[Apple Pay] PaymentRequest.show() should reject when an unsupported ApplePayRequest...
authoraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Aug 2018 01:39:49 +0000 (01:39 +0000)
committeraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 27 Aug 2018 01:39:49 +0000 (01:39 +0000)
https://bugs.webkit.org/show_bug.cgi?id=188954

Reviewed by Darin Adler.

Source/WebCore:

In Apple Pay JS, calling the ApplePaySession constructor with an unsupported version results
in an exception being thrown. We need to do something similar for Payment Request.

This patch moves the logic for validating the version from ApplePaySession to a common
routine in ApplePayRequestBase that both APIs call to convert requests into a common format.

In Apple Pay JS, an exception will still be thrown when constructing an ApplePaySession. In
Payment Request, the promise returned by show() will be rejected.

Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.

* Modules/applepay/ApplePayRequestBase.cpp:
(WebCore::convertAndValidate):
* Modules/applepay/ApplePaySession.cpp:
(WebCore::ApplePaySession::create):

LayoutTests:

* http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
* http/tests/ssl/applepay/PaymentRequest.https.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235342 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt
LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html
Source/WebCore/ChangeLog
Source/WebCore/Modules/applepay/ApplePayRequestBase.cpp
Source/WebCore/Modules/applepay/ApplePaySession.cpp

index c4c3c22..e79a224 100644 (file)
@@ -1,5 +1,15 @@
 2018-08-26  Andy Estes  <aestes@apple.com>
 
+        [Apple Pay] PaymentRequest.show() should reject when an unsupported ApplePayRequest version is specified
+        https://bugs.webkit.org/show_bug.cgi?id=188954
+
+        Reviewed by Darin Adler.
+
+        * http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
+        * http/tests/ssl/applepay/PaymentRequest.https.html:
+
+2018-08-26  Andy Estes  <aestes@apple.com>
+
         [Apple Pay] Add a test for rendering Apple Pay buttons
         https://bugs.webkit.org/show_bug.cgi?id=188947
 
index 91feb2b..f26c868 100644 (file)
@@ -8,6 +8,13 @@ Testing PaymentRequest
 PASS new PaymentRequest(null, null) threw exception TypeError: Value is not a sequence.
 PASS new PaymentRequest([validPaymentMethod()], validPaymentDetails()) did not throw exception.
 
+Testing ApplePayRequest.version
+
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0;
+PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with InvalidAccessError: "0" is not a supported version..
+SETUP: paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000;
+PASS request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show() rejected promise  with InvalidAccessError: "1000" is not a supported version..
+
 Testing ApplePayRequest.countryCode
 
 SETUP: paymentMethod = validPaymentMethod(); delete paymentMethod.data.countryCode;
index cd2ab98..9482523 100644 (file)
@@ -55,6 +55,12 @@ async function go() {
     shouldThrow("new PaymentRequest(null, null)")
     shouldNotThrow("new PaymentRequest([validPaymentMethod()], validPaymentDetails())")
     debug("")
+    
+    debug("Testing ApplePayRequest.version")
+    debug("")
+    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 0;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
+    await logAndShouldReject("paymentMethod = validPaymentMethod(); paymentMethod.data.version = 1000;", "request = new PaymentRequest([paymentMethod], validPaymentDetails()); request.show()")
+    debug("")
 
     debug("Testing ApplePayRequest.countryCode")
     debug("")
index 302c942..92df4f7 100644 (file)
@@ -1,3 +1,26 @@
+2018-08-26  Andy Estes  <aestes@apple.com>
+
+        [Apple Pay] PaymentRequest.show() should reject when an unsupported ApplePayRequest version is specified
+        https://bugs.webkit.org/show_bug.cgi?id=188954
+
+        Reviewed by Darin Adler.
+
+        In Apple Pay JS, calling the ApplePaySession constructor with an unsupported version results
+        in an exception being thrown. We need to do something similar for Payment Request.
+
+        This patch moves the logic for validating the version from ApplePaySession to a common
+        routine in ApplePayRequestBase that both APIs call to convert requests into a common format.
+
+        In Apple Pay JS, an exception will still be thrown when constructing an ApplePaySession. In
+        Payment Request, the promise returned by show() will be rejected.
+
+        Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.
+
+        * Modules/applepay/ApplePayRequestBase.cpp:
+        (WebCore::convertAndValidate):
+        * Modules/applepay/ApplePaySession.cpp:
+        (WebCore::ApplePaySession::create):
+
 2018-08-24  Ryosuke Niwa  <rniwa@webkit.org>
 
         Click event from click() is not composed
index 0ec8d12..198ece7 100644 (file)
@@ -29,6 +29,7 @@
 #if ENABLE(APPLE_PAY)
 
 #include "PaymentCoordinator.h"
+#include <wtf/text/StringConcatenateNumbers.h>
 
 namespace WebCore {
 
@@ -51,6 +52,9 @@ static ExceptionOr<Vector<String>> convertAndValidate(unsigned version, const Ve
 
 ExceptionOr<ApplePaySessionPaymentRequest> convertAndValidate(unsigned version, ApplePayRequestBase& request, const PaymentCoordinator& paymentCoordinator)
 {
+    if (!version || !paymentCoordinator.supportsVersion(version))
+        return Exception { InvalidAccessError, makeString("\"", version, "\" is not a supported version.") };
+
     ApplePaySessionPaymentRequest result;
     result.setVersion(version);
     result.setCountryCode(request.countryCode);
index 46dfac9..bbb7c8b 100644 (file)
@@ -406,12 +406,7 @@ ExceptionOr<Ref<ApplePaySession>> ApplePaySession::create(Document& document, un
     if (!document.page())
         return Exception { InvalidAccessError, "Frame is detached" };
 
-    auto& paymentCoordinator = document.page()->paymentCoordinator();
-
-    if (!version || !paymentCoordinator.supportsVersion(version))
-        return Exception { InvalidAccessError, makeString("\"" + String::number(version), "\" is not a supported version.") };
-
-    auto convertedPaymentRequest = convertAndValidate(version, WTFMove(paymentRequest), paymentCoordinator);
+    auto convertedPaymentRequest = convertAndValidate(version, WTFMove(paymentRequest), document.page()->paymentCoordinator());
     if (convertedPaymentRequest.hasException())
         return convertedPaymentRequest.releaseException();