From 5e4c5acc4865b20472bb008796104981a66f5bc4 Mon Sep 17 00:00:00 2001 From: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com> Date: Mon, 11 Mar 2024 10:03:10 -0400 Subject: [PATCH] Removed the need to verify requests as CloudOps added an ACL on the network (#3882) --- src/Billing/Controllers/PayPalController.cs | 12 ----- .../Controllers/PayPalControllerTests.cs | 52 ------------------- 2 files changed, 64 deletions(-) diff --git a/src/Billing/Controllers/PayPalController.cs b/src/Billing/Controllers/PayPalController.cs index cd83ba1d3d..cd52e017ff 100644 --- a/src/Billing/Controllers/PayPalController.cs +++ b/src/Billing/Controllers/PayPalController.cs @@ -1,6 +1,5 @@ using System.Text; using Bit.Billing.Models; -using Bit.Billing.Services; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Repositories; @@ -20,7 +19,6 @@ public class PayPalController : Controller private readonly IMailService _mailService; private readonly IOrganizationRepository _organizationRepository; private readonly IPaymentService _paymentService; - private readonly IPayPalIPNClient _payPalIPNClient; private readonly ITransactionRepository _transactionRepository; private readonly IUserRepository _userRepository; @@ -30,7 +28,6 @@ public class PayPalController : Controller IMailService mailService, IOrganizationRepository organizationRepository, IPaymentService paymentService, - IPayPalIPNClient payPalIPNClient, ITransactionRepository transactionRepository, IUserRepository userRepository) { @@ -39,7 +36,6 @@ public class PayPalController : Controller _mailService = mailService; _organizationRepository = organizationRepository; _paymentService = paymentService; - _payPalIPNClient = payPalIPNClient; _transactionRepository = transactionRepository; _userRepository = userRepository; } @@ -91,14 +87,6 @@ public class PayPalController : Controller return BadRequest(); } - var verified = await _payPalIPNClient.VerifyIPN(transactionModel.TransactionId, requestContent); - - if (!verified) - { - _logger.LogError("PayPal IPN ({Id}): Verification failed", transactionModel.TransactionId); - return BadRequest(); - } - if (transactionModel.TransactionType != "web_accept" && transactionModel.TransactionType != "merch_pmt" && transactionModel.PaymentStatus != "Refunded") diff --git a/test/Billing.Test/Controllers/PayPalControllerTests.cs b/test/Billing.Test/Controllers/PayPalControllerTests.cs index 8c78c4a3e7..cafc0a9659 100644 --- a/test/Billing.Test/Controllers/PayPalControllerTests.cs +++ b/test/Billing.Test/Controllers/PayPalControllerTests.cs @@ -1,6 +1,5 @@ using System.Text; using Bit.Billing.Controllers; -using Bit.Billing.Services; using Bit.Billing.Test.Utilities; using Bit.Core.AdminConsole.Entities; using Bit.Core.Entities; @@ -31,7 +30,6 @@ public class PayPalControllerTests private readonly IMailService _mailService = Substitute.For(); private readonly IOrganizationRepository _organizationRepository = Substitute.For(); private readonly IPaymentService _paymentService = Substitute.For(); - private readonly IPayPalIPNClient _payPalIPNClient = Substitute.For(); private readonly ITransactionRepository _transactionRepository = Substitute.For(); private readonly IUserRepository _userRepository = Substitute.For(); @@ -115,31 +113,6 @@ public class PayPalControllerTests LoggedError(logger, "PayPal IPN (2PK15573S8089712Y): 'custom' did not contain a User ID or Organization ID"); } - [Fact] - public async Task PostIpn_Unverified_BadRequest() - { - var logger = _testOutputHelper.BuildLoggerFor(); - - _billingSettings.Value.Returns(new BillingSettings - { - PayPal = { WebhookKey = _defaultWebhookKey } - }); - - var organizationId = new Guid("ca8c6f2b-2d7b-4639-809f-b0e5013a304e"); - - var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment); - - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(false); - - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); - - var result = await controller.PostIpn(); - - HasStatusCode(result, 400); - - LoggedError(logger, "PayPal IPN (2PK15573S8089712Y): Verification failed"); - } - [Fact] public async Task PostIpn_OtherTransactionType_Unprocessed_Ok() { @@ -154,8 +127,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.UnsupportedTransactionType); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); var result = await controller.PostIpn(); @@ -183,8 +154,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); var result = await controller.PostIpn(); @@ -212,8 +181,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.RefundMissingParentTransaction); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); var result = await controller.PostIpn(); @@ -241,8 +208,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.ECheckPayment); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); var result = await controller.PostIpn(); @@ -270,8 +235,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.NonUSDPayment); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody); var result = await controller.PostIpn(); @@ -299,8 +262,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").Returns(new Transaction()); @@ -332,8 +293,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").ReturnsNull(); @@ -367,8 +326,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPaymentForOrganizationCredit); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").ReturnsNull(); @@ -417,8 +374,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPaymentForUserCredit); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").ReturnsNull(); @@ -467,8 +422,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").Returns(new Transaction()); @@ -504,8 +457,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").ReturnsNull(); @@ -545,8 +496,6 @@ public class PayPalControllerTests var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund); - _payPalIPNClient.VerifyIPN(Arg.Any(), ipnBody).Returns(true); - _transactionRepository.GetByGatewayIdAsync( GatewayType.PayPal, "2PK15573S8089712Y").ReturnsNull(); @@ -592,7 +541,6 @@ public class PayPalControllerTests _mailService, _organizationRepository, _paymentService, - _payPalIPNClient, _transactionRepository, _userRepository);