CSP whitelist and inline onestep support

2Checkout · Oct 12, 2022 · fbc9126 · fbc9126
1 parent ee3c836
commit fbc9126
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 13 deletions.
diff --git a/Tco/Checkout/Model/Checkout.php b/Tco/Checkout/Model/Checkout.php
@@ -301,6 +301,7 @@ public function buildInlineCheckoutRequest($quote)
         $inlineParams['currency'] = strtoupper($quote->getQuoteCurrencyCode());
         $inlineParams['mode'] = 'DYNAMIC';
         $inlineParams['merchant'] = $this->getConfigData('merchant_id');
+        $inlineParams['customization'] = $this->getConfigData('inline_type');
         $inlineParams['dynamic'] = 1;
         $inlineParams['src'] = 'MAGENTO2';
 	    $inlineParams['company-name'] = !is_null($billingAddress->getCompany()) ? $billingAddress->getCompany() : $shippingAddress->getCompany();

diff --git a/Tco/Checkout/Model/InlineType.php b/Tco/Checkout/Model/InlineType.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Tco\Checkout\Model;
+
+/**
+ * @api
+ * @since 100.0.2
+ */
+class InlineType implements \Magento\Framework\Option\ArrayInterface
+{
+	/**
+	 * @return array|array[]
+	 */
+	public function toOptionArray()
+	{
+		return [['value' => 'inline-one-step', 'label' => __('One step inline')], ['value' => 'inline', 'label' => __('Multi step inline')]];
+	}
+
+	/**
+	 * @return array
+	 */
+	public function toArray()
+	{
+		return ['inline-one-step' => __('One step inline'), 'inline' => __('Multi step inline')];
+	}
+}
diff --git a/Tco/Checkout/composer.json b/Tco/Checkout/composer.json
@@ -2,7 +2,7 @@
   "name": "tco/checkout",
   "description": "2Checkout Magento 2 payment module",
   "type": "magento2-module",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "license": [
     "OSL-3.0",
     "AFL-3.0"

diff --git a/Tco/Checkout/etc/adminhtml/system.xml b/Tco/Checkout/etc/adminhtml/system.xml
@@ -42,56 +42,61 @@
                     <label>Use Inline Checkout</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="order_status" translate="label" type="select" sortOrder="11" showInDefault="1"
+                <field id="inline_type" translate="label" type="select" sortOrder="11" showInDefault="1" showInWebsite="1"
+                       showInStore="0">
+                    <label>Template</label>
+                    <source_model>Tco\Checkout\Model\InlineType</source_model>
+                </field>
+                <field id="order_status" translate="label" type="select" sortOrder="12" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>New Order Status</label>
                     <source_model>Magento\Sales\Model\Config\Source\Order\Status</source_model>
                 </field>
-                <field id="invoice_before_fraud_review" translate="label" type="select" sortOrder="12" showInDefault="1"
+                <field id="invoice_before_fraud_review" translate="label" type="select" sortOrder="13" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Invoice Before Fraud Review</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="invoice_after_fraud_review" translate="label" type="select" sortOrder="13" showInDefault="1"
+                <field id="invoice_after_fraud_review" translate="label" type="select" sortOrder="14" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Invoice After Fraud Review</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="invoice_when_captured" translate="label" type="select" sortOrder="14" showInDefault="1"
+                <field id="invoice_when_captured" translate="label" type="select" sortOrder="15" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Invoice On Capture</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="reserve_order" translate="label" type="select" sortOrder="14" showInDefault="1"
+                <field id="reserve_order" translate="label" type="select" sortOrder="16" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Create Order On Redirect</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="cancel_pending_orders" translate="label" type="select" sortOrder="14" showInDefault="1"
+                <field id="cancel_pending_orders" translate="label" type="select" sortOrder="17" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Cancel Unpaid Orders</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="allowspecific" translate="label" type="allowspecific" sortOrder="15" showInDefault="1"
+                <field id="allowspecific" translate="label" type="allowspecific" sortOrder="18" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Payment from Applicable Countries</label>
                     <source_model>Magento\Payment\Model\Config\Source\Allspecificcountries</source_model>
                 </field>
-                <field id="specificcountry" translate="label" type="multiselect" sortOrder="16" showInDefault="1"
+                <field id="specificcountry" translate="label" type="multiselect" sortOrder="19" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Payment from Specific Countries</label>
                     <source_model>Magento\Directory\Model\Config\Source\Country</source_model>
                 </field>
-                <field id="min_order_total" translate="label" type="text" sortOrder="17" showInDefault="1"
+                <field id="min_order_total" translate="label" type="text" sortOrder="20" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Minimum Order Total</label>
                 </field>
-                <field id="max_order_total" translate="label" type="text" sortOrder="18" showInDefault="1"
+                <field id="max_order_total" translate="label" type="text" sortOrder="21" showInDefault="1"
                        showInWebsite="1" showInStore="0">
                     <label>Maximum Order Total</label>
                     <comment>Leave empty to disable limit</comment>
                 </field>
-                <field id="sort_order" translate="label" type="text" sortOrder="19" showInDefault="1" showInWebsite="1"
+                <field id="sort_order" translate="label" type="text" sortOrder="22" showInDefault="1" showInWebsite="1"
                        showInStore="0">
                     <label>Sort Order</label>
                 </field>

diff --git a/Tco/Checkout/etc/config.xml b/Tco/Checkout/etc/config.xml
@@ -39,5 +39,14 @@
             </tco_api>
 
         </payment>
+        <csp>
+            <policies>
+                <storefront>
+                    <frame-ancestors>
+                        <inline>0</inline>
+                    </frame-ancestors>
+                </storefront>
+            </policies>
+        </csp>
     </default>
 </config>
diff --git a/Tco/Checkout/etc/csp_whitelist.xml b/Tco/Checkout/etc/csp_whitelist.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
+    <policies>
+        <policy id="script-src">
+            <values>
+                <value id="2co" type="host">https://secure.2checkout.com</value>
+                <value id="2pay" type="host">https://2pay-js.2checkout.com</value>
+                <value id="avangate" type="host">https://secure.avangate.com</value>
+            </values>
+        </policy>
+        <policy id="frame-src">
+            <values>
+                <value id="2co" type="host">https://secure.2checkout.com</value>
+                <value id="2pay" type="host">https://2pay-js.2checkout.com</value>
+                <value id="avangate" type="host">https://secure.avangate.com</value>
+            </values>
+        </policy>
+        <policy id="img-src">
+            <values>
+                <value id="2co" type="host">https://secure.2checkout.com</value>
+                <value id="2pay" type="host">https://2pay-js.2checkout.com</value>
+                <value id="avangate" type="host">https://secure.avangate.com</value>
+            </values>
+        </policy>
+    </policies>
+</csp_whitelist>
diff --git a/Tco/Checkout/view/frontend/web/js/action/set-payment-method.js b/Tco/Checkout/view/frontend/web/js/action/set-payment-method.js
@@ -38,7 +38,7 @@ define(
                         $('#tco_payment_form').remove();
                         var data = response.fields;
                         if(response.inline && response.inline == 1) {
-                            TwoCoInlineCart.setup.setConfig('cart', {'host': response.url});
+                            TwoCoInlineCart.setup.setConfig('cart', {'host': response.url, 'customization': data.customization});
                             TwoCoInlineCart.setup.setMerchant(data.merchant);
                             TwoCoInlineCart.setup.setMode(data.mode);
                             TwoCoInlineCart.register();