strapi-plugin-payone-provider 4.6.9 → 5.6.10

package/admin/src/pages/utils/paymentUtils.js

@@ -9,18 +9,15 @@ export function getValidCardExpiryDate(cardexpiredate) {
     return `${nextYear}${monthStr}`;
   }
 
-  // Validate format (must be 4 digits)
   if (!/^\d{4}$/.test(cardexpiredate)) {
     const nextYear = currentYear + 1;
     const monthStr = String(currentMonth).padStart(2, '0');
     return `${nextYear}${monthStr}`;
   }
 
-  // Parse YYMM format
   const year = parseInt(cardexpiredate.substring(0, 2), 10);
   const month = parseInt(cardexpiredate.substring(2, 4), 10);
 
-  // Validate month (1-12)
   if (month < 1 || month > 12) {
     const nextYear = currentYear + 1;
     const monthStr = String(currentMonth).padStart(2, '0');
@@ -92,7 +89,6 @@ export const getBaseParams = (options = {}) => {
     currency: currency.toUpperCase(),
     reference: reference || `REF-${Date.now()}`,
     customerid: finalCustomerId,
-
     firstname,
     lastname,
     street,
@@ -100,16 +96,12 @@ export const getBaseParams = (options = {}) => {
     city,
     country: country.toUpperCase(),
     email,
-
-    // Additional customer details
     salutation,
     gender,
     telephonenumber,
     ip,
     customer_is_present,
     language,
-
-    // URL parameters (required for redirect-based payments)
     successurl,
     errorurl,
     backurl
@@ -128,14 +120,12 @@ export const getPaymentMethodParams = (paymentMethod, options = {}) => {
     iban,
     bic,
     bankaccountholder,
-    // Shipping address for wallet payments (Google Pay, Apple Pay, PayPal)
     shipping_firstname,
     shipping_lastname,
     shipping_street,
     shipping_zip,
     shipping_city,
     shipping_country,
-    // Billing address (used as fallback for shipping)
     firstname,
     lastname,
     street,
@@ -144,10 +134,8 @@ export const getPaymentMethodParams = (paymentMethod, options = {}) => {
     country
   } = options;
 
-  // Use cardtype if provided, otherwise fall back to cardType, otherwise default to "V"
   const finalCardType = cardtype || cardType || "V";
 
-  // Helper to get shipping params for wallet payments
   const getShippingParams = () => ({
     shipping_firstname: shipping_firstname || firstname || "John",
     shipping_lastname: shipping_lastname || lastname || "Doe",
@@ -158,19 +146,19 @@ export const getPaymentMethodParams = (paymentMethod, options = {}) => {
   });
 
   switch (paymentMethod) {
-    case "cc": // Credit Card (Visa, Mastercard, Amex)
+    case "cc":
       return {
         clearingtype: "cc",
-        cardtype: finalCardType, // V = Visa, M = Mastercard, A = Amex
-        cardpan: cardpan || "4111111111111111", // Test Visa card
+        cardtype: finalCardType,
+        cardpan: cardpan || "4111111111111111",
         cardexpiredate: getValidCardExpiryDate(cardexpiredate),
-        cardcvc2: cardcvc2 || "123" // 3-digit security code
+        cardcvc2: cardcvc2 || "123"
       };
 
-    case "wlt": // PayPal
+    case "wlt":
       return {
         clearingtype: "wlt",
-        wallettype: "PPE", // PayPal Express
+        wallettype: "PPE",
         ...getShippingParams()
       };
 
@@ -194,10 +182,10 @@ export const getPaymentMethodParams = (paymentMethod, options = {}) => {
 
       return googlePayParams;
 
-    case "apl": // Apple Pay
+    case "apl":
       const applePayParams = {
         clearingtype: "wlt",
-        wallettype: "APL", // Apple Pay
+        wallettype: "APL",
         ...getShippingParams()
       };
 
@@ -214,24 +202,23 @@ export const getPaymentMethodParams = (paymentMethod, options = {}) => {
 
       return applePayParams;
 
-    case "sb": // Sofort Banking
+    case "sb":
       return {
         clearingtype: "sb",
         bankcountry: "DE",
-        onlinebanktransfertype: "PNT" // Sofort Banking
+        onlinebanktransfertype: "PNT"
       };
 
-    case "elv": // SEPA Direct Debit
+    case "elv":
       return {
         clearingtype: "elv",
         bankcountry: "DE",
-        iban: iban || "DE89370400440532013000", // Test IBAN
-        bic: bic || "COBADEFFXXX", // Test BIC
+        iban: iban || "DE89370400440532013000",
+        bic: bic || "COBADEFFXXX",
         bankaccountholder: bankaccountholder || "John Doe"
       };
 
     default:
-      // Default to credit card for unknown payment methods
       return {
         clearingtype: "cc",
         cardtype: "V",

package/admin/src/pages/utils/tooltipHelpers.js

@@ -0,0 +1,18 @@
+
+export const shouldShowTooltip = (inputType, tooltipContent) => {
+  if (!tooltipContent) {
+    return false;
+  }
+
+  const inputTypesWithTooltip = ["switch", "toggle", "checkbox", "textarea"];
+
+  return inputTypesWithTooltip.includes(inputType);
+};
+
+
+export const getTooltipProps = (tooltipContent) => {
+  return {
+    label: tooltipContent,
+    position: "top",
+  };
+};

package/admin/src/pages/utils/transactionTableUtils.js

@@ -0,0 +1,60 @@
+
+export const getStatusColor = (status) => {
+  switch (status) {
+    case "APPROVED":
+      return "success200";
+    case "ERROR":
+      return "danger200";
+    case "PENDING":
+      return "warning200";
+    case "REDIRECT":
+      return "success100";
+    default:
+      return "success100";
+  }
+};
+
+export const formatAmount = (amount, currency) => {
+  if (!amount) return "N/A";
+  return `${(amount / 100).toFixed(2)} ${currency || "EUR"}`;
+};
+
+export const formatDate = (dateString) => {
+  if (!dateString) return "N/A";
+  return new Date(dateString).toLocaleString("en-US", {
+    year: "numeric",
+    month: "2-digit",
+    day: "2-digit",
+    hour: "2-digit",
+    minute: "2-digit",
+  });
+};
+
+export const getPaymentMethodName = (clearingtype, wallettype) => {
+  switch (clearingtype) {
+    case "cc":
+      return "Credit Card";
+    case "sb":
+      return "Online Banking";
+    case "wlt":
+      return wallettype === "PPE" ? "PayPal" : "Wallet";
+    case "elv":
+      return "Direct Debit (SEPA)";
+    default:
+      return clearingtype || "Unknown";
+  }
+};
+
+export const getCardTypeName = (cardtype) => {
+  switch (cardtype) {
+    case "V":
+      return "Visa";
+    case "M":
+      return "Mastercard";
+    case "A":
+      return "American Express";
+    default:
+      return cardtype || "Unknown";
+  }
+};
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-payone-provider",
-  "version": "4.6.9",
+  "version": "5.6.10",
   "description": "Strapi plugin for Payone payment gateway integration",
   "license": "MIT",
   "maintainers": [
@@ -10,23 +10,17 @@
     }
   ],
   "dependencies": {
+    "@uiw/react-json-view": "^2.0.0-alpha.40",
     "apple-pay-button": "^1.2.1",
     "axios": "^1.6.3",
-    "prop-types": "^15.7.2",
-    "@uiw/react-json-view": "^2.0.0-alpha.40"
-  },
-  "devDependencies": {
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-router-dom": "^5.3.4",
-    "styled-components": "^5.3.6"
+    "prop-types": "^15.7.2"
   },
   "peerDependencies": {
-    "@strapi/strapi": "^4.0",
-    "react": "^17.0.0 || ^18.0.0",
-    "react-dom": "^17.0.0 || ^18.0.0",
-    "react-router-dom": "^5.2.0",
-    "styled-components": "^5.2.1"
+    "@strapi/strapi": "^5.0.0",
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0",
+    "react-router-dom": "^6.0.0",
+    "styled-components": "^6.0.0"
   },
   "engines": {
     "node": ">=18.0.0",

package/server/config/index.js

@@ -14,7 +14,13 @@ module.exports = {
       merchantName: "",
       displayName: "",
       domainName: "",
-      merchantIdentifier: ""
+      merchantIdentifier: "",
+      enableCreditCard: false,
+      enablePayPal: false,
+      enableGooglePay: false,
+      enableApplePay: false,
+      enableSofort: false,
+      enableSepaDirectDebit: false
     }
   },
   validator(config) {
@@ -33,7 +39,17 @@ module.exports = {
           api_version: yup
             .string()
             .matches(/^\d+\.\d+$/)
-            .defined()
+            .defined(),
+          merchantName: yup.string().optional(),
+          displayName: yup.string().optional(),
+          domainName: yup.string().optional(),
+          merchantIdentifier: yup.string().optional(),
+          enableCreditCard: yup.boolean().optional(),
+          enablePayPal: yup.boolean().optional(),
+          enableGooglePay: yup.boolean().optional(),
+          enableApplePay: yup.boolean().optional(),
+          enableSofort: yup.boolean().optional(),
+          enableSepaDirectDebit: yup.boolean().optional()
         })
         .defined()
     });

package/server/controllers/payone.js

@@ -7,13 +7,25 @@ const getPayoneService = (strapi) => {
 };
 
 const handleError = (ctx, error) => {
-  if (error.response || error.status >= 400) {
-    ctx.strapi.log.error("Payone controller error:", {
-      status: error.status || error.response?.status,
-      message: error.message
+  const status = error.status || error.response?.status || 500;
+  const message = error.message || "Internal server error";
+
+  if (status >= 400) {
+    console.log("[Payone] Controller error:", {
+      status,
+      message,
+      error: error.stack || error
     });
   }
-  ctx.throw(500, error);
+
+  ctx.status = status;
+  ctx.body = {
+    error: {
+      status,
+      message,
+      name: error.name || "Error"
+    }
+  };
 };
 
 const hideKey = (settings) => {
@@ -27,7 +39,9 @@ module.exports = ({ strapi }) => ({
   async getSettings(ctx) {
     try {
       const settings = await getPayoneService(strapi).getSettings();
-      ctx.body = { data: hideKey(settings) };
+      ctx.body = {
+        ...hideKey(settings || {})
+      };
     } catch (error) {
       handleError(ctx, error);
     }
@@ -62,15 +76,20 @@ module.exports = ({ strapi }) => ({
 
   async updateSettings(ctx) {
     try {
-      const { body } = ctx.request;
+      const bodyData = ctx.request.body?.data || ctx.request.body;
+
+      if (!bodyData || typeof bodyData !== 'object') {
+        ctx.throw(400, "Invalid request body");
+      }
+
       const currentSettings = await getPayoneService(strapi).getSettings();
 
-      if (body.key === "***HIDDEN***" || !body.key) {
-        body.key = currentSettings?.key;
+      if (bodyData.key === "***HIDDEN***" || !bodyData.key) {
+        bodyData.key = currentSettings?.key;
       }
 
-      const settings = await getPayoneService(strapi).updateSettings(body);
-      ctx.body = { data: hideKey(settings) };
+      const settings = await getPayoneService(strapi).updateSettings(bodyData);
+      ctx.body = { ...hideKey(settings) };
     } catch (error) {
       handleError(ctx, error);
     }
@@ -78,9 +97,13 @@ module.exports = ({ strapi }) => ({
 
   async preauthorization(ctx) {
     try {
-      const params = ctx.request.body;
+      const params = ctx.request.body?.data || ctx.request.body;
+      if (!params || typeof params !== 'object') {
+        ctx.throw(400, "Invalid request body");
+      }
+
       const result = await getPayoneService(strapi).preauthorization(params);
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       handleError(ctx, error);
     }
@@ -88,9 +111,14 @@ module.exports = ({ strapi }) => ({
 
   async authorization(ctx) {
     try {
-      const params = ctx.request.body;
+      const params = ctx.request.body?.data || ctx.request.body;
+
+      if (!params || typeof params !== 'object') {
+        ctx.throw(400, "Invalid request body");
+      }
+
       const result = await getPayoneService(strapi).authorization(params);
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       handleError(ctx, error);
     }
@@ -98,9 +126,14 @@ module.exports = ({ strapi }) => ({
 
   async capture(ctx) {
     try {
-      const params = ctx.request.body;
+      const params = ctx.request.body?.data || ctx.request.body;
+
+      if (!params || typeof params !== 'object') {
+        ctx.throw(400, "Invalid request body");
+      }
+
       const result = await getPayoneService(strapi).capture(params);
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       handleError(ctx, error);
     }
@@ -108,9 +141,14 @@ module.exports = ({ strapi }) => ({
 
   async refund(ctx) {
     try {
-      const params = ctx.request.body;
+      const params = ctx.request.body?.data || ctx.request.body;
+
+      if (!params || typeof params !== 'object') {
+        ctx.throw(400, "Invalid request body");
+      }
+
       const result = await getPayoneService(strapi).refund(params);
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       handleError(ctx, error);
     }
@@ -118,9 +156,21 @@ module.exports = ({ strapi }) => ({
 
   async getTransactionHistory(ctx) {
     try {
-      const filters = ctx.query || {};
-      const history = await getPayoneService(strapi).getTransactionHistory(filters);
-      ctx.body = { data: history };
+      const { filters = {}, pagination = {} } = ctx.query || {};
+      const page = parseInt(pagination.page || "1", 10);
+      const pageSize = parseInt(pagination.pageSize || "10", 10);
+
+      const result = await getPayoneService(strapi).getTransactionHistory({
+        filters: filters || {},
+        pagination: { page, pageSize }
+      });
+
+      ctx.body = {
+        data: result.data || [],
+        meta: {
+          pagination: result.pagination
+        },
+      };
     } catch (error) {
       handleError(ctx, error);
     }
@@ -129,7 +179,7 @@ module.exports = ({ strapi }) => ({
   async testConnection(ctx) {
     try {
       const result = await getPayoneService(strapi).testConnection();
-      ctx.body = { data: result };
+      ctx.body = result || {};
     } catch (error) {
       handleError(ctx, error);
     }
@@ -149,7 +199,10 @@ module.exports = ({ strapi }) => ({
         resultType = "cancelled";
       }
 
-      const callbackData = isGetRequest ? ctx.query : ctx.request.body;
+      const callbackData = isGetRequest
+        ? ctx.query
+        : (ctx.request.body || ctx.request.body?.data || ctx.request?.data);
+
       const result = await getPayoneService(strapi).handle3DSCallback(callbackData, resultType);
 
       if (isGetRequest) {
@@ -166,7 +219,7 @@ module.exports = ({ strapi }) => ({
         return ctx.redirect(redirectUrl);
       }
 
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       handleError(ctx, error);
     }
@@ -177,13 +230,12 @@ module.exports = ({ strapi }) => ({
       const settings = await getPayoneService(strapi).getSettings();
       const applePayConfig = settings?.applePayConfig || {};
 
-      const params = ctx.request.body;
+      const params = ctx.request.body || ctx.request.body?.data || ctx.request?.data;
 
       if (!params) {
         throw new Error("Request body is missing");
       }
 
-      // Ensure domain is set
       if (!params.domain && !params.domainName) {
         params.domain = ctx.request.hostname || ctx.request.host || 'localhost';
         params.domainName = params.domain;
@@ -210,11 +262,10 @@ module.exports = ({ strapi }) => ({
         throw new Error("Merchant validation returned null. Please check your Payone Apple Pay configuration.");
       }
 
-      ctx.body = { data: result };
+      ctx.body = result;
     } catch (error) {
       const errorStatus = error.status || (error.message?.includes('403') ? 403 : 500);
 
-      // Only log if it's a response error
       if (error.response || errorStatus === 403 || errorStatus === 401 || errorStatus >= 500) {
         strapi.log.error("[Apple Pay] Controller error:", {
           status: errorStatus,
@@ -222,11 +273,9 @@ module.exports = ({ strapi }) => ({
         });
       }
 
-      // Extract detailed error message if available
       let errorMessage = error.message || "Apple Pay merchant validation failed";
       let errorDetails = "Please check your Payone Apple Pay configuration in PMI (CONFIGURATION → PAYMENT PORTALS → [Your Portal] → Apple Pay). Ensure that Merchant ID (mid) is correctly configured and Apple Pay is enabled for your portal.";
 
-      // If it's a 403 error, provide more specific guidance
       if (errorStatus === 403 || error.message?.includes('403')) {
         errorDetails = "403 Forbidden: Authentication failed with Payone. " +
           "Please check: 1) Your Payone credentials (aid, portalid, mid, key) in plugin settings, " +
@@ -246,5 +295,23 @@ module.exports = ({ strapi }) => ({
         }
       };
     }
+  },
+
+  async handleTransactionStatus(ctx) {
+    try {
+      const notificationData = ctx.request.body || {};
+      await getPayoneService(strapi).processTransactionStatus(notificationData);
+
+      ctx.status = 200;
+      ctx.body = "TSOK";
+      ctx.type = "text/plain";
+      console.log(`[Payone TransactionStatus] Responded TSOK`);
+    } catch (error) {
+      console.log("[Payone TransactionStatus] Error handling notification:", error);
+      ctx.status = 200;
+      ctx.body = "TSOK";
+      ctx.type = "text/plain";
+    }
   }
+
 });

package/server/policies/index.js

@@ -2,5 +2,6 @@
 
 module.exports = {
   "is-auth": require("./is-auth"),
-  "is-super-admin": require("./isSuperAdmin")
+  "is-super-admin": require("./isSuperAdmin"),
+  "is-payone-notification": require("./is-payone-notification")
 };

package/server/policies/is-auth.js

@@ -1,13 +1,19 @@
 "use strict";
 
-module.exports = async (ctx, config, { strapi }) => {
-  const { authorization } = ctx.request.header || {};
+module.exports = async (policyContext, config, { strapi }) => {
+  const { authorization } = policyContext.request.header || {};
 
   if (authorization && authorization.startsWith("Bearer ")) {
     const token = authorization.split(" ")[1];
 
     try {
-      const apiTokenService = strapi.services["admin::api-token"];
+      const apiTokenService = strapi.service("admin::api-token");
+
+      if (!apiTokenService) {
+        strapi.log.warn("strapi-plugin-payone-provider: api-token service not found");
+        return false;
+      }
+
       const accessKey = await apiTokenService.hash(token);
       const storedToken = await apiTokenService.getBy({ accessKey });
 

package/server/policies/is-payone-notification.js

@@ -0,0 +1,31 @@
+"use strict";
+
+module.exports = async (policyContext, config, { strapi }) => {
+  const { request } = policyContext;
+  const userAgent = request.header["user-agent"] || request.header["User-Agent"] || "";
+  const clientIp = request.ip || request.connection?.remoteAddress || "";
+
+  if (userAgent !== "PAYONE FinanceGate") {
+    console.log(`[Payone TransactionStatus] Invalid User-Agent: ${userAgent}, IP: ${clientIp}`);
+    return false;
+  }
+
+
+  const isValidIp = (ip) => {
+    if (ip.startsWith("185.60.20.")) {
+      return true;
+    }
+
+    if (ip === "54.246.203.105") {
+      return true;
+    }
+    return false;
+  };
+
+  if (!isValidIp(clientIp)) {
+    console.log(`[Payone TransactionStatus] Invalid IP address: ${clientIp}, User-Agent: ${userAgent}`);
+    return false;
+  }
+
+  return true;
+};

package/server/policies/isSuperAdmin.js

@@ -1,18 +1,20 @@
 "use strict";
 
-module.exports = async (ctx, next) => {
-  const adminUser = ctx.state && ctx.state.user;
+module.exports = async (policyContext, config, { strapi }) => {
+  const adminUser = policyContext.state && policyContext.state.user;
 
   if (!adminUser) {
-    return ctx.unauthorized("Admin authentication required");
+    policyContext.unauthorized("Admin authentication required");
+    return false;
   }
 
   const roles = Array.isArray(adminUser.roles) ? adminUser.roles : [];
   const isSuperAdmin = roles.some((role) => role.code === "strapi-super-admin");
 
   if (!isSuperAdmin) {
-    return ctx.forbidden("Only super admins can access this resource");
+    policyContext.forbidden("Only super admins can access this resource");
+    return false;
   }
 
-  return next();
+  return true;
 };

package/server/routes/index.js

@@ -162,6 +162,17 @@ module.exports = {
           auth: false
         }
       },
+
+      {
+        method: "POST",
+        path: "/transaction-status",
+        handler: "payone.handleTransactionStatus",
+        config: {
+          policies: ["plugin::strapi-plugin-payone-provider.is-payone-notification"],
+          auth: false
+        }
+      },
+
     ]
   }
 };