Merge pull request #1540 from Adyen/support-308-redirect

gcatanese · web-flow · commit 60f2a3d9ec1b · 2025-08-26T15:32:01.000+02:00
Terminal API: handle 308 response status
diff --git a/src/__tests__/httpURLConnectionClient.spec.ts b/src/__tests__/httpURLConnectionClient.spec.ts
@@ -0,0 +1,62 @@
+import HttpURLConnectionClient from "../httpClient/httpURLConnectionClient";
+
+describe("HttpURLConnectionClient", () => {
+    let client: HttpURLConnectionClient;
+
+    beforeEach(() => {
+        client = new HttpURLConnectionClient();
+    });
+
+    describe("verifyLocation", () => {
+        test.each([
+            "https://example.adyen.com/path",
+            "https://sub.adyen.com",
+            "http://another.adyen.com/a/b/c?q=1",
+            "https://checkout-test.adyen.com",
+        ])("should return true for valid adyen.com domain: %s", (location) => {
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore - testing a private method
+            expect(client.verifyLocation(location)).toBe(true);
+        });
+
+        test.each([
+            "https://example.ADYEN.com/path",
+            "HTTPS://sub.adyen.COM",
+        ])("should be case-insensitive for valid adyen.com domain: %s", (location) => {
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore - testing a private method
+            expect(client.verifyLocation(location)).toBe(true);
+        });
+
+        test.each([
+            "https://adyen.com.evil.com/path",
+            "https://evil-adyen.com",
+            "http://adyen.co",
+            "https://www.google.com",
+            "https://adyen.com-scam.com",
+        ])("should return false for invalid domain: %s", (location) => {
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore - testing a private method
+            expect(client.verifyLocation(location)).toBe(false);
+        });
+
+        test.each([
+            "https://adyen.com.another.domain/path",
+            "https://myadyen.com.org",
+        ])("should return false for domains that contain but do not end with adyen.com: %s", (location) => {
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore - testing a private method
+            expect(client.verifyLocation(location)).toBe(false);
+        });
+
+        test.each([
+            "not a url",
+            "adyen.com",
+            "//adyen.com/path",
+        ])("should return false for malformed URLs: %s", (location) => {
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore - testing a private method
+            expect(client.verifyLocation(location)).toBe(false);
+        });
+    });
+});
diff --git a/src/__tests__/terminalCloudAPI.spec.ts b/src/__tests__/terminalCloudAPI.spec.ts
@@ -5,30 +5,31 @@ import { syncRefund, syncRes, syncResEventNotification, syncResEventNotification
 import Client from "../client";
 import TerminalCloudAPI from "../services/terminalCloudAPI";
 import { terminal } from "../typings";
+import { EnvironmentEnum } from "../config";
 
 let client: Client;
 let terminalCloudAPI: TerminalCloudAPI;
 let scope: nock.Scope;
 
 beforeEach((): void => {
-    if (!nock.isActive()) {
-        nock.activate();
-    }
-    client = createClient(process.env.ADYEN_TERMINAL_APIKEY);
+  if (!nock.isActive()) {
+    nock.activate();
+  }
+  client = createClient(process.env.ADYEN_TERMINAL_APIKEY);
 
-    terminalCloudAPI = new TerminalCloudAPI(client);
-    scope = nock(`${client.config.terminalApiCloudEndpoint}`);
+  terminalCloudAPI = new TerminalCloudAPI(client);
+  scope = nock(`${client.config.terminalApiCloudEndpoint}`);
 });
 
 afterEach((): void => {
-    nock.cleanAll();
+  nock.cleanAll();
 });
 
 describe("Terminal Cloud API", (): void => {
-    test("should make an async payment request", async (): Promise<void> => {
-        scope.post("/async").reply(200, asyncRes);
+  test("should make an async payment request", async (): Promise<void> => {
+    scope.post("/async").reply(200, asyncRes);
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
 
         const requestResponse = await terminalCloudAPI.async(terminalAPIPaymentRequest);
 
@@ -54,88 +55,152 @@ describe("Terminal Cloud API", (): void => {
     test("should make a sync payment request", async (): Promise<void> => {
         scope.post("/sync").reply(200, syncRes);
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
-        const terminalAPIResponse: terminal.TerminalApiResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    const terminalAPIResponse: terminal.TerminalApiResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
 
-        expect(terminalAPIResponse.SaleToPOIResponse?.PaymentResponse).toBeDefined();
-        expect(terminalAPIResponse.SaleToPOIResponse?.MessageHeader).toBeDefined();
-    });
+    expect(terminalAPIResponse.SaleToPOIResponse?.PaymentResponse).toBeDefined();
+    expect(terminalAPIResponse.SaleToPOIResponse?.MessageHeader).toBeDefined();
+  });
 
-    test("should make a sync payment request with additional attributes", async (): Promise<void> => {
-        scope.post("/sync").reply(200, syncTerminalPaymentResponse);
+  test("should make a sync payment request with additional attributes", async (): Promise<void> => {
+    scope.post("/sync").reply(200, syncTerminalPaymentResponse);
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
 
-        await expect(async () => {
-            const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
-            expect(terminalAPIResponse.SaleToPOIResponse?.PaymentResponse).toBeDefined();
-            expect(terminalAPIResponse.SaleToPOIResponse?.MessageHeader).toBeDefined();
-        }).not.toThrow();
+    await expect(async () => {
+      const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+      expect(terminalAPIResponse.SaleToPOIResponse?.PaymentResponse).toBeDefined();
+      expect(terminalAPIResponse.SaleToPOIResponse?.MessageHeader).toBeDefined();
+    }).not.toThrow();
 
-    });
+  });
 
-    test("should return event notification Reject", async (): Promise<void> => {
+  test("should return event notification Reject", async (): Promise<void> => {
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
-        scope.post("/sync").reply(200, syncResEventNotification);
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    scope.post("/sync").reply(200, syncResEventNotification);
 
-        const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+    const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
 
-        expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
-        expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("Reject");
+    expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
+    expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("Reject");
 
-    });
+  });
 
-    test("should return event notification Shutdown with additional attributes", async (): Promise<void> => {
+  test("should return event notification Shutdown with additional attributes", async (): Promise<void> => {
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
-        scope.post("/sync").reply(200, syncResEventNotificationWithAdditionalAttributes);
-
-        await expect(async () => {
-            const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
-            expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
-            expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("Shutdown");
-            expect(terminalAPIResponse.SaleToPOIRequest?.MessageHeader).toBeDefined();
-        }).not.toThrow();
-    });
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    scope.post("/sync").reply(200, syncResEventNotificationWithAdditionalAttributes);
 
-    test("should return event notification with unknown enum", async (): Promise<void> => {
+    await expect(async () => {
+      const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+      expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
+      expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("Shutdown");
+      expect(terminalAPIResponse.SaleToPOIRequest?.MessageHeader).toBeDefined();
+    }).not.toThrow();
+  });
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
-        scope.post("/sync").reply(200, syncResEventNotificationWithUnknownEnum);
+  test("should return event notification with unknown enum", async (): Promise<void> => {
 
-        await expect(async () => {
-            const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
-            expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
-            // EventToNotify is unknown, so it holds whatever value is found in the payload
-            expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("this is unknown");
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    scope.post("/sync").reply(200, syncResEventNotificationWithUnknownEnum);
 
-        }).not.toThrow();
-    });
+    await expect(async () => {
+      const terminalAPIResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+      expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification).toBeDefined();
+      // EventToNotify is unknown, so it holds whatever value is found in the payload
+      expect(terminalAPIResponse.SaleToPOIRequest?.EventNotification?.EventToNotify).toBe("this is unknown");
 
-    test("should make an async refund request", async (): Promise<void> => {
-        scope.post("/sync").reply(200, syncRes);
+    }).not.toThrow();
+  });
 
-        const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
-        const terminalAPIResponse: terminal.TerminalApiResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+  test("should make an async refund request", async (): Promise<void> => {
+    scope.post("/sync").reply(200, syncRes);
 
-        const pOITransactionId = terminalAPIResponse.SaleToPOIResponse!.PaymentResponse!.POIData!.POITransactionID;
-        expect(pOITransactionId).toBeTruthy();
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    const terminalAPIResponse: terminal.TerminalApiResponse = await terminalCloudAPI.sync(terminalAPIPaymentRequest);
 
-        scope.post("/sync").reply(200, syncRefund);
+    const pOITransactionId = terminalAPIResponse.SaleToPOIResponse!.PaymentResponse!.POIData!.POITransactionID;
+    expect(pOITransactionId).toBeTruthy();
 
-        const terminalAPIRefundRequest = createTerminalAPIRefundRequest(pOITransactionId);
-        const id = Math.floor(Math.random() * Math.floor(10000000)).toString();
-        terminalAPIRefundRequest.SaleToPOIRequest.MessageHeader.ServiceID = id;
-        const saleToAcquirerData: terminal.SaleToAcquirerData = new terminal.SaleToAcquirerData();
-        saleToAcquirerData.currency = "EUR";
-        terminalAPIRefundRequest.SaleToPOIRequest.ReversalRequest!.SaleData!.SaleToAcquirerData = saleToAcquirerData;
-        const terminalAPIRefundResponse = await terminalCloudAPI.sync(terminalAPIRefundRequest);
+    scope.post("/sync").reply(200, syncRefund);
 
-        expect(terminalAPIRefundResponse.SaleToPOIResponse?.ReversalResponse?.Response.Result).toBe("Success");
-    }, 20000);
-});
+    const terminalAPIRefundRequest = createTerminalAPIRefundRequest(pOITransactionId);
+    const id = Math.floor(Math.random() * Math.floor(10000000)).toString();
+    terminalAPIRefundRequest.SaleToPOIRequest.MessageHeader.ServiceID = id;
+    const saleToAcquirerData: terminal.SaleToAcquirerData = new terminal.SaleToAcquirerData();
+    saleToAcquirerData.currency = "EUR";
+    terminalAPIRefundRequest.SaleToPOIRequest.ReversalRequest!.SaleData!.SaleToAcquirerData = saleToAcquirerData;
+    const terminalAPIRefundResponse = await terminalCloudAPI.sync(terminalAPIRefundRequest);
+
+    expect(terminalAPIRefundResponse.SaleToPOIResponse?.ReversalResponse?.Response.Result).toBe("Success");
+  }, 20000);
+
+  test("async should handle 308", async (): Promise<void> => {
 
+    const terminalApiHost = "https://terminal-api-test.adyen.com";
+
+    const client = new Client({ apiKey: "YOUR_API_KEY", environment: EnvironmentEnum.TEST });
+    const terminalCloudAPI = new TerminalCloudAPI(client);
+
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    // custom value to trigger mock 308 response
+    terminalAPIPaymentRequest.SaleToPOIRequest.MessageHeader.SaleID = "response-with-redirect";
+
+    // Mock first request: returns a 308 redirect with Location header
+    nock(terminalApiHost)
+      .post("/async", (body) => {
+        return body?.SaleToPOIRequest?.MessageHeader?.SaleID === "response-with-redirect";
+      })
+      .reply(308, "", { Location: `${terminalApiHost}/async?redirect=false` });
+
+    // Mock follow-up request: returns successful response 'ok'
+    nock(terminalApiHost)
+      .post("/async?redirect=false")
+      .reply(200, "ok");
+
+    const terminalAPIResponse = await terminalCloudAPI.async(terminalAPIPaymentRequest);
+
+    expect(terminalAPIResponse).toEqual("ok");
+  });
+
+  test("sync should validate 308 location header", async (): Promise<void> => {
+    const terminalApiHost = "https://terminal-api-test.adyen.com";
+
+    const client = new Client({ apiKey: "YOUR_API_KEY", environment: EnvironmentEnum.TEST });
+    const terminalCloudAPI = new TerminalCloudAPI(client);
+
+    const terminalAPIPaymentRequest = createTerminalAPIPaymentRequest();
+    // custom value to trigger mock 308 response
+    terminalAPIPaymentRequest.SaleToPOIRequest.MessageHeader.SaleID = "response-with-redirect";
+
+    // Mock first request: returns a 308 redirect with invalid Location header
+    nock(terminalApiHost)
+      .post("/sync", (body) => {
+        return body?.SaleToPOIRequest?.MessageHeader?.SaleID === "response-with-redirect";
+      })
+      .reply(308, "", { Location: "https://example.org/sync?redirect=false" });
+
+    // Mock follow-up request: returns successful response
+    nock(terminalApiHost)
+      .post("/sync?redirect=false")
+      .reply(200, {
+        SaleToPOIResponse: {
+          PaymentResponse: { Response: "Authorised" },
+          MessageHeader: { SaleID: "001-308" },
+        },
+      });
+
+    try {  
+    await terminalCloudAPI.sync(terminalAPIPaymentRequest);
+    fail("No exception was thrown");
+    } catch (e) {
+      expect(e).toBeInstanceOf(Error); 
+    }
+
+  });  
+
+});
 
 export const syncTerminalPaymentResponse = {
   "SaleToPOIResponse": {
diff --git a/src/httpClient/httpURLConnectionClient.ts b/src/httpClient/httpURLConnectionClient.ts
