[16.0][MIG] payment_worldline: backport odoo module from 18 to 16

[benwillig]

No description provided.

[github-actions]

There hasn't been any activity on this pull request in the past 4 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days.
If you want this PR to never become stale, please ask a PSC member to apply the "no stale" label.

[marcos-mendez]

Automated Review -- Tests Passed
All tests for payment_worldline passed successfully on Odoo 16.0.
Environment: Minikube + K8s Job + oca-ci/py3.10-odoo16.0

Test Coverage Suggestions

Coverage Gaps

The existing tests likely cover basic provider setup and transaction processing, but there are several key areas with potential coverage gaps:

1. Webhook signature verification failure – The _verify_notification_signature method in controllers/main.py is not tested when the signature is invalid.
2. Error handling in _worldline_make_request – The payment_provider.py includes error handling for API calls, but not all failure modes are tested.
3. Transaction state transitions – Especially for declined or cancelled payments, which are mapped from Worldline statuses.
4. Tokenization flow with payment – The module supports tokenization with payment, but this path may not be fully tested.
5. 3D Secure redirection handling – The module mentions support for 3D Secure 2, but there's no explicit test of the redirect flow or handling of 3D Secure responses.

Suggested Test Cases

def test_worldline_verify_signature_invalid(self):
    """Test that invalid webhook signatures raise Forbidden."""
    # Create a transaction and mock an invalid signature
    # Assert Forbidden is raised during webhook processing

def test_worldline_transaction_status_mapping(self):
    """Test that Worldline statuses are correctly mapped to Odoo transaction states."""
    # Simulate different Worldline response statuses and assert correct Odoo state transitions

def test_worldline_tokenization_with_payment(self):
    """Test tokenization flow when a payment is made."""
    # Create a transaction with tokenization enabled and assert token is created

Codecov Risk

• controllers/main.py::WorldlineController._verify_notification_signature – High risk if not tested trip, especially with invalid signatures.
• models/payment_provider.py::_worldline_make_request – Risky due to API call and exception handling.
• models/payment_transaction.py – Risk of missing edge cases in _get_tx_from_notification_data and _handle_notification_data.

These methods are new or critical and should be covered to avoid regressions.

Automated review by OCA Neural Reviewer + qwen3-coder:30b