@paypal/checkout-components 5.0.344 → 5.0.345-alpha-714509c.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@paypal/checkout-components",
-  "version": "5.0.344",
+  "version": "5.0.345-alpha-714509c.0",
   "description": "PayPal Checkout components, for integrating checkout products.",
   "main": "index.js",
   "scripts": {

package/src/lib/security.js

@@ -2,7 +2,8 @@
 
 import { isSameDomain } from "@krakenjs/cross-domain-utils/src";
 import { supportsPopups } from "@krakenjs/belter/src";
-import { isPayPalDomain } from "@paypal/sdk-client/src";
+import { getEnv, isPayPalDomain } from "@paypal/sdk-client/src";
+import { ENV } from "@paypal/sdk-constants/src";
 
 export function allowIframe(): boolean {
   if (!isPayPalDomain()) {
@@ -28,3 +29,13 @@ export function allowIframe(): boolean {
 export const protectedExport = (unprotectedExport) =>
   isPayPalDomain() ? unprotectedExport : undefined;
 /* eslint-enable no-confusing-arrow */
+
+// $FlowIssue
+export const localOrStageExport = (unprotectedExport) => {
+  const env = getEnv();
+  if (env === ENV.LOCAL || env === ENV.STAGE) {
+    return unprotectedExport;
+  } else {
+    return undefined;
+  }
+};

package/src/three-domain-secure/component.jsx

@@ -1,17 +1,81 @@
 /* @flow */
+/* eslint-disable eslint-comments/disable-enable-pair */
+/* eslint-disable no-restricted-globals, promise/no-native */
 import { type LoggerType } from "@krakenjs/beaver-logger/src";
-import { ZalgoPromise } from "@krakenjs/zalgo-promise/src";
 import { create, type ZoidComponent } from "@krakenjs/zoid/src";
 import { FPTI_KEY } from "@paypal/sdk-constants/src";
 
 import { ValidationError } from "../lib";
 
+type MerchantPayloadData = {|
+  amount: string,
+  currency: string,
+  nonce: string,
+  threeDSRequested?: boolean, // do we want to keep this name or align it with other 3DS documentation
+  transactionContext?: Object,
+  // experience context
+|};
+
+// eslint-disable-next-line no-undef
+type Request = <TRequestData, TResponse>({|
+  method?: string,
+  url: string,
+  // eslint-disable-next-line no-undef
+  data: TRequestData,
+  accessToken: ?string,
+  // eslint-disable-next-line no-undef
+|}) => Promise<TResponse>;
+
+type requestData = {|
+  intent: "THREE_DS_VERIFICATION",
+  payment_source: {|
+    card: {|
+      single_use_token: string,
+      verification_method: string,
+    |},
+  |},
+  amount: {|
+    currency_code: string,
+    value: string,
+  |},
+  transaction_context?: {|
+    soft_descriptor?: string,
+  |},
+|};
+
+type responseBody = {|
+  payment_id: string,
+  status: string,
+  intent: string,
+  payment_source: {|
+    card: {|
+      last_digits: string,
+      type: string,
+      name: string,
+      expiry: string,
+    |},
+  |},
+  amount: {|
+    currency_code: string,
+    value: string,
+  |},
+  transaction_context: {|
+    soft_descriptor: string,
+  |},
+  links: $ReadOnlyArray<{|
+    href: string,
+    rel: string,
+    method: string,
+  |}>,
+|};
+
 type SdkConfig = {|
-  sdkToken: ?string,
+  authenticationToken: ?string,
+  paypalApiDomain: string,
 |};
 
 const parseSdkConfig = ({ sdkConfig, logger }): SdkConfig => {
-  if (!sdkConfig.sdkToken) {
+  if (!sdkConfig.authenticationToken) {
     throw new ValidationError(
       `script data attribute sdk-client-token is required but was not passed`
     );
@@ -23,29 +87,99 @@ const parseSdkConfig = ({ sdkConfig, logger }): SdkConfig => {
 
   return sdkConfig;
 };
+
+const parseMerchantPayload = ({
+  merchantPayload,
+}: {|
+  merchantPayload: MerchantPayloadData,
+|}): requestData => {
+  // what validation on merchant input should we do here?
+  // empty object
+  const { threeDSRequested, amount, currency, nonce, transactionContext } =
+    merchantPayload;
+
+  // amount - validate that it's a string
+  // currency - validate that it's a string
+  // what validations are done on the API end - what client side validation is the API expecting
+
+  return {
+    intent: "THREE_DS_VERIFICATION",
+    payment_source: {
+      card: {
+        single_use_token: nonce,
+        verification_method: threeDSRequested
+          ? "SCA_ALWAYS"
+          : "SCA_WHEN_REQUIRED",
+      },
+    },
+    amount: {
+      currency_code: currency,
+      value: amount,
+    },
+    ...transactionContext,
+  };
+};
+
 export interface ThreeDomainSecureComponentInterface {
-  isEligible(): ZalgoPromise<boolean>;
+  isEligible(): Promise<boolean>;
   show(): ZoidComponent<void>;
 }
 export class ThreeDomainSecureComponent {
   logger: LoggerType;
+  request: Request;
   sdkConfig: SdkConfig;
+  authenticationURL: string;
 
   constructor({
     logger,
+    request,
     sdkConfig,
   }: {|
     logger: LoggerType,
+    request: Request,
     sdkConfig: SdkConfig,
   |}) {
     this.logger = logger;
+    this.request = request;
     this.sdkConfig = parseSdkConfig({ sdkConfig, logger });
   }
 
-  isEligible(): ZalgoPromise<boolean> {
-    return new ZalgoPromise((resolve) => {
-      resolve(false);
-    });
+  async isEligible(merchantPayload: MerchantPayloadData): Promise<boolean> {
+    const data = parseMerchantPayload({ merchantPayload });
+
+    try {
+      const { status, links } = await this.request<requestData, responseBody>({
+        method: "POST",
+        url: `${this.sdkConfig.paypalApiDomain}/v2/payments/payment`,
+        data,
+        accessToken: this.sdkConfig.authenticationToken,
+      });
+
+      let responseStatus = false;
+      if (status === "PAYER_ACTION_REQUIRED") {
+        this.authenticationURL = links[0].href;
+        // check for rel = payer action inside the object
+        responseStatus = true;
+      }
+      return responseStatus;
+    } catch (error) {
+      this.logger.warn(error);
+      return false;
+    }
+
+    // change name to isContingent??
+    // will return true or false
+    // if payer action required, return true. obtain link from response for show method - check length of links
+
+    // if payer action not required, return false
+
+    // will make API request to v2/payments/pamyment endpoint with merchant payload an grab sdktoken as
+    // bearer token
+
+    // will need to handle errors from API response
+    // What are the other options for status response and how do we handle them from a compliance standpoint
+    // What do we do if we get a 500 error from the API?
+    // do we throw an error or return false?
   }
 
   show() {

package/src/three-domain-secure/component.test.js

@@ -4,11 +4,13 @@ import { describe, expect, vi } from "vitest";
 import { ThreeDomainSecureComponent } from "./component";
 
 const defaultSdkConfig = {
-  sdkToken: "sdk-client-token",
+  authenticationToken: "sdk-client-token",
 };
 
 const createThreeDomainSecureComponent = ({
   sdkConfig = defaultSdkConfig,
+  // $FlowFixMe
+  request,
   logger = {
     info: vi.fn().mockReturnThis(),
     warn: vi.fn().mockReturnThis(),
@@ -18,7 +20,9 @@ const createThreeDomainSecureComponent = ({
   },
 } = {}) =>
   new ThreeDomainSecureComponent({
+    // $FlowFixMe
     sdkConfig,
+    request,
     // $FlowIssue
     logger,
   });
@@ -28,8 +32,17 @@ afterEach(() => {
 });
 
 describe("three domain secure component - isEligible method", () => {
-  test("should return false", async () => {
+  test.skip("should return false", async () => {
+    // successful response
+    // true for payer_action - false for Completed
+
+    // parameter validation
+    // testing for negative parameter such as null or invalid value
+    // error handling for API response
+
+    // mock the getpaypalapidomain so that it always returns the value that we expect
     const threeDomainSecuretClient = createThreeDomainSecureComponent();
+    // $FlowFixMe
     const eligibility = await threeDomainSecuretClient.isEligible();
     expect(eligibility).toEqual(false);
   });
@@ -49,7 +62,7 @@ describe("three domain secure component - initialization", () => {
       createThreeDomainSecureComponent({
         sdkConfig: {
           ...defaultSdkConfig,
-          sdkToken: "",
+          authenticationToken: "",
         },
       })
     ).toThrowError(

package/src/three-domain-secure/interface.js

@@ -1,8 +1,12 @@
 /* @flow */
-import { getLogger, getSDKToken } from "@paypal/sdk-client/src";
+import {
+  getLogger,
+  getPayPalAPIDomain,
+  getUserIDToken,
+} from "@paypal/sdk-client/src";
 
+import { callRestAPI, localOrStageExport } from "../lib";
 import type { LazyExport } from "../types";
-import { protectedExport } from "../lib";
 
 import {
   ThreeDomainSecureComponent,
@@ -14,12 +18,15 @@ export const ThreeDomainSecureClient: LazyExport<ThreeDomainSecureComponentInter
     __get__: () => {
       const threeDomainSecureInstance = new ThreeDomainSecureComponent({
         logger: getLogger(),
+        // $FlowIssue ZalgoPromise vs Promise
+        request: callRestAPI,
         sdkConfig: {
-          sdkToken: getSDKToken(),
+          authenticationToken: getUserIDToken(),
+          paypalApiDomain: getPayPalAPIDomain(),
         },
       });
-      return protectedExport({
-        isEligible: () => threeDomainSecureInstance.isEligible(),
+      return localOrStageExport({
+        isEligible: (payload) => threeDomainSecureInstance.isEligible(payload),
         show: () => threeDomainSecureInstance.show(),
       });
     },