Expose fraud prevention token, send it to blocks checkout (#5104)

tpaksu · web-flow · commit c70926222cd3 · 2022-11-11T16:03:22.000+03:00
diff --git a/changelog/fix-card-testing-nonce-blocks-checkout b/changelog/fix-card-testing-nonce-blocks-checkout
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fix blocks checkout when card testing prevention is active
diff --git a/client/checkout/blocks/generate-payment-method.js b/client/checkout/blocks/generate-payment-method.js
@@ -32,12 +32,17 @@ const generatePaymentMethod = async ( api, elements, billingData ) => {
 			paymentMethod: { id },
 		} = await request.send();
 
+		const fraudPreventionToken = document
+			.querySelector( '#wcpay-fraud-prevention-token' )
+			?.getAttribute( 'value' );
+
 		return {
 			type: 'success',
 			meta: {
 				paymentMethodData: {
 					paymentMethod: PAYMENT_METHOD_NAME_CARD,
 					'wcpay-payment-method': id,
+					'wcpay-fraud-prevention-token': fraudPreventionToken ?? '',
 				},
 			},
 		};
diff --git a/client/checkout/blocks/upe-fields.js b/client/checkout/blocks/upe-fields.js
@@ -230,13 +230,19 @@ const WCPayUPEFields = ( {
 					};
 				}
 
+				const fraudPreventionToken = document
+					.querySelector( '#wcpay-fraud-prevention-token' )
+					?.getAttribute( 'value' );
+
 				return {
 					type: 'success',
 					meta: {
 						paymentMethodData: {
 							paymentMethod: PAYMENT_METHOD_NAME_CARD,
 							wc_payment_intent_id: paymentIntentId,
 							wcpay_selected_upe_payment_type: selectedUPEPaymentType,
+							'wcpay-fraud-prevention-token':
+								fraudPreventionToken ?? '',
 						},
 					},
 				};
diff --git a/includes/class-wc-payments-blocks-payment-method.php b/includes/class-wc-payments-blocks-payment-method.php
@@ -6,6 +6,7 @@
  */
 
 use Automattic\WooCommerce\Blocks\Payments\Integrations\AbstractPaymentMethodType;
+use WCPay\Fraud_Prevention\Fraud_Prevention_Service;
 use WCPay\WC_Payments_Checkout;
 
 /**
@@ -33,6 +34,8 @@ public function initialize() {
 		$this->name                 = WC_Payment_Gateway_WCPay::GATEWAY_ID;
 		$this->gateway              = WC_Payments::get_gateway();
 		$this->wc_payments_checkout = WC_Payments::get_wc_payments_checkout();
+
+		add_filter( 'the_content', [ $this, 'maybe_add_card_testing_token' ] );
 	}
 
 	/**
@@ -102,4 +105,20 @@ public function get_payment_method_data() {
 			$this->wc_payments_checkout->get_payment_fields_js_config()
 		);
 	}
+
+	/**
+	 * Adds the hidden input containing the card testing prevention token to the blocks checkout page.
+	 *
+	 * @param   string $content  The content that's going to be flushed to the browser.
+	 *
+	 * @return  string
+	 */
+	public function maybe_add_card_testing_token( $content ) {
+		$fraud_prevention_service = Fraud_Prevention_Service::get_instance();
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing,WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		if ( $fraud_prevention_service->is_enabled() && wp_script_is( 'WCPAY_BLOCKS_CHECKOUT' ) ) {
+			$content .= '<input type="hidden" name="wcpay-fraud-prevention-token" id="wcpay-fraud-prevention-token" value="' . esc_attr( Fraud_Prevention_Service::get_instance()->get_token() ) . '">';
+		}
+		return $content;
+	}
 }
