Merge pull request #1267 from BearGroup/release/5.18.2

shangamesh · web-flow · commit d5eb9647bc59 · 2025-05-12T14:28:17.000+05:30
Release/5.18.2
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Change Log
 
+## 5.18.2
+* Added security enhancements around Express Checkout
+* Changed when Magento order ID is sent to Amazon to improve traceability
+* Changed how promo banner is rendered for configurable/bundle products
+* Clarified usage of "Reset configuration" button in admin for new merchants
+* Fixed bug in email plugin if no payment is set
+* Restored PHP 7 compatibility
+
 ## 5.18.1
 * Add new logos/acceptance marks at checkout
 * Improved clarity of order comments on cancelled orders
diff --git a/Cron/CleanUpIncompleteSessions.php b/Cron/CleanUpIncompleteSessions.php
@@ -117,7 +117,10 @@ protected function processTransaction(array $transactionData)
 
         try {
             // Check current state of Amazon checkout session
-            $amazonSession = $this->amazonPayAdapter->getCheckoutSession($transactionData['store_id'], $checkoutSessionId);
+            $amazonSession = $this->amazonPayAdapter->getCheckoutSession(
+                $transactionData['store_id'],
+                $checkoutSessionId
+            );
             $state = $amazonSession['statusDetails']['state'] ?? false;
             switch ($state) {
                 case self::SESSION_STATUS_STATE_CANCELED:
@@ -150,6 +153,7 @@ protected function processTransaction(array $transactionData)
      * Cancel the order
      *
      * @param int $orderId
+     * @param string $reasonMessage
      * @return void
      */
     protected function cancelOrder($orderId, $reasonMessage = '')
diff --git a/Gateway/Request/SettlementRequestBuilder.php b/Gateway/Request/SettlementRequestBuilder.php
@@ -110,7 +110,8 @@ protected function getHeaders($payment)
      * @param \Magento\Payment\Model\InfoInterface $payment
      * @return string
      */
-    protected function getChargeId($payment) {
+    protected function getChargeId($payment)
+    {
         $chargeId = '';
 
         if ($parentTransactionId = $payment->getParentTransactionId()) {
diff --git a/Helper/Address.php b/Helper/Address.php
@@ -216,4 +216,31 @@ public function convertToArray(AddressInterface $address)
 
         return $data;
     }
+
+    /**
+     * Ensure shipping address associated with checkout session is one coming from Amazon
+     *
+     * @param mixed $amazonAddress
+     * @param \Magento\Quote\Model\Quote\Address $magentoAddress
+     */
+    public function validateShippingIsSame($amazonAddress, $magentoAddress)
+    {
+        return $this->fuzzyCompare($amazonAddress['firstname'], $magentoAddress->getFirstname()) &&
+            $this->fuzzyCompare($amazonAddress['lastname'], $magentoAddress->getLastname()) &&
+            $this->fuzzyCompare($amazonAddress['city'], $magentoAddress->getCity()) &&
+            $this->fuzzyCompare($amazonAddress['postcode'], $magentoAddress->getPostcode()) &&
+            $this->fuzzyCompare($amazonAddress['street'][0], $magentoAddress->getStreet()[0]);
+    }
+
+    /**
+     * Compare two strings after stripping punctuation and lowercasing
+     *
+     * @param string $a
+     * @param string $b
+     * @return bool
+     */
+    protected function fuzzyCompare($a, $b)
+    {
+        return strtolower(preg_replace("#[[:punct:]]#", "", $a)) == strtolower(preg_replace("#[[:punct:]]#", "", $b));
+    }
 }
diff --git a/Helper/SubscriptionHelper.php b/Helper/SubscriptionHelper.php
@@ -194,7 +194,7 @@ function ($subscription) use ($publicHash) {
      * @param mixed $value
      * @return Filter
      */
-    private function buildFilter(string $field, mixed $value)
+    private function buildFilter(string $field, $value)
     {
         return $this->filterBuilder
             ->setField($field)
diff --git a/Helper/Transaction.php b/Helper/Transaction.php
@@ -131,7 +131,7 @@ public function getIncomplete()
      * @param mixed $transactionId
      * @return void
      */
-    public function closeTransaction(mixed $transactionId)
+    public function closeTransaction($transactionId)
     {
         $transaction = $this->transactionRepository->get($transactionId);
         $transaction->setIsClosed(true);
diff --git a/Model/Adapter/AmazonPayAdapter.php b/Model/Adapter/AmazonPayAdapter.php
@@ -197,13 +197,18 @@ public function updateCheckoutSession($quote, $checkoutSessionId, $paymentIntent
                 'chargeAmount' => $this->createPrice($quote->getGrandTotal(), $quote->getQuoteCurrencyCode()),
             ],
             'merchantMetadata' => [
-                'merchantStoreName' => $this->amazonConfig->getStoreName()
+                'merchantStoreName' => $this->amazonConfig->getStoreName(),
+                'merchantReferenceId' => $quote->getReservedOrderId()
             ],
             'platformId' => $this->amazonConfig->getPlatformId(),
         ];
 
         $headers = $this->getPlatformHeaders();
-        $response = $this->clientFactory->create($storeId)->updateCheckoutSession($checkoutSessionId, $payload, $headers);
+        $response = $this->clientFactory->create($storeId)->updateCheckoutSession(
+            $checkoutSessionId,
+            $payload,
+            $headers
+        );
 
         return $this->processResponse($response, __FUNCTION__);
     }
@@ -361,7 +366,11 @@ public function updateChargePermission(int $storeId, string $chargePermissionId,
         }
 
         $headers = $this->getPlatformHeaders();
-        $response = $this->clientFactory->create($storeId)->updateChargePermission($chargePermissionId, $payload, $headers);
+        $response = $this->clientFactory->create($storeId)->updateChargePermission(
+            $chargePermissionId,
+            $payload,
+            $headers
+        );
 
         return $this->processResponse($response, __FUNCTION__);
     }
@@ -402,7 +411,11 @@ public function closeChargePermission($storeId, $chargePermissionId, $reason, $c
         ];
 
         $headers = $this->getPlatformHeaders();
-        $response = $this->clientFactory->create($storeId)->closeChargePermission($chargePermissionId, $payload, $headers);
+        $response = $this->clientFactory->create($storeId)->closeChargePermission(
+            $chargePermissionId,
+            $payload,
+            $headers
+        );
 
         return $this->processResponse($response, __FUNCTION__);
     }
diff --git a/Model/AmazonConfig.php b/Model/AmazonConfig.php
@@ -1020,10 +1020,10 @@ public function isGuestCheckoutEnabled($scope = ScopeInterface::SCOPE_STORE, $sc
     }
 
     /**
-     * get configured payment method logo / acceptance mark
+     * Get configured payment method logo / acceptance mark
      *
-     * @param $scope
-     * @param $scopeCode
+     * @param string $scope
+     * @param int|string $scopeCode
      * @return string
      */
     public function getAcceptanceMark($scope = ScopeInterface::SCOPE_STORE, $scopeCode = null)
diff --git a/Model/CheckoutSessionManagement.php b/Model/CheckoutSessionManagement.php
@@ -45,6 +45,7 @@
 class CheckoutSessionManagement implements \Amazon\Pay\Api\CheckoutSessionManagementInterface
 {
     protected const GENERIC_COMPLETE_CHECKOUT_ERROR_MESSAGE = 'Unable to complete Amazon Pay checkout.';
+    protected const ADDRESS_CHANGED_CHECKOUT_ERROR_MESSAGE = 'Shipping address mismatch.';
 
     /**
      * @var \Magento\Store\Model\StoreManagerInterface
@@ -731,9 +732,12 @@ public function cancelOrder($order, $quote = null, $reasonMessage = '')
     protected function handleCompleteCheckoutSessionError($message, $logEntryDetails = '')
     {
         $this->logger->error($message . ' ' . $logEntryDetails);
+        if ($message == $this::ADDRESS_CHANGED_CHECKOUT_ERROR_MESSAGE) {
+            $message = $this::GENERIC_COMPLETE_CHECKOUT_ERROR_MESSAGE;
+        }
         $result = [
             'success' => false,
-            'message' => $this->getTranslationString($message),
+            'message' => $this->getTranslationString($message)
         ];
         return $result;
     }
@@ -811,6 +815,20 @@ public function completeCheckoutSession($amazonSessionId, $cartId = null, $order
      */
     public function placeOrder($amazonSessionId, $quoteId = null)
     {
+
+        // verify the shipping address has not been modified in Magento, it must match
+        // the one selected in the Amazon checkout session (express checkout only)
+        if ($amznShippingAddress = $this->getShippingAddress($amazonSessionId)) {
+            $amazonAddress = $amznShippingAddress[0];
+            $magentoAddress = $this->session->getQuoteFromIdOrSession($quoteId)->getShippingAddress();
+            if (!$this->addressHelper->validateShippingIsSame($amazonAddress, $magentoAddress)) {
+                return $this->handleCompleteCheckoutSessionError(
+                    self::ADDRESS_CHANGED_CHECKOUT_ERROR_MESSAGE,
+                    $this->getAddressMismatchDetails($amazonAddress, $magentoAddress)
+                );
+            }
+        }
+
         if (!$quote = $this->session->getQuoteFromIdOrSession($quoteId)) {
             $errorMsg = "Unable to complete Amazon Pay checkout. Quote not found.";
             if ($quoteId) {
@@ -881,7 +899,7 @@ public function placeOrder($amazonSessionId, $quoteId = null)
             $this->logger->error($errorMsg . $quote->getId());
             return [
                 'success' => false,
-                'message' => $this->getTranslationString(self::GENERIC_COMPLETE_CHECKOUT_ERROR_MESSAGE),
+                'message' => $this->getTranslationString(self::GENERIC_COMPLETE_CHECKOUT_ERROR_MESSAGE)
             ];
         }
 
@@ -910,6 +928,31 @@ protected function getCanceledMessage($amazonSession)
         return $amazonSession['statusDetails']['reasonDescription'];
     }
 
+    /**
+     * Get log-friendly details of disagreeing checkout session addresses
+     *
+     * @param mixed $amazonAddress
+     * @param \Magento\Quote\Model\Quote\Address $magentoAddress
+     * @return string
+     */
+    protected function getAddressMismatchDetails($amazonAddress, $magentoAddress)
+    {
+        return 'Address from Amazon account: ' . json_encode($amazonAddress) . '; Address entered in Magento: ' .
+            json_encode([
+                'city' => $magentoAddress->getCity(),
+                'firstname' => $magentoAddress->getFirstName(),
+                'lastname' => $magentoAddress->getLastname(),
+                'country_id' => $magentoAddress->getCountryId(),
+                'street' => $magentoAddress->getStreet(),
+                'postcode' => $magentoAddress->getPostcode(),
+                'telephone' => $magentoAddress->getTelephone(),
+                'region' => $magentoAddress->getRegion(),
+                'region_id' => $magentoAddress->getRegionId(),
+                'region_code' => $magentoAddress->getRegionCode(),
+                'email' => $magentoAddress->getEmail()
+            ]);
+    }
+
     /**
      * Update vault token
      *
@@ -1365,7 +1408,7 @@ private function closeChargePermission($amazonSessionId, OrderInterface $order,
      * @param mixed $orderId
      * @return void
      */
-    public function setOrderPendingPaymentReview(mixed $orderId)
+    public function setOrderPendingPaymentReview($orderId)
     {
         try {
             if (!$orderId) {
diff --git a/Model/Config/Source/AcceptanceMark.php b/Model/Config/Source/AcceptanceMark.php
@@ -41,7 +41,7 @@ public function __construct($logos = [])
     public function toOptionArray()
     {
         $result = [];
-        foreach($this->logos as $logo){
+        foreach ($this->logos as $logo) {
             $result[] = [
                 'label' => __($logo['label']),
                 'value' => $logo['value']
diff --git a/Plugin/CustomerNameByCountry.php b/Plugin/CustomerNameByCountry.php
@@ -38,6 +38,7 @@ class CustomerNameByCountry
      * @param ScopeConfigInterface $scopeConfig
      * @param Config $eavConfig
      * @param Resolver $store
+     * @param LoggerInterface $logger
      */
     public function __construct(
         ScopeConfigInterface $scopeConfig,
diff --git a/Plugin/SendEmail.php b/Plugin/SendEmail.php
@@ -56,14 +56,15 @@ public function __construct(
      */
     public function afterSetState(Order $subject, Order $result, string $state)
     {
-        if ($subject->getPayment()->getMethod() == Config::CODE) {
+        if ($subject->getPayment() &&
+            $subject->getPayment()->getMethod() == Config::CODE) {
             if ($this->scopeConfig->getValue('sales_email/order/enabled')) {
                 $subject->setCanSendNewEmailFlag(false);
 
-                if ($subject->getState() == Order::STATE_PROCESSING
-                    && !empty($subject->getStatusHistories())
-                    && !$subject->getEmailSent())
-                {
+                if ($subject->getState() == Order::STATE_PROCESSING &&
+                    !empty($subject->getStatusHistories()) &&
+                    !$subject->getEmailSent()
+                    ) {
                     $subject->setCanSendNewEmailFlag(true);
                     $this->orderSender->send($subject);
                 }
diff --git a/README.md b/README.md
@@ -48,7 +48,7 @@ The following table provides an overview on which Git branch is compatible to wh
 Magento Version | Github Branch | Latest release
 ---|---|---
 2.2.6 - 2.2.11 (EOL) | [V2checkout-1.2.x](https://github.com/amzn/amazon-payments-magento-2-plugin/tree/V2checkout-1.2.x)  | 1.20.0 (EOL)
-2.3.0 - 2.4.x | [master](https://github.com/amzn/amazon-payments-magento-2-plugin/tree/master) | 5.18.1
+2.3.0 - 2.4.x | [master](https://github.com/amzn/amazon-payments-magento-2-plugin/tree/master) | 5.18.2
 
 ## Release Notes
 See [CHANGELOG.md](/CHANGELOG.md) 
diff --git a/Test/Mftf-24/Data/AmazonErrorMessageData.xml b/Test/Mftf-24/Data/AmazonErrorMessageData.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/DataGenerator/etc/dataProfileSchema.xsd">
+
+    <entity name="AmazonErrorMessageData" type="shipping">
+        <data key="generic">Unable to complete Amazon Pay checkout.</data>
+    </entity>
+
+</entities>
diff --git a/Test/Mftf-24/Section/AmazonCheckoutSection.xml b/Test/Mftf-24/Section/AmazonCheckoutSection.xml
@@ -9,5 +9,6 @@
         <element name="v1Method" type="input" selector="#amazonlogin"/>
         <element name="method" type="input" selector="#amazon_payment_v2"/>
         <element name="returnToStandardCheckout" type="text" selector="#checkout-step-shipping .revert-checkout"/>
+        <element name="placeOrder" type="button" selector=".payment-method._active button.action.primary.checkout"/>
     </section>
 </sections>
diff --git a/Test/Mftf-24/Test/AmazonCheckoutShippingAddressMismatch.xml b/Test/Mftf-24/Test/AmazonCheckoutShippingAddressMismatch.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AmazonCheckoutShippingAddressMismatch" extends="AmazonCheckoutButton">
+        <annotations>
+            <stories value="Amazon Address"/>
+            <title value="Amazon Shipping Address Mismatch"/>
+            <description value="Order submission should fail if the quote's shipping address doesn't match the address supplied by Amazon during Express Checkout."/>
+            <severity value="CRITICAL"/>
+            <group value="amazon_pay"/>
+            <group value="amazon_pay_address"/>
+        </annotations>
+
+        <!--Go to Amazon Pay from the checkout and login-->
+        <actionGroup ref="AmazonLoginAndCheckoutActionGroup" stepKey="AmazonLoginAndCheckoutActionGroup"/>
+        <!--Proceed to payment page-->
+        <click selector="{{CheckoutShippingSection.next}}" stepKey="moveToPayment"/>
+
+        <!--Open new tab and switch to it-->
+        <openNewTab stepKey="openNewTab"/>
+        <actionGroup ref="StorefrontOpenHomePageActionGroup" stepKey="goToHomePage"/>
+        <actionGroup ref="GoToCheckoutFromMinicartActionGroup" stepKey="goToCheckoutFromMiniCart2"/>
+        <waitForPageLoad stepKey="waitForPageLoad"/>
+        <!--Change and submit fraudulent shipping address-->
+        <actionGroup ref="AmazonShipmentFormActionGroup" stepKey="submitFraudulentShippingAddress" />
+        <!--Move back to initial tab and place order-->
+        <switchToNextTab stepKey="moveToExpressCheckoutTab"/>
+        <click selector="{{AmazonCheckoutSection.placeOrder}}" stepKey="placeOrder"/>
+        <waitForLoadingMaskToDisappear stepKey="waitForOrderSubmissionToFail"/>
+        <see userInput="{{AmazonErrorMessageData.generic}}" stepKey="seeErrorMessage"/>
+    </test>
+</tests>
diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
   "name": "amzn/amazon-pay-magento-2-module",
   "description": "Official Magento2 Plugin to integrate with Amazon Pay",
   "type": "magento2-module",
-  "version": "5.18.1",
+  "version": "5.18.2",
   "license": [
     "Apache-2.0"
   ],
diff --git a/view/adminhtml/templates/system/config/autokeyexchange_admin.phtml b/view/adminhtml/templates/system/config/autokeyexchange_admin.phtml
@@ -25,8 +25,6 @@ use Magento\Framework\Escaper;
 $currency = $block->getCurrency();
 ?>
 
-<br/>
-
 <?php if ($block->canUpgrade()): ?>
     <div data-mage-init='{"Amazon_Pay/js/keyupgrade": <?= $escaper->escapeHtml($block->getKeyUpgradeConfig()) ?>}'
             id="amazon_keyupgrade">
@@ -69,6 +67,15 @@ $currency = $block->getCurrency();
             <div></div>
         <?php else: ?>
             <div id="autokeyexchange-hint">
+                <div id="keypair-hint">
+                    <p class="message message-info">
+                        <?= $escaper->escapeHtml(
+                            __("If you are trying to automatically register/configure your account and it is not " .
+                            "working, try clicking the Reset configuration button to reset the internal " .
+                            "public/private key, and then retry the transfer process.")
+                        ); ?>
+                    </p>
+                </div>
                 <?= $escaper->escapeHtml(
                     __(
                         "You'll be connecting/registering a %1 account based on your display currency of your store " .
diff --git a/view/adminhtml/web/css/source/_module.less b/view/adminhtml/web/css/source/_module.less
@@ -37,3 +37,7 @@ tr[id$='_amazon_pay_credentials_private_key_selector'] {
         width: 320px;
     }
 }
+
+#keypair-hint {
+    margin-bottom: 1em;
+}
diff --git a/view/frontend/requirejs-config.js b/view/frontend/requirejs-config.js
@@ -34,6 +34,9 @@ var config = {
             'Magento_Checkout/js/view/shipping-address/address-renderer/default': {
                 'Amazon_Pay/js/view/shipping-address/address-renderer/default': true
             },
+            'Magento_Checkout/js/model/error-processor': {
+                'Amazon_Pay/js/model/error-processor-mixin': true
+            },
             'Magento_PurchaseOrder/js/view/checkout/shipping-address/address-renderer/default': {
                 'Amazon_Pay/js/view/shipping-address/address-renderer/default': true
             },
diff --git a/view/frontend/web/js/model/error-processor-mixin.js b/view/frontend/web/js/model/error-processor-mixin.js
diff --git a/view/frontend/web/js/view/promo/promo-display.js b/view/frontend/web/js/view/promo/promo-display.js

Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ function ($subscription) use ($publicHash) {`
`194`	`194`	`* @param mixed $value`
`195`	`195`	`* @return Filter`
`196`	`196`	`*/`
`197`		`- private function buildFilter(string $field, mixed $value)`
	`197`	`+ private function buildFilter(string $field, $value)`
`198`	`198`	`{`
`199`	`199`	`return $this->filterBuilder`
`200`	`200`	`->setField($field)`
Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ public function getIncomplete()`
`131`	`131`	`* @param mixed $transactionId`
`132`	`132`	`* @return void`
`133`	`133`	`*/`
`134`		`- public function closeTransaction(mixed $transactionId)`
	`134`	`+ public function closeTransaction($transactionId)`
`135`	`135`	`{`
`136`	`136`	`$transaction = $this->transactionRepository->get($transactionId);`
`137`	`137`	`$transaction->setIsClosed(true);`
Original file line number	Diff line number	Diff line change
`@@ -1020,10 +1020,10 @@ public function isGuestCheckoutEnabled($scope = ScopeInterface::SCOPE_STORE, $sc`
`1020`	`1020`	`}`
`1021`	`1021`
`1022`	`1022`	`/**`
`1023`		`- * get configured payment method logo / acceptance mark`
	`1023`	`+ * Get configured payment method logo / acceptance mark`
`1024`	`1024`	`*`
`1025`		`- * @param $scope`
`1026`		`- * @param $scopeCode`
	`1025`	`+ * @param string $scope`
	`1026`	`+ * @param int\|string $scopeCode`
`1027`	`1027`	`* @return string`
`1028`	`1028`	`*/`
`1029`	`1029`	`public function getAcceptanceMark($scope = ScopeInterface::SCOPE_STORE, $scopeCode = null)`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function __construct($logos = [])`
`41`	`41`	`public function toOptionArray()`
`42`	`42`	`{`
`43`	`43`	`$result = [];`
`44`		`- foreach($this->logos as $logo){`
	`44`	`+ foreach ($this->logos as $logo) {`
`45`	`45`	`$result[] = [`
`46`	`46`	`'label' => __($logo['label']),`
`47`	`47`	`'value' => $logo['value']`