Changeset 286452 in webkit

Timestamp:

Dec 2, 2021 2:21:46 PM (8 months ago)

Author:

Devin Rousso

Message:

[Payment Request] Validate payment method data on construction
​https://bugs.webkit.org/show_bug.cgi?id=233292
<rdar://problem/85736007>

Reviewed by Andy Estes.

Source/WebCore:

This will allow developers to replace any ApplePaySession.supportsVersion check(s) by
attempting to create a PaymentRequest object with data specific to Apple Pay. This is
actually an improvement, because it'll also allow developers to catch most errors in that
data earlier, as previously any errors would only be thrown when show() is called.

Spec: <​https://github.com/w3c/payment-request/pull/976>

Test: http/tests/ssl/applepay/PaymentRequest.https.html

• Modules/paymentrequest/PaymentRequest.cpp:

(WebCore::PaymentRequest::show):

• Modules/paymentrequest/PaymentHandler.h:

Adjust PaymentHandler::convertData to take a Document so that additional validation
can be performed on the provided payment method(s) (e.g. check the Apple Pay version).

• Modules/applepay/PaymentRequestValidator.h:
• Modules/applepay/PaymentRequestValidator.mm:

(WebCore::PaymentRequestValidator::validate):
Allow callers to choose what fields to validate. This is needed because when the
ApplePaySessionPaymentRequest created/converted when validating the payment method data in
the PaymentRequest constructor isn't able to get fields from the PaymentRequest as it
hasn't been created yet.

• Modules/applepay/ApplePaySession.cpp:

(WebCore::convertAndValidate):

• Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
• Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:

(WebCore::convertAndValidateApplePayRequest):
(WebCore::ApplePayPaymentHandler::convertData):
(WebCore::ApplePayPaymentHandler::show):

• Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.h:
• Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.cpp:

(WebCore::convertAndValidateApplePayAMSUIRequest):
(WebCore::ApplePayAMSUIPaymentHandler::convertData):

LayoutTests:

• http/tests/ssl/applepay/PaymentRequest.https.html:
• http/tests/ssl/applepay/PaymentRequest.https-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt (modified) (12 diffs)
• LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html (modified) (11 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.cpp (modified) (2 diffs)
• Source/WebCore/Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.h (modified) (1 diff)
• Source/WebCore/Modules/applepay/ApplePaySession.cpp (modified) (1 diff)
• Source/WebCore/Modules/applepay/PaymentRequestValidator.h (modified) (2 diffs)
• Source/WebCore/Modules/applepay/PaymentRequestValidator.mm (modified) (1 diff)
• Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp (modified) (4 diffs)
• Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.h (modified) (1 diff)
• Source/WebCore/Modules/paymentrequest/PaymentHandler.h (modified) (1 diff)
• Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2021-12-02  Devin Rousso  <drousso@apple.com>
+
+        [Payment Request] Validate payment method data on construction
+        https://bugs.webkit.org/show_bug.cgi?id=233292
+        <rdar://problem/85736007>
+
+        Reviewed by Andy Estes.
+
+        * http/tests/ssl/applepay/PaymentRequest.https.html:
+        * http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
+
 2021-12-02  Fujii Hironori  <Hironori.Fujii@sony.com>
 

trunk/LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt

@@ -11 +11 @@
 Testing ApplePayRequest.version
 
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with InvalidAccessError: "0" is not a supported version..
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with InvalidAccessError: "1000" is not a supported version..
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0;
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception InvalidAccessError: "0" is not a supported version..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000;
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception InvalidAccessError: "1000" is not a supported version..
+
 
 Testing ApplePayRequest.countryCode
@@ -21 +23 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.countryCode is required and must be an instance of DOMString.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = undefined;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.countryCode is required and must be an instance of DOMString.
 
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 'invalid'; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "invalid" is not a valid country code..
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = ''; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "" is not a valid country code..
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = null; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "null" is not a valid country code..
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 7; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "7" is not a valid country code..
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 'invalid';
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "invalid" is not a valid country code..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = '';
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "" is not a valid country code..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = null;
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "null" is not a valid country code..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 7;
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "7" is not a valid country code..
+
 
 Testing ApplePayRequest.supportedNetworks
@@ -43 +44 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.supportedNetworks is required and must be an instance of sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = '';
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = null;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
-
 
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = undefined;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.supportedNetworks is required and must be an instance of sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = 7;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = []; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: At least one supported network must be provided..
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork']; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "invalidNetwork" is not a valid payment network..
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork', 'visa']; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: "invalidNetwork" is not a valid payment network..
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = [];
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: At least one supported network must be provided..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork'];
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "invalidNetwork" is not a valid payment network..
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork', 'visa'];
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: "invalidNetwork" is not a valid payment network..
+
 
 Testing ApplePayRequest.merchantCapabilities
@@ -74 +71 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.merchantCapabilities is required and must be an instance of sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = '';
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = null;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
-
 
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = undefined;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Member ApplePayRequest.merchantCapabilities is required and must be an instance of sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = 7;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = ['invalidCapability'];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = ['invalidCapability', 'supports3DS'];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
-SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = []; request = new PaymentRequest([paymentMethod], validPaymentDetails())
-PASS request.show() rejected promise  with TypeError: At least one merchant capability must be provided..
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = [];
+PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: At least one merchant capability must be provided..
+
 
 Testing ApplePayRequest.requiredBillingContactFields
@@ -107 +98 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = null;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = 7;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = { };
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [''];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [null];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [undefined];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [{}];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = ['invalid'];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
@@ -145 +128 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.billingContact = 7;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
@@ -155 +137 @@
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = null;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = 7;
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Value is not a sequence.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = { };
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [''];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [null];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [undefined];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [{}];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
 
-
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = ['invalid'];
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
@@ -192 +166 @@
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.shippingContact = '';
 PASS new PaymentRequest([paymentMethod], validPaymentDetails()) threw exception TypeError: Type error.
-
 
 SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.shippingContact = 7;
@@ -230 +203 @@
 PASS new PaymentRequest([validPaymentMethod()], paymentDetails) threw exception RangeError: "" is not a valid currency code..
 
-
 SETUP: paymentDetails = validPaymentDetails(); paymentDetails.total = { label: 'label', amount: { currency: 'USD', value:'-10.00'} };
 PASS new PaymentRequest([validPaymentMethod()], paymentDetails) threw exception TypeError: Total currency values cannot be negative..
@@ -237 +209 @@
 PASS request.show() rejected promise  with TypeError: Total amount is too big..
 
+
 Testing PaymentDetails.displayItems
 
@@ -274 +247 @@
 SETUP: paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: { currency: 'EUR', value: '10.00' } }]; request = new PaymentRequest([validPaymentMethod()], paymentDetails)
 PASS request.show() rejected promise  with TypeError: "EUR" does not match the expected currency of "USD". Apple Pay requires all PaymentCurrencyAmounts to use the same currency code..
+
+
 Testing PaymentDetails.shippingOptions
 
@@ -311 +286 @@
 SETUP: paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: { currency: 'EUR', value: '10.00' }, id: '', label: '' }]; request = new PaymentRequest([validPaymentMethod()], paymentDetails, {requestShipping: true})
 PASS request.show() rejected promise  with TypeError: "EUR" does not match the expected currency of "USD". Apple Pay requires all PaymentCurrencyAmounts to use the same currency code..
+
+
 Testing PaymentOptions
 

trunk/LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html

@@ -59 +59 @@
     debug("Testing ApplePayRequest.version")
     debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
 
@@ -66 +66 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); delete paymentMethod.data.countryCode;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = undefined;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 'invalid'; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = ''; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = null; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 7; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 'invalid';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = null;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.countryCode = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
 
@@ -81 +76 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); delete paymentMethod.data.supportedNetworks;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = null;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = undefined;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = []; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork']; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork', 'visa']; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = [];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.supportedNetworks = ['invalidNetwork', 'visa'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
 
@@ -100 +88 @@
     debug("");
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); delete paymentMethod.data.merchantCapabilities;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = null;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = undefined;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = ['invalidCapability'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = ['invalidCapability', 'supports3DS'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
-    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = []; request = new PaymentRequest([paymentMethod], validPaymentDetails())", "request.show()")
+    await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.merchantCapabilities = [];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
 
@@ -119 +100 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = null;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = { };", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [''];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [null];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [undefined];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = [{}];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredBillingContactFields = ['invalid'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
@@ -140 +113 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.billingContact = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.billingContact = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
@@ -147 +119 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = null;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = { };", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [''];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [null];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [undefined];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = [{}];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.requiredShippingContactFields = ['invalid'];", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
@@ -168 +132 @@
     debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.shippingContact = '';", "new PaymentRequest([paymentMethod], validPaymentDetails())")
-    debug("")
     await logAndShouldThrow("paymentMethod = validPaymentMethod(); paymentMethod.data.shippingContact = 7;", "new PaymentRequest([paymentMethod], validPaymentDetails())")
     debug("")
@@ -184 +147 @@
     await logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.total = { label: 'label', amount: 'amount' };", "new PaymentRequest([validPaymentMethod()], paymentDetails)")
     await logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.total = { label: 'label', amount: { currency: '', value: '0' } };", "new PaymentRequest([validPaymentMethod()], paymentDetails)")
-    debug("")
     await logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.total = { label: 'label', amount: { currency: 'USD', value:'-10.00'} };", "new PaymentRequest([validPaymentMethod()], paymentDetails)")
     await logAndShouldReject("paymentDetails = validPaymentDetails(); paymentDetails.total = { label: 'label', amount: { currency: 'USD', value: '10000000000.00' } }; request = new PaymentRequest([validPaymentMethod()], paymentDetails)", "request.show()")
+    debug("")
     debug("")
 
@@ -203 +166 @@
     await logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: '10.00', type: 'invalid' }];", "new PaymentRequest([validPaymentMethod()], paymentDetails)")
     await logAndShouldReject("paymentDetails = validPaymentDetails(); paymentDetails.displayItems = [{ label: 'label', amount: { currency: 'EUR', value: '10.00' } }]; request = new PaymentRequest([validPaymentMethod()], paymentDetails)", "request.show()")
+    debug("")
+    debug("")
 
     debug("Testing PaymentDetails.shippingOptions")
@@ -218 +183 @@
     await logAndShouldThrow("paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: '-1', detail: '', identifier: '', label: '' }];", "new PaymentRequest([validPaymentMethod()], paymentDetails, {requestShipping: true})")
     await logAndShouldReject("paymentDetails = validPaymentDetails(); paymentDetails.shippingOptions = [{ amount: { currency: 'EUR', value: '10.00' }, id: '', label: '' }]; request = new PaymentRequest([validPaymentMethod()], paymentDetails, {requestShipping: true})", "request.show()")
+    debug("")
+    debug("")
 
     debug("Testing PaymentOptions")

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2021-12-02  Devin Rousso  <drousso@apple.com>
+
+        [Payment Request] Validate payment method data on construction
+        https://bugs.webkit.org/show_bug.cgi?id=233292
+        <rdar://problem/85736007>
+
+        Reviewed by Andy Estes.
+
+        This will allow developers to replace any `ApplePaySession.supportsVersion` check(s) by
+        attempting to create a `PaymentRequest` object with data specific to Apple Pay. This is
+        actually an improvement, because it'll also allow developers to catch most errors in that
+        data earlier, as previously any errors would only be thrown when `show()` is called.
+
+        Spec: <https://github.com/w3c/payment-request/pull/976>
+
+        Test: http/tests/ssl/applepay/PaymentRequest.https.html
+
+        * Modules/paymentrequest/PaymentRequest.cpp:
+        (WebCore::PaymentRequest::show):
+        * Modules/paymentrequest/PaymentHandler.h:
+        Adjust `PaymentHandler::convertData` to take a `Document` so that additional validation
+        can be performed on the provided payment method(s) (e.g. check the Apple Pay version).
+
+        * Modules/applepay/PaymentRequestValidator.h:
+        * Modules/applepay/PaymentRequestValidator.mm:
+        (WebCore::PaymentRequestValidator::validate):
+        Allow callers to choose what fields to validate. This is needed because when the
+        `ApplePaySessionPaymentRequest` created/converted when validating the payment method data in
+        the `PaymentRequest` constructor isn't able to get fields from the `PaymentRequest` as it
+        hasn't been created yet.
+
+        * Modules/applepay/ApplePaySession.cpp:
+        (WebCore::convertAndValidate):
+        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
+        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
+        (WebCore::convertAndValidateApplePayRequest):
+        (WebCore::ApplePayPaymentHandler::convertData):
+        (WebCore::ApplePayPaymentHandler::show):
+        * Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.h:
+        * Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.cpp:
+        (WebCore::convertAndValidateApplePayAMSUIRequest):
+        (WebCore::ApplePayAMSUIPaymentHandler::convertData):
+
 2021-12-02  Brandon Stewart  <brandonstewart@apple.com>
 

trunk/Source/WebCore/Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.cpp

@@ -37 +37 @@
 namespace WebCore {
 
-static ExceptionOr<ApplePayAMSUIRequest> convertAndValidateApplePayAMSUIRequest(ScriptExecutionContext& context, JSC::JSValue data)
+static ExceptionOr<ApplePayAMSUIRequest> convertAndValidateApplePayAMSUIRequest(Document& document, JSC::JSValue data)
 {
     if (data.isEmpty())
         return Exception { TypeError, "Missing payment method data." };
 
-    auto throwScope = DECLARE_THROW_SCOPE(context.vm());
-    auto applePayAMSUIRequest = convertDictionary<ApplePayAMSUIRequest>(*context.globalObject(), data);
+    auto throwScope = DECLARE_THROW_SCOPE(document.vm());
+    auto applePayAMSUIRequest = convertDictionary<ApplePayAMSUIRequest>(*document.globalObject(), data);
     if (throwScope.exception())
         return Exception { ExistingExceptionError };
@@ -119 +119 @@
 }
 
-ExceptionOr<void> ApplePayAMSUIPaymentHandler::convertData(JSC::JSValue data)
+ExceptionOr<void> ApplePayAMSUIPaymentHandler::convertData(Document& document, JSC::JSValue data)
 {
-    auto requestOrException = convertAndValidateApplePayAMSUIRequest(*scriptExecutionContext(), data);
+    auto requestOrException = convertAndValidateApplePayAMSUIRequest(document, data);
     if (requestOrException.hasException())
         return requestOrException.releaseException();

trunk/Source/WebCore/Modules/applepay-ams-ui/ApplePayAMSUIPaymentHandler.h

@@ -69 +69 @@
 
     // PaymentHandler
-    ExceptionOr<void> convertData(JSC::JSValue) final;
+    ExceptionOr<void> convertData(Document&, JSC::JSValue) final;
     ExceptionOr<void> show(Document&) final;
     bool canAbortSession() final { return false; }

trunk/Source/WebCore/Modules/applepay/ApplePaySession.cpp

@@ -180 +180 @@
 
     // FIXME: Merge this validation into the validation we are doing above.
-    auto validatedPaymentRequest = PaymentRequestValidator::validate(result);
+    constexpr OptionSet fieldsToValidate = {
+        PaymentRequestValidator::Field::MerchantCapabilities,
+        PaymentRequestValidator::Field::SupportedNetworks,
+        PaymentRequestValidator::Field::CountryCode,
+        PaymentRequestValidator::Field::CurrencyCode,
+        PaymentRequestValidator::Field::Total,
+        PaymentRequestValidator::Field::ShippingMethods,
+    };
+    auto validatedPaymentRequest = PaymentRequestValidator::validate(result, fieldsToValidate);
     if (validatedPaymentRequest.hasException())
         return validatedPaymentRequest.releaseException();

trunk/Source/WebCore/Modules/applepay/PaymentRequestValidator.h

@@ -30 +30 @@
 #include "ApplePaySessionPaymentRequest.h"
 #include "ExceptionOr.h"
+#include <wtf/OptionSet.h>
 
 namespace WebCore {
@@ -35 +36 @@
 class PaymentRequestValidator {
 public:
-    static ExceptionOr<void> validate(const ApplePaySessionPaymentRequest&);
+    enum class Field : uint8_t {
+        MerchantCapabilities = 1 << 0,
+        SupportedNetworks = 1 << 1,
+        CountryCode = 1 << 2,
+        CurrencyCode = 1 << 3,
+        Total = 1 << 4,
+        ShippingMethods = 1 << 5,
+    };
+
+    static ExceptionOr<void> validate(const ApplePaySessionPaymentRequest&, OptionSet<PaymentRequestValidator::Field>);
     static ExceptionOr<void> validateTotal(const ApplePayLineItem&);
 };

trunk/Source/WebCore/Modules/applepay/PaymentRequestValidator.mm

@@ -44 +44 @@
 static ExceptionOr<void> validateShippingMethod(const ApplePayShippingMethod&);
 
-ExceptionOr<void> PaymentRequestValidator::validate(const ApplePaySessionPaymentRequest& paymentRequest)
+ExceptionOr<void> PaymentRequestValidator::validate(const ApplePaySessionPaymentRequest& paymentRequest, OptionSet<Field> fieldsToValidate)
 {
-    auto validatedCountryCode = validateCountryCode(paymentRequest.countryCode());
-    if (validatedCountryCode.hasException())
-        return validatedCountryCode.releaseException();
-
-    auto validatedCurrencyCode = validateCurrencyCode(paymentRequest.currencyCode());
-    if (validatedCurrencyCode.hasException())
-        return validatedCurrencyCode.releaseException();
-
-    auto validatedSupportedNetworks = validateSupportedNetworks(paymentRequest.supportedNetworks());
-    if (validatedSupportedNetworks.hasException())
-        return validatedSupportedNetworks.releaseException();
-
-    auto validatedMerchantCapabilities = validateMerchantCapabilities(paymentRequest.merchantCapabilities());
-    if (validatedMerchantCapabilities.hasException())
-        return validatedMerchantCapabilities.releaseException();
-
-    auto validatedTotal = validateTotal(paymentRequest.total());
-    if (validatedTotal.hasException())
-        return validatedTotal.releaseException();
-
-    auto validatedShippingMethods = validateShippingMethods(paymentRequest.shippingMethods());
-    if (validatedShippingMethods.hasException())
-        return validatedShippingMethods.releaseException();
-
-    for (auto& countryCode : paymentRequest.supportedCountries()) {
-        auto validatedCountryCode = validateCountryCode(countryCode);
+    if (fieldsToValidate.contains(Field::CountryCode)) {
+        auto validatedCountryCode = validateCountryCode(paymentRequest.countryCode());
         if (validatedCountryCode.hasException())
             return validatedCountryCode.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::CurrencyCode)) {
+        auto validatedCurrencyCode = validateCurrencyCode(paymentRequest.currencyCode());
+        if (validatedCurrencyCode.hasException())
+            return validatedCurrencyCode.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::SupportedNetworks)) {
+        auto validatedSupportedNetworks = validateSupportedNetworks(paymentRequest.supportedNetworks());
+        if (validatedSupportedNetworks.hasException())
+            return validatedSupportedNetworks.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::MerchantCapabilities)) {
+        auto validatedMerchantCapabilities = validateMerchantCapabilities(paymentRequest.merchantCapabilities());
+        if (validatedMerchantCapabilities.hasException())
+            return validatedMerchantCapabilities.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::Total)) {
+        auto validatedTotal = validateTotal(paymentRequest.total());
+        if (validatedTotal.hasException())
+            return validatedTotal.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::ShippingMethods)) {
+        auto validatedShippingMethods = validateShippingMethods(paymentRequest.shippingMethods());
+        if (validatedShippingMethods.hasException())
+            return validatedShippingMethods.releaseException();
+    }
+
+    if (fieldsToValidate.contains(Field::CountryCode)) {
+        for (auto& countryCode : paymentRequest.supportedCountries()) {
+            auto validatedCountryCode = validateCountryCode(countryCode);
+            if (validatedCountryCode.hasException())
+                return validatedCountryCode.releaseException();
+        }
     }
 

trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp

@@ -79 +79 @@
 namespace WebCore {
 
-static ExceptionOr<ApplePayRequest> convertAndValidateApplePayRequest(ScriptExecutionContext& context, JSC::JSValue data)
+static inline PaymentCoordinator& paymentCoordinator(Document& document)
+{
+    ASSERT(document.page());
+    return document.page()->paymentCoordinator();
+}
+
+static ExceptionOr<ApplePayRequest> convertAndValidateApplePayRequest(Document& document, JSC::JSValue data)
 {
     if (data.isEmpty())
         return Exception { TypeError, "Missing payment method data." };
 
-    auto throwScope = DECLARE_THROW_SCOPE(context.vm());
-    auto applePayRequest = convertDictionary<ApplePayRequest>(*context.globalObject(), data);
+    auto throwScope = DECLARE_THROW_SCOPE(document.vm());
+    auto applePayRequest = convertDictionary<ApplePayRequest>(*document.globalObject(), data);
     if (throwScope.exception())
         return Exception { ExistingExceptionError };
+
+    auto validatedRequest = convertAndValidate(document, applePayRequest.version, applePayRequest, paymentCoordinator(document));
+    if (validatedRequest.hasException())
+        return validatedRequest.releaseException();
+
+    constexpr OptionSet fieldsToValidate = {
+        PaymentRequestValidator::Field::MerchantCapabilities,
+        PaymentRequestValidator::Field::SupportedNetworks,
+        PaymentRequestValidator::Field::CountryCode,
+    };
+    auto exception = PaymentRequestValidator::validate(validatedRequest.releaseReturnValue(), fieldsToValidate);
+    if (exception.hasException())
+        return exception.releaseException();
 
     return WTFMove(applePayRequest);
@@ -108 +127 @@
     auto& url = std::get<URL>(identifier);
     return url.host() == "apple.com" && url.path() == "/apple-pay";
-}
-
-static inline PaymentCoordinator& paymentCoordinator(Document& document)
-{
-    ASSERT(document.page());
-    return document.page()->paymentCoordinator();
 }
 
@@ -201 +214 @@
 }
 
-ExceptionOr<void> ApplePayPaymentHandler::convertData(JSC::JSValue data)
-{
-    auto requestOrException = convertAndValidateApplePayRequest(*scriptExecutionContext(), data);
+ExceptionOr<void> ApplePayPaymentHandler::convertData(Document& document, JSC::JSValue data)
+{
+    auto requestOrException = convertAndValidateApplePayRequest(document, data);
     if (requestOrException.hasException())
         return requestOrException.releaseException();
@@ -270 +283 @@
         merge(request, WTFMove(std::get<1>(*modifierData)));
 
-    auto exception = PaymentRequestValidator::validate(request);
+    constexpr OptionSet fieldsToValidate = {
+        PaymentRequestValidator::Field::CurrencyCode,
+        PaymentRequestValidator::Field::Total,
+        PaymentRequestValidator::Field::ShippingMethods,
+    };
+    auto exception = PaymentRequestValidator::validate(request, fieldsToValidate);
     if (exception.hasException())
         return exception.releaseException();

trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.h

@@ -72 +72 @@
 
     // PaymentHandler
-    ExceptionOr<void> convertData(JSC::JSValue) final;
+    ExceptionOr<void> convertData(Document&, JSC::JSValue) final;
     ExceptionOr<void> show(Document&) final;
     bool canAbortSession() final { return true; }

trunk/Source/WebCore/Modules/paymentrequest/PaymentHandler.h

@@ -51 +51 @@
     static bool hasActiveSession(Document&);
 
-    virtual ExceptionOr<void> convertData(JSC::JSValue) = 0;
+    virtual ExceptionOr<void> convertData(Document&, JSC::JSValue) = 0;
     virtual ExceptionOr<void> show(Document&) = 0;
     virtual bool canAbortSession() = 0;

trunk/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp

@@ -411 +411 @@
             continue;
 
-        auto result = handler->convertData(data.releaseReturnValue());
+        auto result = handler->convertData(document, data.releaseReturnValue());
         if (result.hasException()) {
             settleShowPromise(result.releaseException());