MC-39895: PayPal PayflowPro redirect Parameter list format error

bubasuma · bubasuma · commit 42e255136946 · 2020-12-17T08:54:21.000-06:00
- Fix checkout with Credit Card (Payflow Pro) fails if billing address has special characters (&amp;, =)
diff --git a/app/code/Magento/Paypal/Model/Payflow/Service/Gateway.php b/app/code/Magento/Paypal/Model/Payflow/Service/Gateway.php
@@ -85,7 +85,8 @@ public function postRequest(DataObject $request, ConfigInterface $config)
         );
         $client->setConfig($clientConfig);
         $client->setMethod(\Zend_Http_Client::POST);
-        $client->setParameterPost($request->getData());
+        $requestData = $this->prepareRequestData($request->getData());
+        $client->setParameterPost($requestData);
         $client->setHeaders(
             [
                 'X-VPS-VIT-CLIENT-CERTIFICATION-ID' => '33baf5893fc2123d8b191d2d011b7fdc',
@@ -97,9 +98,7 @@ public function postRequest(DataObject $request, ConfigInterface $config)
 
         try {
             $response = $client->request();
-
-            $responseArray = [];
-            parse_str(strstr($response->getBody(), 'RESULT'), $responseArray);
+            $responseArray = $this->parseNVP(strstr($response->getBody(), 'RESULT'));
 
             $result->setData(array_change_key_case($responseArray, CASE_LOWER));
             $result->setData('result_code', $result->getData('result'));
@@ -115,7 +114,7 @@ public function postRequest(DataObject $request, ConfigInterface $config)
         } finally {
             $this->logger->debug(
                 [
-                    'request' => $request->getData(),
+                    'request' => $requestData,
                     'result' => $result->getData()
                 ],
                 (array)$config->getValue('getDebugReplacePrivateDataKeys'),
@@ -125,4 +124,63 @@ public function postRequest(DataObject $request, ConfigInterface $config)
 
         return $result;
     }
+
+    /**
+     * Add length tag to parameters name which contains special characters: =, &
+     *
+     * The length tag specifies the exact number of characters and spaces (number of bytes) that appear in the value
+     * eg ['COMPANYNAME[14]' => 'Ruff & Johnson')]
+     *
+     * @param array $data
+     * @return array
+     */
+    private function prepareRequestData(array $data): array
+    {
+        $requestData = [];
+        foreach ($data as $k => $v) {
+            if (strpos($v, '&') !== false || strpos($v, '=') !== false) {
+                $requestData[$k . '[' . strlen($v) . ']'] = $v;
+            } else {
+                $requestData[$k] = $v;
+            }
+        }
+        return $requestData;
+    }
+
+    /**
+     * Parse NVP string into array
+     *
+     * Use length tag (if present) to parse the key value.
+     *
+     * The length tag specifies the exact number of characters and spaces (number of bytes) that appear in the value
+     * e.g COMPANYNAME[14]=Ruff & Johnson
+     * e.g COMMENT1[7]=Level=5
+     *
+     * @param string $nvp
+     * @return array
+     */
+    private function parseNVP(string $nvp): array
+    {
+        $result = [];
+        while (strlen($nvp) > 0) {
+            $keyPos = strpos($nvp, '=');
+            if ($keyPos !== false) {
+                $key = substr($nvp, 0, $keyPos);
+                if (preg_match('/\[(\d+)]$/', $key, $keyParts)) {
+                    $valueLength = (int) $keyParts[1];
+                    $key = substr($key, 0, strpos($key, '['));
+                    $result[$key] = substr($nvp, $keyPos + 1, $valueLength);
+                    $valuePos = $keyPos + 1 + $valueLength;
+                } else {
+                    $valuePos = strpos($nvp, '&') ? strpos($nvp, '&') : strlen($nvp);
+                    $value = substr($nvp, $keyPos + 1, $valuePos - $keyPos - 1);
+                    $result[$key] = $value;
+                }
+                $nvp = substr($nvp, $valuePos + 1);
+            } else {
+                $nvp = '';
+            }
+        }
+        return $result;
+    }
 }
diff --git a/app/code/Magento/Paypal/Test/Unit/Model/Payflow/Service/GatewayTest.php b/app/code/Magento/Paypal/Test/Unit/Model/Payflow/Service/GatewayTest.php
@@ -17,27 +17,43 @@
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
+use ReflectionMethod;
+use Zend_Http_Client_Exception;
+use Zend_Http_Response;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class GatewayTest extends TestCase
 {
-    /** @var Gateway|MockObject */
-    protected $object;
-
-    /** @var ZendClientFactory|MockObject */
-    protected $httpClientFactoryMock;
-
-    /** @var Random|MockObject */
-    protected $mathRandomMock;
-
-    /** @var Logger|MockObject */
-    protected $loggerMock;
-
-    /** @var ZendClient|MockObject */
-    protected $zendClientMock;
-
+    /**
+     * @var Gateway|MockObject
+     */
+    private $object;
+
+    /**
+     * @var ZendClientFactory|MockObject
+     */
+    private $httpClientFactoryMock;
+
+    /**
+     * @var Random|MockObject
+     */
+    private $mathRandomMock;
+
+    /**
+     * @var Logger|MockObject
+     */
+    private $loggerMock;
+
+    /**
+     * @var ZendClient|MockObject
+     */
+    private $zendClientMock;
+
+    /**
+     * @inheritdoc
+     */
     protected function setUp(): void
     {
         $this->httpClientFactoryMock = $this->getMockBuilder(ZendClientFactory::class)
@@ -66,24 +82,28 @@ protected function setUp(): void
         );
     }
 
-    public function testPostRequestOk()
+    /**
+     * @param string $nvpResponse
+     * @param array $expectedResult
+     * @dataProvider postRequestOkDataProvider
+     */
+    public function testPostRequestOk(string $nvpResponse, array $expectedResult): void
     {
         $configMap = [
             ['getDebugReplacePrivateDataKeys', null, ['masked']],
             ['debug', null, true]
         ];
-        $expectedResponse = 'RESULT=0&RESPMSG=Approved&SECURETOKEN=8ZIaw2&SECURETOKENID=2481d53';
 
         /** @var ConfigInterface|MockObject $configInterfaceMock */
         $configInterfaceMock = $this->getMockBuilder(ConfigInterface::class)
             ->getMockForAbstractClass();
-        $zendResponseMock = $this->getMockBuilder(\Zend_Http_Response::class)
+        $zendResponseMock = $this->getMockBuilder(Zend_Http_Response::class)
             ->setMethods(['getBody'])
             ->disableOriginalConstructor()
             ->getMock();
         $zendResponseMock->expects(static::once())
             ->method('getBody')
-            ->willReturn($expectedResponse);
+            ->willReturn($nvpResponse);
         $this->zendClientMock->expects(static::once())
             ->method('request')
             ->willReturn($zendResponseMock);
@@ -98,8 +118,119 @@ public function testPostRequestOk()
 
         $result = $this->object->postRequest($object, $configInterfaceMock);
 
-        static::assertInstanceOf(DataObject::class, $result);
-        static::assertArrayHasKey('result_code', $result->getData());
+        static::assertEquals($expectedResult, $result->toArray());
+    }
+
+    /**
+     * @return array[]
+     */
+    public function postRequestOkDataProvider(): array
+    {
+        return [
+            [
+                'RESULT=0&RESPMSG=Approved&SECURETOKEN=9tl4MmP46NUadl9pwCKFgfQjA'
+                . '&SECURETOKENID=vVWBMSNb9j0SLlYw4AbqBnKmuogtzNNC',
+                [
+                    'result' => '0',
+                    'securetoken' => '9tl4MmP46NUadl9pwCKFgfQjA',
+                    'securetokenid' => 'vVWBMSNb9j0SLlYw4AbqBnKmuogtzNNC',
+                    'respmsg' => 'Approved',
+                    'result_code' => '0',
+                ]
+            ],
+            [
+                'RESULT=0&PNREF=A30A3A958244&RESPMSG=Approved&AUTHCODE=028PNI&AVSADDR=N&AVSZIP=N&HOSTCODE=A'
+                . '&PROCAVS=N&VISACARDLEVEL=12&TRANSTIME=2020-12-16 14:43:57&FIRSTNAME[4]=Joé'
+                . '&LASTNAME=O\'Reilly&COMPANYNAME[14]=Ruff & Johnson&COMMENT1[7]=Level=5'
+                . '&AMT=30.00&ACCT=1111&EXPDATE=1224&CARDTYPE=0&IAVS=N',
+                [
+                    'result' => '0',
+                    'pnref' => 'A30A3A958244',
+                    'respmsg' => 'Approved',
+                    'authcode' => '028PNI',
+                    'avsaddr' => 'N',
+                    'avszip' => 'N',
+                    'hostcode' => 'A',
+                    'procavs' => 'N',
+                    'visacardlevel' => '12',
+                    'transtime' => '2020-12-16 14:43:57',
+                    'firstname' => 'Joé',
+                    'lastname' => 'O\'Reilly',
+                    'companyname' => 'Ruff & Johnson',
+                    'comment1' => 'Level=5',
+                    'amt' => '30.00',
+                    'acct' => '1111',
+                    'expdate' => '1224',
+                    'cardtype' => '0',
+                    'iavs' => 'N',
+                    'result_code' => '0',
+                ]
+            ],
+        ];
+    }
+
+    /**
+     * @param array $requestData
+     * @param string $requestBody
+     * @dataProvider requestBodyDataProvider
+     */
+    public function testRequestBody(array $requestData, string $requestBody): void
+    {
+        $configMap = [
+            ['getDebugReplacePrivateDataKeys', null, ['masked']],
+            ['debug', null, true]
+        ];
+
+        /** @var ConfigInterface|MockObject $configInterfaceMock */
+        $configInterfaceMock = $this->getMockBuilder(ConfigInterface::class)
+            ->getMockForAbstractClass();
+        $zendResponseMock = $this->getMockBuilder(Zend_Http_Response::class)
+            ->setMethods(['getBody'])
+            ->disableOriginalConstructor()
+            ->getMock();
+        $zendResponseMock->expects(static::once())
+            ->method('getBody')
+            ->willReturn('RESULT=0&RESPMSG=Approved');
+        $this->zendClientMock->expects(static::once())
+            ->method('request')
+            ->willReturn($zendResponseMock);
+
+        $configInterfaceMock->expects(static::any())
+            ->method('getValue')
+            ->willReturnMap($configMap);
+        $this->loggerMock->expects(static::once())
+            ->method('debug');
+
+        $request = new DataObject($requestData);
+        $this->object->postRequest($request, $configInterfaceMock);
+        $method = new ReflectionMethod($this->zendClientMock, '_prepareBody');
+        $method->setAccessible(true);
+        $this->assertEquals($requestBody, $method->invoke($this->zendClientMock));
+    }
+
+    /**
+     * @return array[]
+     */
+    public function requestBodyDataProvider(): array
+    {
+        return [
+            [
+                [
+                    'companyname' => 'Ruff & Johnson',
+                    'comment1' => 'Level=5',
+                    'shiptofirstname' => 'Joé',
+                    'shiptolastname' => 'O\'Reilly',
+                    'shiptostreet' => '4659 Rainbow Road',
+                    'shiptocity' => 'Los Angeles',
+                    'shiptostate' => 'CA',
+                    'shiptozip' => '90017',
+                    'shiptocountry' => 'US',
+                ],
+                'companyname[14]=Ruff & Johnson&comment1[7]=Level=5&shiptofirstname=Joé&shiptolastname=O\'Reilly'
+                . '&shiptostreet=4659 Rainbow Road&shiptocity=Los Angeles&shiptostate=CA&shiptozip=90017'
+                . '&shiptocountry=US'
+            ]
+        ];
     }
 
     public function testPostRequestFail()
@@ -108,15 +239,15 @@ public function testPostRequestFail()
         /** @var ConfigInterface|MockObject $configInterfaceMock */
         $configInterfaceMock = $this->getMockBuilder(ConfigInterface::class)
             ->getMockForAbstractClass();
-        $zendResponseMock = $this->getMockBuilder(\Zend_Http_Response::class)
+        $zendResponseMock = $this->getMockBuilder(Zend_Http_Response::class)
             ->setMethods(['getBody'])
             ->disableOriginalConstructor()
             ->getMock();
         $zendResponseMock->expects(static::never())
             ->method('getBody');
         $this->zendClientMock->expects(static::once())
             ->method('request')
-            ->willThrowException(new \Zend_Http_Client_Exception());
+            ->willThrowException(new Zend_Http_Client_Exception());
 
         $object = new DataObject();
         $this->object->postRequest($object, $configInterfaceMock);
