Hi Pay: Dont add 3ds when :three_ds_2 is missing

Description ------------------------- When `:execute_threed` was present but `:three_ds_2` wasn't, it would cause an error. This fix makes it return early when `:three_ds_2` is missing. Unit tests ------------------------- 6120 tests, 80841 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Remote tests ------------------------- 20 tests, 85 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications 100% passed Rubocop ------------------------- 803 files inspected, no offenses detected
activemerchant · Dec 6, 2024 · 0c35067 · 0c35067
1 parent 9191189
commit 0c35067
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 5 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -103,7 +103,7 @@
 * Braintree: Account for BraintreeError [almalee24] #5346
 * Worldpay: Fix stored credentials unscheduled reason type [Buitragox] #5352
 * Worldpay: Worldpay: Idempotency key fix [jherreraa] #5359
-
+* Hi Pay: Don't add 3ds when :three_ds_2 is missing [Buitragox] #5355
 
 == Version 1.137.0 (August 2, 2024)
 * Unlock dependency on `rexml` to allow fixing a CVE (#5181).

diff --git a/lib/active_merchant/billing/gateways/hi_pay.rb b/lib/active_merchant/billing/gateways/hi_pay.rb
@@ -144,7 +144,7 @@ def tokenize(payment_method, options = {})
       end
 
       def add_3ds(post, options)
-        return unless options.has_key?(:execute_threed)
+        return unless options[:execute_threed] && options[:three_ds_2]
 
         browser_info_3ds = options[:three_ds_2][:browser_info]
 

diff --git a/test/remote/gateways/remote_hi_pay_test.rb b/test/remote/gateways/remote_hi_pay_test.rb
@@ -10,6 +10,7 @@ def setup
     @bad_credit_card = credit_card('4150551403657424')
     @master_credit_card = credit_card('5399999999999999')
     @challenge_credit_card = credit_card('4242424242424242')
+    @threeds_credit_card = credit_card('5300000000000006')
 
     @options = {
       order_id: "Sp_ORDER_#{SecureRandom.random_number(1000000000)}",
@@ -66,6 +67,24 @@ def test_successful_purchase_with_3ds
     assert_equal 2, response.responses.size
   end
 
+  def test_challenge_without_threeds_params
+    response = @gateway.purchase(@amount, @threeds_credit_card, @options.merge(@billing_address))
+    assert_success response
+    assert_equal 'Authentication requested', response.message
+    assert_match %r{stage-secure-gateway.hipay-tpp.com\/gateway\/forward\/\w+}, response.params['forwardUrl']
+
+    assert_kind_of MultiResponse, response
+    assert_equal 2, response.responses.size
+  end
+
+  def test_frictionless_with_threeds_params
+    response = @gateway.purchase(@amount, @threeds_credit_card, @options.merge(@billing_address).merge(@execute_threed))
+    assert_success response
+    assert_equal 'Captured', response.message
+    assert_kind_of MultiResponse, response
+    assert_equal 2, response.responses.size
+  end
+
   def test_successful_purchase_with_mastercard
     response = @gateway.purchase(@amount, @master_credit_card, @options)
     assert_success response
@@ -90,11 +109,11 @@ def test_failed_purchase_due_authorization_refused
     response = @gateway.purchase(@amount, @bad_credit_card, @options)
     assert_failure response
     assert_equal 'Authorization Refused', response.message
-    assert_equal '1010201', response.error_code
-    assert_equal 'Invalid Parameter', response.params['reason']['message']
+    assert_equal '4010202', response.error_code
+    assert_equal 'Invalid Card Number', response.params['reason']['message']
 
     assert_kind_of MultiResponse, response
-    # Complete tokenization, failed in the purhcase step
+    # Complete tokenization, failed in the purchase step
     assert_equal 2, response.responses.size
   end