Skip pre auth ACS form so onAuthorizationCompleted fires only on the final callback#45
Skip pre auth ACS form so onAuthorizationCompleted fires only on the final callback#45jim-daf wants to merge 2 commits into
Conversation
Used by D3SView to skip the interstitial form some banks render before the real ACS callback.
There was a problem hiding this comment.
Pull request overview
Updates the 3DS v1 HTML parsing flow to avoid firing onAuthorizationCompleted on an interstitial “pre-auth” ACS form by explicitly detecting PaReq and skipping those pages.
Changes:
- Add
D3SRegexUtils.findPaReq(...)and a correspondingPaReq<input>regex pattern. - Update
D3SView.match3DSV1Parameters(...)to return early whenPaReqis present, ensuring callbacks occur only on the finalMD+PaResform.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| 3DSView/src/main/java/eu/livotov/labs/android/d3s/D3SView.java | Skips interstitial pre-auth 3DS v1 pages by bailing out when PaReq is detected. |
| 3DSView/src/main/java/eu/livotov/labs/android/d3s/D3SRegexUtils.java | Adds PaReq extraction support via a new regex pattern and helper method. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| * @param html String representation of the html page to search within. | ||
| * @return PaRes or null if not found | ||
| */ | ||
| /** | ||
| * Returns the PaReq value if present, otherwise null. Use this to detect a |
There was a problem hiding this comment.
The Javadoc block ending with @return PaRes... (lines just above) is now separated from the findPaRes method by the newly inserted findPaReq, so it no longer documents the method it describes. Move the PaRes Javadoc to directly precede findPaRes, and keep only the PaReq Javadoc directly above findPaReq.
| @Nullable | ||
| static String findPaReq(@NonNull String html) { | ||
| if (html.trim().isEmpty()) return null; | ||
|
|
||
| Matcher matcher = paReqFinder.matcher(html); |
There was a problem hiding this comment.
findPaReq introduces new parsing behavior that affects when 3DS v1 callbacks fire, but it currently has no unit tests. Since D3SRegexUtilsTest already covers findMd/findPaRes thoroughly, please add analogous tests for findPaReq (empty/blank/no match/match/case-insensitive/multiline as appropriate).
Skip pre auth ACS form for 3D Secure with Continue button
Resolves #18
Some banks (the one in the linked issue is one of them) render an extra page
before the real ACS callback. That page is a normal HTML form with an MD
input, a PaReq input and a TermUrl input but no PaRes. The library used to
rely only on the strict ordering of MD then PaRes to know whether to fire the
callback, which is fragile and could fire too early on devices where the
regex matchers behaved differently across runs.
What changed
D3SRegexUtilsgets a smallfindPaReqhelper so we can ask the samequestion the bank page asks itself: is this the pre auth form or the
real callback.
D3SView.match3DSV1Parametersnow bails out as soon as it sees a PaReqinput. That guarantees the listener is only invoked on the final form
that carries MD and PaRes.
Why this works
The pre auth form always carries PaReq. The final ACS callback never does.
Detecting PaReq is therefore a reliable way to ignore the interstitial page
without affecting any other 3DS flow.
Testing
Existing
D3SRegexUtilsTestcases continue to pass. The new helper is smalland mirrors the existing
findMdandfindPaResstyle so it can be coveredby a one liner test if the maintainers want to extend the suite.