Current File : /var/www/prestashop/modules/ps_checkout/src/PayPal/Card3DSecureLegacy.php
<?php
/**
 * Copyright since 2007 PrestaShop SA and Contributors
 * PrestaShop is an International Registered Trademark & Property of PrestaShop SA
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Academic Free License version 3.0
 * that is bundled with this package in the file LICENSE.md.
 * It is also available through the world-wide-web at this URL:
 * https://opensource.org/licenses/AFL-3.0
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to license@prestashop.com so we can send you a copy immediately.
 *
 * @author    PrestaShop SA and Contributors <contact@prestashop.com>
 * @copyright Since 2007 PrestaShop SA and Contributors
 * @license   https://opensource.org/licenses/AFL-3.0 Academic Free License version 3.0
 */

namespace PrestaShop\Module\PrestashopCheckout\PayPal;

/**
 * Deprecated parameters related to 3D Secure 1.0
 * Recommended action based on `AuthenticationReason` and `authenticationStatus` parameters, a `liabilityShifted` determines how you might proceed with authentication
 *
 * @see https://developer.paypal.com/docs/checkout/advanced/customize/3d-secure/response-parameters/#link-deprecatedparameters
 */
class Card3DSecureLegacy
{
    // Liability has shifted to the card issuer. Available only after order is authorized or captured.
    const LIABILITY_SHIFT_YES = 'YES';
    // Liability is with the merchant.
    const LIABILITY_SHIFT_NO = 'NO';
    // Liability may shift to the card issuer. Available only before order is authorized or captured.
    const LIABILITY_SHIFT_POSSIBLE = 'POSSIBLE';
    // The authentication system is not available.
    const LIABILITY_SHIFT_UNKNOWN = 'UNKNOWN';

    // Continue with authorization at your own risk, meaning that the liability of any chargeback has not shifted from the merchant to the card issuer.
    const NO_DECISION = 0;
    // Continue with authorization.
    const PROCEED = 1;
    // Do not continue with authorization.
    const REJECT = 2;
    // Do not continue with authorization. Request cardholder to retry.
    const RETRY = 3;

    /**
     * @param array{liabilityShift: string|null, liabilityShifted: bool|null, authenticationStatus: string|null, authenticationReason: string|null} $payload
     *
     * @return int
     */
    public function continueWithAuthorization(array $payload)
    {
        // We still use deprecated parameters cause there no equivalent to manage all scenarios, PayPal ensure it still usable.
        $liabilityShift = isset($payload['liabilityShift']) ? $payload['liabilityShift'] : null;
        $liabilityShifted = isset($payload['liabilityShifted']) ? (bool) $payload['liabilityShifted'] : null; // Deprecated parameter
        $authenticationStatus = isset($payload['authenticationStatus']) ? $payload['authenticationStatus'] : null; // Deprecated parameter
        $authenticationReason = isset($payload['authenticationReason']) ? $payload['authenticationReason'] : null; // Deprecated parameter

        // Liability might shift to the card issuer.
        if ($liabilityShift === static::LIABILITY_SHIFT_POSSIBLE || $liabilityShift === static::LIABILITY_SHIFT_YES) {
            return static::PROCEED;
        }

        // Test cards
        if ($liabilityShift === null && $liabilityShifted === null && $authenticationStatus === 'APPROVED' && $authenticationReason === null) {
            return static::NO_DECISION;
        }

        // You have not required 3D Secure for the buyer or the card network did not require a 3D Secure.
        // You can continue with authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
        if ($liabilityShift === null && $liabilityShifted === null && $authenticationStatus === null && $authenticationReason === null) {
            return static::NO_DECISION;
        }

        // Buyer successfully authenticated using 3D Secure.
        // Buyer authenticated with 3D Secure and you can continue with the authorization.
        if ($liabilityShifted && $authenticationStatus === 'YES' && $authenticationReason === 'SUCCESSFUL') {
            return static::PROCEED;
        }

        // An error occurred with the 3D Secure authentication system.
        // Prompt the buyer to re-authenticate or request for another form of payment.
        if (!$liabilityShifted && $authenticationStatus === 'ERROR' && $authenticationReason === 'ERROR') {
            return static::RETRY;
        }

        // Buyer was presented the 3D Secure challenge but chose to skip the authentication.
        // Do not continue with current authorization. Prompt the buyer to re-authenticate or request buyer for another form of payment.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'SKIPPED_BY_BUYER') {
            return static::RETRY;
        }

        // Buyer may have failed the challenge or the device was not verified.
        // Do not continue with current authorization. Prompt the buyer to re-authenticate or request buyer for another form of payment.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'FAILURE') {
            return static::RETRY;
        }

        // 3D Secure was skipped as authentication system did not require a challenge.
        // You can continue with the authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'BYPASSED') {
            return static::NO_DECISION;
        }

        // Card is not enrolled in 3D Secure.
        // Card issuing bank is not participating in 3D Secure. Continue with authorization as authentication is not required.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'ATTEMPTED') {
            return static::PROCEED;
        }

        // Issuing bank is not able to complete authentication.
        // You can continue with the authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'UNAVAILABLE') {
            return static::NO_DECISION;
        }

        // Card is not eligible for 3D Secure authentication.
        // Continue with authorization as authentication is not required.
        if (!$liabilityShifted && $authenticationStatus === 'NO' && $authenticationReason === 'CARD_INELIGIBLE') {
            return static::PROCEED;
        }

        // Liability is with the merchant.
        if ($liabilityShift === static::LIABILITY_SHIFT_NO) {
            return static::REJECT;
        }

        // The authentication system is not available.
        if ($liabilityShift === static::LIABILITY_SHIFT_UNKNOWN) {
            return static::RETRY;
        }

        // Default case
        return static::NO_DECISION;
    }
}