diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/__tests__/paypalExpress.test.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/__tests__/paypalExpress.test.js
index 93339a8f0..1abe660af 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/__tests__/paypalExpress.test.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/__tests__/paypalExpress.test.js
@@ -28,10 +28,9 @@ describe('paypal express', () => {
global.$.spinner = jest.fn(() => {return {
start: start
}})
- global.fetch = jest.fn().mockResolvedValueOnce({
- ok: true,
- json: jest.fn(() => {return {action: {}}})
- })
+ global.$.ajax = jest.fn().mockImplementation(({ success }) => {
+ success({ action : {}})
+ });
const component = {
handleError: jest.fn(),
handleAction: jest.fn()
@@ -46,10 +45,9 @@ describe('paypal express', () => {
global.$.spinner = jest.fn(() => {return {
start: start
}})
- global.fetch = jest.fn().mockResolvedValueOnce({
- ok: true,
- json: jest.fn(() => {return {}})
- })
+ global.$.ajax = jest.fn().mockImplementation(({ success }) => {
+ success({})
+ });
const component = {
handleError: jest.fn(),
handleAction: jest.fn()
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenAccount.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenAccount.js
index b2f3b28e8..59f693060 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenAccount.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenAccount.js
@@ -33,11 +33,16 @@ function handleAction(action) {
// confirm onAdditionalDetails event and paymentsDetails response
store.checkoutConfiguration.onAdditionalDetails = (state) => {
+ const requestData = JSON.stringify({
+ data: state.data,
+ });
$.ajax({
type: 'POST',
- url: 'Adyen-PaymentsDetails',
- data: JSON.stringify({ data: state.data }),
- contentType: 'application/json; charset=utf-8',
+ url: window.paymentsDetailsURL,
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: requestData,
+ },
async: false,
success(data) {
if (data.isSuccessful) {
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenGiving.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenGiving.js
index 6ab787e9c..ee559d513 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenGiving.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyenGiving.js
@@ -10,6 +10,7 @@ function handleOnDonate(state, component) {
amountCurrency: selectedAmount.currency,
orderNo: window.orderNo,
orderToken: window.orderToken,
+ csrf_token: $('#adyen-token').val(),
};
$.ajax({
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/checkoutConfiguration.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/checkoutConfiguration.js
index a2a828587..d924d4f12 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/checkoutConfiguration.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/checkoutConfiguration.js
@@ -181,11 +181,14 @@ function getGiftCardConfig() {
store.updateSelectedPayment(constants.GIFTCARD, 'stateData', state.data);
},
onBalanceCheck: (resolve, reject, requestData) => {
+ const payload = {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify(requestData),
+ };
$.ajax({
type: 'POST',
url: window.checkBalanceUrl,
- data: JSON.stringify(requestData),
- contentType: 'application/json; charset=utf-8',
+ data: payload,
async: false,
success: (data) => {
giftcardBalance = data.balance;
@@ -248,8 +251,10 @@ function getGiftCardConfig() {
$.ajax({
type: 'POST',
url: window.partialPaymentsOrderUrl,
- data: JSON.stringify(requestData),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify(requestData),
+ },
async: false,
success: (data) => {
if (data.resultCode === 'Success') {
@@ -293,14 +298,17 @@ const actionHandler = async (action) => {
};
function handleOnAdditionalDetails(state) {
+ const requestData = JSON.stringify({
+ data: state.data,
+ orderToken: window.orderToken,
+ });
$.ajax({
type: 'POST',
url: window.paymentsDetailsURL,
- data: JSON.stringify({
- data: state.data,
- orderToken: window.orderToken,
- }),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: requestData,
+ },
async: false,
success(data) {
if (!data.isFinal && typeof data.action === 'object') {
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/helpers.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/helpers.js
index cd3956990..dd1d8a8d5 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/helpers.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/helpers.js
@@ -33,6 +33,7 @@ function paymentFromComponent(data, component = {}) {
url: window.paymentFromComponentURL,
type: 'post',
data: {
+ csrf_token: $('#adyen-token').val(),
data: JSON.stringify(requestData),
paymentMethod: document.querySelector('#adyenPaymentMethodName').value,
},
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/makePartialPayment.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/makePartialPayment.js
index 0e656dd0e..9db360830 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/makePartialPayment.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/makePartialPayment.js
@@ -7,8 +7,10 @@ function makePartialPayment(requestData) {
$.ajax({
url: window.partialPaymentUrl,
type: 'POST',
- data: JSON.stringify(requestData),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify(requestData),
+ },
})
.done((response) => {
if (response.error) {
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/renderGiftcardComponent.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/renderGiftcardComponent.js
index 2f4401f6c..e2f73a19b 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/renderGiftcardComponent.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/adyen_checkout/renderGiftcardComponent.js
@@ -56,8 +56,10 @@ function removeGiftCards() {
$.ajax({
type: 'POST',
url: window.cancelPartialPaymentOrderUrl,
- data: JSON.stringify(card),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify(card),
+ },
async: false,
success(res) {
const adyenPartialPaymentsOrder = document.querySelector(
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayCheckout.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayCheckout.js
index ef6a2462d..4d4bc3f30 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayCheckout.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayCheckout.js
@@ -42,6 +42,7 @@ function paymentFromComponent(data, component) {
url: window.paymentFromComponentURL,
type: 'post',
data: {
+ csrf_token: $('#adyen-token').val(),
data: JSON.stringify(requestData),
paymentMethod: 'amazonpay',
merchantReference: document.querySelector('#merchantReference').value,
@@ -80,14 +81,17 @@ async function mountAmazonPayComponent() {
},
onAdditionalDetails: (state) => {
state.data.paymentMethod = 'amazonpay';
+ const requestData = JSON.stringify({
+ data: state.data,
+ orderToken: window.orderToken,
+ });
$.ajax({
type: 'post',
url: window.paymentsDetailsURL,
- data: JSON.stringify({
- data: state.data,
- orderToken: window.orderToken,
- }),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: requestData,
+ },
success(data) {
if (data.isSuccessful) {
handleAuthorised(data);
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayExpressPart2.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayExpressPart2.js
index 9da564676..301e9a380 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayExpressPart2.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/amazonPayExpressPart2.js
@@ -5,6 +5,7 @@ function saveShopperDetails(details) {
url: window.saveShopperDetailsURL,
type: 'post',
data: {
+ csrf_token: $('#adyen-token').val(),
shopperDetails: JSON.stringify(details),
paymentMethod: 'amazonpay',
},
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/applePayExpress.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/applePayExpress.js
index ebd0c3027..2aa5954ed 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/applePayExpress.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/applePayExpress.js
@@ -90,6 +90,7 @@ function callPaymentFromComponent(data, resolveApplePay, rejectApplePay) {
url: window.paymentFromComponentURL,
type: 'post',
data: {
+ csrf_token: $('#adyen-token').val(),
data: JSON.stringify(data),
paymentMethod: APPLE_PAY,
},
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/checkoutReviewButtons.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/checkoutReviewButtons.js
index 6a33eb2da..21553f9fa 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/checkoutReviewButtons.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/checkoutReviewButtons.js
@@ -6,11 +6,16 @@ const helpers = require('./adyen_checkout/helpers');
* @return {undefined}
*/
function makeExpressPaymentDetailsCall(data) {
+ const csrfToken = document.querySelector(
+ '#showConfirmationForm input[id="adyen-token"]',
+ ).value;
$.ajax({
type: 'POST',
url: window.makeExpressPaymentDetailsCall,
- data: JSON.stringify({ data }),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: csrfToken,
+ data: JSON.stringify({ data }),
+ },
async: false,
success(response) {
helpers.setOrderFormData(response);
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/paypalExpress.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/paypalExpress.js
index 20f5bff8e..53cbc3ffd 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/paypalExpress.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/paypalExpress.js
@@ -9,19 +9,26 @@ const { PAYPAL } = require('./constants');
async function callPaymentFromComponent(data, component) {
try {
$.spinner().start();
- const response = await fetch(window.makeExpressPaymentsCall, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/json',
+
+ $.ajax({
+ type: 'POST',
+ url: window.makeExpressPaymentsCall,
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify(data),
+ }, // Send the data as a JSON string
+ success(response) {
+ const { action, errorMessage = '' } = response;
+ if (action) {
+ component.handleAction(action);
+ } else {
+ throw new Error(errorMessage);
+ }
+ },
+ error() {
+ component.handleError();
},
- body: JSON.stringify(data),
});
- const { action, errorMessage = '' } = await response.json();
- if (response.ok && action) {
- component.handleAction(action);
- } else {
- throw new Error(errorMessage);
- }
} catch (e) {
component.handleError();
}
@@ -33,6 +40,7 @@ async function saveShopperDetails(details, actions) {
type: 'post',
data: {
shopperDetails: JSON.stringify(details),
+ csrf_token: $('#adyen-token').val(),
},
success() {
actions.resolve();
@@ -55,6 +63,13 @@ function redirectToReviewPage(data) {
value: JSON.stringify(data),
});
+ $('')
+ .appendTo(redirect)
+ .attr({
+ name: 'csrf_token',
+ value: $('#adyen-token').val(),
+ });
+
redirect.submit();
}
@@ -62,8 +77,10 @@ function makeExpressPaymentDetailsCall(data) {
return $.ajax({
type: 'POST',
url: window.makeExpressPaymentDetailsCall,
- data: JSON.stringify({ data }),
- contentType: 'application/json; charset=utf-8',
+ data: {
+ csrf_token: $('#adyen-token').val(),
+ data: JSON.stringify({ data }),
+ },
async: false,
success(response) {
helpers.createShowConfirmationForm(window.showConfirmationAction);
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
index 5b9441f13..c917ee659 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
+++ b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/account/payment/paymentForm.isml
@@ -17,6 +17,7 @@
environment: '${pdict.adyen.environment}'
};
window.redirectUrl = "${URLUtils.url('PaymentInstruments-List')}";
+ window.paymentsDetailsURL = "${URLUtils.https('Adyen-PaymentsDetails')}";
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutButtons.isml b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutButtons.isml
index 630c5db42..97db6c106 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutButtons.isml
+++ b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutButtons.isml
@@ -100,3 +100,4 @@
+
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutReview.isml b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutReview.isml
index a7f24beda..82526062b 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutReview.isml
+++ b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/cart/checkoutReview.isml
@@ -1,4 +1,5 @@
+
var assets = require('*/cartridge/scripts/assets.js');
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
index caf04bbcf..276a6f889 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
+++ b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenComponentForm.isml
@@ -129,3 +129,4 @@
+
\ No newline at end of file
diff --git a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenGivingComponent.isml b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenGivingComponent.isml
index 86b4ad9ed..ebf1ea55a 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenGivingComponent.isml
+++ b/src/cartridges/app_adyen_SFRA/cartridge/templates/default/checkout/billing/adyenGivingComponent.isml
@@ -2,6 +2,7 @@
+
var assets = require('*/cartridge/scripts/assets.js');
assets.addJs('/js/adyenGiving.js');
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentDetailsCall.test.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentDetailsCall.test.js
index 75dd0cf47..ee4d7a232 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentDetailsCall.test.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentDetailsCall.test.js
@@ -13,7 +13,7 @@ const makeExpressPaymentDetailsCall = require('../makeExpressPaymentDetailsCall'
beforeEach(() => {
jest.clearAllMocks();
req = {
- body: JSON.stringify({data: {}})
+ form: {data: JSON.stringify({data: {}})}
};
res = {
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentsCall.test.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentsCall.test.js
index d202459e8..bb6c5c8fc 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentsCall.test.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/__tests__/makeExpressPaymentsCall.test.js
@@ -11,7 +11,7 @@ const makeExpressPaymentsCall = require('../makeExpressPaymentsCall');
beforeEach(() => {
jest.clearAllMocks();
req = {
- body: JSON.stringify({})
+ form: {data: JSON.stringify({})}
};
res = {
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentDetailsCall.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentDetailsCall.js
index 1c77030eb..07a47445d 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentDetailsCall.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentDetailsCall.js
@@ -27,7 +27,7 @@ function setPaymentInstrumentFields(paymentInstrument, response) {
*/
function makeExpressPaymentDetailsCall(req, res, next) {
try {
- const request = JSON.parse(req.body);
+ const request = JSON.parse(req.form.data);
const currentBasket = BasketMgr.getCurrentBasket();
const response = adyenCheckout.doPaymentsDetailsCall(request.data);
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentsCall.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentsCall.js
index 98f0f88ec..c3cba57a9 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentsCall.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/expressPayments/paypal/makeExpressPaymentsCall.js
@@ -23,7 +23,7 @@ function makeExpressPaymentsCall(req, res, next) {
paymentInstrument.paymentMethod,
);
paymentInstrument.paymentTransaction.paymentProcessor = paymentProcessor;
- paymentInstrument.custom.adyenPaymentData = req.body;
+ paymentInstrument.custom.adyenPaymentData = req.form.data;
});
// Creates order number to be utilized for PayPal express
const paypalExpressOrderNo = OrderMgr.createOrderNo();
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/cancelPartialPaymentOrder.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/cancelPartialPaymentOrder.js
index d51fff773..e13123f73 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/cancelPartialPaymentOrder.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/cancelPartialPaymentOrder.js
@@ -12,7 +12,7 @@ const clearForms = require('*/cartridge/adyen/utils/clearForms');
function cancelPartialPaymentOrder(req, res, next) {
try {
const currentBasket = BasketMgr.getCurrentBasket();
- const request = JSON.parse(req.body);
+ const request = JSON.parse(req.form.data);
const { partialPaymentsOrder } = request;
const cancelOrderRequest = {
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/checkBalance.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/checkBalance.js
index dd8430dd9..a38e90512 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/checkBalance.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/checkBalance.js
@@ -52,7 +52,7 @@ function callCheckBalance(req, res, next) {
? giftCardsAdded[giftCardsAdded.length - 1].remainingAmount
: orderAmount;
- const request = JSON.parse(req.body);
+ const request = JSON.parse(req.form.data);
const paymentMethod = request.paymentMethod
? request.paymentMethod
: constants.ACTIONTYPES.GIFTCARD;
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/partialPayment.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/partialPayment.js
index 51e4b4a58..49109ce33 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/partialPayment.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/partialPayments/partialPayment.js
@@ -16,7 +16,7 @@ function responseContainsErrors(response) {
function makePartialPayment(req, res, next) {
try {
- const request = JSON.parse(req.body);
+ const request = JSON.parse(req.form.data);
const currentBasket = BasketMgr.getCurrentBasket();
const { paymentMethod, partialPaymentsOrder, amount, giftcardBrand } =
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/__tests__/paymentsDetails.test.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/__tests__/paymentsDetails.test.js
index 60d335c87..e54d150c8 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/__tests__/paymentsDetails.test.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/__tests__/paymentsDetails.test.js
@@ -15,7 +15,7 @@ beforeEach(() => {
};
req = {
- body: JSON.stringify({}),
+ form: {data : JSON.stringify({})},
};
});
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/paymentsDetails.js b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/paymentsDetails.js
index b974e4872..9a405f9b0 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/paymentsDetails.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/adyen/scripts/payments/paymentsDetails.js
@@ -33,7 +33,7 @@ function getRedirectUrl(paymentsDetailsResponse, orderToken) {
*/
function paymentsDetails(req, res, next) {
try {
- const request = JSON.parse(req.body);
+ const request = JSON.parse(req.form.data);
const isAmazonpay = request?.data?.paymentMethod === 'amazonpay';
if (request.data) {
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
index c487831a1..2d2996511 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
@@ -2,13 +2,19 @@ const server = require('server');
const consentTracking = require('*/cartridge/scripts/middleware/consentTracking');
const adyenGiving = require('*/cartridge/adyen/scripts/donations/adyenGiving');
const { adyen } = require('*/cartridge/controllers/middlewares/index');
+const csrf = require('*/cartridge/scripts/middleware/csrf');
const EXTERNAL_PLATFORM_VERSION = 'SFRA';
/**
* Show confirmation after return from Adyen
*/
-server.get('ShowConfirmation', server.middleware.https, adyen.showConfirmation);
+server.get(
+ 'ShowConfirmation',
+ server.middleware.https,
+ csrf.generateToken,
+ adyen.showConfirmation,
+);
/**
* Confirm payment status after receiving redirectResult from Adyen
@@ -17,6 +23,7 @@ server.post(
'PaymentsDetails',
server.middleware.https,
consentTracking.consent,
+ csrf.validateRequest,
adyen.paymentsDetails,
);
@@ -45,6 +52,7 @@ server.post(
server.get(
'Redirect3DS1Response',
server.middleware.https,
+ csrf.generateToken,
adyen.redirect3ds1Response,
);
@@ -60,20 +68,25 @@ server.post(
/**
* Complete a donation through adyenGiving
*/
-server.post('Donate', server.middleware.https, (req /* , res, next */) => {
- const { orderNo, orderToken } = req.form;
- const donationAmount = {
- value: req.form.amountValue,
- currency: req.form.amountCurrency,
- };
- const donationResult = adyenGiving.donate(
- orderNo,
- donationAmount,
- orderToken,
- );
-
- return donationResult.response;
-});
+server.post(
+ 'Donate',
+ server.middleware.https,
+ csrf.validateRequest,
+ (req /* , res, next */) => {
+ const { orderNo, orderToken } = req.form;
+ const donationAmount = {
+ value: req.form.amountValue,
+ currency: req.form.amountCurrency,
+ };
+ const donationResult = adyenGiving.donate(
+ orderNo,
+ donationAmount,
+ orderToken,
+ );
+
+ return donationResult.response;
+ },
+);
/**
* Make a payment from inside a component (paypal)
@@ -81,6 +94,7 @@ server.post('Donate', server.middleware.https, (req /* , res, next */) => {
server.post(
'PaymentFromComponent',
server.middleware.https,
+ csrf.validateRequest,
adyen.paymentFromComponent,
);
@@ -90,12 +104,14 @@ server.post(
server.post(
'SaveExpressShopperDetails',
server.middleware.https,
+ csrf.validateRequest,
adyen.saveExpressShopperDetails,
);
server.get(
'GetPaymentMethods',
server.middleware.https,
+ csrf.generateToken,
adyen.getCheckoutPaymentMethods,
);
@@ -105,6 +121,7 @@ server.get(
server.post(
'CheckoutReview',
server.middleware.https,
+ csrf.validateRequest,
adyen.handleCheckoutReview,
);
@@ -116,7 +133,12 @@ server.post('Notify', server.middleware.https, adyen.notify);
/**
* Called by Adyen to check balance of gift card.
*/
-server.post('CheckBalance', server.middleware.https, adyen.checkBalance);
+server.post(
+ 'CheckBalance',
+ server.middleware.https,
+ csrf.validateRequest,
+ adyen.checkBalance,
+);
/**
* Called by Adyen to cancel a partial payment order.
@@ -124,6 +146,7 @@ server.post('CheckBalance', server.middleware.https, adyen.checkBalance);
server.post(
'CancelPartialPaymentOrder',
server.middleware.https,
+ csrf.validateRequest,
adyen.cancelPartialPaymentOrder,
);
@@ -133,13 +156,19 @@ server.post(
server.post(
'PartialPaymentsOrder',
server.middleware.https,
+ csrf.validateRequest,
adyen.partialPaymentsOrder,
);
/**
* Called by Adyen to apply a giftcard
*/
-server.post('partialPayment', server.middleware.https, adyen.partialPayment);
+server.post(
+ 'partialPayment',
+ server.middleware.https,
+ csrf.validateRequest,
+ adyen.partialPayment,
+);
/**
* Called by Adyen to make /payments call for PayPal Express flow
@@ -147,6 +176,7 @@ server.post('partialPayment', server.middleware.https, adyen.partialPayment);
server.post(
'MakeExpressPaymentsCall',
server.middleware.https,
+ csrf.validateRequest,
adyen.makeExpressPaymentsCall,
);
@@ -156,17 +186,28 @@ server.post(
server.post(
'MakeExpressPaymentDetailsCall',
server.middleware.https,
+ csrf.validateRequest,
adyen.makeExpressPaymentDetailsCall,
);
/**
* Called by Adyen to save the shopper data coming from PayPal Express
*/
-server.post('SaveShopperData', server.middleware.https, adyen.saveShopperData);
+server.post(
+ 'SaveShopperData',
+ server.middleware.https,
+ csrf.validateRequest,
+ adyen.saveShopperData,
+);
/**
* Called by Adyen to fetch applied giftcards
*/
-server.get('fetchGiftCards', server.middleware.https, adyen.fetchGiftCards);
+server.get(
+ 'fetchGiftCards',
+ server.middleware.https,
+ csrf.generateToken,
+ adyen.fetchGiftCards,
+);
function getExternalPlatformVersion() {
return EXTERNAL_PLATFORM_VERSION;
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Cart.js b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Cart.js
new file mode 100644
index 000000000..fba2cc4eb
--- /dev/null
+++ b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Cart.js
@@ -0,0 +1,14 @@
+const server = require('server');
+const csrf = require('*/cartridge/scripts/middleware/csrf');
+
+server.extend(module.superModule);
+
+/*
+ * Prepends Cart's 'MiniCartShow' function to have csrf token.
+ * This is needed for csrf protection for express payments on mini cart.
+ */
+server.prepend('MiniCartShow', csrf.generateToken, (req, res, next) => {
+ next();
+});
+
+module.exports = server.exports();