Files
shuffle_and_skirmish_website/wp-content/plugins/woocommerce-payments/includes/express-checkout/class-wc-payments-express-checkout-ajax-handler.php
2025-11-24 21:33:55 +00:00

537 lines
19 KiB
PHP

<?php
/**
* Class WC_Payments_Express_Checkout_Ajax_Handler
*
* @package WooCommerce\Payments
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
use WCPay\Constants\Country_Code;
use WCPay\Exceptions\Invalid_Price_Exception;
use WCPay\Logger;
/**
* WC_Payments_Express_Checkout_Ajax_Handler class.
*/
class WC_Payments_Express_Checkout_Ajax_Handler {
/**
* WC_Payments_Express_Checkout_Button_Helper instance.
*
* @var WC_Payments_Express_Checkout_Button_Helper
*/
private $express_checkout_button_helper;
/**
* Constructor.
*
* @param WC_Payments_Express_Checkout_Button_Helper $express_checkout_button_helper Express checkout button helper.
*/
public function __construct( WC_Payments_Express_Checkout_Button_Helper $express_checkout_button_helper ) {
$this->express_checkout_button_helper = $express_checkout_button_helper;
}
/**
* Initialize hooks.
*
* @return void
*/
public function init() {
if ( function_exists( 'woocommerce_store_api_register_update_callback' ) ) {
woocommerce_store_api_register_update_callback(
[
'namespace' => 'woopayments/express-checkout/refresh-ui',
// do nothing, this callback is needed just to refresh the UI.
'callback' => '__return_null',
]
);
}
add_action(
'woocommerce_store_api_checkout_update_order_from_request',
[
$this,
'tokenized_cart_set_payment_method_type',
],
10,
2
);
add_filter( 'rest_pre_dispatch', [ $this, 'tokenized_cart_store_api_address_normalization' ], 10, 3 );
add_filter( 'woocommerce_get_country_locale', [ $this, 'modify_country_locale_for_express_checkout' ], 20 );
}
/**
* Adds the current product to the cart. Used on product detail page.
*/
public function ajax_add_to_cart() {
check_ajax_referer( 'wcpay-add-to-cart', 'security' );
if ( ! defined( 'WOOCOMMERCE_CART' ) ) {
define( 'WOOCOMMERCE_CART', true );
}
WC()->shipping->reset_shipping();
$product_id = isset( $_POST['product_id'] ) ? absint( $_POST['product_id'] ) : false;
$product = wc_get_product( $product_id );
if ( ! $product ) {
wp_send_json(
[
'error' => [
'code' => 'invalid_product_id',
'message' => __( 'Invalid product id', 'woocommerce-payments' ),
],
],
404
);
return;
}
$quantity = $this->express_checkout_button_helper->get_quantity();
$product_type = $product->get_type();
$is_add_to_cart_valid = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity );
if ( ! $is_add_to_cart_valid ) {
// Some extensions error messages needs to be
// submitted to show error messages.
wp_send_json(
[
'error' => true,
'submit' => true,
],
400
);
return;
}
// First empty the cart to prevent wrong calculation.
WC()->cart->empty_cart();
if ( ( 'variable' === $product_type || 'variable-subscription' === $product_type ) && isset( $_POST['attributes'] ) ) {
$attributes = wc_clean( wp_unslash( $_POST['attributes'] ) );
$data_store = WC_Data_Store::load( 'product' );
$variation_id = $data_store->find_matching_product_variation( $product, $attributes );
WC()->cart->add_to_cart( $product->get_id(), $quantity, $variation_id, $attributes );
}
if ( in_array( $product_type, [ 'simple', 'variation', 'subscription', 'subscription_variation', 'booking', 'bundle', 'mix-and-match' ], true ) ) {
$allowed_item_data = [
// Teams for WooCommerce Memberships fields.
'team_name',
'team_owner_takes_seat',
];
$item_data = [];
foreach ( $allowed_item_data as $item ) {
if ( isset( $_POST[ $item ] ) ) {
$item_data[ $item ] = wc_clean( wp_unslash( $_POST[ $item ] ) );
}
}
WC()->cart->add_to_cart( $product->get_id(), $quantity, 0, [], $item_data );
}
WC()->cart->calculate_totals();
if ( 'booking' === $product_type ) {
$booking_id = $this->express_checkout_button_helper->get_booking_id_from_cart();
}
$data = [];
$data += $this->express_checkout_button_helper->build_display_items();
$data['result'] = 'success';
if ( ! empty( $booking_id ) ) {
$data['bookingId'] = $booking_id;
}
wp_send_json( $data );
}
/**
* Updates the checkout order based on the request, to set the Apple Pay/Google Pay payment method title.
*
* @param \WC_Order $order The order to be updated.
* @param \WP_REST_Request $request Store API request to update the order.
*/
public function tokenized_cart_set_payment_method_type( \WC_Order $order, \WP_REST_Request $request ) {
if ( ! isset( $request['payment_method'] ) || 'woocommerce_payments' !== $request['payment_method'] ) {
return;
}
if ( empty( $request['payment_data'] ) ) {
return;
}
$payment_data = [];
foreach ( $request['payment_data'] as $data ) {
$payment_data[ sanitize_key( $data['key'] ) ] = wc_clean( $data['value'] );
}
if ( empty( $payment_data['payment_request_type'] ) ) {
return;
}
$payment_request_type = wc_clean( wp_unslash( $payment_data['payment_request_type'] ) );
$payment_method_titles = [
'apple_pay' => 'Apple Pay',
'google_pay' => 'Google Pay',
];
$suffix = apply_filters( 'wcpay_payment_request_payment_method_title_suffix', 'WooPayments' );
if ( ! empty( $suffix ) ) {
$suffix = " ($suffix)";
}
$payment_method_title = isset( $payment_method_titles[ $payment_request_type ] ) ? $payment_method_titles[ $payment_request_type ] : 'Payment Request';
$order->set_payment_method_title( $payment_method_title . $suffix );
}
/**
* Google Pay/Apple Pay parameters for address data might need some massaging for some of the countries.
* Ensuring that the Store API doesn't throw a `rest_invalid_param` error message for some of those scenarios.
*
* @param mixed $response Response to replace the requested version with.
* @param \WP_REST_Server $server Server instance.
* @param \WP_REST_Request $request Request used to generate the response.
*
* @return mixed
*/
public function tokenized_cart_store_api_address_normalization( $response, $server, $request ) {
if ( 'true' !== $request->get_header( 'X-WooPayments-Tokenized-Cart' ) ) {
return $response;
}
// header added as additional layer of security.
$nonce = $request->get_header( 'X-WooPayments-Tokenized-Cart-Nonce' );
if ( ! wp_verify_nonce( $nonce, 'woopayments_tokenized_cart_nonce' ) ) {
return $response;
}
// This route is used to get shipping rates.
// Google Pay/Apple Pay might provide us with "trimmed" zip codes.
// If that's the case, let's temporarily allow to skip the zip code validation, in order to get some shipping rates.
$is_update_customer_route = $request->get_route() === '/wc/store/v1/cart/update-customer';
if ( $is_update_customer_route ) {
add_filter( 'woocommerce_validate_postcode', [ $this, 'maybe_skip_postcode_validation' ], 10, 3 );
}
if ( isset( $request['shipping_address'] ) && is_array( $request['shipping_address'] ) ) {
$shipping_address = $request['shipping_address'];
$shipping_address = $this->transform_ece_address_state_data( $shipping_address );
// on the "update customer" route, Google Pay/Apple Pay might provide redacted postcode data.
// we need to modify the zip code to ensure that shipping zone identification still works.
if ( $is_update_customer_route ) {
$shipping_address = $this->transform_ece_address_postcode_data( $shipping_address );
}
$request->set_param( 'shipping_address', $shipping_address );
}
if ( isset( $request['billing_address'] ) && is_array( $request['billing_address'] ) ) {
$billing_address = $request['billing_address'];
$billing_address = $this->transform_ece_address_state_data( $billing_address );
// on the "update customer" route, Google Pay/Apple Pay might provide redacted postcode data.
// we need to modify the zip code to ensure that shipping zone identification still works.
if ( $is_update_customer_route ) {
$billing_address = $this->transform_ece_address_postcode_data( $billing_address );
}
$request->set_param( 'billing_address', $billing_address );
}
return $response;
}
/**
* Allows certain "redacted" postcodes for some countries to bypass WC core validation.
*
* @param bool $valid Whether the postcode is valid.
* @param string $postcode The postcode in question.
* @param string $country The country for the postcode.
*
* @return bool
*/
public function maybe_skip_postcode_validation( $valid, $postcode, $country ) {
if ( ! in_array( $country, [ Country_Code::UNITED_KINGDOM, Country_Code::CANADA ], true ) ) {
return $valid;
}
// We padded the string with `0` in the `get_normalized_postal_code` method.
// It's a flimsy check, but better than nothing.
// Plus, this check is only made for the scenarios outlined in the `tokenized_cart_store_api_address_normalization` method.
if ( substr( $postcode, - 1 ) === '0' ) {
return true;
}
return $valid;
}
/**
* Transform a Google Pay/Apple Pay state address data fields into values that are valid for WooCommerce.
*
* @param array $address The address to normalize from the Google Pay/Apple Pay request.
*
* @return array
*/
private function transform_ece_address_state_data( $address ) {
$country = $address['country'] ?? '';
if ( empty( $country ) ) {
return $address;
}
// Due to a bug in Apple Pay, the "Region" part of a Hong Kong address is delivered in
// `shipping_postcode`, so we need some special case handling for that. According to
// our sources at Apple Pay people will sometimes use the district or even sub-district
// for this value. As such we check against all regions, districts, and sub-districts
// with both English and Mandarin spelling.
//
// @reykjalin: The check here is quite elaborate in an attempt to make sure this doesn't break once
// Apple Pay fixes the bug that causes address values to be in the wrong place. Because of that the
// algorithm becomes:
// 1. Use the supplied state if it's valid (in case Apple Pay bug is fixed)
// 2. Use the value supplied in the postcode if it's a valid HK region (equivalent to a WC state).
// 3. Fall back to the value supplied in the state. This will likely cause a validation error, in
// which case a merchant can reach out to us so we can either: 1) add whatever the customer used
// as a state to our list of valid states; or 2) let them know the customer must spell the state
// in some way that matches our list of valid states.
//
// @reykjalin: This HK specific sanitazation *should be removed* once Apple Pay fix
// the address bug. More info on that in pc4etw-bY-p2.
if ( Country_Code::HONG_KONG === $country ) {
include_once WCPAY_ABSPATH . 'includes/constants/class-express-checkout-hong-kong-states.php';
$state = $address['state'] ?? '';
if ( ! \WCPay\Constants\Express_Checkout_Hong_Kong_States::is_valid_state( strtolower( $state ) ) ) {
$postcode = $address['postcode'] ?? '';
if ( strtolower( $postcode ) === 'hongkong' ) {
$postcode = 'hong kong';
}
if ( \WCPay\Constants\Express_Checkout_Hong_Kong_States::is_valid_state( strtolower( $postcode ) ) ) {
$address['state'] = $postcode;
}
}
}
// States from Apple Pay or Google Pay are in long format, we need their short format.
$state = $address['state'] ?? '';
if ( ! empty( $state ) ) {
$address['state'] = $this->get_normalized_state( $state, $country );
}
return $address;
}
/**
* Gets the normalized state/county field because in some
* cases, the state/county field is formatted differently from
* what WC is expecting and throws an error. An example
* for Ireland, the county dropdown in Chrome shows "Co. Clare" format.
*
* @param string $state Full state name or an already normalized abbreviation.
* @param string $country Two-letter country code.
*
* @return string Normalized state abbreviation.
*/
private function get_normalized_state( $state, $country ) {
// If it's empty or already normalized, skip.
if ( ! $state || $this->is_normalized_state( $state, $country ) ) {
return $state;
}
// Try to match state from the Express Checkout API list of states.
$state = $this->get_normalized_state_from_ece_states( $state, $country );
// If it's normalized, return.
if ( $this->is_normalized_state( $state, $country ) ) {
return $state;
}
// If the above doesn't work, fallback to matching against the list of translated
// states from WooCommerce.
return $this->get_normalized_state_from_wc_states( $state, $country );
}
/**
* Checks if given state is normalized.
*
* @param string $state State.
* @param string $country Two-letter country code.
*
* @return bool Whether state is normalized or not.
*/
private function is_normalized_state( $state, $country ) {
$wc_states = WC()->countries->get_states( $country );
return is_array( $wc_states ) && array_key_exists( $state, $wc_states );
}
/**
* Get normalized state from Express Checkout API dropdown list of states.
*
* @param string $state Full state name or state code.
* @param string $country Two-letter country code.
*
* @return string Normalized state or original state input value.
*/
private function get_normalized_state_from_ece_states( $state, $country ) {
// Include Express Checkout Element API State list for compatibility with WC countries/states.
include_once WCPAY_ABSPATH . 'includes/constants/class-express-checkout-element-states.php';
$pr_states = \WCPay\Constants\Express_Checkout_Element_States::STATES;
if ( ! isset( $pr_states[ $country ] ) ) {
return $state;
}
foreach ( $pr_states[ $country ] as $wc_state_abbr => $pr_state ) {
$sanitized_state_string = $this->express_checkout_button_helper->sanitize_string( $state );
// Checks if input state matches with Express Checkout state code (0), name (1) or localName (2).
if (
( ! empty( $pr_state[0] ) && $sanitized_state_string === $this->express_checkout_button_helper->sanitize_string( $pr_state[0] ) ) ||
( ! empty( $pr_state[1] ) && $sanitized_state_string === $this->express_checkout_button_helper->sanitize_string( $pr_state[1] ) ) ||
( ! empty( $pr_state[2] ) && $sanitized_state_string === $this->express_checkout_button_helper->sanitize_string( $pr_state[2] ) )
) {
return $wc_state_abbr;
}
}
return $state;
}
/**
* Get normalized state from WooCommerce list of translated states.
*
* @param string $state Full state name or state code.
* @param string $country Two-letter country code.
*
* @return string Normalized state or original state input value.
*/
private function get_normalized_state_from_wc_states( $state, $country ) {
$wc_states = WC()->countries->get_states( $country );
if ( is_array( $wc_states ) ) {
foreach ( $wc_states as $wc_state_abbr => $wc_state_value ) {
if ( preg_match( '/' . preg_quote( $wc_state_value, '/' ) . '/i', $state ) ) {
return $wc_state_abbr;
}
}
}
return $state;
}
/**
* Transform a Google Pay/Apple Pay postcode address data fields into values that are valid for WooCommerce.
*
* @param array $address The address to normalize from the Google Pay/Apple Pay request.
*
* @return array
*/
private function transform_ece_address_postcode_data( $address ) {
$country = $address['country'] ?? '';
if ( empty( $country ) ) {
return $address;
}
// Normalizes postal code in case of redacted data from Apple Pay or Google Pay.
$postcode = $address['postcode'] ?? '';
if ( ! empty( $postcode ) ) {
$address['postcode'] = $this->get_normalized_postal_code( $postcode, $country );
}
return $address;
}
/**
* Normalizes postal code in case of redacted data from Apple Pay.
*
* @param string $postcode Postal code.
* @param string $country Country.
*/
private function get_normalized_postal_code( $postcode, $country ) {
/**
* Currently, Apple Pay truncates the UK and Canadian postal codes to the first few characters respectively
* when passing it back from the shippingcontactselected object. This causes WC to invalidate
* the postal code and not calculate shipping zones correctly.
*/
if ( Country_Code::UNITED_KINGDOM === $country ) {
$cleaned_postcode = substr( preg_replace( '/[^A-Za-z0-9]/', '', $postcode ), 0, 7 );
// the minimum length for a GB postcode is 5 (2 characters for the outward code, 3 for the inward code)
// if the postcode is not redacted, avoid padding it.
if ( strlen( $cleaned_postcode ) >= 5 ) {
return $cleaned_postcode;
}
// now, the juicy part: GB postcode units have a variable length, 5 to 7 characters (excluding the space).
// they consist of two main parts: the "outward code" and the "inward code".
// the "outward code" has a variable length, between two and four characters.
// the "inward code" always has 3 characters.
// Google Pay/Apple Pay might redact GB postcode units to just the "outward code".
// but WC Core expects a full postcode unit to return shipping rates.
// since we can't interfere with the rate calculation,
// we are padding the (redacted) outward code with `0`s to have a full length postcode unit,
// to be used for shipping rates calculations.
// Replaces a redacted `N1C` string with something like `N1C000`.
return $cleaned_postcode . '000';
}
if ( Country_Code::CANADA === $country ) {
// Replaces a redacted string with something like H3B000.
return str_pad( preg_replace( '/\s+/', '', $postcode ), 6, '0' );
}
return $postcode;
}
/**
* Modify country locale settings to handle express checkout address requirements.
*
* @param array $locales Array of country locale settings.
* @return array Modified locales array.
*/
public function modify_country_locale_for_express_checkout( $locales ) {
// Only modify locale settings if this is an express checkout AJAX request.
if ( ! $this->is_express_checkout_context() ) {
return $locales;
}
include_once WCPAY_ABSPATH . 'includes/constants/class-express-checkout-element-states.php';
// For countries that don't have state fields, make the state field optional.
foreach ( \WCPay\Constants\Express_Checkout_Element_States::COUNTRIES_WITHOUT_STATES as $country_code ) {
$locales[ $country_code ]['state']['required'] = false;
}
return $locales;
}
/**
* Check if we're in an express checkout context.
*
* @return bool True if we're in an express checkout context, false otherwise.
*/
private function is_express_checkout_context() {
// Only proceed if this is a Store API request.
if ( ! WC_Payments_Utils::is_store_api_request() ) {
return false;
}
// Check for the 'X-WooPayments-Tokenized-Cart' header using superglobals.
if ( 'true' !== sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WOOPAYMENTS_TOKENIZED_CART'] ?? '' ) ) ) {
return false;
}
// Verify the nonce from the 'X-WooPayments-Tokenized-Cart-Nonce' header using superglobals.
$nonce = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WOOPAYMENTS_TOKENIZED_CART_NONCE'] ?? '' ) );
if ( ! wp_verify_nonce( $nonce, 'woopayments_tokenized_cart_nonce' ) ) {
return false;
}
return true;
}
}