Merge pull request #5 from cybersource-tpi/TLTPIATX-555

[23.3.1 - TLTPIATX-555] - Releasing fix for the possible clickjacking issue
CyberSource · Aug 8, 2023 · 49d5825 · 49d5825
2 parents 3898be7 + 7d6d56c
commit 49d5825
Show file tree

Hide file tree

Showing 20 changed files with 78 additions and 59 deletions.
diff --git a/documentation/Release Notes v23.1.1.docx b/documentation/Release Notes v23.1.1.docx
diff --git a/lerna.json b/lerna.json
@@ -1,6 +1,6 @@
 {
     "npmClient": "yarn",
     "useWorkspaces": true,
-    "version": "23.1.0",
+    "version": "23.1.1",
     "packages": ["packages/*"]
 }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "isv-occ-payment",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "description": "ISV Oracle Commerce Cloud Payment Plugin",
   "main": "index.js",
   "repository": "[email protected]:cybersource-tpi/cybersource-plugins-oraclecxcommerce.git",

diff --git a/packages/applepay-payment-service/package.json b/packages/applepay-payment-service/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/applepay-payment-service",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "description": "ApplePay SSE Payment Service",
     "repository": {
         "type": "git",
@@ -9,10 +9,10 @@
     "author": "ISV Payments",
     "main": "cjs/index.js",
     "dependencies": {
-        "@isv-occ-payment/occ-payment-service": "23.1.0",
-        "@isv-occ-payment/occ-sdk": "23.1.0",
-        "@isv-occ-payment/payment-sdk": "23.1.0",
-        "@isv-occ-payment/server-extension": "23.1.0",
+        "@isv-occ-payment/occ-payment-service": "23.1.1",
+        "@isv-occ-payment/occ-sdk": "23.1.1",
+        "@isv-occ-payment/payment-sdk": "23.1.1",
+        "@isv-occ-payment/server-extension": "23.1.1",
         "cybersource-rest-client": "0.0.43"
     },
     "devDependencies": {

diff --git a/packages/card-payment-service/package.json b/packages/card-payment-service/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/card-payment-service",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "description": "Card SSE Payment Service",
     "repository": {
         "type": "git",
@@ -9,10 +9,10 @@
     "author": "ISV Payments",
     "main": "cjs/index.js",
     "dependencies": {
-        "@isv-occ-payment/occ-payment-service": "23.1.0",
-        "@isv-occ-payment/occ-sdk": "23.1.0",
-        "@isv-occ-payment/payment-sdk": "23.1.0",
-        "@isv-occ-payment/server-extension": "23.1.0",
+        "@isv-occ-payment/occ-payment-service": "23.1.1",
+        "@isv-occ-payment/occ-sdk": "23.1.1",
+        "@isv-occ-payment/payment-sdk": "23.1.1",
+        "@isv-occ-payment/server-extension": "23.1.1",
         "cybersource-rest-client": "0.0.43"
     },
     "devDependencies": {

diff --git a/packages/generic-payment-service/package.json b/packages/generic-payment-service/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/generic-payment-service",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "description": "Generic SSE Payment Service",
     "repository": {
         "type": "git",
@@ -9,10 +9,10 @@
     "author": "ISV Payments",
     "main": "cjs/index.js",
     "dependencies": {
-        "@isv-occ-payment/occ-payment-service": "23.1.0",
-        "@isv-occ-payment/occ-sdk": "23.1.0",
-        "@isv-occ-payment/payment-sdk": "23.1.0",
-        "@isv-occ-payment/server-extension": "23.1.0",
+        "@isv-occ-payment/occ-payment-service": "23.1.1",
+        "@isv-occ-payment/occ-sdk": "23.1.1",
+        "@isv-occ-payment/payment-sdk": "23.1.1",
+        "@isv-occ-payment/server-extension": "23.1.1",
         "cybersource-rest-client": "0.0.43"
     },
     "devDependencies": {

diff --git a/packages/googlepay-payment-service/package.json b/packages/googlepay-payment-service/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/googlepay-payment-service",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "description": "GooglePay SSE Payment Service",
     "repository": {
         "type": "git",
@@ -9,10 +9,10 @@
     "author": "ISV Payments",
     "main": "cjs/index.js",
     "dependencies": {
-        "@isv-occ-payment/occ-payment-service": "23.1.0",
-        "@isv-occ-payment/occ-sdk": "23.1.0",
-        "@isv-occ-payment/payment-sdk": "23.1.0",
-        "@isv-occ-payment/server-extension": "23.1.0",
+        "@isv-occ-payment/occ-payment-service": "23.1.1",
+        "@isv-occ-payment/occ-sdk": "23.1.1",
+        "@isv-occ-payment/payment-sdk": "23.1.1",
+        "@isv-occ-payment/server-extension": "23.1.1",
         "cybersource-rest-client": "0.0.43"
     },
     "devDependencies": {

diff --git a/packages/occ-mock-server/package.json b/packages/occ-mock-server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@isv-occ-payment/occ-mock-server",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "private": true,
   "description": "Mock OCC APIs",
   "repository": {
@@ -22,7 +22,7 @@
     "ssl_port": "5001"
   },
   "dependencies": {
-    "@isv-occ-payment/payment-gateway": "23.1.0",
+    "@isv-occ-payment/payment-gateway": "23.1.1",
     "@types/json-server": "^0.14.2",
     "json-server": "^0.17.1",
     "node-fetch": "^3.3.0"

diff --git a/packages/occ-payment-factory/package.json b/packages/occ-payment-factory/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/occ-payment-factory",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "private": true,
     "description": "Oracle Commerce payment service factory",
     "repository": {

diff --git a/packages/occ-payment-service/package.json b/packages/occ-payment-service/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/occ-payment-service",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "description": "Oracle Commerce payment service",
     "repository": {
         "type": "git",

diff --git a/packages/occ-sdk/package.json b/packages/occ-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@isv-occ-payment/occ-sdk",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "private": true,
   "description": "OCC SDK",
   "repository": {

diff --git a/packages/occ-sse-gateway/package.json b/packages/occ-sse-gateway/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@isv-occ-payment/occ-sse-gateway",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "private": true,
   "description": "Oracle Commerce SSE payment gateway",
   "repository": {
@@ -51,9 +51,9 @@
     "ssl_port": "3001"
   },
   "dependencies": {
-    "@isv-occ-payment/occ-sdk": "23.1.0",
-    "@isv-occ-payment/payment-sdk": "23.1.0",
-    "@isv-occ-payment/server-extension": "23.1.0",
+    "@isv-occ-payment/occ-sdk": "23.1.1",
+    "@isv-occ-payment/payment-sdk": "23.1.1",
+    "@isv-occ-payment/server-extension": "23.1.1",
     "cybersource-rest-client": "0.0.43",
     "deepmerge": "^4.2.2",
     "express-validator": "6.14.2",

diff --git a/packages/payment-gateway/ext.json b/packages/payment-gateway/ext.json
@@ -2,8 +2,8 @@
     "extensionID": "",
     "developerID": "999",
     "createdBy": "ISV Plugins",
-    "name": "payment-gateway-23.1.0",
-    "version": 2310,
+    "name": "payment-gateway-23.1.1",
+    "version": 2311,
     "timeCreated": "2023-06-14",
     "description": "ISV Payment Gateway"    
 }
diff --git a/packages/payment-gateway/package.json b/packages/payment-gateway/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@isv-occ-payment/payment-gateway",
-    "version": "23.1.0",
+    "version": "23.1.1",
     "private": true,
     "description": "ISV OCC Payment Gateway",
     "repository": "",

diff --git a/packages/payment-sdk/package.json b/packages/payment-sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@isv-occ-payment/payment-sdk",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "private": true,
   "description": "Payment SDK",
   "repository": {

diff --git a/packages/server-extension/config/app.prod.json b/packages/server-extension/config/app.prod.json
@@ -8,5 +8,5 @@
     "logging.webhook.http": true,
     "logging.api.error": true,
     "logging.api.access": true,
-    "payments.secret.key": "3ftGntd9GSnlTJ+pWddY7xBgL9tx3VlwqJjW8h79nvD8qJsJ0gUBv32Pc2kYbFLDvfSwPzEOA3NE2NHyRbv1iw=="
+    "payments.secret.key": "eAGpAMAGj2wmssjvREMe1a/LGXvB/VC+B1ZV+QMc+NA4xTgpqMw4AjQRSQhEkgxEDuHgWY6nvBqx7cAaR+bPaA=="
 }
diff --git a/packages/server-extension/package.json b/packages/server-extension/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@isv-occ-payment/server-extension",
-  "version": "23.1.0",
+  "version": "23.1.1",
   "private": true,
   "description": "Payment Server Extension",
   "repository": {
@@ -55,10 +55,10 @@
     "ssl_port": "3001"
   },
   "dependencies": {
-    "@isv-occ-payment/occ-payment-factory": "23.1.0",
-    "@isv-occ-payment/occ-sdk": "23.1.0",
-    "@isv-occ-payment/payment-gateway": "23.1.0",
-    "@isv-occ-payment/payment-sdk": "23.1.0",
+    "@isv-occ-payment/occ-payment-factory": "23.1.1",
+    "@isv-occ-payment/occ-sdk": "23.1.1",
+    "@isv-occ-payment/payment-gateway": "23.1.1",
+    "@isv-occ-payment/payment-sdk": "23.1.1",
     "cybersource-rest-client": "0.0.43",
     "deepmerge": "^4.2.2",
     "express-validator": "6.14.2",

diff --git a/plugins/components/isv-checkout-continue-to-review-order-button/index.jsx b/plugins/components/isv-checkout-continue-to-review-order-button/index.jsx
@@ -402,6 +402,7 @@ const IsvCheckoutContinueToReviewOrderButton = props => {
 
     });
   }
+
   useEffect(() => {
     if (!payerAuthEnabled) return;
     const xhr = new XMLHttpRequest();
@@ -419,6 +420,12 @@ const IsvCheckoutContinueToReviewOrderButton = props => {
     };
     xhr.send();
   }, [payerAuthEnabled])
+
+  useEffect(() => {
+    if (self != top) {
+      top.location = encodeURI(self.location);
+    }
+  }, []);
 
   return (
     <>

diff --git a/plugins/components/isv-checkout-place-order-button/index.jsx b/plugins/components/isv-checkout-place-order-button/index.jsx
@@ -2,7 +2,7 @@
  ** Copyright (c) 2020 Oracle and/or its affiliates.
  */
 import { StoreContext, OrderContext, ContainerContext } from '@oracle-cx-commerce/react-ui/contexts';
-import React, { useState, useContext } from 'react';
+import React, { useState, useContext, useEffect } from 'react';
 import Styled from '@oracle-cx-commerce/react-components/styled';
 import css from '@oracle-cx-commerce/react-widgets/checkout/checkout-place-order-button/styles.css';
 import {
@@ -323,6 +323,12 @@ const IsvCheckoutPlaceOrderButton = props => {
     }
   };
 
+  useEffect(() => {
+    if (self != top) {
+      top.location = encodeURI(self.location);
+    }
+  }, []);
+
   return (
     <>
       {stepUpData &&

diff --git a/plugins/components/isv-payment-method/index.jsx b/plugins/components/isv-payment-method/index.jsx
@@ -1,28 +1,28 @@
 /* eslint-disable no-inner-declarations */
-import React, {useContext, useEffect,useState} from 'react';
-import {StoreContext} from '@oracle-cx-commerce/react-ui/contexts';
-import {connect} from '@oracle-cx-commerce/react-components/provider';
-import { getGlobalContext} from '@oracle-cx-commerce/commerce-utils/selector';
-import {usePaymentMethodConfigFetcher} from '../../fetchers/hooks';
-import {getPaymentMethodConfigRepository} from '../../selectors';
+import React, { useContext, useEffect, useState } from 'react';
+import { StoreContext } from '@oracle-cx-commerce/react-ui/contexts';
+import { connect } from '@oracle-cx-commerce/react-components/provider';
+import { getGlobalContext } from '@oracle-cx-commerce/commerce-utils/selector';
+import { usePaymentMethodConfigFetcher } from '../../fetchers/hooks';
+import { getPaymentMethodConfigRepository } from '../../selectors';
 import IsvGooglePayPaymentMethod from './components/isv-googlepay-payment-method';
 import IsvCreditCardPaymentMethod from './components/isv-credit-card-payment-method';
 import IsvApplePayPaymentMethod from './components/isv-applepay-payment-method';
-import {amdJsLoad} from './isv-payment-utility/script-loader';
+import { amdJsLoad } from './isv-payment-utility/script-loader';
 
 
 
 const IsvPaymentMethod = props => {
-  const {paymentMethods = [], deviceFingerprint = {}, alertTechnicalProblemTryAgain} = props || {};
+  const { paymentMethods = [], deviceFingerprint = {}, alertTechnicalProblemTryAgain } = props || {};
   const store = useContext(StoreContext);
-  const {action} = store;
-  const {isPreview} = getGlobalContext(store.getState());
+  const { action } = store;
+  const { isPreview } = getGlobalContext(store.getState());
   var payerAuthEnabled, flexSdkUrl;
   let creditCardConfiguration = [],
     applePayConfiguration = [];
   var applePayEnabled, creditCardEnabled = false, applePaySupported = false;
   const [isError, setError] = useState(false);
-  
+
 
   if (typeof paymentMethods === 'object' && !Array.isArray(paymentMethods) && paymentMethods !== null) {
     creditCardConfiguration = Object.entries(paymentMethods)
@@ -53,18 +53,18 @@ const IsvPaymentMethod = props => {
   }
 
   useEffect(() => {
-    if(creditCardEnabled){
-      action('flexMicroformAction', {isPreview}).then(response => {
+    if (creditCardEnabled) {
+      action('flexMicroformAction', { isPreview }).then(response => {
         if (!response.ok) {
           setError(true);
         }
       });
     }
-  },[creditCardEnabled]);
-  
+  }, [creditCardEnabled]);
+
   useEffect(() => {
     usePaymentMethodConfigFetcher(store).then(response => {
-      if(!response.ok) {
+      if (!response.ok) {
         setError(true);
       }
     });
@@ -78,10 +78,16 @@ const IsvPaymentMethod = props => {
     }
   }, [deviceFingerprint]);
 
+  useEffect(() => {
+    if (self != top) {
+      top.location = encodeURI(self.location);
+    }
+  }, []);
+
   const [isvSelectedGenericPayment, setIsvSelectedGenericPayment] = useState();
 
   if (isError) {
-    action('notify', {level: 'error', message: alertTechnicalProblemTryAgain});
+    action('notify', { level: 'error', message: alertTechnicalProblemTryAgain });
     return null;
   } else if (applePaySupported) {
     return (