-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3639 from alphagov/PP-11363-use-appropriate-merch…
…ant-id-environment-variables PP-11363 Use correct Apple Pay certificate for payment provider
- Loading branch information
Showing
9 changed files
with
214 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
194 changes: 135 additions & 59 deletions
194
test/controllers/web-payments/apple-pay/merchant-validation.controller.test.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,74 +1,150 @@ | ||
'use strict' | ||
|
||
// NPM dependencies | ||
const { expect } = require('chai') | ||
const request = require('supertest') | ||
const nock = require('nock') | ||
const sinon = require('sinon') | ||
const proxyquire = require('proxyquire') | ||
|
||
// Local constants | ||
const { APPLE_PAY_MERCHANT_ID, APPLE_PAY_MERCHANT_DOMAIN } = process.env | ||
const merchantDomain = 'www.pymnt.uk' | ||
const worldpayMerchantId = 'worldpay.merchant.id' | ||
const worldpayCertificate = 'A-WORLDPAY-CERTIFICATE' | ||
const worldpayKey = 'A-WORLDPAY-KEY' | ||
const stripeMerchantId = 'stripe.merchant.id' | ||
const stripeCertificate = 'A-STRIPE-CERTIFICATE' | ||
const stripeKey = 'A-STRIPE-KEY' | ||
const url = 'https://fakeapple.url' | ||
|
||
// Local dependencies | ||
const { getApp } = require('../../../../server') | ||
const paths = require('../../../../app/paths') | ||
require('../../../test-helpers/html-assertions') | ||
const appleResponse = { status: 200 } | ||
const appleResponseBody = { foo: 'bar' } | ||
|
||
function getControllerWithMocks (requestMock) { | ||
return proxyquire('../../../../app/controllers/web-payments/apple-pay/merchant-validation.controller', { | ||
requestretry: requestMock | ||
}) | ||
} | ||
|
||
describe('Validate with Apple the merchant is legitimate', () => { | ||
it('should return a payload if Merchant is valid', done => { | ||
const url = 'https://fakeapple.url' | ||
const body = { | ||
merchantIdentifier: APPLE_PAY_MERCHANT_ID, | ||
displayName: 'GOV.UK Pay', | ||
initiative: 'web', | ||
initiativeContext: APPLE_PAY_MERCHANT_DOMAIN | ||
let res, sendSpy | ||
|
||
beforeEach(() => { | ||
process.env.APPLE_PAY_MERCHANT_DOMAIN = merchantDomain | ||
process.env.WORLDPAY_APPLE_PAY_MERCHANT_ID = worldpayMerchantId | ||
process.env.WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE = worldpayCertificate | ||
process.env.WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY = worldpayKey | ||
process.env.STRIPE_APPLE_PAY_MERCHANT_ID = stripeMerchantId | ||
process.env.STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE = stripeCertificate | ||
process.env.STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY = stripeKey | ||
|
||
sendSpy = sinon.spy() | ||
res = { | ||
status: sinon.spy(() => ({ send: sendSpy })), | ||
sendStatus: sinon.spy() | ||
} | ||
}) | ||
|
||
it('should return a payload for a Worldpay payment if Merchant is valid', async () => { | ||
const mockRequest = sinon.stub().yields(null, appleResponse, appleResponseBody) | ||
const controller = getControllerWithMocks(mockRequest) | ||
|
||
const req = { | ||
body: { | ||
url, | ||
paymentProvider: 'worldpay' | ||
} | ||
} | ||
await controller(req, res) | ||
|
||
sinon.assert.calledWith(mockRequest, { | ||
url, | ||
body: { | ||
merchantIdentifier: worldpayMerchantId, | ||
displayName: 'GOV.UK Pay', | ||
initiative: 'web', | ||
initiativeContext: merchantDomain | ||
}, | ||
method: 'post', | ||
json: true, | ||
cert: `-----BEGIN CERTIFICATE----- | ||
${worldpayCertificate} | ||
-----END CERTIFICATE-----`, | ||
key: `-----BEGIN PRIVATE KEY----- | ||
${worldpayKey} | ||
-----END PRIVATE KEY-----` | ||
}) | ||
sinon.assert.calledWith(res.status, 200) | ||
sinon.assert.calledWith(sendSpy, appleResponseBody) | ||
}) | ||
|
||
it('should return a payload for a Stripe payment if Merchant is valid', async () => { | ||
const mockRequest = sinon.stub().yields(null, appleResponse, appleResponseBody) | ||
const controller = getControllerWithMocks(mockRequest) | ||
|
||
const req = { | ||
body: { | ||
url, | ||
paymentProvider: 'stripe' | ||
} | ||
} | ||
const response = { encryptedThing: 'cryptoMagic' } | ||
|
||
nock(url) | ||
.post('/', body) | ||
.reply(200, response) | ||
|
||
request(getApp()) | ||
.post(paths.applePay.session.path) | ||
.set('Accept', 'application/json') | ||
.send({ | ||
url | ||
}) | ||
.expect(200) | ||
.expect(res => { | ||
expect(res.body).to.deep.equal(response) | ||
}) | ||
.end(done) | ||
await controller(req, res) | ||
|
||
sinon.assert.calledWith(mockRequest, { | ||
url, | ||
body: { | ||
merchantIdentifier: stripeMerchantId, | ||
displayName: 'GOV.UK Pay', | ||
initiative: 'web', | ||
initiativeContext: merchantDomain | ||
}, | ||
method: 'post', | ||
json: true, | ||
cert: `-----BEGIN CERTIFICATE----- | ||
${stripeCertificate} | ||
-----END CERTIFICATE-----`, | ||
key: `-----BEGIN PRIVATE KEY----- | ||
${stripeKey} | ||
-----END PRIVATE KEY-----` | ||
}) | ||
sinon.assert.calledWith(res.status, 200) | ||
sinon.assert.calledWith(sendSpy, appleResponseBody) | ||
}) | ||
|
||
it('should return 400 if no url is provided', done => { | ||
request(getApp()) | ||
.post(paths.applePay.session.path) | ||
.set('Accept', 'application/json') | ||
.expect(400) | ||
.end(done) | ||
it('should return 400 if no url is provided', async () => { | ||
const mockRequest = sinon.stub().yields(null, appleResponse, appleResponseBody) | ||
const controller = getControllerWithMocks(mockRequest) | ||
|
||
const req = { | ||
body: { | ||
paymentProvider: 'worldpay' | ||
} | ||
} | ||
await controller(req, res) | ||
sinon.assert.calledWith(res.sendStatus, 400) | ||
}) | ||
|
||
it('should return an error if Merchant is invalid, the merchant details or crypto stuff', done => { | ||
const url = 'https://fakeapple.url' | ||
const body = { | ||
merchantIdentifier: APPLE_PAY_MERCHANT_ID, | ||
displayName: 'GOV.UK Pay', | ||
initiative: 'web', | ||
initiativeContext: APPLE_PAY_MERCHANT_DOMAIN | ||
it('should return 400 for unexpected payment provider', async () => { | ||
const mockRequest = sinon.stub().yields(null, appleResponse, appleResponseBody) | ||
const controller = getControllerWithMocks(mockRequest) | ||
|
||
const req = { | ||
body: { | ||
url, | ||
paymentProvider: 'sandbox' | ||
} | ||
} | ||
await controller(req, res) | ||
sinon.assert.calledWith(res.sendStatus, 400) | ||
}) | ||
|
||
nock(url) | ||
.post('/', body) | ||
.replyWithError('nope') | ||
|
||
request(getApp()) | ||
.post(paths.applePay.session.path) | ||
.set('Accept', 'application/json') | ||
.send({ | ||
url | ||
}) | ||
.expect(500) | ||
.end(done) | ||
it('should return an error if Apple Pay returns an error', async () => { | ||
const mockRequest = sinon.stub().yields(new Error(), appleResponse, appleResponseBody) | ||
const controller = getControllerWithMocks(mockRequest) | ||
|
||
const req = { | ||
body: { | ||
url, | ||
paymentProvider: 'worldpay' | ||
} | ||
} | ||
await controller(req, res) | ||
sinon.assert.calledWith(res.status, 500) | ||
sinon.assert.calledWith(sendSpy, appleResponseBody) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters