Conversation
Co-authored-by: Can Demiralp <can.demiralp@adyen.com>
…112) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
#107) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Can Demiralp <ecandemiralp@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Can Demiralp <ecandemiralp@gmail.com>
* [ECP-9721] Enable explicit CodeQL configuration * [ECP-9721] Adjust Renovate stability days * Revert "[ECP-9721] Enable explicit CodeQL configuration" This reverts commit 54a6054. * [ECP-9721] Update workflow permissions
* CSP migration This will run several tools to optimize your code, find more about CSP Read our documentation for [theme](https://docs.hyva.io/hyva-themes/writing-code/csp/index.html) and [checkout](https://docs.hyva.io/checkout/hyva-checkout/devdocs/csp/index.html) changes - @todo! means **work todo**, please review - @done! means **no work todo**, just informing about the change - requirement `hyva-themes/magento2-theme-module` (`^1.3.11`) @done! - requirement `hyva-themes/magento2-hyva-checkout` (`^1.3`) @done! * I left a syntax error :sad: - fixed now * Make the overwritten Methodlist compatible with the original file * this file is fully overwritten, which makes it impossible if Hyva will add a new feature, or of another payment method is listening for the original method. * Make sure the MethodList is forward compatible with future updates * I removed a comma last time, then I removed a comma to many * Use a global boot event to unload earlier loads * Don't rely on the window action but make use of alpine * Use alpine init instead of window event * We will no longer depend on the payment:method:activate event * Use alpine for cc-vault * Add checkout validation to global scope * gracefully decline * Remove dependency on eventListeners in favor of alpinejs --------- Co-authored-by: Can Demiralp <can.demiralp@adyen.com>
#119) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Can Demiralp <can.demiralp@adyen.com>
…117) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Adjust Sonarcube action version * Update Magento version to support CSP patch
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Error
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @khushboo-singhvi, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request represents a consolidated release, bundling various updates and improvements. The primary focus of these changes is to enhance Content Security Policy (CSP) compliance for Adyen payment methods within the Hyva Checkout, alongside crucial dependency updates and general code refactoring.
Highlights
- Enhanced CSP Compliance: A significant refactoring has been implemented to improve Content Security Policy (CSP) compliance for Adyen payment methods. This involves migrating inline JavaScript from payment method templates into dedicated, external
.phtmlfiles, which are then registered via the Hyva CSP mechanism. - Dependency Updates: Key dependencies have been updated, including Hyva Checkout (
^1.1to^1.3), Elasticsearch (7.17.13to7.17.28), and Playwright (v1.50.1tov1.53.2), ensuring compatibility and leveraging the latest features and security patches. - Code Refactoring and Alignment: The
Magewire/Payment/MethodList.phpclass has been refactored to extend Hyva Checkout's baseMethodListclass, reducing boilerplate and improving maintainability. Alpine.js integration for payment method rendering has also been streamlined. - Renovate Configuration Update: The
renovate.jsonconfiguration has been adjusted to reduce theminimumReleaseAgefor dependency updates from 30 to 21 days, potentially allowing for faster integration of new versions.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request introduces a significant refactoring of the Adyen payment method rendering for Hyvä checkout, moving inline JavaScript into separate, CSP-compliant template files using Alpine.js, which improves maintainability and security. However, several critical and high-severity issues need to be addressed, including missing x-init calls in Alpine.js components and empty catch blocks.
| <div x-data="adyenPaymentMethodRendererAdyenCcMethod" | ||
| data-enable-store-details="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->isCCEnableStoreDetails($magewire->userIsGuest())) ?>" | ||
| data-has-holder-name="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyen/hasHolderName')) ?>" | ||
| data-holder-name-required="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyen/holderNameRequired')) ?>" | ||
| data-formatted-installments-json="<?= $escaper->escapeHtmlAttr($magewire->getFormattedInstallments()) ?>" | ||
| data-title="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyenCc/title')) ?>" | ||
| ></div> |
There was a problem hiding this comment.
The Alpine.js component adyenPaymentMethodRendererAdyenCcMethod is defined, but its init() method is never called. This will prevent the payment method from initializing correctly. You should call it using x-init="init()".
<div x-data="adyenPaymentMethodRendererAdyenCcMethod"
x-init="init()"
data-enable-store-details="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->isCCEnableStoreDetails($magewire->userIsGuest())) ?>"
data-has-holder-name="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyen/hasHolderName')) ?>"
data-holder-name-required="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyen/holderNameRequired')) ?>"
data-formatted-installments-json="<?= $escaper->escapeHtmlAttr($magewire->getFormattedInstallments()) ?>"
data-title="<?= $escaper->escapeHtmlAttr($magewire->getConfiguration()->getValue('adyenCc/title')) ?>"
></div>| <div x-data="adyenPaymentMethodRendererAdyenDefaultMethod" | ||
| data-container-name="<?= $escaper->escapeHtmlAttr($magewire->getContainerName()) ?>" | ||
| data-method-code="<?= $escaper->escapeHtmlAttr($magewire->getMethodCode()) ?>" | ||
| ></div> |
There was a problem hiding this comment.
The Alpine.js component adyenPaymentMethodRendererAdyenDefaultMethod is defined, but its init() method is never called. This will prevent the payment method from initializing correctly. You should call it using x-init="init()".
<div x-data="adyenPaymentMethodRendererAdyenDefaultMethod"
x-init="init()"
data-container-name="<?= $escaper->escapeHtmlAttr($magewire->getContainerName()) ?>"
data-method-code="<?= $escaper->escapeHtmlAttr($magewire->getMethodCode()) ?>"
></div>| } | ||
| } | ||
| </script> | ||
| <div x-data="adyenPaymentMethodRendererAdyenPaypalMethod"></div> |
There was a problem hiding this comment.
The Alpine.js component adyenPaymentMethodRendererAdyenPaypalMethod is defined, but its init() method is never called. This will prevent the payment method from initializing correctly. You should call it using x-init="init()".
<div x-data="adyenPaymentMethodRendererAdyenPaypalMethod" x-init="init()"></div>| <div x-data="adyenPaymentMethodRendererAdyenAffirmMethod" | ||
| data-container-name="<?= $escaper->escapeHtmlAttr($magewire->getContainerName()) ?>" | ||
| data-method-code="<?= $escaper->escapeHtmlAttr($magewire->getMethodCode()) ?>" | ||
| ></div> |
There was a problem hiding this comment.
The Alpine.js component adyenPaymentMethodRendererAdyenAffirmMethod is defined, but its init() method is never called. This will prevent the payment method from initializing correctly. You should call it using x-init="init()".
<div x-data="adyenPaymentMethodRendererAdyenAffirmMethod"
x-init="init()"
data-container-name="<?= $escaper->escapeHtmlAttr($magewire->getContainerName()) ?>"
data-method-code="<?= $escaper->escapeHtmlAttr($magewire->getMethodCode()) ?>"
></div>| } | ||
| } | ||
| </script> | ||
| <div x-data="adyenPaymentMethodRendererAdyenGooglepayMethod"></div> |
There was a problem hiding this comment.
The Alpine.js component adyenPaymentMethodRendererAdyenGooglepayMethod is defined, but its init() method is never called. This will prevent the payment method from initializing correctly. You should call it using x-init="init()".
<div x-data="adyenPaymentMethodRendererAdyenGooglepayMethod" x-init="init()"></div>| } catch (e) { | ||
| } |
There was a problem hiding this comment.
This empty catch block suppresses errors, which can make debugging very difficult. It's best practice to at least log the error to the console.
} catch (e) {
console.error('Error initializing Adyen AmazonPay method:', e);
}| } catch (e) { | ||
| } |
There was a problem hiding this comment.
This empty catch block suppresses errors, which can make debugging very difficult. It's best practice to at least log the error to the console.
} catch (e) {
console.error('Error initializing Adyen PayPal method:', e);
}| } catch (e) { | ||
| } |
There was a problem hiding this comment.
This empty catch block suppresses errors, which can make debugging very difficult. It's best practice to at least log the error to the console.
} catch (e) {
console.error('Error initializing Adyen Affirm method:', e);
}| "magento/composer-dependency-version-audit-plugin": true, | ||
| "dealerdirect/phpcodesniffer-composer-installer": true | ||
| } | ||
| } |
There was a problem hiding this comment.
It's a common convention for text files, including JSON files, to end with a newline character. Some tools and systems might not process the file correctly without it.
| window.AdyenPaymentHandler = methodHandler; | ||
|
|
||
| if (wire.get('requiresShipping')) { | ||
| methodHandler.renderMessage('Please select shipping method.'); |
There was a problem hiding this comment.
This string is not translatable. For internationalization, it should be wrapped in Magento's JavaScript translation function.
methodHandler.renderMessage("<?= $escaper->escapeJs(__('Please select shipping method.')) ?>");
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Error
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Error
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
…ght-1.x chore(deps): update mcr.microsoft.com/playwright docker tag to v1.54.0
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Error
khushboo-singhvi
had a problem deploying
to
internal
GitHub Actions
Failure
3 participants
Summary
Tested scenarios
Fixed issue: