Context Navigation

← Previous Changeset
Next Changeset →

Changeset 223163 in webkit

Timestamp:

Oct 10, 2017 7:57:12 PM (7 years ago)

Author:

aestes@apple.com

Message:

[Payment Request] Validate that all PaymentCurrencyAmounts use the same currency code when using Apple Pay
https://bugs.webkit.org/show_bug.cgi?id=178150

Reviewed by Tim Horton.

Source/WebCore:

Apple Pay requires a single currency code, but the Payment Request API allows the client to
specify a currency code for each PaymentCurrencyAmount.

Instead of having a required currencyCode property on ApplePayRequest and ignoring the
currency property on PaymentCurrencyAmount, validate that all PaymentCurrencyAmounts use the
same currency code and use that as ApplePaySessionPaymentRequest's currencyCode.

Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.

Modules/applepay/ApplePayPaymentRequest.h:
Modules/applepay/ApplePayPaymentRequest.idl:
Modules/applepay/ApplePayRequestBase.cpp:

(WebCore::convertAndValidate):

Modules/applepay/ApplePayRequestBase.h:
Modules/applepay/ApplePayRequestBase.idl:
Modules/applepay/ApplePaySession.cpp:

(WebCore::convertAndValidate):

Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:

(WebCore::validate):
(WebCore::convertAndValidate):
(WebCore::ApplePayPaymentHandler::show):

Modules/applepay/paymentrequest/ApplePayRequest.idl:

LayoutTests:

http/tests/paymentrequest/payment-request-abort-method.https.html:
http/tests/paymentrequest/payment-request-canmakepayment-method.https.html:
http/tests/paymentrequest/payment-request-show-method.https.html:
http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
http/tests/ssl/applepay/PaymentRequest.https.html:

Location:

trunk

Files:

: 15 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/http/tests/paymentrequest/payment-request-abort-method.https.html (modified) (1 diff)
LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html (modified) (1 diff)
LayoutTests/http/tests/paymentrequest/payment-request-show-method.https.html (modified) (1 diff)
LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt (modified) (3 diffs)
LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html (modified) (4 diffs)
Source/WebCore/ChangeLog (modified) (1 diff)
Source/WebCore/Modules/applepay/ApplePayPaymentRequest.h (modified) (2 diffs)
Source/WebCore/Modules/applepay/ApplePayPaymentRequest.idl (modified) (1 diff)
Source/WebCore/Modules/applepay/ApplePayRequestBase.cpp (modified) (1 diff)
Source/WebCore/Modules/applepay/ApplePayRequestBase.h (modified) (1 diff)
Source/WebCore/Modules/applepay/ApplePayRequestBase.idl (modified) (1 diff)
Source/WebCore/Modules/applepay/ApplePaySession.cpp (modified) (1 diff)
Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp (modified) (5 diffs)
Source/WebCore/Modules/applepay/paymentrequest/ApplePayRequest.idl (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r223160
+                      r223163
+-10-10  Andy Estes  <aestes@apple.com>
+        [Payment Request] Validate that all PaymentCurrencyAmounts use the same currency code when using Apple Pay
+        https://bugs.webkit.org/show_bug.cgi?id=178150
+        Reviewed by Tim Horton.
+        * http/tests/paymentrequest/payment-request-abort-method.https.html:
+        * http/tests/paymentrequest/payment-request-canmakepayment-method.https.html:
+        * http/tests/paymentrequest/payment-request-show-method.https.html:
+        * http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
+        * http/tests/ssl/applepay/PaymentRequest.https.html:
 -10-10  Andy Estes  <aestes@apple.com>

trunk/LayoutTests/http/tests/paymentrequest/payment-request-abort-method.https.html

r223160	r223163
23	23	supportedNetworks: ['visa', 'masterCard'],
24	24	countryCode: 'US',
25		~~currencyCode: 'USD',~~
26	25	},
27	26	});

trunk/LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html

r223160	r223163
17	17	supportedNetworks: ["visa", "masterCard"],
18	18	countryCode: "US",
19		~~currencyCode: "USD",~~
20	19	}
21	20	});

trunk/LayoutTests/http/tests/paymentrequest/payment-request-show-method.https.html

r223160	r223163
18	18	supportedNetworks: ['visa', 'masterCard'],
19	19	countryCode: 'US',
20		~~currencyCode: 'USD',~~
21	20	},
22	21	});

trunk/LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt

-                      r222921
+                      r223163
 PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: "7" is not a valid country code..
-Testing ApplePayRequest.currencyCode
-SETUP: paymentMethod = validPaymentMethod(); delete paymentMethod.data.currencyCode;
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: Member ApplePayRequest.currencyCode is required and must be an instance of DOMString.
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = 'invalid';
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: "invalid" is not a valid currency code..
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = '';
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: "" is not a valid currency code..
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = null;
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: "null" is not a valid currency code..
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = undefined;
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: Member ApplePayRequest.currencyCode is required and must be an instance of DOMString.
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = 7;
-PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with TypeError: "7" is not a valid currency code..
 Testing ApplePayRequest.supportedNetworks
 …
 PASS request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show() threw exception TypeError: Type error.
+SETUP: paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: { currency: 'EUR', value: '10.00' } }];
+PASS request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show() rejected promise  with TypeError: "EUR" does not match the expected currency of "USD". Apple Pay requires all PaymentCurrencyAmounts to use the same currency code..
 Testing PaymentDetails.shippingOptions
 …
 PASS request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show() threw exception TypeError: Type error.
+SETUP: paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: { currency: 'EUR', value: '10.00' }, id: '', label: '' }];
+PASS request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show() rejected promise  with TypeError: "EUR" does not match the expected currency of "USD". Apple Pay requires all PaymentCurrencyAmounts to use the same currency code..
 Testing PaymentOptions

trunk/LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html

-                      r223160
+                      r223163
             merchantIdentifier: '',
             countryCode: 'US',
-            currencyCode: 'USD',
             supportedNetworks: ['visa', 'masterCard'],
             merchantCapabilities: ['supports3DS'],
 …
     debug("")
     await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 7;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    debug("Testing ApplePayRequest.currencyCode")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); delete paymentMethod.data.currencyCode;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = 'invalid';", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = '';", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = null;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = undefined;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.currencyCode = 7;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
     debug("")
 …
     logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: '' }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
     logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: '10.00', type: 'invalid' }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
+    await logAndShouldReject("paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: { currency: 'EUR', value: '10.00' } }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
     debug("Testing PaymentDetails.shippingOptions")
     debug("");
 …
     logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: '', detail: '', identifier: '', label: '' }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
     logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: '-1', detail: '', identifier: '', label: '' }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
+    await logAndShouldReject("paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: { currency: 'EUR', value: '10.00' }, id: '', label: '' }];", "request = new PaymentRequest([validPaymentMethod()], paymentDetails); request.show()")
     debug("Testing PaymentOptions")

trunk/Source/WebCore/ChangeLog

-                      r223160
+                      r223163
+-10-10  Andy Estes  <aestes@apple.com>
+        [Payment Request] Validate that all PaymentCurrencyAmounts use the same currency code when using Apple Pay
+        https://bugs.webkit.org/show_bug.cgi?id=178150
+        Reviewed by Tim Horton.
+        Apple Pay requires a single currency code, but the Payment Request API allows the client to
+        specify a currency code for each PaymentCurrencyAmount.
+        Instead of having a required currencyCode property on ApplePayRequest and ignoring the
+        currency property on PaymentCurrencyAmount, validate that all PaymentCurrencyAmounts use the
+        same currency code and use that as ApplePaySessionPaymentRequest's currencyCode.
+        Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.
+        * Modules/applepay/ApplePayPaymentRequest.h:
+        * Modules/applepay/ApplePayPaymentRequest.idl:
+        * Modules/applepay/ApplePayRequestBase.cpp:
+        (WebCore::convertAndValidate):
+        * Modules/applepay/ApplePayRequestBase.h:
+        * Modules/applepay/ApplePayRequestBase.idl:
+        * Modules/applepay/ApplePaySession.cpp:
+        (WebCore::convertAndValidate):
+        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
+        (WebCore::validate):
+        (WebCore::convertAndValidate):
+        (WebCore::ApplePayPaymentHandler::show):
+        * Modules/applepay/paymentrequest/ApplePayRequest.idl:
 -10-10  Andy Estes  <aestes@apple.com>

trunk/Source/WebCore/Modules/applepay/ApplePayPaymentRequest.h

-                      r222921
+                      r223163
 #include "ApplePayLineItem.h"
 #include "ApplePayPaymentContact.h"
 #include "ApplePayRequest.h"
+#include "ApplePayRequestBase.h"
 #include "ApplePaySessionPaymentRequest.h"
 #include "ApplePayShippingMethod.h"
 …
 namespace WebCore {
 struct ApplePayPaymentRequest : ApplePayRequest {
+struct ApplePayPaymentRequest : ApplePayRequestBase {
     using ShippingType = ApplePaySessionPaymentRequest::ShippingType;
+    String currencyCode;
     std::optional<Vector<ApplePayContactField>> requiredShippingContactFields;

trunk/Source/WebCore/Modules/applepay/ApplePayPaymentRequest.idl

r222921	r223163
39	39	sequence<ApplePayLineItem> lineItems;
40	40
	41	required DOMString currencyCode;
	42
41	43	sequence<ApplePayContactField> requiredShippingContactFields;
42	44	ApplePayPaymentContact shippingContact;

trunk/Source/WebCore/Modules/applepay/ApplePayRequestBase.cpp

-                      r222921
+                      r223163
+{
     ApplePaySessionPaymentRequest result;
     result.setCountryCode(request.countryCode);
-    result.setCurrencyCode(request.currencyCode);
     auto merchantCapabilities = convertAndValidate(request.merchantCapabilities);

trunk/Source/WebCore/Modules/applepay/ApplePayRequestBase.h

r222921	r223163
38	38	Vector<String> supportedNetworks;
39	39	String countryCode;
40		~~String currencyCode;~~
41	40
42	41	std::optional<Vector<ApplePayContactField>> requiredBillingContactFields;

trunk/Source/WebCore/Modules/applepay/ApplePayRequestBase.idl

r222921	r223163
30	30	required sequence<DOMString> supportedNetworks; // FIXME: Should this be an sequence of enums?
31	31	required DOMString countryCode;
32		~~required DOMString currencyCode;~~
33	32
34	33	sequence<ApplePayContactField> requiredBillingContactFields;

trunk/Source/WebCore/Modules/applepay/ApplePaySession.cpp

r222921	r223163
214	214
215	215	auto result = convertedRequest.releaseReturnValue();
	216	result.setCurrencyCode(paymentRequest.currencyCode);
216	217
217	218	auto total = convertAndValidateTotal(WTFMove(paymentRequest.total));

trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp

-                      r223160
+                      r223163
+}
+static ApplePaySessionPaymentRequest::LineItem convert(const PaymentItem& item)
+{
+static ExceptionOr<void> validate(const PaymentCurrencyAmount& amount, const String& expectedCurrency)
+{
+    if (amount.currency != expectedCurrency)
+        return Exception { TypeError, makeString("\"", amount.currency, "\" does not match the expected currency of \"", expectedCurrency, "\". Apple Pay requires all PaymentCurrencyAmounts to use the same currency code.") };
+    return { };
+}
+static ExceptionOr<ApplePaySessionPaymentRequest::LineItem> convertAndValidate(const PaymentItem& item, const String& expectedCurrency)
+{
+    auto exception = validate(item.amount, expectedCurrency);
+    if (exception.hasException())
+        return exception.releaseException();
     ApplePaySessionPaymentRequest::LineItem lineItem;
     lineItem.amount = item.amount.value;
 …
+}
 static Vector<ApplePaySessionPaymentRequest::LineItem> convert(const Vector<PaymentItem>& lineItems)
+static ExceptionOr<Vector<ApplePaySessionPaymentRequest::LineItem>> convertAndValidate(const Vector<PaymentItem>& lineItems, const String& expectedCurrency)
+{
     Vector<ApplePaySessionPaymentRequest::LineItem> result;
     result.reserveInitialCapacity(lineItems.size());
+    for (auto& lineItem : lineItems)
+        result.uncheckedAppend(convert(lineItem));
+    for (auto& lineItem : lineItems) {
+        auto convertedLineItem = convertAndValidate(lineItem, expectedCurrency);
+        if (convertedLineItem.hasException())
+            return convertedLineItem.releaseException();
+        result.uncheckedAppend(convertedLineItem.releaseReturnValue());
+    }
     return result;
+}
 …
+}
+static ApplePaySessionPaymentRequest::ShippingMethod convert(const PaymentShippingOption& shippingOption)
+{
+static ExceptionOr<ApplePaySessionPaymentRequest::ShippingMethod> convertAndValidate(const PaymentShippingOption& shippingOption, const String& expectedCurrency)
+{
+    auto exception = validate(shippingOption.amount, expectedCurrency);
+    if (exception.hasException())
+        return exception.releaseException();
     ApplePaySessionPaymentRequest::ShippingMethod result;
     result.amount = shippingOption.amount.value;
 …
     ApplePaySessionPaymentRequest request = validatedRequest.releaseReturnValue();
+    request.setTotal(convert(m_paymentRequest->paymentDetails().total));
+    auto lineItems = convert(m_paymentRequest->paymentDetails().displayItems);
+    String expectedCurrency = m_paymentRequest->paymentDetails().total.amount.currency;
+    request.setCurrencyCode(expectedCurrency);
+    auto total = convertAndValidate(m_paymentRequest->paymentDetails().total, expectedCurrency);
+    ASSERT(!total.hasException());
+    request.setTotal(total.releaseReturnValue());
+    auto convertedLineItems = convertAndValidate(m_paymentRequest->paymentDetails().displayItems, expectedCurrency);
+    if (convertedLineItems.hasException())
+        return convertedLineItems.releaseException();
+    auto lineItems = convertedLineItems.releaseReturnValue();
     for (auto& modifier : m_paymentRequest->paymentDetails().modifiers) {
         auto convertedIdentifier = convertAndValidatePaymentMethodIdentifier(modifier.supportedMethods);
+        if (convertedIdentifier && handlesIdentifier(*convertedIdentifier))
+            lineItems.appendVector(convert(modifier.additionalDisplayItems));
+        if (!convertedIdentifier || !handlesIdentifier(*convertedIdentifier))
+            continue;
+        auto additionalDisplayItems = convertAndValidate(modifier.additionalDisplayItems, expectedCurrency);
+        if (additionalDisplayItems.hasException())
+            return additionalDisplayItems.releaseException();
+        lineItems.appendVector(additionalDisplayItems.releaseReturnValue());
+    }
     request.setLineItems(lineItems);
 …
     Vector<ApplePaySessionPaymentRequest::ShippingMethod> shippingMethods;
     shippingMethods.reserveInitialCapacity(m_paymentRequest->paymentDetails().shippingOptions.size());
+    for (auto& shippingOption : m_paymentRequest->paymentDetails().shippingOptions)
+        shippingMethods.uncheckedAppend(convert(shippingOption));
+    for (auto& shippingOption : m_paymentRequest->paymentDetails().shippingOptions) {
+        auto convertedShippingOption = convertAndValidate(shippingOption, expectedCurrency);
+        if (convertedShippingOption.hasException())
+            return convertedShippingOption.releaseException();
+        shippingMethods.uncheckedAppend(convertedShippingOption.releaseReturnValue());
+    }
     request.setShippingMethods(shippingMethods);

trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayRequest.idl

r223160	r223163
30	30	required DOMString merchantIdentifier;
31	31	};
	32

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 223163 in webkit

Legend:

Download in other formats: