Merge pull request #11 from cybersource-tpi/v24.2.1

changes related to v24.2.1

README.md

@@ -3,13 +3,13 @@
 
 * **Description:** Cybersource, a Visa solution, is the only global, modular payment management platform built on secure Visa infrastructure with the payment reach and fraud insights of a massive $500B+ global processing network. You can find out more about what Cybersource does [here](https://www.cybersource.com/en-gb.html)
 * **Categories:** Payment Processing, Fraud Detection, Address Validation, Tax Computation
-* **Version:** 24.2.0
-* **Last Certification Date:** April-2024
+* **Version:** 24.2.1
+* **Last Certification Date:** May 2024
 * **Supports SFRA v6.3.0**
 * **JavaScript Controllers Friendly:** **YES**
 
 ### Contact ###
-* Global Partner Solutions - Customer Support : <GlobalPartnerSolutionsCS@visa.com>
+* <SFCC@cybersource.com>
 
 ----
 

cartridges/int_cybs_sfra/cartridge/client/default/js/checkout/checkout.js

@@ -28,7 +28,7 @@ $('button[value="submit-payment"]').on('click', function () {
 function openModal(url) {
     var iframe = $(
         `<div class="modal fade"><div class="modal-dialog"><div class="modal-content"><div class="modal-body">
-        <iframe src='${url}' 
+        <iframe src='${decodeURIComponent(url)}' 
             style="border: none; height:85vh; display: block;" 
             height="100%" width="100%" 
             marginheight="0" marginwidth="0" frameBorder="0" scrolling="no"
@@ -59,7 +59,7 @@ function handlePlaceOrder() {
                     defer.reject(data);
                 }
             } else if (data.createDeviceDataCollection) {
-                openModal(data.redirectUrl);
+                openModal(encodeURIComponent(data.redirectUrl));
                 defer.resolve();
             } else {
                 var continueUrl = data.continueUrl;

cartridges/int_cybs_sfra/cartridge/client/default/js/googlePay.js

@@ -202,7 +202,7 @@ function processPayment(paymentData) {
             $('*[name=' + attr + ']', parentSelector)
                 .addClass('is-invalid')
                 .siblings('.invalid-feedback')
-                .html(fieldErrors[attr]);
+                .text(fieldErrors[attr]);
         });
     }
 

cartridges/int_cybs_sfra/cartridge/client/default/js/googlePayBilling.js

@@ -16,6 +16,7 @@ var googlePayEnvironment = $('#googlePayEnvironment').val();
 var allowedCardNetworks = ['AMEX', 'DISCOVER', 'JCB', 'MASTERCARD', 'VISA'];
 
 var allowedCardAuthMethods = ['PAN_ONLY', 'CRYPTOGRAM_3DS'];
+var DOMPurify = require('dompurify');
 
 var tokenizationSpecification = {
     type: 'PAYMENT_GATEWAY',
@@ -225,8 +226,9 @@ $('.minicart').off('mouseenter focusin touchstart').on('mouseenter focusin touch
         $('.minicart .popover').addClass('show');
         $('.minicart .popover').spinner().start();
         $.get(url, function (data) {
+            var sanitizeData = DOMPurify.sanitize(data, {ADD_TAGS: ['isapplepay']});
             $('.minicart .popover').empty();
-            $('.minicart .popover').append(data);
+            $('.minicart .popover').append(sanitizeData);
 
             var isGooglePayEnabled = $('#isGooglePayEnabledOnMiniCart').length > 0 && $('#isGooglePayEnabledOnMiniCart').val() === 'true';
 

cartridges/int_cybs_sfra/cartridge/templates/default/cart/checkoutButtons.isml

@@ -1,8 +1,8 @@
 <div class="checkout-and-applepay">
 	<div class="row">
-
+		
 	    <div class="${session.privacy.applepaysession === 'yes'? 'col-6 col-sm-5' : 'col-12'  }" id="cart-checkout-button">
-		    <a href="${URLUtils.https('Checkout-Begin')}"
+			<a href="${URLUtils.https('Checkout-Begin')}"
       		    class="btn btn-primary btn-block checkout-btn ${pdict.valid.error ? 'disabled' : ''}" role="button">
     		    ${Resource.msg('button.checkout', 'cart', null)}
    			 </a>

cartridges/int_cybs_sfra/cartridge/templates/default/common/deviceFingerprint.isml

@@ -1,6 +1,4 @@
 <link rel="stylesheet" href="${URLUtils.staticURL('/css/deviceDataCollection.css')}">
 <isif condition="${pdict.getDeviceFingerprint}">
-    <noscript>
-        <iframe id="deviceFPC" src="${pdict.url}"></iframe>
-    </noscript>
+    <script src="${pdict.url}"></script>
 </isif>

cartridges/int_cybs_sfra_base/cartridge/configuration/index.js

@@ -136,6 +136,7 @@ function getConfig(config) {
         // DecisionManager
         visaSRCEnabled: config.vscCheckoutEnabled || customPreferences.ClicktoPay.Preferences.ClicktoPayEnabled.getValue(),
         visaSRCKey: config.visaSRCKey || customPreferences.ClicktoPay.Preferences.ClicktoPayKey.getValue(),
-        VisaSRCProduction: config.VisaSRCProduction || customPreferences.ClicktoPay.Preferences.ClicktoPayProduction.getValue()    };
+        VisaSRCProduction: config.VisaSRCProduction || customPreferences.ClicktoPay.Preferences.ClicktoPayProduction.getValue()
+    };
 }
 module.exports = getConfig();

cartridges/int_cybs_sfra_base/cartridge/configuration/preferences/customPreferences.js

@@ -331,17 +331,6 @@ module.exports = {
                 }
             },
             /** @type {CustomPreference} */
-            NetworkTokenUpdates: {
-                id: 'Cybersource_NetworkToken',
-                display_name: 'Network Token Updates',
-                description: 'Subscribe to Network Token life cycle updates',
-                type: Types.boolean,
-                default: false,
-                flags: {
-                    mandatory: false
-                }
-            },
-            /** @type {CustomPreference} */
             LimitSavedCardEnabled: {
                 id: 'Cybersource_LimitSavedCardEnabled',
                 display_name: 'Enable limiting Saved Card',
@@ -362,6 +351,17 @@ module.exports = {
                 flags: {
                     mandatory: false
                 }
+            },
+             /** @type {CustomPreference} */
+             NetworkTokenUpdates: {
+                id: 'Cybersource_NetworkToken',
+                display_name: 'Network Token Updates',
+                description: 'Subscribe to Network Token life cycle updates',
+                type: Types.boolean,
+                default: false,
+                flags: {
+                    mandatory: false
+                }
             },
             /** @type {CustomPreference} */
             ResetIntervalInHours: {
@@ -491,17 +491,6 @@ module.exports = {
                     mandatory: false
                 }
             },
-            /** @type {CustomPreference} */
-            EnableSCA: {
-                id: 'Cybersource_IsSCAEnabled',
-                display_name: 'Enable SCA',
-                description: 'Enable or Disable Strong Customer Authentication',
-                type: Types.boolean,
-                default: false,
-                flags: {
-                    mandatory: false
-                }
-            }
         }
     },
     /* Google Pay Custom Preference */

cartridges/int_cybs_sfra_base/cartridge/controllers/CheckoutServices.js

@@ -32,7 +32,7 @@ if (configObject.payerAuthenticationEnabled && configObject.cartridgeEnabled &&
             var COHelpers = require('*/cartridge/scripts/checkout/checkoutHelpers');
             var validationHelpers = require('*/cartridge/scripts/helpers/basketValidationHelpers');
             var addressHelpers = require('*/cartridge/scripts/helpers/addressHelpers');
-
+            res.setHttpHeader("Content-Security-Policy", "script-src 'self'");
             // eslint-disable-next-line no-shadow
             var currentBasket = BasketMgr.getCurrentBasket();
             if (!currentBasket) {

cartridges/int_cybs_sfra_base/cartridge/controllers/Error.js

@@ -40,6 +40,7 @@ if (configObject.cartridgeEnabled) {
                     }
                 }
                 messages.push();
+                res.setContentType('application/json;charset=utf-8');
                 if (req.httpHeaders.get('x-requested-with') === 'XMLHttpRequest') {
                     res.json({
                         errorObj: customError,

cartridges/int_cybs_sfra_base/cartridge/controllers/PaymentDeviceFingerprint.js

@@ -21,7 +21,7 @@ if (configObject.cartridgeEnabled) {
 
         var getDeviceFingerprint = false;
 
-        if (configObject.deviceFingerprintEnabled) {
+         if (configObject.deviceFingerprintEnabled && configObject.fmeDmEnabled) {
             // eslint-disable-next-line no-undef
             if (empty(session.privacy.deviceFingerprintTime)) {
                 // eslint-disable-next-line no-undef
@@ -41,24 +41,19 @@ if (configObject.cartridgeEnabled) {
         var SecureRandom = require('dw/crypto/SecureRandom');
         SecureRandom = new SecureRandom();
         Cipher = new Cipher();
-        // eslint-disable-next-line no-undef
-        if (!session.privacy.key || !session.privacy.iv) {
-            var key = SecureRandom.nextBytes(32);
-            var iv = SecureRandom.nextBytes(16);
-            // eslint-disable-next-line no-undef
-            key = dw.crypto.Encoding.toBase64(key);
-            // eslint-disable-next-line no-undef
-            iv = dw.crypto.Encoding.toBase64(iv);
-            // eslint-disable-next-line no-undef
-            session.privacy.key = key;
-            // eslint-disable-next-line no-undef
-            session.privacy.iv = iv;
-        }
-        // eslint-disable-next-line no-undef
-        var encryptedSessionID = Cipher.encrypt(sessionID, session.privacy.key, 'AES/CBC/PKCS5Padding', session.privacy.iv, 0);
+        var key = SecureRandom.nextBytes(32);
+        var iv = SecureRandom.nextBytes(16);
+        key = dw.crypto.Encoding.toBase64(key);
+        iv = dw.crypto.Encoding.toBase64(iv);
+        session.privacy.key = key;
+        session.privacy.iv = iv;
 
-        var url = location + '/fp/tags.js?org_id=' + orgID + '&session_id=' + merchID + encryptedSessionID;
+        // eslint-disable-next-line no-undef
+        var encryptedSessionID = Cipher.encrypt(key, session.privacy.key, 'AES/CBC/PKCS5Padding', session.privacy.iv, 0);
 
+        var dfpSessionId = encryptedSessionID.replace(/[+/]/g, 'SF');
+        var url = location + '/fp/tags.js?org_id=' + orgID + '&session_id=' + merchID + dfpSessionId;
+        session.privacy.dfID = dfpSessionId;
         res.cacheExpiration(0);
         res.render('common/deviceFingerprint', {
             url: url,

cartridges/int_cybs_sfra_base/cartridge/scripts/http/payerAuthentication.js

@@ -212,14 +212,11 @@ function paEnroll(billingDetails, shippingAddress, referenceInformationCode, tot
         // eslint-disable-next-line no-undef
         session.privacy.iv = iv;
     }
-    Cipher = new Cipher();
-    // eslint-disable-next-line no-undef
-    var encryptedSessionID = Cipher.encrypt(session.sessionID, session.privacy.key, 'AES/CBC/PKCS5Padding', session.privacy.iv, 0);
 
     var deviceSessionId = new cybersourceRestApi.Ptsv2paymentsDeviceInformation();
-    deviceSessionId.fingerprintSessionId = encryptedSessionID;
+    deviceSessionId.fingerprintSessionId = session.privacy.dfID;
 
-    if (configObject.deviceFingerprintEnabled) {
+    if (configObject.deviceFingerprintEnabled && configObject.fmeDmEnabled) {
         request.deviceInformation = deviceSessionId;
     }
 
@@ -331,17 +328,13 @@ function paConsumerAuthenticate(billingDetails, referenceInformationCode, total,
     var paymentInformation = new cybersourceRestApi.Ptsv2paymentsPaymentInformation();
     var request = new cybersourceRestApi.CreatePaymentRequest();
 
-        Cipher = new Cipher();
-        // eslint-disable-next-line no-undef
-        var encryptedSessionID = Cipher.encrypt(session.sessionID, session.privacy.key, 'AES/CBC/PKCS5Padding', session.privacy.iv, 0);
+    var deviceSessionId = new cybersourceRestApi.Ptsv2paymentsDeviceInformation();
+    deviceSessionId.fingerprintSessionId = session.privacy.dfID;
 
-        var deviceSessionId = new cybersourceRestApi.Ptsv2paymentsDeviceInformation();
-        deviceSessionId.fingerprintSessionId = encryptedSessionID;
+    if (configObject.deviceFingerprintEnabled && configObject.fmeDmEnabled) {
+        request.deviceInformation = deviceSessionId;
+    }
 
-        if (configObject.deviceFingerprintEnabled) {
-            request.deviceInformation = deviceSessionId;
-        }
-
     if (cardData.token != null) {
         /* eslint-disable block-scoped-var */
         var customer = new cybersourceRestApi.Ptsv2paymentsPaymentInformationCustomer();