Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(connector): mask pii information in connector request and response for stripe, aci, adyen, airwallex and authorizedotnet #3678

Merged
merged 55 commits into from
Feb 27, 2024

Conversation

AkshayaFoiger
Copy link
Contributor

@AkshayaFoiger AkshayaFoiger commented Feb 16, 2024

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Mask pii information passed and received in the connector request and response for stripe, aci, adyen, airwallex and authorizedotnet

Test Case

Check if sensitive fields within connector request and response is masked in the click house for all these connectors

  1. Aci and Adyen payment create
curl --location 'http://localhost:8080/payments' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key: {}' \
--data-raw '{
  "amount": 10000,
  "currency": "USD",
  "confirm": true,
  "capture_method": "automatic",
  "capture_on": "2022-09-10T10:11:12Z",
  "customer_id": "StripeCustomer",
  "email": "abcdef123@gmail.com",
  "name": "John Doe",
  "phone": "999999999",
  "phone_country_code": "+65",
  "description": "Its my first payment request",
  "authentication_type": "no_three_ds",
  "return_url": "https://hs-payments-test.netlify.app/payments",
  "billing": {
    "address": {
      "line1": "1467",
      "line2": "Harrison Street",
      "line3": "Harrison Street",
      "city": "San Fransico",
      "state": "California",
      "zip": "94122",
      "country": "US"
    }
  },
  "browser_info": {
    "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
    "accept_header": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
    "language": "nl-NL",
    "color_depth": 24,
    "screen_height": 723,
    "screen_width": 1536,
    "time_zone": 0,
    "java_enabled": true,
    "java_script_enabled": true,
    "ip_address": "127.0.0.1"
  },
  "shipping": {
    "address": {
      "line1": "1467",
      "line2": "Harrison Street",
      "line3": "Harrison Street",
      "city": "San Fransico",
      "state": "California",
      "zip": "94122",
      "country": "US",
      "first_name": "John",
      "last_name": "Doe"
    }
  },
  "statement_descriptor_name": "joseph",
  "statement_descriptor_suffix": "JS",
  "metadata": {
    "udf1": "value1",
    "new_customer": "true",
    "login_date": "2019-09-10T10:11:12Z"
  },
  "payment_method": "card",
  "payment_method_data": {
    "card": {
      "card_number": "4917 6100 0000 0000",
      "card_exp_month": "03",
      "card_exp_year": "2030",
      "card_holder_name": "Joseph Doe",
      "card_cvc": "737"
    }
  },
  "setup_future_usage": "off_session",
  "mandate_data": {
    "customer_acceptance": {
      "acceptance_type": "offline",
      "accepted_at": "1963-05-03T04:07:52.723Z",
      "online": {
        "ip_address": "13.232.74.226",
        "user_agent": "amet irure esse"
      }
    }
    ,
    "mandate_type": {
      "multi_use": {
        "amount": 799,
         "currency": "USD"
      }
    }
  }
}'

2.ACI mandate payment

curl --location 'http://localhost:8080/payments' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key:{}' \
--data '{
  "amount": 700,
  "currency": "USD",
  "off_session": true,
  "confirm": true,
  "capture_method": "automatic",
  "description": "Initiated by merchant",
  "mandate_id": "man_Y214d8eLCfEpkyEmrN9s",
  "customer_id": "StripeCustomer",
  "billing": {
    "address": {
      "line1": "1467",
      "line2": "Harrison Street",
      "line3": "Harrison Street",
      "city": "San Fransico",
      "state": "California",
      "zip": "94122",
      "country": "US",
      "first_name": "John",
      "last_name": "Doe"
    }
  }
}'
  1. Airwallex 3Ds
curl --location 'http://localhost:8080/payments' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-key:{{}}' \
--data-raw '{
  "amount": 2000,
  "currency": "GBP",
  "confirm": true,
  "capture_method": "automatic",
  "capture_on": "2022-09-10T10:11:12Z",
  "customer_id": "StripeCustomer",
  "email": "abcdef123@gmail.com",
  "name": "John Doe",
  "phone": "999999999",
  "phone_country_code": "+65",
  "description": "Its my first payment request",
  "authentication_type": "three_ds",
  "return_url": "https://google.com",

  "billing": {
    "address": {
      "line1": "1467",
      "line2": "Harrison Street",
      "line3": "Harrison Street",
      "city": "San Fransico",
      "state": "California",
      "zip": "94122",
      "country": "US"
    }
  },
  "browser_info": {
    "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
    "accept_header": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
    "language": "nl-NL",
    "color_depth": 24,
    "screen_height": 723,
    "screen_width": 1536,
    "time_zone": 0,
    "java_enabled": true,
    "java_script_enabled": true,
    "ip_address": "127.0.0.1"
  },
  "shipping": {
    "address": {
      "line1": "1467",
      "line2": "Harrison Street",
      "line3": "Harrison Street",
      "city": "San Fransico",
      "state": "California",
      "zip": "94122",
      "country": "US",
      "first_name": "John",
      "last_name": "Doe"
    }
  },
  "statement_descriptor_name": "joseph",
  "statement_descriptor_suffix": "JS",
  "metadata": {
    "udf1": "value1",
    "new_customer": "true",
    "login_date": "2019-09-10T10:11:12Z"
  },
  "payment_method": "card",
  "payment_method_data": {
    "card": {
      "card_number": "4012000300000088",
      "card_exp_month": "10",
      "card_exp_year": "2025",
      "card_holder_name": "Joseph Doe",
      "card_cvc": "123"
    }
  }
}'
  1. Stripe Apple pay

  2. Authorize.dot Mandate Payment and refund
    Note: can't be tested, there is a known bug

Check if all the sensitive data in the masked_response is masked

curl --location '{{base_url}}/analytics/v1/connector_event_logs?type=Payment&payment_id={{payment_id}}' \
--header 'sec-ch-ua: "Not A(Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"' \
--header 'sec-ch-ua-mobile: ?0' \
--header 'authorization: Bearer JWT_token' \
--header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36' \
--header 'Content-Type: application/json' \
--header 'Referer: https://integ.hyperswitch.io/' \
--header 'api-key: {{api-key}}' \
--header 'sec-ch-ua-platform: "macOS"'
  1. Response for ACI - payment create
"masked_response\":\"{\\\"id\\\":\\\"8ac7a4a08de5447e018de582bb107592\\\",\\\"registrationId\\\":\\\"*** alloc::string::String ***\\\",\\\"ndc\\\":\\\"8ac7a4c97d044305017d053142b009ed_6c787329b2284b9689b010b7ee2ef803\\\",\\\"timestamp\\\":\\\"2024-02-26 13:02:46+0000\\\",\\\"buildNumber\\\":\\\"65a0c4e5cfd8d1606f555dfc25cfe3ab19688806@2024-02-23 04:43:28 +0000\\\",\\\"result\\\":{\\\"code\\\":\\\"000.100.110\\\",\\\"description\\\":\\\"Request successfully processed in 'Merchant in Integrator Test Mode'\\\",\\\"parameterErrors\\\":null}
  1. Response for ACI - mandate payment
\"masked_response\":\"{\\\"id\\\":\\\"8ac7a49f8de5402f018de58580910358\\\",\\\"registrationId\\\":null,\\\"ndc\\\":\\\"8ac7a4c97d044305017d053142b009ed_0ba46b44820f4f81b7876e9e8efeccf0\\\",\\\"timestamp\\\":\\\"2024-02-26 13:05:48+0000\\\",\\\"buildNumber\\\":\\\"65a0c4e5cfd8d1606f555dfc25cfe3ab19688806@2024-02-23 04:43:28 +0000\\\",\\\"result\\\":{\\\"code\\\":\\\"000.100.110\\\",\\\"description\\\":\\\"Request successfully processed in 'Merchant in Integrator Test Mode'\\\",\\\"parameterErrors\\\":null},\\\"redirect\\\":null}
  1. Response for Adyen - mandate payment
masked_response\":\"{\\\"pspReference\\\":\\\"N5SF6G38NXTQ7RT5\\\",\\\"resultCode\\\":\\\"Authorised\\\",\\\"amount\\\":{\\\"currency\\\":\\\"USD\\\",\\\"value\\\":10000},\\\"merchantReference\\\":\\\"pay_mf45Xy9Of4vVcMEIPqGj_1\\\",\\\"refusalReason\\\":null,\\\"refusalReasonCode\\\":null,\\\"additionalData\\\":{\\\"authorisationType\\\":null,\\\"manualCapture\\\":null,\\\"recurringProcessingModel\\\":\\\"UnscheduledCardOnFile\\\",\\\"recurring.recurringDetailReference\\\":\\\"*** alloc::string::String ***\\\",\\\"recurring.shopperReference\\\":\\\"merchant_1709011022_StripeCustomer\\\",\\\"networkTxReference\\\":\\\"*** alloc::string::String ***\\\",\\\"payoutEligible\\\":null,\\\"fundsAvailability\\\":null}

Note: There is a known bug in adyen recurring mandate payment

7.Response for Airwallex 3DS

{\\\"status\\\":\\\"REQUIRES_CUSTOMER_ACTION\\\",\\\"id\\\":\\\"int_hkdm5rvp6gtsl5v8q2w\\\",\\\"amount\\\":20.0,\\\"payment_consent_id\\\":null,\\\"next_action\\\":{\\\"url\\\":\\\"https://pci-api-demo.airwallex.com/pa/card3ds/hk/three-ds-method/redirect/start?key=1999b53e-ff3b-4b6e-aeaf-28ba23f4767b\\\",\\\"method\\\":\\\"POST\\\",\\\"data\\\":{\\\"JWT\\\":null,\\\"threeDSMethodData\\\":\\\"*** alloc::string::String ***\\\",\\\"token\\\":\\\"*** alloc::string::String ***\\\",\\\"provider\\\":null,\\\"version\\\":null},\\\"stage\\\":\\\"WAITING_DEVICE_DATA_COLLECTION\\\"}}

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible
  • I added a CHANGELOG entry if applicable

lsampras and others added 30 commits February 1, 2024 14:26
prasunna09
prasunna09 previously approved these changes Feb 22, 2024
Copy link
Contributor

@prasunna09 prasunna09 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Stripe, payment_method field in paymentIntentRequest is needed to be masked? Please make the change accordingly!

prasunna09
prasunna09 previously approved these changes Feb 26, 2024
SamraatBansal
SamraatBansal previously approved these changes Feb 26, 2024
@@ -3629,17 +3637,17 @@ pub struct Evidence {
#[serde(rename = "evidence[customer_communication]")]
pub customer_communication: Option<String>,
#[serde(rename = "evidence[customer_email_address]")]
pub customer_email_address: Option<String>,
pub customer_email_address: Option<Secret<String>>,
Copy link
Contributor

@ArjunKarthik ArjunKarthik Feb 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use Option<Secret<Email>>

#[serde(rename = "evidence[customer_purchase_ip]")]
pub customer_purchase_ip: Option<String>,
pub customer_purchase_ip: Option<Secret<String>>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use Option<Secret<String, pii::IpAddress>>>

@likhinbopanna likhinbopanna added this pull request to the merge queue Feb 27, 2024
Merged via the queue into main with commit 1c6913b Feb 27, 2024
19 of 21 checks passed
@likhinbopanna likhinbopanna deleted the connector-response-masking branch February 27, 2024 06:49
pixincreate added a commit that referenced this pull request Feb 28, 2024
…stman-runner

* 'main' of github.com:juspay/hyperswitch: (22 commits)
  chore(version): 2024.02.28.0
  chore(postman): update Postman collection files
  fix(connector): [AUTHORIZEDOTNET] Fix status mapping (#3845)
  refactor(router): added logs health and deep health (#3780)
  feat(roles): Change list roles, get role and authorization info api to respond with groups (#3837)
  fix(core): validate amount_to_capture in payment update (#3830)
  refactor(connector): [Square] change error message from NotSupported to NotImplemented (#2875)
  feat(router): add connector mit related columns to the payment methods table (#3764)
  ci(postman): refactor NMI postman collection (#3805)
  refactor(connector): [Braintree] Mask PII data (#3759)
  refactor(connector): [Forte] Mask PII data (#3824)
  refactor(compatibility): added compatibility layer request logs (#3774)
  refactor(payment_methods): introduce `locker_id` column in `payment_methods` table (#3760)
  feat(connector): mask pii information in connector request and response for stripe, aci, adyen, airwallex  and authorizedotnet (#3678)
  chore(version): 2024.02.27.0
  fix(core): do not construct request if it is already available (#3826)
  refactor: incorporate `hyperswitch_interface` into router (#3669)
  feat: add unique constraint restriction for KV (#3723)
  feat(connector): [Payme] Add Void flow to Payme (#3817)
  refactor(connector): [Cybersource] Mask PII data  (#3786)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-connector-compatibility Area: Connector compatibility C-feature Category: Feature request or enhancement
Projects
None yet
6 participants