diff --git a/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/filters/SameSiteCookiePostProcessFilter.java b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/filters/SameSiteCookiePostProcessFilter.java new file mode 100644 index 000000000..ada22daf4 --- /dev/null +++ b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/filters/SameSiteCookiePostProcessFilter.java @@ -0,0 +1,55 @@ +/* + * ###### + * ###### + * ############ ####( ###### #####. ###### ############ ############ + * ############# #####( ###### #####. ###### ############# ############# + * ###### #####( ###### #####. ###### ##### ###### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ###### + * ############# ############# ############# ############# ##### ###### + * ############ ############ ############# ############ ##### ###### + * ###### + * ############# + * ############ + * + * Adyen Hybris Extension + * + * Copyright (c) 2020 Adyen B.V. + * This file is open source and available under the MIT license. + * See the LICENSE file for more info. + */ + +package com.adyen.commerce.filters; + +import com.adyen.commerce.utils.SameSiteCookieAttributeAppenderUtils; +import org.springframework.web.filter.GenericFilterBean; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/* + * This class uses code written by Igor Zarvanskyi and published on https://clutcher.github.io/post/hybris/same_site_login_issue/ + */ +public class SameSiteCookiePostProcessFilter extends GenericFilterBean { + + private SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils; + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + getSameSiteCookieAttributeAppenderUtils().addSameSiteAttribute((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse); + filterChain.doFilter(servletRequest, servletResponse); + } + + protected SameSiteCookieAttributeAppenderUtils getSameSiteCookieAttributeAppenderUtils() { + return sameSiteCookieAttributeAppenderUtils; + } + + public void setSameSiteCookieAttributeAppenderUtils(SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils) { + this.sameSiteCookieAttributeAppenderUtils = sameSiteCookieAttributeAppenderUtils; + } +} \ No newline at end of file diff --git a/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/interceptors/SameSiteCookieHandlerInterceptorAdapter.java b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/interceptors/SameSiteCookieHandlerInterceptorAdapter.java new file mode 100644 index 000000000..e7728eda2 --- /dev/null +++ b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/interceptors/SameSiteCookieHandlerInterceptorAdapter.java @@ -0,0 +1,50 @@ +/* + * ###### + * ###### + * ############ ####( ###### #####. ###### ############ ############ + * ############# #####( ###### #####. ###### ############# ############# + * ###### #####( ###### #####. ###### ##### ###### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ###### + * ############# ############# ############# ############# ##### ###### + * ############ ############ ############# ############ ##### ###### + * ###### + * ############# + * ############ + * + * Adyen Hybris Extension + * + * Copyright (c) 2020 Adyen B.V. + * This file is open source and available under the MIT license. + * See the LICENSE file for more info. + */ + +package com.adyen.commerce.interceptors; + +import com.adyen.commerce.utils.SameSiteCookieAttributeAppenderUtils; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/* + * This class uses code written by Igor Zarvanskyi and published on https://clutcher.github.io/post/hybris/same_site_login_issue/ + */ +public class SameSiteCookieHandlerInterceptorAdapter extends HandlerInterceptorAdapter { + + private SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils; + + @Override + public void postHandle(HttpServletRequest servletRequest, HttpServletResponse servletResponse, Object handler, ModelAndView modelAndView) { + getSameSiteCookieAttributeAppenderUtils().addSameSiteAttribute(servletRequest, servletResponse); + } + + protected SameSiteCookieAttributeAppenderUtils getSameSiteCookieAttributeAppenderUtils() { + return sameSiteCookieAttributeAppenderUtils; + } + + public void setSameSiteCookieAttributeAppenderUtils(SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils) { + this.sameSiteCookieAttributeAppenderUtils = sameSiteCookieAttributeAppenderUtils; + } +} \ No newline at end of file diff --git a/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/security/AdyenGUIDAuthenticationSuccessHandler.java b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/security/AdyenGUIDAuthenticationSuccessHandler.java new file mode 100644 index 000000000..3ec6a8338 --- /dev/null +++ b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/security/AdyenGUIDAuthenticationSuccessHandler.java @@ -0,0 +1,91 @@ +/* + * ###### + * ###### + * ############ ####( ###### #####. ###### ############ ############ + * ############# #####( ###### #####. ###### ############# ############# + * ###### #####( ###### #####. ###### ##### ###### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ###### + * ############# ############# ############# ############# ##### ###### + * ############ ############ ############# ############ ##### ###### + * ###### + * ############# + * ############ + * + * Adyen Hybris Extension + * + * Copyright (c) 2020 Adyen B.V. + * This file is open source and available under the MIT license. + * See the LICENSE file for more info. + */ + +package com.adyen.commerce.security; + +import com.adyen.commerce.utils.SameSiteCookieAttributeAppenderUtils; +import de.hybris.platform.acceleratorstorefrontcommons.security.GUIDCookieStrategy; +import org.springframework.beans.factory.annotation.Required; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/* + * This class uses code written by Igor Zarvanskyi and published on https://clutcher.github.io/post/hybris/same_site_login_issue/ + */ +public class AdyenGUIDAuthenticationSuccessHandler implements AuthenticationSuccessHandler +{ + private GUIDCookieStrategy guidCookieStrategy; + private AuthenticationSuccessHandler authenticationSuccessHandler; + private SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils; + + @Override + public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response, + final Authentication authentication) throws IOException, ServletException + { + getGuidCookieStrategy().setCookie(request, response); + + // onAuthenticationSuccess will commit response, so we won't be able to change it, that's why we should execute filter before it. + getSameSiteCookieAttributeAppenderUtils().addSameSiteAttribute(request, response); + + getAuthenticationSuccessHandler().onAuthenticationSuccess(request, response, authentication); + } + + protected GUIDCookieStrategy getGuidCookieStrategy() + { + return guidCookieStrategy; + } + + /** + * @param guidCookieStrategy the guidCookieStrategy to set + */ + @Required + public void setGuidCookieStrategy(final GUIDCookieStrategy guidCookieStrategy) + { + this.guidCookieStrategy = guidCookieStrategy; + } + + protected AuthenticationSuccessHandler getAuthenticationSuccessHandler() + { + return authenticationSuccessHandler; + } + + /** + * @param authenticationSuccessHandler the authenticationSuccessHandler to set + */ + @Required + public void setAuthenticationSuccessHandler(final AuthenticationSuccessHandler authenticationSuccessHandler) + { + this.authenticationSuccessHandler = authenticationSuccessHandler; + } + + protected SameSiteCookieAttributeAppenderUtils getSameSiteCookieAttributeAppenderUtils() { + return sameSiteCookieAttributeAppenderUtils; + } + + public void setSameSiteCookieAttributeAppenderUtils(SameSiteCookieAttributeAppenderUtils sameSiteCookieAttributeAppenderUtils) { + this.sameSiteCookieAttributeAppenderUtils = sameSiteCookieAttributeAppenderUtils; + } +} diff --git a/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/utils/SameSiteCookieAttributeAppenderUtils.java b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/utils/SameSiteCookieAttributeAppenderUtils.java new file mode 100644 index 000000000..f2b2bc74b --- /dev/null +++ b/adyencheckoutaddonspa/acceleratoraddon/web/src/com/adyen/commerce/utils/SameSiteCookieAttributeAppenderUtils.java @@ -0,0 +1,151 @@ +/* + * ###### + * ###### + * ############ ####( ###### #####. ###### ############ ############ + * ############# #####( ###### #####. ###### ############# ############# + * ###### #####( ###### #####. ###### ##### ###### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ##### ###### + * ###### ###### #####( ###### #####. ###### ##### ##### ###### + * ############# ############# ############# ############# ##### ###### + * ############ ############ ############# ############ ##### ###### + * ###### + * ############# + * ############ + * + * Adyen Hybris Extension + * + * Copyright (c) 2020 Adyen B.V. + * This file is open source and available under the MIT license. + * See the LICENSE file for more info. + */ + +package com.adyen.commerce.utils; + +import com.google.common.net.HttpHeaders; +import de.hybris.platform.servicelayer.config.ConfigurationService; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.configuration.Configuration; +import org.apache.log4j.Logger; + +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.Optional; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/* + * This class uses code written by Igor Zarvanskyi and published on https://clutcher.github.io/post/hybris/same_site_login_issue/ + */ +public class SameSiteCookieAttributeAppenderUtils { + + private static final Logger LOG = Logger.getLogger(SameSiteCookieAttributeAppenderUtils.class); + + private ConfigurationService configurationService; + + private static final String PLATFORM_VERSION_PROPERTY = "build.version.api"; + private static final String SAMESITE_COOKIE_HANDLER_ENABLED_PROPERTY = "adyen.samesitecookie.handler.enabled"; + private static final int SAP_VERSION_WITH_SAMESITE_FIX = 2005; + private static final List COOKIES_WITH_FORCE_SAME_SITE_NONE = Arrays.asList("JSESSIONID", "acceleratorSecureGUID", "yacceleratorstorefrontRememberMe"); + private static final Pattern CHROME_VERSION = Pattern.compile("Chrom[^ \\/]+\\/(\\d+)[\\.\\d]*"); + + public void addSameSiteAttribute(HttpServletRequest servletRequest, HttpServletResponse servletResponse) { + // Do not modify cookies for SAP versions which already have SameSite cookies handler available + if(isPlatformVersionWithSameSiteFix()) { + return; + } + + if (isSameSiteCookieHandlingEnabled() && isNotCommittedResponse(servletResponse)) { + Collection headers = servletResponse.getHeaders(HttpHeaders.SET_COOKIE); + if (CollectionUtils.isNotEmpty(headers)) { + String userAgent = servletRequest.getHeader(HttpHeaders.USER_AGENT); + for (String sameSiteCookie : COOKIES_WITH_FORCE_SAME_SITE_NONE) { + addSameSiteNone(sameSiteCookie, servletResponse, userAgent); + } + } + } + } + + private void addSameSiteNone(String sameSiteCookie, HttpServletResponse servletResponse, String userAgent) { + Collection headers = servletResponse.getHeaders(HttpHeaders.SET_COOKIE); + + // Check if exists session set cookie header + Optional sessionCookieWithoutSameSite = headers.stream() + .filter(cookie -> cookie.startsWith(sameSiteCookie) && !cookie.contains("SameSite")) + .findAny(); + + if (sessionCookieWithoutSameSite.isPresent() && shouldSendSameSiteNone(userAgent)) { + // Replace all set cookie headers with 1 new session + sameSite header + servletResponse.setHeader(HttpHeaders.SET_COOKIE, sessionCookieWithoutSameSite.get() + ";Secure ;SameSite=None"); + + // Re-add all other set cookie headers + headers.stream() + .filter(cookie -> !cookie.startsWith(sameSiteCookie)) + .forEach(cookie -> servletResponse.addHeader(HttpHeaders.SET_COOKIE, cookie)); + } + } + + private boolean isNotCommittedResponse(ServletResponse servletResponse) { + return !servletResponse.isCommitted(); + } + + private boolean isSameSiteCookieHandlingEnabled() { + Configuration configuration = getConfigurationService().getConfiguration(); + boolean isSameSiteCookieHandlingEnabled = false; + if (configuration.containsKey(SAMESITE_COOKIE_HANDLER_ENABLED_PROPERTY)) { + isSameSiteCookieHandlingEnabled = configuration.getBoolean(SAMESITE_COOKIE_HANDLER_ENABLED_PROPERTY); + } + return isSameSiteCookieHandlingEnabled; + } + + private boolean isPlatformVersionWithSameSiteFix() { + try { + String platformVersion = getConfigurationService().getConfiguration().getString(PLATFORM_VERSION_PROPERTY); + if(platformVersion != null) { + String[] platformVersionSplit = platformVersion.split("\\."); + //compare major version + int majorVersion = Integer.parseInt(platformVersionSplit[0]); + return majorVersion >= SAP_VERSION_WITH_SAMESITE_FIX; + } + } catch (Exception e) { + LOG.debug(e); + } + + LOG.debug("Could not parse platform version, SameSite cookie handling will be skipped"); + return true; + } + + public static boolean shouldSendSameSiteNone(String useragent) { + return isChromiumBased(useragent) && isChromiumVersionAtLeast(80, useragent); + } + + private static boolean isChromiumBased(String useragent) { + return useragent.contains("Chrome") || useragent.contains("Chromium"); + } + + private static boolean isChromiumVersionAtLeast(int major, String useragent) { + Matcher matcher = CHROME_VERSION.matcher(useragent); + if (matcher.find()) { + try { + String chromeVersion = matcher.group(1); + return Integer.parseInt(chromeVersion) >= major; + } catch (Exception e) { + LOG.debug(e); + } + } + + LOG.debug("Could not parse Chrome browser version, SameSite cookie handling will be skipped"); + return false; + } + + public ConfigurationService getConfigurationService() { + return configurationService; + } + + public void setConfigurationService(ConfigurationService configurationService) { + this.configurationService = configurationService; + } +} \ No newline at end of file diff --git a/adyenv6b2ccheckoutaddon/resources/adyenv6b2ccheckoutaddon-spring.xml b/adyenv6b2ccheckoutaddon/resources/adyenv6b2ccheckoutaddon-spring.xml index 91e10640d..67668ca12 100644 --- a/adyenv6b2ccheckoutaddon/resources/adyenv6b2ccheckoutaddon-spring.xml +++ b/adyenv6b2ccheckoutaddon/resources/adyenv6b2ccheckoutaddon-spring.xml @@ -46,8 +46,4 @@ - - - - diff --git a/adyenv6core/external-dependencies.xml b/adyenv6core/external-dependencies.xml index 4aeb305e4..8714aa9a6 100644 --- a/adyenv6core/external-dependencies.xml +++ b/adyenv6core/external-dependencies.xml @@ -49,5 +49,10 @@ json 20220924 + + com.fasterxml.jackson.datatype + jackson-datatype-jsr310 + 2.13.3 + diff --git a/adyenv6core/resources/adyenv6core-spring.xml b/adyenv6core/resources/adyenv6core-spring.xml index 3b5856d64..f47b8f084 100644 --- a/adyenv6core/resources/adyenv6core-spring.xml +++ b/adyenv6core/resources/adyenv6core-spring.xml @@ -432,4 +432,8 @@ + + + + diff --git a/adyenv6b2ccheckoutaddon/src/com/adyen/v6/acceleratorfacades/flow/impl/AdyenCheckoutFlowFacade.java b/adyenv6core/src/com/adyen/v6/acceleratorfacades/flow/impl/AdyenCheckoutFlowFacade.java similarity index 100% rename from adyenv6b2ccheckoutaddon/src/com/adyen/v6/acceleratorfacades/flow/impl/AdyenCheckoutFlowFacade.java rename to adyenv6core/src/com/adyen/v6/acceleratorfacades/flow/impl/AdyenCheckoutFlowFacade.java diff --git a/adyenv6core/src/com/adyen/v6/factory/AdyenPaymentServiceFactory.java b/adyenv6core/src/com/adyen/v6/factory/AdyenPaymentServiceFactory.java index 5d4abab84..5f1509269 100644 --- a/adyenv6core/src/com/adyen/v6/factory/AdyenPaymentServiceFactory.java +++ b/adyenv6core/src/com/adyen/v6/factory/AdyenPaymentServiceFactory.java @@ -42,14 +42,14 @@ public AdyenPaymentServiceFactory(final AdyenRequestFactory adyenRequestFactory, } public AdyenCheckoutApiService createAdyenCheckoutApiService(final BaseStoreModel baseStoreModel) { - String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(); + String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(baseStoreModel); DefaultAdyenCheckoutApiService defaultAdyenCheckoutApiService = new DefaultAdyenCheckoutApiService(baseStoreModel, webMerchantAccount); defaultAdyenCheckoutApiService.setAdyenRequestFactory(adyenRequestFactory); return defaultAdyenCheckoutApiService; } public AdyenModificationsApiService createAdyenModificationsApiService(final BaseStoreModel baseStoreModel) { - String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(); + String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(baseStoreModel); DefaultAdyenModificationsApiService adyenModificationsApiService = new DefaultAdyenModificationsApiService(baseStoreModel, webMerchantAccount); adyenModificationsApiService.setAdyenRequestFactory(adyenRequestFactory); return adyenModificationsApiService; diff --git a/adyenv6core/src/com/adyen/v6/strategy/AdyenMerchantAccountStrategy.java b/adyenv6core/src/com/adyen/v6/strategy/AdyenMerchantAccountStrategy.java index e848a2198..32803bd21 100644 --- a/adyenv6core/src/com/adyen/v6/strategy/AdyenMerchantAccountStrategy.java +++ b/adyenv6core/src/com/adyen/v6/strategy/AdyenMerchantAccountStrategy.java @@ -1,9 +1,15 @@ package com.adyen.v6.strategy; +import de.hybris.platform.store.BaseStoreModel; + public interface AdyenMerchantAccountStrategy { String getWebMerchantAccount(); + String getWebMerchantAccount(BaseStoreModel baseStore); + String getPosMerchantAccount(); + String getPosMerchantAccount(BaseStoreModel baseStore); + } diff --git a/adyenv6core/src/com/adyen/v6/strategy/impl/DefaultAdyenMerchantAccountStrategy.java b/adyenv6core/src/com/adyen/v6/strategy/impl/DefaultAdyenMerchantAccountStrategy.java index de442264e..93c8fd2be 100644 --- a/adyenv6core/src/com/adyen/v6/strategy/impl/DefaultAdyenMerchantAccountStrategy.java +++ b/adyenv6core/src/com/adyen/v6/strategy/impl/DefaultAdyenMerchantAccountStrategy.java @@ -6,16 +6,28 @@ public class DefaultAdyenMerchantAccountStrategy implements AdyenMerchantAccountStrategy { private BaseStoreService baseStoreService; + @Override public String getWebMerchantAccount() { BaseStoreModel currentBaseStore = baseStoreService.getCurrentBaseStore(); - return currentBaseStore.getAdyenMerchantAccount(); + return getWebMerchantAccount(currentBaseStore); + } + + @Override + public String getWebMerchantAccount(BaseStoreModel baseStore) { + return baseStore.getAdyenMerchantAccount(); } @Override public String getPosMerchantAccount() { BaseStoreModel currentBaseStore = baseStoreService.getCurrentBaseStore(); - return currentBaseStore.getAdyenPosMerchantAccount(); + return getPosMerchantAccount(currentBaseStore); + } + + @Override + public String getPosMerchantAccount(BaseStoreModel baseStore) { + return baseStore.getAdyenPosMerchantAccount(); + } public void setBaseStoreService(BaseStoreService baseStoreService) { diff --git a/adyenv6subscription/src/com/adyen/v6/factory/SubscriptionAdyenPaymentServiceFactory.java b/adyenv6subscription/src/com/adyen/v6/factory/SubscriptionAdyenPaymentServiceFactory.java index c53db1745..44aa1ec94 100644 --- a/adyenv6subscription/src/com/adyen/v6/factory/SubscriptionAdyenPaymentServiceFactory.java +++ b/adyenv6subscription/src/com/adyen/v6/factory/SubscriptionAdyenPaymentServiceFactory.java @@ -13,7 +13,7 @@ public SubscriptionAdyenPaymentServiceFactory(SubscriptionPaymentRequestFactory @Override public AdyenCheckoutApiService createAdyenCheckoutApiService(final BaseStoreModel baseStoreModel) { - String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(); + String webMerchantAccount = adyenMerchantAccountStrategy.getWebMerchantAccount(baseStoreModel); final DefaultSubscriptionAdyenCheckoutApiService adyenPaymentService = new DefaultSubscriptionAdyenCheckoutApiService( baseStoreModel, webMerchantAccount);