3fc89'
+        type: EmailAddressField
+        title: What is your email address?
+        name: emailAddress
+        shortDescription: Email address
+        options:
+          required: true
+    next: []
+  - title: ''
+    path: '/rod-licence-number'
+    components:
+      - id: '22405838-becd-48ab-b984-c3c886822412'
+        type: TextField
+        title: What is your rod licence number (current or previous)?
+        name: rodLicenceNumber
+        shortDescription: Rod licence number
+        hint: The permit must be used in conjunction with a valid rod licence.
+        options:
+          required: true
+        schema: {}
+    next: []
+  - title: ''
+    path: '/permit-duration'
+    components:
+      - id: 'a1a1a1a1-1111-4aaa-aaaa-000000000001'
+        type: RadiosField
+        title: What duration of permit do you need?
+        name: permitDuration
+        shortDescription: Permit duration
+        options:
+          required: true
+        list: 'b1b1b1b1-1111-4bbb-bbbb-000000000001'
+    next: []
+  - title: ''
+    path: '/what-kind-of-permit-do-you-require'
+    components:
+      - id: 'f7663ac4-61e7-4b64-a157-70f002818493'
+        type: RadiosField
+        title: What kind of permit do you require?
+        name: permitType
+        shortDescription: Permit type
+        options:
+          required: true
+        list: 'aac4ee00-fb82-4a37-88ad-b9e10ded92e9'
+    next: []
+  - title: ''
+    path: '/site-access'
+    condition: 'c1c1c1c1-6666-4ccc-cccc-000000000005'
+    components:
+      - id: 'a1a1a1a1-1111-4aaa-aaaa-000000000003'
+        type: RadiosField
+        title: Which site access do you need?
+        name: siteAccess
+        shortDescription: Site access
+        hint: Single site permits are valid for one named site only.
+        options:
+          required: true
+        list: 'b1b1b1b1-1111-4bbb-bbbb-000000000002'
+    next: []
+  - title: ''
+    path: '/payment-required'
+    components:
+      - id: '6522e3f7-f414-42e5-9dbf-84e5868fbbd3'
+        type: PaymentField
+        title: Payment required
+        name: fishingPermitPayment
+        options:
+          required: true
+          amount: 0
+          description: Lock and weir fishing permit
+          emailField: emailAddress
+          conditionalAmounts:
+            # === 3-way: 12-month + type + site (most specific first) ===
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000001'
+              amount: 38
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000002'
+              amount: 25
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000003'
+              amount: 24
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000004'
+              amount: 16
+            # === 2-way: 8-day + type (site doesn't matter) ===
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000005'
+              amount: 12
+            - condition: 'd1d1d1d1-8888-4ddd-dddd-000000000006'
+              amount: 8
+            # === Simple: 1-day flat rate ===
+            - condition: 'c1c1c1c1-6666-4ccc-cccc-000000000003'
+              amount: 5
+            # === Simple: Junior free ===
+            - condition: 'c1c1c1c1-6666-4ccc-cccc-000000000004'
+              amount: 0
+    next: []
+  - title: ''
+    path: '/summary'
+    controller: SummaryPageController
+conditions:
+  # =================================================================
+  # Simple atomic conditions
+  # =================================================================
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000001'
+    displayName: Is 12-month permit
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000001'
+        componentId: 'a1a1a1a1-1111-4aaa-aaaa-000000000001'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-1111-4fff-ffff-000000000001'
+          listId: 'b1b1b1b1-1111-4bbb-bbbb-000000000001'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000002'
+    displayName: Is 8-day permit
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000002'
+        componentId: 'a1a1a1a1-1111-4aaa-aaaa-000000000001'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-1111-4fff-ffff-000000000002'
+          listId: 'b1b1b1b1-1111-4bbb-bbbb-000000000001'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000003'
+    displayName: Is 1-day permit
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000003'
+        componentId: 'a1a1a1a1-1111-4aaa-aaaa-000000000001'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-1111-4fff-ffff-000000000003'
+          listId: 'b1b1b1b1-1111-4bbb-bbbb-000000000001'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000004'
+    displayName: Is Junior permit type
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000004'
+        componentId: 'f7663ac4-61e7-4b64-a157-70f002818493'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-2222-4fff-ffff-000000000003'
+          listId: 'aac4ee00-fb82-4a37-88ad-b9e10ded92e9'
+  - id: 'dcaa3b3d-5cbc-4be9-b5ce-b2be5c72ccd1'
+    displayName: Is Adult permit type
+    items:
+      - id: '13b5e86b-2eb5-4a6c-8ab6-9fdc35907f18'
+        componentId: 'f7663ac4-61e7-4b64-a157-70f002818493'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'b6034236-63cf-44af-bb6c-d5d4d3825973'
+          listId: 'aac4ee00-fb82-4a37-88ad-b9e10ded92e9'
+  - id: 'c5177318-61ec-44ec-b5c2-18c1be1f1e42'
+    displayName: Is Concession permit type
+    items:
+      - id: 'fb75f1be-d471-4020-ac13-f7a2246078bb'
+        componentId: 'f7663ac4-61e7-4b64-a157-70f002818493'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: '86baf02e-0db7-4fad-8fce-fa9a30c1b7f0'
+          listId: 'aac4ee00-fb82-4a37-88ad-b9e10ded92e9'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000007'
+    displayName: Is all sites access
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000007'
+        componentId: 'a1a1a1a1-1111-4aaa-aaaa-000000000003'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-3333-4fff-ffff-000000000001'
+          listId: 'b1b1b1b1-1111-4bbb-bbbb-000000000002'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000008'
+    displayName: Is single site access
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000008'
+        componentId: 'a1a1a1a1-1111-4aaa-aaaa-000000000003'
+        operator: is
+        type: ListItemRef
+        value:
+          itemId: 'f1f1f1f1-3333-4fff-ffff-000000000002'
+          listId: 'b1b1b1b1-1111-4bbb-bbbb-000000000002'
+  # =================================================================
+  # Page visibility: site access only shown for 12-month permits
+  # =================================================================
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000005'
+    displayName: Is 12-month (show site access page)
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000005'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000001'
+  # =================================================================
+  # 2-way compound AND: duration + type
+  # =================================================================
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000010'
+    displayName: 12-month AND Adult
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000010'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000001'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000011'
+        conditionId: 'dcaa3b3d-5cbc-4be9-b5ce-b2be5c72ccd1'
+  - id: 'c1c1c1c1-6666-4ccc-cccc-000000000011'
+    displayName: 12-month AND Concession
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000012'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000001'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000013'
+        conditionId: 'c5177318-61ec-44ec-b5c2-18c1be1f1e42'
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000005'
+    displayName: 8-day AND Adult
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000014'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000002'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000015'
+        conditionId: 'dcaa3b3d-5cbc-4be9-b5ce-b2be5c72ccd1'
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000006'
+    displayName: 8-day AND Concession
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000016'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000002'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000017'
+        conditionId: 'c5177318-61ec-44ec-b5c2-18c1be1f1e42'
+  # =================================================================
+  # 3-way compound AND: duration + type + site (chains 2-way refs)
+  # Same pattern as "Bats chargeable use" in protected species form
+  # =================================================================
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000001'
+    displayName: 12-month AND Adult AND All sites
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000020'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000010'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000021'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000007'
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000002'
+    displayName: 12-month AND Adult AND Single site
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000022'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000010'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000023'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000008'
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000003'
+    displayName: 12-month AND Concession AND All sites
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000024'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000011'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000025'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000007'
+  - id: 'd1d1d1d1-8888-4ddd-dddd-000000000004'
+    displayName: 12-month AND Concession AND Single site
+    coordinator: and
+    items:
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000026'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000011'
+      - id: 'e1e1e1e1-7777-4eee-eeee-000000000027'
+        conditionId: 'c1c1c1c1-6666-4ccc-cccc-000000000008'
+sections: []
+lists:
+  - id: 'b1b1b1b1-1111-4bbb-bbbb-000000000001'
+    title: Permit durations
+    name: permitDurations
+    type: string
+    items:
+      - id: 'f1f1f1f1-1111-4fff-ffff-000000000001'
+        text: 12-month permit
+        value: 12-month
+      - id: 'f1f1f1f1-1111-4fff-ffff-000000000002'
+        text: 8-day permit
+        value: 8-day
+      - id: 'f1f1f1f1-1111-4fff-ffff-000000000003'
+        text: 1-day permit
+        value: 1-day
+  - id: 'aac4ee00-fb82-4a37-88ad-b9e10ded92e9'
+    title: Permit types
+    name: permitTypes
+    type: string
+    items:
+      - id: 'b6034236-63cf-44af-bb6c-d5d4d3825973'
+        text: Adult
+        value: Adult
+      - id: '86baf02e-0db7-4fad-8fce-fa9a30c1b7f0'
+        text: Concession (65+ or disabled)
+        value: Concession
+      - id: 'f1f1f1f1-2222-4fff-ffff-000000000003'
+        text: Junior (13-16 years)
+        value: Junior
+  - id: 'b1b1b1b1-1111-4bbb-bbbb-000000000002'
+    title: Site access
+    name: siteAccess
+    type: string
+    items:
+      - id: 'f1f1f1f1-3333-4fff-ffff-000000000001'
+        text: All sites
+        value: all-sites
+      - id: 'f1f1f1f1-3333-4fff-ffff-000000000002'
+        text: Single site
+        value: single-site

package/src/server/plugins/engine/components/PaymentField.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import {
 import { StatusCodes } from 'http-status-codes'
 import joi, { type ObjectSchema } from 'joi'
+import { createLogger } from '../../../common/helpers/logging/logger.js'
 import { COMPONENT_STATE_ERROR } from '../../../constants.js'
 import { FormComponent } from './FormComponent.js'
 import { type PaymentState } from './PaymentField.types.js'
@@ -14,6 +15,7 @@ import {
   createError,
   getPluginOptions
 } from '../helpers.js'
+import { type FormModel } from '../models/index.js'
 import {
   PaymentErrorTypes,
   PaymentPreAuthError,
@@ -38,6 +40,8 @@ import {
   formatCurrency
 } from '../../payment/helper.js'
+const logger = createLogger()
 export class PaymentField extends FormComponent {
   declare options: PaymentFieldComponent['options']
   declare formSchema: ObjectSchema
@@ -109,7 +113,9 @@ export class PaymentField extends FormComponent {
       ? (payload[this.name] as unknown as PaymentState)
       : undefined
-    // When user initially visits the payment page, there is no payment state yet so the amount is read form the form definition.
+    // Use payment state amount if pre-authorized, otherwise use default.
+    // The page controller overrides this with the resolved conditional amount
+    // using the full form state (which getViewModel doesn't have access to).
     const amount = paymentState?.amount ?? this.options.amount
     return {
@@ -184,6 +190,37 @@ export class PaymentField extends FormComponent {
     }
   }
+  /**
+   * Resolves the payment amount from conditional amounts configuration.
+   * Evaluates conditions in order; first true condition wins.
+   * Falls back to the default options.amount.
+   */
+  static resolveAmount(
+    options: PaymentFieldComponent['options'],
+    model: FormModel,
+    state: FormState
+  ): number {
+    const { conditionalAmounts } = options
+    if (!conditionalAmounts?.length) {
+      return options.amount
+    }
+    for (const { condition, amount } of conditionalAmounts) {
+      if (!model.conditions[condition]) {
+        logger.warn(
+          `[payment] Condition '${condition}' not found in form conditions. Skipping.`
+        )
+        continue
+      }
+      if (model.conditions[condition].fn(state)) {
+        return amount
+      }
+    }
+    return options.amount
+  }
   /**
    * Dispatcher for external redirect to GOV.UK Pay
    */
@@ -219,7 +256,12 @@ export class PaymentField extends FormComponent {
     const uuid = randomUUID()
     const reference = state.$$__referenceNumber as string
-    const amount = options.amount
+    const resolvedAmount = PaymentField.resolveAmount(options, model, state)
+    // Zero-amount safety net (page skip should prevent this, but defensive)
+    if (resolvedAmount === 0) {
+      return h.redirect(summaryUrl).code(StatusCodes.SEE_OTHER)
+    }
     const description = options.description
@@ -228,14 +270,26 @@ export class PaymentField extends FormComponent {
     const payCallbackUrl = `${baseUrl}/payment-callback?uuid=${uuid}`
     const paymentPageUrl = args.sourceUrl
-    const amountInPence = Math.round(amount * 100)
+    // Prepopulate GOV.UK Pay email if emailField is configured.
+    // The referenced EmailAddressField validates with joi.string().email()
+    // at input time, so the value in state is already validated.
+    let prefilledEmail: string | undefined
+    if (options.emailField) {
+      const emailValue = state[options.emailField]
+      if (typeof emailValue === 'string' && emailValue) {
+        prefilledEmail = emailValue
+      }
+    }
+    const amountInPence = Math.round(resolvedAmount * 100)
     const payment = await paymentService.createPayment(
       amountInPence,
       description,
       payCallbackUrl,
       reference,
       isLivePayment,
-      { formId, slug }
+      { formId, slug },
+      prefilledEmail
     )
     if (!payment) {
@@ -253,7 +307,7 @@ export class PaymentField extends FormComponent {
       uuid,
       formId,
       reference,
-      amount,
+      amount: resolvedAmount,
       description,
       paymentId: payment.paymentId,
       componentName,
@@ -276,6 +330,16 @@ export class PaymentField extends FormComponent {
     _metadata: FormMetadata,
     context: FormContext
   ): Promise<void> {
+    // Zero-amount bypass — no capture needed
+    const resolvedAmount = PaymentField.resolveAmount(
+      this.options,
+      this.model,
+      context.state
+    )
+    if (resolvedAmount === 0) {
+      return
+    }
     const paymentState = this.getPaymentStateFromState(context.state)
     if (!paymentState) {
@@ -309,7 +373,7 @@ export class PaymentField extends FormComponent {
     PaymentSubmissionError.checkPaymentAmount(
       status.amount,
-      this.options.amount,
+      resolvedAmount,
       this
     )

package/src/server/plugins/engine/models/SummaryViewModel.ts CHANGED Viewed

@@ -56,6 +56,8 @@ export class SummaryViewModel {
   allowSaveAndExit = false
   paymentState?: PaymentState
   paymentDetails?: CheckAnswers
+  paymentRequired?: boolean
+  paymentPreAuthorized?: boolean
   constructor(
     request: FormContextRequest,