[JB][OPS-13234] payments can be auth and captured (#26)

Author: barnesjake

app/uk/gov/hmrc/cardpaymentfrontend/connectors/CardPaymentConnector.scala

@@ -16,8 +16,9 @@
 
 package uk.gov.hmrc.cardpaymentfrontend.connectors
 
+import play.api.libs.json.{JsBoolean, Json}
 import uk.gov.hmrc.cardpaymentfrontend.config.AppConfig
-import uk.gov.hmrc.cardpaymentfrontend.models.cardpayment.CardPaymentInitiatePaymentResponse
+import uk.gov.hmrc.cardpaymentfrontend.models.cardpayment.{CardPaymentInitiatePaymentRequest, CardPaymentInitiatePaymentResponse}
 import uk.gov.hmrc.http.{HeaderCarrier, HttpResponse, StringContextOps}
 import uk.gov.hmrc.http.client.HttpClientV2
 import uk.gov.hmrc.http.HttpReads.Implicits._
@@ -31,15 +32,22 @@ class CardPaymentConnector @Inject() (appConfig: AppConfig, httpClientV2: HttpCl
 
   private val cardPaymentBaseUrl: URL = url"""${appConfig.cardPaymentBaseUrl}"""
   private val initiatePaymentUrl: URL = url"$cardPaymentBaseUrl/card-payment/initiate-payment"
-  private val authAndSettleUrl: URL = url"$cardPaymentBaseUrl/card-payment/auth-and-settle"
+  private val checkPaymentStatusUrl: String => URL = (transactionNumber: String) => url"$cardPaymentBaseUrl/card-payment/payment-status/$transactionNumber"
+  private val authAndSettleUrl: String => URL = (transactionNumber: String) => url"$cardPaymentBaseUrl/card-payment/auth-and-settle/$transactionNumber"
 
-  def initiatePayment()(implicit headerCarrier: HeaderCarrier): Future[CardPaymentInitiatePaymentResponse] =
+  def initiatePayment(cardPaymentInitiatePaymentRequest: CardPaymentInitiatePaymentRequest)(implicit headerCarrier: HeaderCarrier): Future[CardPaymentInitiatePaymentResponse] =
     httpClientV2
       .post(initiatePaymentUrl)
+      .withBody(Json.toJson(cardPaymentInitiatePaymentRequest))
       .execute[CardPaymentInitiatePaymentResponse]
 
-  def authAndSettle()(implicit headerCarrier: HeaderCarrier): Future[HttpResponse] =
+  def checkPaymentStatus(transactionNumber: String)(implicit headerCarrier: HeaderCarrier): Future[JsBoolean] =
     httpClientV2
-      .post(authAndSettleUrl)
+      .get(checkPaymentStatusUrl(transactionNumber))
+      .execute[JsBoolean]
+
+  def authAndSettle(transactionNumber: String)(implicit headerCarrier: HeaderCarrier): Future[HttpResponse] =
+    httpClientV2
+      .post(authAndSettleUrl(transactionNumber))
       .execute[HttpResponse]
 }

app/uk/gov/hmrc/cardpaymentfrontend/connectors/PayApiConnector.scala

@@ -18,7 +18,9 @@ package uk.gov.hmrc.cardpaymentfrontend.connectors
 
 import com.google.inject.Inject
 import payapi.cardpaymentjourney.model.journey.{Journey, JourneySpecificData}
+import play.api.libs.json.Json
 import uk.gov.hmrc.cardpaymentfrontend.config.AppConfig
+import uk.gov.hmrc.cardpaymentfrontend.models.payapi.{BeginWebPaymentRequest, FailWebPaymentRequest, SucceedWebPaymentRequest}
 import uk.gov.hmrc.http.HeaderCarrier
 import uk.gov.hmrc.http.StringContextOps
 import uk.gov.hmrc.http.client.HttpClientV2
@@ -33,11 +35,37 @@ class PayApiConnector @Inject() (appConfig: AppConfig, httpClientV2: HttpClientV
 
   private val findBySessionIdUrl: URL = url"""${appConfig.payApiBaseUrl}/pay-api/journey/find-latest-by-session-id"""
 
-  def findLatestJourneyBySessionId()(implicit hc: HeaderCarrier): Future[Option[Journey[JourneySpecificData]]] = {
+  def findLatestJourneyBySessionId()(implicit headerCarrier: HeaderCarrier): Future[Option[Journey[JourneySpecificData]]] = {
     for {
-      _ <- Future(require(hc.sessionId.isDefined, "Missing required 'SessionId'"))
+      _ <- Future(require(headerCarrier.sessionId.isDefined, "Missing required 'SessionId'"))
       maybeJourneyResult <- httpClientV2.get(findBySessionIdUrl).execute[Option[Journey[JourneySpecificData]]]
     } yield maybeJourneyResult
   }
 
+  object JourneyUpdates {
+
+    def updateBeginWebPayment(journeyId: String, beginWebPaymentRequest: BeginWebPaymentRequest)(implicit headerCarrier: HeaderCarrier): Future[Unit] =
+      httpClientV2
+        .put(url"""${appConfig.payApiBaseUrl}/pay-api/journey/$journeyId/update/begin-web-payment""")
+        .withBody(Json.toJson(beginWebPaymentRequest))
+        .execute[Unit]
+
+    def updateSucceedWebPayment(journeyId: String, succeedWebPaymentRequest: SucceedWebPaymentRequest)(implicit headerCarrier: HeaderCarrier): Future[Unit] =
+      httpClientV2
+        .put(url"""${appConfig.payApiBaseUrl}/pay-api/journey/$journeyId/update/succeed-web-payment""")
+        .withBody(Json.toJson(succeedWebPaymentRequest))
+        .execute[Unit]
+
+    def updateCancelWebPayment(journeyId: String)(implicit headerCarrier: HeaderCarrier): Future[Unit] =
+      httpClientV2
+        .put(url"""${appConfig.payApiBaseUrl}/pay-api/journey/$journeyId/update/cancel-web-payment""")
+        .execute[Unit]
+
+    def updateFailWebPayment(journeyId: String, failWebPaymentRequest: FailWebPaymentRequest)(implicit headerCarrier: HeaderCarrier): Future[Unit] =
+      httpClientV2
+        .put(url"""${appConfig.payApiBaseUrl}/pay-api/journey/$journeyId/update/fail-web-payment""")
+        .withBody(Json.toJson(failWebPaymentRequest))
+        .execute[Unit]
+  }
+
 }

app/uk/gov/hmrc/cardpaymentfrontend/controllers/CheckYourAnswersController.scala

@@ -18,12 +18,13 @@ package uk.gov.hmrc.cardpaymentfrontend.controllers
 
 import play.api.mvc.{Action, AnyContent, MessagesControllerComponents}
 import uk.gov.hmrc.cardpaymentfrontend.actions.{Actions, JourneyRequest}
-import uk.gov.hmrc.cardpaymentfrontend.connectors.CardPaymentConnector
-import uk.gov.hmrc.cardpaymentfrontend.models.CheckYourAnswersRow
+import uk.gov.hmrc.cardpaymentfrontend.models.{Address, CheckYourAnswersRow, EmailAddress}
 import uk.gov.hmrc.cardpaymentfrontend.models.CheckYourAnswersRow.summarise
 import uk.gov.hmrc.cardpaymentfrontend.models.extendedorigins.ExtendedOrigin
 import uk.gov.hmrc.cardpaymentfrontend.models.extendedorigins.ExtendedOrigin.OriginExtended
 import uk.gov.hmrc.cardpaymentfrontend.requests.RequestSupport
+import uk.gov.hmrc.cardpaymentfrontend.services.CardPaymentService
+import uk.gov.hmrc.cardpaymentfrontend.session.JourneySessionSupport._
 import uk.gov.hmrc.cardpaymentfrontend.views.html.CheckYourAnswersPage
 import uk.gov.hmrc.govukfrontend.views.Aliases.SummaryList
 import uk.gov.hmrc.govukfrontend.views.viewmodels.summarylist.SummaryListRow
@@ -36,7 +37,7 @@ import scala.concurrent.ExecutionContext
 @Singleton()
 class CheckYourAnswersController @Inject() (
     actions:              Actions,
-    cardPaymentConnector: CardPaymentConnector, //todo introduce a service layer maybe
+    cardPaymentService:   CardPaymentService,
     checkYourAnswersPage: CheckYourAnswersPage,
     mcc:                  MessagesControllerComponents,
     requestSupport:       RequestSupport
@@ -65,9 +66,13 @@ class CheckYourAnswersController @Inject() (
     Ok(checkYourAnswersPage(SummaryList(summaryListRows)))
   }
 
-  def submit: Action[AnyContent] = actions.journeyAction.async { implicit request: JourneyRequest[AnyContent] =>
-    cardPaymentConnector
-      .initiatePayment()(requestSupport.hc)
+  def submit: Action[AnyContent] = actions.journeyAction.async { implicit journeyRequest: JourneyRequest[AnyContent] =>
+    cardPaymentService
+      .initiatePayment(
+        journey               = journeyRequest.journey,
+        addressFromSession    = journeyRequest.readFromSession[Address](journeyRequest.journeyId, Keys.address).getOrElse(throw new RuntimeException("We can't process a card payment without the billing address.")),
+        maybeEmailFromSession = journeyRequest.readFromSession[EmailAddress](journeyRequest.journeyId, Keys.email)
+      )(requestSupport.hc, journeyRequest.request)
       .map { cardPaymentInitiatePaymentResponse =>
         Redirect(routes.PaymentStatusController.showIframe(RedirectUrl(cardPaymentInitiatePaymentResponse.redirectUrl)))
       }

app/uk/gov/hmrc/cardpaymentfrontend/controllers/PaymentStatusController.scala

@@ -20,24 +20,27 @@ import play.api.mvc.{Action, AnyContent, MessagesControllerComponents, Result}
 import uk.gov.hmrc.cardpaymentfrontend.actions.Actions
 import uk.gov.hmrc.cardpaymentfrontend.config.AppConfig
 import uk.gov.hmrc.cardpaymentfrontend.requests.RequestSupport
+import uk.gov.hmrc.cardpaymentfrontend.services.CardPaymentService
 import uk.gov.hmrc.cardpaymentfrontend.views.html.iframe.{IframeContainerPage, RedirectToParentPage}
+import uk.gov.hmrc.http.{HeaderCarrier, HttpResponse}
 import uk.gov.hmrc.play.bootstrap.binders.RedirectUrl.idFunctor
 import uk.gov.hmrc.play.bootstrap.binders.RedirectUrlPolicy.Id
 import uk.gov.hmrc.play.bootstrap.binders.{AbsoluteWithHostnameFromAllowlist, RedirectUrl, RedirectUrlPolicy}
 import uk.gov.hmrc.play.bootstrap.frontend.controller.FrontendController
 
 import javax.inject.{Inject, Singleton}
-import scala.concurrent.Future
+import scala.concurrent.{ExecutionContext, Future}
 
 @Singleton()
 class PaymentStatusController @Inject() (
-    actions:          Actions,
-    appConfig:        AppConfig,
-    mcc:              MessagesControllerComponents,
-    requestSupport:   RequestSupport,
-    iframeContainer:  IframeContainerPage,
-    redirectToParent: RedirectToParentPage
-) extends FrontendController(mcc) {
+    actions:            Actions,
+    appConfig:          AppConfig,
+    cardPaymentService: CardPaymentService,
+    mcc:                MessagesControllerComponents,
+    requestSupport:     RequestSupport,
+    iframeContainer:    IframeContainerPage,
+    redirectToParent:   RedirectToParentPage
+)(implicit executionContext: ExecutionContext) extends FrontendController(mcc) {
 
   import requestSupport._
 
@@ -48,7 +51,7 @@ class PaymentStatusController @Inject() (
     iframeUrl
       .getEither[Id](redirectUrlPolicy)
       .fold[Result](
-        _ => BadRequest("Bad url"),
+        _ => BadRequest("Bad url provided that doesn't match the redirect policy. Check allow list if this is not expected."),
         safeUrl => Ok(iframeContainer(safeUrl.url))
       )
   }
@@ -58,8 +61,28 @@ class PaymentStatusController @Inject() (
   }
 
   //todo append something to the return url so we can extract/work out the session/journey - are we allowed to do this or do we use session?
-  def paymentStatus(transactionReference: String): Action[AnyContent] = actions.default.async { _ =>
-    Future.successful(Ok(s"We're back from the iframe!\nNow we need to just do the check payment status bit and auth and settle. ${transactionReference}"))
+  def paymentStatus(traceId: String): Action[AnyContent] = actions.journeyAction.async { implicit journeyRequest =>
+    implicit val hc: HeaderCarrier = requestSupport.hc
+    val transactionRefFromJourney: Option[String] = journeyRequest.journey.order.map(_.transactionReference.value)
+    for {
+      paymentStatus <- cardPaymentService.checkPaymentStatus(transactionRefFromJourney.getOrElse(throw new RuntimeException("Could not find transaction ref, pay-api probably didn't update.")))
+      authAndCaptureResult <- maybeAuthAndSettleResult(transactionRefFromJourney, paymentStatus.value)
+    } yield Ok(
+      s"""We're back from the iframe!\n""" +
+        s"""traceId: $traceId\n""" +
+        s"""we now need to update the journey in pay-api with the completed payment info\n""" +
+        s"""CheckPaymentStatus response:\n${paymentStatus.value.toString}\n\n""" +
+        s"""authAndSettle response:\n${authAndCaptureResult.body}\n\n"""
+    )
+  }
+
+  //todo in future, lets check the result json and redirect accordingly. (i.e. if it's failed etc)
+  private def maybeAuthAndSettleResult(transactionRefFromJourney: Option[String], shouldAuthAndSettle: Boolean)(implicit headerCarrier: HeaderCarrier): Future[HttpResponse] = {
+    if (shouldAuthAndSettle) {
+      cardPaymentService.authAndSettle(transactionRefFromJourney.getOrElse(throw new RuntimeException("Could not find transaction ref, therefore we can't auth and settle.")))
+    } else {
+      Future.successful(HttpResponse.apply(500, "Cannot auth and capture when status is not acceptable. We should redirect accordingly."))
+    }
   }
 
 }

app/uk/gov/hmrc/cardpaymentfrontend/forms/AddressForm.scala

@@ -46,8 +46,8 @@ object AddressForm {
       "county" -> optional(text.transform[String](_.trim, identity)
         .verifying(maxLength(60))
         .verifying(emojiConstraint("county", "address.field-name.error.invalid.char"))),
-      "postcode" -> of(postcodeFormatter),
-      "country" -> text.verifying(countryConstraint)
+      "postCode" -> of(postCodeFormatter),
+      "countryCode" -> text.verifying(countryConstraint)
     )(Address.apply)(Address.unapply)
   )
 
@@ -66,20 +66,20 @@ object AddressForm {
 
   }
 
-  def countryConstraint: Constraint[String] = Constraint[String]("constraint.country") { o =>
-    if (o.isBlank) Invalid(ValidationError("address.field-name.error.required.country")) else if (o.trim.isEmpty) Invalid(ValidationError("address.field-name.error.required.country")) else Valid
+  def countryConstraint: Constraint[String] = Constraint[String]("constraint.countryCode") { o =>
+    if (o.isBlank) Invalid(ValidationError("address.field-name.error.required.countryCode")) else if (o.trim.isEmpty) Invalid(ValidationError("address.field-name.error.required.countryCode")) else Valid
   }
 
-  val postcodeFormatter: Formatter[String] = new Formatter[String] {
+  val postCodeFormatter: Formatter[String] = new Formatter[String] {
 
     override def bind(key: String, data: Map[String, String]): Either[Seq[FormError], String] = {
       // for accessibility, we need to allow users to enter spaces anywhere in postcode, we strip them to assert the postcode matches the regex, then use what the user entered.
-      val postCode: String = data("postcode").filterNot(_.isWhitespace)
-      val selectedCountryIsGBR: Boolean = data("country").matches("GBR")
+      val postCode: String = data("postCode").filterNot(_.isWhitespace)
+      val selectedCountryIsGBR: Boolean = data("countryCode").matches("GBR")
       if (selectedCountryIsGBR && postCode.isEmpty)
-        Left(Seq(FormError("postcode", "address.field-name.error.empty.postcode")))
+        Left(Seq(FormError("postCode", "address.field-name.error.empty.postCode")))
       else if (selectedCountryIsGBR && !postCode.matches(ukPostcodeRegex.regex))
-        Left(Seq(FormError("postcode", "address.field-name.error.invalid.postcode")))
+        Left(Seq(FormError("postCode", "address.field-name.error.invalid.postCode")))
       else
         Right(postCode)
     }

app/uk/gov/hmrc/cardpaymentfrontend/models/Address.scala

@@ -19,12 +19,12 @@ package uk.gov.hmrc.cardpaymentfrontend.models
 import play.api.libs.json.{Json, OFormat}
 
 final case class Address(
-    line1:    String,
-    line2:    Option[String] = None,
-    city:     Option[String] = None,
-    county:   Option[String] = None,
-    postcode: String,
-    country:  String
+    line1:       String,
+    line2:       Option[String] = None,
+    city:        Option[String] = None,
+    county:      Option[String] = None,
+    postCode:    String,
+    countryCode: String
 ) {
   def hasSelect(maybeString: Option[String]): Boolean = {
     maybeString match {
@@ -37,7 +37,7 @@ final case class Address(
 
   // For UK (GBR) addresses only, replace counties containing variations on Select with None.
   def sanitiseCounty(): Address =
-    if (country.matches("GBR") && hasSelect(this.county)) this.copy (county = None)
+    if (countryCode.matches("GBR") && hasSelect(this.county)) this.copy (county = None)
     else this
 }
 

app/uk/gov/hmrc/cardpaymentfrontend/models/cardpayment/CardPaymentInitiatePaymentRequest.scala

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2025 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.gov.hmrc.cardpaymentfrontend.models.cardpayment
+
+import payapi.corcommon.model.AmountInPence
+import play.api.libs.json.{Format, Json}
+import uk.gov.hmrc.cardpaymentfrontend.models.{Address, EmailAddress}
+
+final case class CardPaymentInitiatePaymentRequest(
+    redirectUrl:         String,
+    clientId:            String, //or merchant id, i.e. SAEE etc
+    purchaseDescription: String, // i.e. tax reference
+    purchaseAmount:      AmountInPence, //in pennies
+    billingAddress:      Address,
+    emailAddress:        Option[EmailAddress]
+)
+
+object CardPaymentInitiatePaymentRequest {
+  @SuppressWarnings(Array("org.wartremover.warts.Any"))
+  implicit val format: Format[CardPaymentInitiatePaymentRequest] = Json.format[CardPaymentInitiatePaymentRequest]
+}

app/uk/gov/hmrc/cardpaymentfrontend/models/extendedorigins/ExtendedBtaSa.scala

@@ -84,7 +84,7 @@ object ExtendedBtaSa extends ExtendedOrigin {
       CheckYourAnswersRow(
         "btasa.address.title",
         maybeAddress match {
-          case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postcode, addr.country).filter(_.nonEmpty)
+          case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postCode, addr.countryCode).filter(_.nonEmpty)
           case None       => Seq.empty
         },
         Some(Link(

app/uk/gov/hmrc/cardpaymentfrontend/models/extendedorigins/ExtendedItSa.scala

@@ -85,7 +85,7 @@ object ExtendedItSa extends ExtendedOrigin {
     val addressRow = CheckYourAnswersRow(
       "itsa.address.title",
       maybeAddress match {
-        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postcode, addr.country).filter(_.nonEmpty)
+        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postCode, addr.countryCode).filter(_.nonEmpty)
         case None       => Seq.empty
       },
       Some(Link(

app/uk/gov/hmrc/cardpaymentfrontend/models/extendedorigins/ExtendedOrigin.scala

@@ -105,7 +105,7 @@ trait ExtendedOrigin {
       addressFromSession.line2.getOrElse(""),
       addressFromSession.city.getOrElse(""),
       addressFromSession.county.getOrElse(""),
-      addressFromSession.postcode
+      addressFromSession.postCode
     ).filter(_.nonEmpty)
 
     Some(CheckYourAnswersRow(

app/uk/gov/hmrc/cardpaymentfrontend/models/extendedorigins/ExtendedPfSa.scala

@@ -62,7 +62,8 @@ object ExtendedPfSa extends ExtendedOrigin {
     val addressRow = CheckYourAnswersRow(
       titleMessageKey = "PfSa.address.title",
       value           = maybeAddress match {
-        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postcode, addr.country).filter(_.nonEmpty)
+        //todo, we're doing the same thing over and over, lets write this once and reuse.
+        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postCode, addr.countryCode).filter(_.nonEmpty)
         case None       => Seq.empty
       },
       changeLink      = Some(Link(

app/uk/gov/hmrc/cardpaymentfrontend/models/extendedorigins/ExtendedPtaSa.scala

@@ -68,7 +68,7 @@ object ExtendedPtaSa extends ExtendedOrigin {
     val addressRow = CheckYourAnswersRow(
       "ptasa.address.title",
       maybeAddress match {
-        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postcode, addr.country).filter(_.nonEmpty)
+        case Some(addr) => Seq(addr.line1, addr.line2.getOrElse(""), addr.city.getOrElse(""), addr.county.getOrElse(""), addr.postCode, addr.countryCode).filter(_.nonEmpty)
         case None       => Seq.empty
       },
       Some(Link(

app/uk/gov/hmrc/cardpaymentfrontend/models/payapi/BeginWebPaymentRequest.scala

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2025 HM Revenue & Customs
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.gov.hmrc.cardpaymentfrontend.models.payapi
+
+import play.api.libs.json.{Json, OFormat}
+
+//todo should we use types from cor? I'd rather not to stop being tied to it.
+final case class BeginWebPaymentRequest(
+    transactionReference: String,
+    iFrameUrl:            String
+)
+
+object BeginWebPaymentRequest {
+  @SuppressWarnings(Array("org.wartremover.warts.Any"))
+  implicit val formats: OFormat[BeginWebPaymentRequest] = Json.format
+}