Implement ownership validation

msaggiorato · msaggiorato · commit 2022f5f7aef5 · 2021-01-23T15:28:49.000-03:00
diff --git a/assets/js/amazon-wc-checkout.js b/assets/js/amazon-wc-checkout.js
@@ -78,6 +78,58 @@
 			}
 		}
 
+		function is_blocked( $node ) {
+			return $node.is( '.processing' ) || $node.parents( '.processing' ).length;
+		}
+
+		function block( $node ) {
+			if ( ! is_blocked( $node ) ) {
+				$node.addClass( 'processing' ).block( {
+					message: null,
+					overlayCSS: {
+						background: '#fff',
+						opacity: 0.6
+					}
+				} );
+			}
+		}
+
+		function unblock( $node ) {
+			$node.removeClass( 'processing' ).unblock();
+		}
+
+		function sendConfirmationCode( e ) {
+			var $this = $( this );
+			e.preventDefault();
+
+			if ( $this.data( 'sending' ) ) {
+				return;
+			}
+
+			$this.data( 'sending', true );
+
+			var $thisArea = $this.parents('.create-account');
+
+			block( $thisArea );
+
+			$.ajax(
+				{
+					type: 'post',
+					url: $this.prop( 'href' ),
+					success: function( result ) {
+						unblock( $thisArea );
+						$this.data( 'sending', false );
+						// TODO: Maybe display some feedback
+					},
+					error:	function( jqXHR, textStatus, errorThrown ) {
+						unblock( $thisArea );
+						$this.data( 'sending', false );
+						// TODO: Maybe display some feedback about what went wrong?
+					}
+				}
+			);
+		}
+
 		function initAmazonPaymentFields() {
 			if ( ! isAmazonCheckout() ) {
 				return;
@@ -103,6 +155,8 @@
 				$( '.woocommerce-shipping-fields' ).insertBefore( '#payment' );
 			}
 			$( '.woocommerce-additional-fields' ).insertBefore( '#payment' );
+
+			$( '.wc-apa-send-confirm-ownership-code' ).on( 'click', sendConfirmationCode );
 		}
 
 		initAmazonPaymentFields();
diff --git a/includes/class-wc-gateway-amazon-payments-advanced.php b/includes/class-wc-gateway-amazon-payments-advanced.php
@@ -259,9 +259,83 @@ public function handle_account_registration( $customer_id ) {
 			}
 		}
 
+		if ( $customer_id ) { // Already registered, or logged in. Return normally
+			return $customer_id;
+		}
+
+		// FROM: WC_Checkout->process_customer
+		if ( ! is_user_logged_in() && ( $checkout->is_registration_required() || ! empty( $data['createaccount'] ) ) ) {
+
+			if ( isset( $data['amazon_validate'] ) ) {
+				$checkout_session = $this->get_checkout_session();
+				$buyer_id = $checkout_session->buyer->buyerId;
+				$buyer_email = $checkout_session->buyer->email;
+
+				$buyer_user_id = $this->get_customer_id_from_buyer( $buyer_id );
+
+				if ( is_user_logged_in() ) {
+					return; // We shouldn't be here anyways
+				}
+
+				if ( $buyer_user_id ) {
+					return; // We shouldn't be here anyways
+				}
+				$user_id = email_exists( $buyer_email );
+				if ( ! $user_id ) {
+					return; // We shouldn't be here anyways
+				}
+
+				$code = get_user_meta( $user_id, 'wc_apa_ownership_verification_code', true );
+				if ( empty( $code ) ) {
+					throw new Exception( __( 'You have to send yourself a code before attempting to claim an account. If you want, you can continue as guest.', 'woocommerce-gateway-amazon-payments-advanced' ) );
+				}
+
+				if ( empty( $data['amazon_validate'] ) ) {
+					throw new Exception( __( 'You did not enter the code to validate your account. If you want, you can continue as guest.', 'woocommerce-gateway-amazon-payments-advanced' ) );
+				}
+
+				if ( $code !== $data['amazon_validate'] ) { // TODO: Rotate code after 5 failed attempts
+					throw new Exception( __( 'The code you entered did not match. Try again, or continue as guest.', 'woocommerce-gateway-amazon-payments-advanced' ) );
+				}
+
+				$customer_id = $user_id;
+
+				$this->set_customer_id_for_buyer( $buyer_id, $customer_id );
+
+				delete_user_meta( $user_id, 'wc_apa_ownership_verification_code' );
+			}
+
+			wc_set_customer_auth_cookie( $customer_id );
+
+			// As we are now logged in, checkout will need to refresh to show logged in data.
+			WC()->session->set( 'reload_checkout', true );
+
+			// Also, recalculate cart totals to reveal any role-based discounts that were unavailable before registering.
+			WC()->cart->calculate_totals();
+		}
+
 		return $customer_id;
 	}
 
+	public function get_amazon_validate_ownership_url() {
+		return add_query_arg(
+			array(
+				'amazon_payments_advanced'  => 'true',
+				'amazon_validate_ownership' => 'true',
+			),
+			get_permalink( wc_get_page_id( 'checkout' ) )
+		);
+	}
+
+	public function print_validate_button( $html, $key, $field, $value ) {
+		$html  = '<p class="form-row" id="amazon_validate_notice_field" data-priority="">';
+		$html .= __( 'An account with your Amazon Pay email address exists already. Is that you?', 'woocommerce-gateway-amazon-payments-advanced' );
+		$html .= ' ';
+		$html .= sprintf( __( 'Click %shere%s to send a code to your email, which will help you validate the ownership of the account.', 'woocommerce-gateway-amazon-payments-advanced' ), '<a href="' . esc_url( $this->get_amazon_validate_ownership_url() ) . '" class="wc-apa-send-confirm-ownership-code" target="_blank">', '</a>' );
+		$html .= '</p>';
+		return $html;
+	}
+
 	public function checkout_init( $checkout ) {
 
 		/**
@@ -282,6 +356,7 @@ public function checkout_init( $checkout ) {
 		}
 
 		add_action( 'woocommerce_checkout_process', array( $this, 'signal_account_hijack' ) );
+		add_filter( 'woocommerce_form_field_amazon_validate_notice', array( $this, 'print_validate_button' ), 10, 4 );
 
 		// If all prerequisites are meet to be an amazon checkout.
 		do_action( 'woocommerce_amazon_checkout_init' );
@@ -389,6 +464,52 @@ public function maybe_handle_apa_action() {
 			exit;
 		}
 
+		if ( isset( $_GET['amazon_validate_ownership'] ) && $this->is_logged_in() ) {
+			$checkout_session = $this->get_checkout_session();
+			$buyer_id = $checkout_session->buyer->buyerId;
+			$buyer_email = $checkout_session->buyer->email;
+
+			$buyer_user_id = $this->get_customer_id_from_buyer( $buyer_id );
+
+			if ( is_user_logged_in() ) {
+				return; // We shouldn't be here anyways
+			}
+
+			if ( $buyer_user_id ) {
+				return; // We shouldn't be here anyways
+			}
+			$user_id = email_exists( $buyer_email );
+			if ( ! $user_id ) {
+				return; // We shouldn't be here anyways
+			}
+
+			$subject = 'Link your account with Amazon Pay';
+			$code    = wp_rand( 1111, 9999 );
+			update_user_meta( $user_id, 'wc_apa_ownership_verification_code', $code );
+
+			$mailer  = WC()->mailer();
+
+			// Buffer.
+			ob_start();
+
+			do_action( 'woocommerce_email_header', $subject, null );
+
+			?>
+			<p><?php esc_html_e( 'It seems that someone is trying to make an order on your behalf. If that is the case, please use the code below to link your Amazon Pay account to your account upon checkout.', 'woocommerce' ); ?></p>
+			<p style="vertical-align: top; word-wrap: break-word; -ms-hyphens: none; hyphens: none; border-collapse: collapse; -moz-hyphens: none; -webkit-hyphens: none; color: #222222; font-family: Lato, Arial, sans-serif; font-weight: normal; letter-spacing: 10px; line-height: 2; font-size: 48px; text-align: center;"><?php echo esc_html( $code ); ?></p>
+			<p><?php esc_html_e( 'If this is not you, you can ignore this message.', 'woocommerce' ); ?></p>
+			<?php
+
+			do_action( 'woocommerce_email_footer', null );
+
+			// Get contents.
+			$message = ob_get_clean();
+
+			$mailer->send( $buyer_email, wp_strip_all_tags( $subject ), $message );
+
+			exit;
+		}
+
 	}
 
 	protected function get_checkout_session_id() {
@@ -502,6 +623,25 @@ public function hijack_checkout_fields( $checkout ) {
 	 * @param WC_Checkout $checkout WC_Checkout instance.
 	 */
 	protected function hijack_checkout_field_account( $checkout ) {
+		if ( is_user_logged_in() ) {
+			return; // There's nothing to do here if the user is logged in
+		}
+
+		$checkout_session = $this->get_checkout_session();
+		$buyer_id = $checkout_session->buyer->buyerId;
+		$buyer_email = $checkout_session->buyer->email;
+
+		$buyer_user_id = $this->get_customer_id_from_buyer( $buyer_id );
+
+		if ( $buyer_user_id ) {
+			return; // We shouldn't be here anyways
+		}
+
+		$user_id = email_exists( $buyer_email );
+		if ( ! $user_id ) {
+			return; // We shouldn't be here anyways
+		}
+
 		/**
 		 * WC 3.0 changes a bit a way to retrieve fields.
 		 *
@@ -511,17 +651,17 @@ protected function hijack_checkout_field_account( $checkout ) {
 			? $checkout->get_checkout_fields()
 			: $checkout->checkout_fields;
 
-		/**
-		 * Before 3.0.0, account fields may not set at all if guest checkout is
-		 * disabled with account and password generated automatically.
-		 *
-		 * @see https://github.com/woocommerce/woocommerce/blob/2.6.14/includes/class-wc-checkout.php#L92-L132
-		 * @see https://github.com/woocommerce/woocommerce/blob/master/includes/class-wc-checkout.php#L187-L197
-		 * @see https://github.com/woocommerce/woocommerce-gateway-amazon-payments-advanced/issues/228
-		 */
-		$checkout_fields['account'] = ! empty( $checkout_fields['account'] )
-			? $checkout_fields['account']
-			: array();
+		$checkout_fields['account'] = array();
+
+		$checkout_fields['account']['amazon_validate_notice'] = array(
+			'type' => 'amazon_validate_notice',
+		);
+
+		$checkout_fields['account']['amazon_validate'] = array(
+			'type'        => 'text',
+			'label'       => __( 'Verification Code', 'woocommerce-gateway-amazon-payments-advanced' ),
+			'required'    => true,
+		);
 
 		$checkout->checkout_fields = $checkout_fields;
 	}
