Release 3.0.6

Author: andrewrowanwallee

README.md

@@ -16,7 +16,7 @@ This repository contains the PostFinance Checkout plugin that enables WooCommerc
 
 ## Documentation
 
-* [Documentation](https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.5/docs/en/documentation.html)
+* [Documentation](https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.6/docs/en/documentation.html)
 
 ## Support
 
@@ -33,4 +33,4 @@ ____________________________________________________________________________
 
 ## License
 
-Please see the [license file](https://github.com/pfpayments/woocommerce/blob/3.0.5/LICENSE) for more information.
+Please see the [license file](https://github.com/pfpayments/woocommerce/blob/3.0.6/LICENSE) for more information.

changelog.txt

@@ -763,3 +763,10 @@ Tested against:
 - [Tested Against] Woocommerce 8.7.0
 - [Tested Against] PHP SDK 4.0.2
 
+= 3.0.6 - May 30 2024 =
+- [Feature] Upgraded PHP-SDK to 4.2.0
+- [Tested Against] PHP 8.2
+- [Tested Against] Wordpress 6.5.3
+- [Tested Against] Woocommerce 8.9.1
+- [Tested Against] PHP SDK 4.2.0
+

docs/en/documentation.html

@@ -23,7 +23,7 @@ <h2>Documentation</h2>				</div>
 		</a>
 	</li>
 	<li>
-		<a href="https://github.com/pfpayments/woocommerce/releases/tag/3.0.5/">
+		<a href="https://github.com/pfpayments/woocommerce/releases/tag/3.0.6/">
 			Source
 		</a>
 	</li>

includes/admin/class-wc-postfinancecheckout-admin-settings-page.php

@@ -187,7 +187,7 @@ public function get_settings() {
 		$settings = array(
 			array(
 				'links' => array(
-					'https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.5/docs/en/documentation.html' => __( 'Documentation', 'woo-postfinancecheckout' ),
+					'https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.6/docs/en/documentation.html' => __( 'Documentation', 'woo-postfinancecheckout' ),
 					'https://checkout.postfinance.ch/en-ch/user/signup' => __( 'Sign Up', 'woo-postfinancecheckout' ),
 				),
 				'type'  => 'postfinancecheckout_links',

includes/class-wc-postfinancecheckout-migration.php

@@ -249,7 +249,7 @@ public static function check_version() {
 	public static function plugin_row_meta( $links, $file ) {
 		if ( WC_POSTFINANCECHECKOUT_PLUGIN_BASENAME === $file ) {
 			$row_meta = array(
-				'docs' => '<a href="https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.5/docs/en/documentation.html" aria-label="' . esc_attr__( 'View Documentation', 'woo-postfinancecheckout' ) . '">' . esc_html__( 'Documentation', 'woo-postfinancecheckout' ) . '</a>',
+				'docs' => '<a href="https://plugin-documentation.postfinance-checkout.ch/pfpayments/woocommerce/3.0.6/docs/en/documentation.html" aria-label="' . esc_attr__( 'View Documentation', 'woo-postfinancecheckout' ) . '">' . esc_html__( 'Documentation', 'woo-postfinancecheckout' ) . '</a>',
 			);
 
 			return array_merge( $links, $row_meta );

postfinancecheckout-sdk/LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 wallee AG
+   Copyright 2024 wallee AG
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

postfinancecheckout-sdk/README.md

@@ -127,6 +127,44 @@ putenv('PFC_HTTP_CLIENT=curl');
 ?>
 ```
 
+### Integrating Webhook Payload Signing Mechanism into webhook callback handler
+
+The HTTP request which is sent for a state change of an entity now includes an additional field `state`, which provides information about the update of the monitored entity's state. This enhancement is a result of the implementation of our webhook encryption mechanism.
+
+Payload field `state` provides direct information about the state update of the entity, making additional API calls to retrieve the entity state redundant.
+
+#### ⚠️ Warning: Generic Pseudocode
+
+> **The provided pseudocode is intentionally generic and serves to illustrate the process of enhancing your API to leverage webhook payload signing. It is not a complete implementation.**
+>
+> Please ensure that you adapt and extend this code to meet the specific needs of your application, including appropriate security measures and error handling.
+For a detailed webhook payload signing mechanism understanding we highly recommend referring to our comprehensive
+[Webhook Payload Signing Documentation](https://checkout.postfinance.ch/doc/webhooks#_webhook_payload_signing_mechanism).
+
+```php
+public function handleWebhook() {
+    $requestPayload = file_get_contents('php://input');
+    $signature = $_SERVER['HTTP_X_SIGNATURE'] ?? '';
+
+    if (empty($signature)) {
+        // Make additional API call to retrieve the entity state
+        // ...
+    } else {
+        if ($client->getWebhookEncryptionService()->isContentValid($signature, $requestPayload)) {
+            // Parse requestPayload to extract 'state' value
+            // $state = ...
+            // Process entity's state change
+            // $this->processEntityStateChange($state);
+            // ...
+        }
+    }
+
+    // Process the received webhook data
+    // ...
+
+}
+```
+
 ## License
 
 Please see the [license file](https://github.com/pfpayments/php-sdk/blob/master/LICENSE) for more information.

postfinancecheckout-sdk/composer.json

@@ -1,6 +1,6 @@
 {
     "name": "postfinancecheckout/sdk",
-    "version": "4.0.2",
+    "version": "4.2.0",
 	"description": "PostFinance Checkout SDK for PHP",
 	"keywords": [
 		"postfinancecheckout",

postfinancecheckout-sdk/lib/ApiClient.php

@@ -48,7 +48,7 @@ final class ApiClient {
 	 * @var array
 	 */
 	private $defaultHeaders = [
-        'x-meta-sdk-version' => "4.0.2",
+        'x-meta-sdk-version' => "4.2.0",
         'x-meta-sdk-language' => 'php',
         'x-meta-sdk-provider' => "PostFinance Checkout",
     ];
@@ -58,7 +58,7 @@ final class ApiClient {
 	 *
 	 * @var string
 	 */
-	private $userAgent = 'PHP-Client/4.0.2/php';
+	private $userAgent = 'PHP-Client/4.2.0/php';
 
 	/**
 	 * The path to the certificate authority file.

postfinancecheckout-sdk/lib/Configuration.php

@@ -80,7 +80,7 @@ class Configuration
      *
      * @var string
      */
-    protected $userAgent = 'PostFinanceCheckout\Sdk/4.0.2/php';
+    protected $userAgent = 'PostFinanceCheckout\Sdk/4.2.0/php';
 
     /**
      * Debug switch (default set to false)
@@ -388,8 +388,8 @@ public static function toDebugReport()
         $report  = 'PHP SDK (PostFinanceCheckout\Sdk) Debug Report:' . PHP_EOL;
         $report .= '    OS: ' . php_uname() . PHP_EOL;
         $report .= '    PHP Version: ' . PHP_VERSION . PHP_EOL;
-        $report .= '    OpenAPI Spec Version: 4.0.2' . PHP_EOL;
-        $report .= '    SDK Package Version: 4.0.2' . PHP_EOL;
+        $report .= '    OpenAPI Spec Version: 4.2.0' . PHP_EOL;
+        $report .= '    SDK Package Version: 4.2.0' . PHP_EOL;
         $report .= '    Temp Folder Path: ' . self::getDefaultConfiguration()->getTempFolderPath() . PHP_EOL;
 
         return $report;

postfinancecheckout-sdk/lib/Http/CurlHttpClient.php

@@ -39,6 +39,9 @@ public function isSupported() {
 
 	public function send(ApiClient $apiClient, HttpRequest $request) {
 		$curl = curl_init();
+
+		$tempCAFile = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "PostFinance Checkout-ca-bundle.crt";
+
 		// set timeout, if needed
 		if ($request->getTimeOut() !== 0) {
 			curl_setopt($curl, CURLOPT_TIMEOUT, $request->getTimeOut());
@@ -58,7 +61,11 @@ public function send(ApiClient $apiClient, HttpRequest $request) {
 		} else {
 			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
 			curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
-			curl_setopt($curl, CURLOPT_CAINFO, $apiClient->getCertificateAuthority());
+			if (file_exists($tempCAFile)) {
+				// use the temporal CA Bundle if it was set, which indicates a previous error.
+				$apiClient->setCertificateAuthority($tempCAFile);
+				curl_setopt($curl, CURLOPT_CAINFO, $apiClient->getCertificateAuthority());
+			}
 		}
 
 		if ($request->getMethod() === HttpRequest::POST) {
@@ -102,7 +109,22 @@ public function send(ApiClient $apiClient, HttpRequest $request) {
 
 		// Make the request
 		$response = curl_exec($curl);
-		$response = $this->handleResponse($apiClient, $request, $curl, $response, $request->getUrl());
+		if ($response) {
+			$response = $this->handleResponse($apiClient, $request, $curl, $response, $request->getUrl());
+		} else {
+			// if there was an error, try again with the CA bundle provided by this SDK.
+			if (!file_exists($tempCAFile)) {
+				$caContent = file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "ca-bundle.crt");
+				file_put_contents($tempCAFile, $caContent);
+
+				// Try again the request, this time with the CA bundle provided by this SDK.
+				$apiClient->setCertificateAuthority($tempCAFile);
+				curl_setopt($curl, CURLOPT_CAINFO, $apiClient->getCertificateAuthority());
+				$response = curl_exec($curl);
+				$response = $this->handleResponse($apiClient, $request, $curl, $response, $request->getUrl());
+			}
+		}
+
 		curl_close($curl);
 		fclose($debugFilePointer);
 

postfinancecheckout-sdk/lib/Model/AbstractTokenUpdate.php

@@ -255,7 +255,7 @@ public function getCustomerEmailAddress()
     /**
      * Sets customer_email_address
      *
-     * @param string $customer_email_address The customer email address is the email address of the customer.
+     * @param string $customer_email_address The customer's email address.
      *
      * @return $this
      */
@@ -284,7 +284,7 @@ public function getCustomerId()
     /**
      * Sets customer_id
      *
-     * @param string $customer_id The customer ID identifies the customer in the merchant system. In case the customer ID has been provided it has to correspond with the customer ID provided on the transaction. The customer ID will not be changed automatically. The merchant system has to provide it.
+     * @param string $customer_id The unique identifier of the customer in the external system.
      *
      * @return $this
      */
@@ -309,7 +309,7 @@ public function getEnabledForOneClickPayment()
     /**
      * Sets enabled_for_one_click_payment
      *
-     * @param bool $enabled_for_one_click_payment When a token is enabled for one-click payments the buyer will be able to select the token within the iFrame or on the payment page to pay with the token. The usage of the token will reduce the number of steps the buyer has to go through. The buyer is linked via the customer ID on the transaction with the token. Means the token will be visible for buyers with the same customer ID. Additionally the payment method has to be configured to allow the one-click payments.
+     * @param bool $enabled_for_one_click_payment Whether the token is enabled for one-click payments, which simplify the payment process for the customer. One-click tokens are linked to customers via the customer ID.
      *
      * @return $this
      */
@@ -359,7 +359,7 @@ public function getTimeZone()
     /**
      * Sets time_zone
      *
-     * @param string $time_zone The time zone defines in which time zone the customer is located in. The time zone may affects how dates are formatted when interacting with the customer.
+     * @param string $time_zone The customer's time zone, which affects how dates and times are formatted when communicating with the customer.
      *
      * @return $this
      */
@@ -384,7 +384,7 @@ public function getTokenReference()
     /**
      * Sets token_reference
      *
-     * @param string $token_reference Use something that it is easy to identify and may help you find the token (e.g. customer id, email address).
+     * @param string $token_reference The reference used to identify the payment token (e.g. the customer's ID or email address).
      *
      * @return $this
      */

postfinancecheckout-sdk/lib/Model/AbstractTransactionPending.php

@@ -370,7 +370,7 @@ public function getAllowedPaymentMethodBrands()
     /**
      * Sets allowed_payment_method_brands
      *
-     * @param int[] $allowed_payment_method_brands 
+     * @param int[] $allowed_payment_method_brands The payment method brands that can be used to authorize the transaction.
      *
      * @return $this
      */
@@ -395,7 +395,7 @@ public function getAllowedPaymentMethodConfigurations()
     /**
      * Sets allowed_payment_method_configurations
      *
-     * @param int[] $allowed_payment_method_configurations 
+     * @param int[] $allowed_payment_method_configurations The payment method configurations that can be used to authorize the transaction.
      *
      * @return $this
      */
@@ -420,7 +420,7 @@ public function getBillingAddress()
     /**
      * Sets billing_address
      *
-     * @param \PostFinanceCheckout\Sdk\Model\AddressCreate $billing_address 
+     * @param \PostFinanceCheckout\Sdk\Model\AddressCreate $billing_address The address associated with the payment method for invoicing and transaction processing purposes.
      *
      * @return $this
      */
@@ -445,7 +445,7 @@ public function getCompletionBehavior()
     /**
      * Sets completion_behavior
      *
-     * @param \PostFinanceCheckout\Sdk\Model\TransactionCompletionBehavior $completion_behavior The completion behavior controls when the transaction is completed.
+     * @param \PostFinanceCheckout\Sdk\Model\TransactionCompletionBehavior $completion_behavior The behavior that controls when the transaction is completed.
      *
      * @return $this
      */
@@ -470,7 +470,7 @@ public function getCurrency()
     /**
      * Sets currency
      *
-     * @param string $currency 
+     * @param string $currency The three-letter code (ISO 4217 format) of the transaction's currency.
      *
      * @return $this
      */
@@ -495,7 +495,7 @@ public function getCustomerEmailAddress()
     /**
      * Sets customer_email_address
      *
-     * @param string $customer_email_address The customer email address is the email address of the customer. If no email address is provided on the shipping or billing address this address is used.
+     * @param string $customer_email_address The customer's email address.
      *
      * @return $this
      */
@@ -524,7 +524,7 @@ public function getCustomerId()
     /**
      * Sets customer_id
      *
-     * @param string $customer_id 
+     * @param string $customer_id The unique identifier of the customer in the external system.
      *
      * @return $this
      */
@@ -549,7 +549,7 @@ public function getFailedUrl()
     /**
      * Sets failed_url
      *
-     * @param string $failed_url The user will be redirected to failed URL when the transaction could not be authorized or completed. In case no failed URL is specified a default failed page will be displayed.
+     * @param string $failed_url The URL to redirect the customer back to after they canceled or failed to authenticated their payment.
      *
      * @return $this
      */
@@ -581,7 +581,7 @@ public function getInvoiceMerchantReference()
     /**
      * Sets invoice_merchant_reference
      *
-     * @param string $invoice_merchant_reference 
+     * @param string $invoice_merchant_reference The merchant's reference used to identify the invoice.
      *
      * @return $this
      */
@@ -635,7 +635,7 @@ public function getLineItems()
     /**
      * Sets line_items
      *
-     * @param \PostFinanceCheckout\Sdk\Model\LineItemCreate[] $line_items 
+     * @param \PostFinanceCheckout\Sdk\Model\LineItemCreate[] $line_items The line items purchased by the customer.
      *
      * @return $this
      */
@@ -660,7 +660,7 @@ public function getMerchantReference()
     /**
      * Sets merchant_reference
      *
-     * @param string $merchant_reference 
+     * @param string $merchant_reference The merchant's reference used to identify the transaction.
      *
      * @return $this
      */
@@ -714,7 +714,7 @@ public function getShippingAddress()
     /**
      * Sets shipping_address
      *
-     * @param \PostFinanceCheckout\Sdk\Model\AddressCreate $shipping_address 
+     * @param \PostFinanceCheckout\Sdk\Model\AddressCreate $shipping_address The address to where the order will be shipped.
      *
      * @return $this
      */
@@ -739,7 +739,7 @@ public function getShippingMethod()
     /**
      * Sets shipping_method
      *
-     * @param string $shipping_method 
+     * @param string $shipping_method The name of the shipping method used to ship the products.
      *
      * @return $this
      */
@@ -768,7 +768,7 @@ public function getSuccessUrl()
     /**
      * Sets success_url
      *
-     * @param string $success_url The user will be redirected to success URL when the transaction could be authorized or completed. In case no success URL is specified a default success page will be displayed.
+     * @param string $success_url The URL to redirect the customer back to after they successfully authenticated their payment.
      *
      * @return $this
      */
@@ -800,7 +800,7 @@ public function getTimeZone()
     /**
      * Sets time_zone
      *
-     * @param string $time_zone The time zone defines in which time zone the customer is located in. The time zone may affects how dates are formatted when interacting with the customer.
+     * @param string $time_zone The customer's time zone, which affects how dates and times are formatted when communicating with the customer.
      *
      * @return $this
      */
@@ -825,7 +825,7 @@ public function getToken()
     /**
      * Sets token
      *
-     * @param int $token 
+     * @param int $token The payment token that should be used to charge the customer.
      *
      * @return $this
      */
@@ -850,7 +850,7 @@ public function getTokenizationMode()
     /**
      * Sets tokenization_mode
      *
-     * @param \PostFinanceCheckout\Sdk\Model\TokenizationMode $tokenization_mode The tokenization mode controls if and how the tokenization of payment information is applied to the transaction.
+     * @param \PostFinanceCheckout\Sdk\Model\TokenizationMode $tokenization_mode The tokenization mode specifies whether and how the tokenization of payment information is applied to the transaction.
      *
      * @return $this
      */