feature(3DS): Implement show method and return response with enriched nonce (#2452)

* chore: prettier

* allow three-domain-secure component

* refactor threedomainsecure component to class

* correct typo

* refactor test for class component

* chore: fix lint

* chore: fix flow issues

* pin flow-remove-types and hermes-parser version due to flow errors

* return methods only instead of entire class

* modify interface to reflect future state

* resolve WIP stash merge

* implement isEligible request to API

* change sdktoken to idtoken

* modify protectedExport to Local or Stage check

* change protectedexport to local/stage export

* pass transaction context as received

* fix flow type errors

* linting / flow fixes and skipping test for now

* add isEligible test skeleton

* check for payer-action rel in links

* throw error on API error isntead of false

* wip: add test for isEligible

* remove comments

* additional test for isEligble

* remove console logs

* add threeDS overlay component

* add styling for 3DS iframe overlay

* update overlay, save 3ds comp on eligibility to class variable

* fix stage url,nit

* fix lint

* fix lint/typecheck

* fix tests

* fix tests

* fix something please

* test with dub in stage

* remove port

* test api subdomain

* add sdkMeta, logs, fix css

* wip

* pass braintree-version header to gql

* fix lint

* fix typecheck

* skip test

* add domain

* testing only fix

* add allowParentDomain

* add globals and enable automatic config

* render zoid in parent, pass payerActionUrl prop

* fix lint

* fix show() response back to merchant

* call eligibility api with an lsat

* fix response back to the merchant

* fix response back to the merchant

* console logs cleanup

* add tests for interface and api

* add test - utils.jsx

* add devOnlyExport, cleanup

* reverted dist content

* fix test for protected export

* fix test for protected export

* address review comments

* remove automatic:true flag

tests, make show async

* wrap show around native promise to make await-able

fix types

fix types

typecheck

* add lsat support for Partner integration

* fix lint tests

* update tests

* add validations for isEligible merchant payload (#2459)

* fix validation logic

* fix typecheck

---------

Co-authored-by: Mervin Choun <[email protected]>
Co-authored-by: Brian Tedder <[email protected]>

Author: 3 people

Diff for: .eslintrc.js

@@ -18,6 +18,7 @@ module.exports = {
     __HOST__: true,
     __PATH__: true,
     __COMPONENTS__: true,
+    $Shape: true,
   },
 
   rules: {

Diff for: __sdk__.js

@@ -95,5 +95,6 @@ module.exports = {
   },
   "three-domain-secure": {
     entry: "./src/three-domain-secure/interface",
+    globals,
   },
 };

Diff for: src/constants/api.js

@@ -9,6 +9,7 @@ export const HEADERS = {
 
 export const ELIGIBLE_PAYMENT_METHODS = "v2/payments/find-eligible-methods";
 export const PAYMENT_3DS_VERIFICATION = "v2/payments/payment";
+export const AUTH = "/v1/oauth2/token";
 
 export const FPTI_TRANSITION = {
   SHOPPER_INSIGHTS_API_INIT: "sdk_shopper_insights_recommended_init",

Diff for: src/three-domain-secure/api.js

@@ -0,0 +1,143 @@
+/* @flow */
+import { ZalgoPromise } from "@krakenjs/zalgo-promise/src";
+import { request } from "@krakenjs/belter/src";
+import { getSessionID, getPartnerAttributionID } from "@paypal/sdk-client/src";
+
+import { callRestAPI } from "../lib";
+import { HEADERS } from "../constants/api";
+
+type HTTPRequestOptions = {|
+  // eslint-disable-next-line flowtype/no-weak-types
+  data: any,
+  baseURL?: string,
+  accessToken?: string,
+  method?: string, // TODO do we have an available type for this in Flow?
+|};
+
+interface HTTPClientType {
+  accessToken: ?string;
+  baseURL: ?string;
+}
+
+type HTTPClientOptions = {|
+  accessToken: ?string,
+  baseURL: ?string,
+|};
+
+export class HTTPClient implements HTTPClientType {
+  accessToken: ?string;
+  baseURL: ?string;
+
+  constructor(options?: $Shape<HTTPClientOptions> = {}) {
+    this.accessToken = options.accessToken;
+    this.baseURL = options.baseURL;
+  }
+
+  setAccessToken(token: string) {
+    this.accessToken = token;
+  }
+}
+
+export class RestClient extends HTTPClient {
+  request({ baseURL, ...rest }: HTTPRequestOptions): ZalgoPromise<{ ... }> {
+    return callRestAPI({
+      url: baseURL ?? this.baseURL ?? "",
+      accessToken: this.accessToken,
+      ...rest,
+    });
+  }
+  authRequest({
+    baseURL,
+    accessToken,
+    ...rest
+  }: HTTPRequestOptions): ZalgoPromise<{ ... }> {
+    return request({
+      method: "post",
+      url: baseURL ?? this.baseURL ?? "",
+      headers: {
+        // $FlowIssue
+        Authorization: `Basic ${accessToken}`,
+      },
+      ...rest,
+    }).then(({ body }) => {
+      if (body && body.error === "invalid_client") {
+        throw new Error(
+          `Auth Api invalid client id: \n\n${JSON.stringify(body, null, 4)}`
+        );
+      }
+
+      if (!body || !body.access_token) {
+        throw new Error(
+          `Auth Api response error:\n\n${JSON.stringify(body, null, 4)}`
+        );
+      }
+
+      return body.access_token;
+    });
+  }
+}
+
+const GRAPHQL_URI = "/graphql";
+
+type GQLQuery = {|
+  query: string,
+  variables: { ... },
+|};
+
+export function callGraphQLAPI({
+  accessToken,
+  baseURL,
+  data: query,
+  headers,
+}: {|
+  accessToken: ?string,
+  baseURL: string,
+  data: GQLQuery,
+  headers: Object, // TODO fix
+  // eslint-disable-next-line flowtype/no-weak-types
+|}): ZalgoPromise<any> {
+  if (!accessToken) {
+    throw new Error(
+      `No access token passed to GraphQL request ${baseURL}${GRAPHQL_URI}`
+    );
+  }
+
+  const requestHeaders = {
+    ...headers,
+    [HEADERS.AUTHORIZATION]: `Bearer ${accessToken}`,
+    [HEADERS.CONTENT_TYPE]: "application/json",
+    [HEADERS.PARTNER_ATTRIBUTION_ID]: getPartnerAttributionID() ?? "",
+    [HEADERS.CLIENT_METADATA_ID]: getSessionID(),
+  };
+
+  return request({
+    method: "post",
+    url: `${baseURL}${GRAPHQL_URI}`,
+    headers: requestHeaders,
+    json: query,
+  }).then(({ status, body }) => {
+    // TODO handle body.errors
+    if (status !== 200) {
+      throw new Error(`${baseURL}${GRAPHQL_URI} returned status ${status}`);
+    }
+
+    return body;
+  });
+}
+
+export class GraphQLClient extends HTTPClient {
+  request({
+    baseURL,
+    data,
+    accessToken,
+    headers,
+  }: // eslint-disable-next-line flowtype/no-weak-types
+  any): ZalgoPromise<any> {
+    return callGraphQLAPI({
+      accessToken: accessToken ?? this.accessToken,
+      data,
+      baseURL: baseURL ?? this.baseURL ?? "",
+      headers,
+    });
+  }
+}

Diff for: src/three-domain-secure/api.test.js

@@ -0,0 +1,148 @@
+/* @flow */
+import { describe, expect, vi } from "vitest";
+import { request } from "@krakenjs/belter/src";
+
+import { callRestAPI } from "../lib";
+import { HEADERS } from "../constants/api";
+
+import { RestClient, callGraphQLAPI, HTTPClient } from "./api";
+
+vi.mock("@krakenjs/belter/src", async () => {
+  return {
+    ...(await vi.importActual("@krakenjs/belter/src")),
+    request: vi.fn(),
+  };
+});
+
+vi.mock("@paypal/sdk-client/src", async () => {
+  return {
+    ...(await vi.importActual("@paypal/sdk-client/src")),
+    getSessionID: () => "session_id_123",
+    getPartnerAttributionID: () => "partner_attr_123",
+  };
+});
+
+vi.mock("../lib", () => ({
+  callRestAPI: vi.fn(),
+}));
+
+describe("API", () => {
+  const accessToken = "access_token";
+  const baseURL = "http://test.paypal.com:port";
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+  describe("HTTPClient", () => {
+    it("should set access token and base url in constructor", () => {
+      const client = new HTTPClient({ accessToken, baseURL });
+      expect(client.accessToken).toBe(accessToken);
+      expect(client.baseURL).toBe(baseURL);
+    });
+
+    it("should set access token", () => {
+      const client = new HTTPClient();
+      client.setAccessToken(accessToken);
+      expect(client.accessToken).toBe(accessToken);
+    });
+  });
+
+  describe("RestClient", () => {
+    it("should make a REST API call with correct params", () => {
+      const data = { test: "data" };
+      const requestOptions = {
+        data,
+        baseURL,
+      };
+      const client = new RestClient({ accessToken });
+      client.request(requestOptions);
+      expect(callRestAPI).toHaveBeenCalledWith({
+        accessToken,
+        data,
+        url: baseURL,
+      });
+    });
+  });
+
+  describe("callGraphQLAPI", () => {
+    const query = '{ "test": "data" }';
+    const variables = { option: "param1" };
+    const gqlQuery = { query, variables };
+
+    const response = { data: { test: "data" } };
+
+    it("should throw error if no access token is provided", () => {
+      expect(() =>
+        callGraphQLAPI({
+          accessToken: null,
+          baseURL,
+          data: gqlQuery,
+          headers: {},
+        })
+      ).toThrowError(
+        new Error(
+          `No access token passed to GraphQL request ${baseURL}/graphql`
+        )
+      );
+    });
+
+    it("should make a GraphQL API call with correct params", () => {
+      vi.mocked(request).mockResolvedValue({
+        status: 200,
+        body: response,
+      });
+      callGraphQLAPI({
+        accessToken,
+        baseURL,
+        data: gqlQuery,
+        headers: {},
+      });
+      expect(request).toHaveBeenCalledWith({
+        method: "post",
+        url: `${baseURL}/graphql`,
+        headers: {
+          [HEADERS.AUTHORIZATION]: `Bearer ${accessToken}`,
+          [HEADERS.CONTENT_TYPE]: "application/json",
+          [HEADERS.PARTNER_ATTRIBUTION_ID]: "partner_attr_123",
+          [HEADERS.CLIENT_METADATA_ID]: "session_id_123",
+        },
+        json: gqlQuery,
+      });
+    });
+
+    it("should resolve with response body on success", async () => {
+      vi.mocked(request).mockResolvedValue({
+        status: 200,
+        body: response,
+      });
+      const resp = await callGraphQLAPI({
+        accessToken,
+        baseURL,
+        data: gqlQuery,
+        headers: {},
+      });
+      expect(resp).toEqual(response);
+    });
+
+    it("should throw error on error status", async () => {
+      const status = 400;
+      vi.mocked(request).mockResolvedValue({
+        status,
+        body: { message: "Something went wrong" },
+      });
+
+      try {
+        await callGraphQLAPI({
+          accessToken,
+          baseURL,
+          data: gqlQuery,
+          headers: {},
+        });
+      } catch (error) {
+        expect(error.message).toBe(
+          `${baseURL}/graphql returned status ${status}`
+        );
+      }
+    });
+  });
+});