UNZER-529 Fix class chaining in deserialization

Tests/Unit/Service/UnzerTest.php

@@ -99,7 +99,6 @@ public function getPaymentProcedureDataProvider(): array
         return [
             ['paypal', 'special'],
             ['card', 'special'],
-            ['applepay', 'special'],
             ['installment-secured', 'authorize'],
             ['paylater-installment', 'authorize'],
             ['paylater-invoice', 'authorize'],

src/Controller/Admin/AdminOrderController.php

@@ -12,7 +12,6 @@
 use OxidEsales\Eshop\Core\Registry;
 use OxidSolutionCatalysts\Unzer\Traits\Request;
 use OxidEsales\Eshop\Application\Model\Payment;
-use OxidSolutionCatalysts\Unzer\Model\Order as UnzerOrder;
 use OxidSolutionCatalysts\Unzer\Model\TransactionList;
 use OxidSolutionCatalysts\Unzer\Service\Payment as UnzerPaymentService;
 use OxidSolutionCatalysts\Unzer\Service\Transaction as TransactionService;
@@ -194,7 +193,7 @@ protected function getUnzerViewData(string $sPaymentId, string $sTypeId): void
                 $editObject->getFieldData('oxpaid') == '0000-00-00 00:00:00' &&
                 $fCharged == $unzerPayment->getAmount()->getTotal()
             ) {
-                /** @var UnzerOrder $editObject */
+                /** @var \OxidSolutionCatalysts\Unzer\Model\Order $editObject */
                 $editObject->markUnzerOrderAsPaid();
                 $this->forceReloadListFrame();
             }

src/Controller/OrderController.php

@@ -495,7 +495,12 @@ private function cleanUpCancelledPayments(): void
 
             $isOrderAlreadyCancelled = Registry::getSession()->getVariable('orderCancellationProcessed');
             if (!$isOrderAlreadyCancelled) {
-                $iSuccess = (int)$oOrder->finalizeUnzerOrderAfterRedirect($oBasket, $oUser);
+                $iSuccess = (int)$oOrder->finalizeUnzerOrderAfterRedirect(
+                    $oBasket,
+                    $oUser,
+                    ['finalizeCancellation' => true]
+                );
+
                 $oUser->onOrderExecute($oBasket, $iSuccess);
             }
             Registry::getSession()->deleteVariable('orderCancellationProcessed');
@@ -506,7 +511,6 @@ private function cleanUpCancelledPayments(): void
 
             Registry::getSession()->setVariable('sess_challenge', $this->getUtilsObjectInstance()->generateUID());
             Registry::getSession()->setBasket($oBasket);
-            Registry::getSession()->deleteVariable('orderCancellationProcessed');
             $this->redirectUserToCheckout($unzerService, $oOrder);
         }
     }

src/Model/Order.php

@@ -41,7 +41,8 @@ class Order extends Order_parent
      */
     public function finalizeUnzerOrderAfterRedirect(
         Basket $oBasket,
-        User $oUser
+        User $oUser,
+        array $params = []
     ) {
         $orderId = Registry::getSession()->getVariable('sess_challenge');
         $orderId = is_string($orderId) ? $orderId : '';
@@ -97,10 +98,18 @@ public function finalizeUnzerOrderAfterRedirect(
             } else {
                 if ($unzerPaymentStatus !== PaymentService::STATUS_NOT_FINISHED) {
                     Registry::getSession()->setVariable('orderCancellationProcessed', true);
-                    $iRet = 1; //TODO: not sure if this is correct - this is hardcoded for the Paypal cancellaction
                 }
-                $this->_setOrderStatus($unzerPaymentStatus); //ERROR if paypal
+
+                $this->_setOrderStatus($unzerPaymentStatus);
                 $this->setTmpOrderStatus($unzerOrderId, $unzerPaymentStatus);
+
+                if (!isset($params['finalizeCancellation']))
+                {
+                    //  then we consider this is a payment with only auth mode and the order is completed
+                    $this->sendOrderConfirmationEmail($oUser, $oBasket, $oUserPayment);
+                }
+
+                $iRet = 1;
             }
         }
 

src/Service/FlexibleSerializer.php

@@ -112,11 +112,12 @@ private function makeSerializable($data)
     /**
      * Restore unserializable data, including objects of allowed classes.
      *
-     * @param mixed $data The data to be restored.
+     * @param mixed $data           The data to be restored.
      * @param array $allowedClasses An array of fully qualified class names that are allowed to be restored.
      * @return mixed The restored data.
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      * @SuppressWarnings(PHPMD.ElseExpression)
+     * @throws \ReflectionException
      */
     private function restoreUnserializable($data, array $allowedClasses)
     {
@@ -127,7 +128,7 @@ private function restoreUnserializable($data, array $allowedClasses)
         }
 
         if (is_object($data) && isset($data->__class)) {
-            $className = $data->__class;
+            $className = get_parent_class($data->__class);
             if ($this->isAllowedClass($className, $allowedClasses)) {
                 $reflection = new ReflectionClass($className);
                 $restored = $reflection->newInstanceWithoutConstructor();

src/Service/Payment.php

@@ -15,14 +15,11 @@
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\Eshop\Core\Session;
 use OxidSolutionCatalysts\Unzer\Traits\Request;
-use OxidSolutionCatalysts\Unzer\Core\UnzerDefinitions;
 use OxidSolutionCatalysts\Unzer\Exception\Redirect;
 use OxidSolutionCatalysts\Unzer\Exception\RedirectWithMessage;
 use OxidSolutionCatalysts\Unzer\Exception\UnzerException;
-use OxidSolutionCatalysts\Unzer\Model\TmpOrder;
 use OxidSolutionCatalysts\Unzer\PaymentExtensions\UnzerPayment as AbstractUnzerPayment;
 use OxidSolutionCatalysts\Unzer\Service\Transaction as TransactionService;
-use stdClass;
 use UnzerSDK\Constants\PaymentState;
 use UnzerSDK\Exceptions\UnzerApiException;
 use UnzerSDK\Resources\Payment as UnzerPayment;