Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add passive hCaptcha to radar_session #7722

Merged
merged 25 commits into from
Jan 16, 2024
Merged

Add passive hCaptcha to radar_session #7722

merged 25 commits into from
Jan 16, 2024

Conversation

awush-stripe
Copy link
Collaborator

Summary

Add a compile-only passive hCaptcha to radar sessions.

Motivation

Part of #ir-enthrall-blossom. See project description here.

Testing

  • Added tests
  • Modified tests
  • Manually verified

Changelog

Added

@awush-stripe awush-stripe requested review from a team as code owners December 12, 2023 20:55
awush-stripe
awush-stripe commented Dec 12, 2023
View reviewed changes
payments-core/src/main/java/com/stripe/android/Stripe.kt
*/
@UiThread
@JvmOverloads
fun createRadarSession(
stripeAccountId: String? = this.stripeAccountId,
callback: ApiResultCallback<RadarSession>
callback: ApiResultCallback<RadarSession>,
activity: AppCompatActivity? = null
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a new requirement for anyone calling this endpoint. I have some mild FUD with adding this, but it's required by hCaptcha, so we may not have a choice.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this isn't something we can obtain programmatically?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately because we don't know the context in which this method is called, no. I'll revisit how the SDK actually uses this and see if we can omit it.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 12, 2023
edited
Loading

Diffuse output:

OLD: paymentsheet-example-release-master.apk (signature: V1, V2)
NEW: paymentsheet-example-release-pr.apk (signature: V1, V2)

          │             compressed             │            uncompressed            
          ├───────────┬───────────┬────────────┼───────────┬───────────┬────────────
 APK      │ old       │ new       │ diff       │ old       │ new       │ diff       
──────────┼───────────┼───────────┼────────────┼───────────┼───────────┼────────────
      dex │   3.6 MiB │   3.6 MiB │      +96 B │   7.8 MiB │   7.8 MiB │     +376 B 
     arsc │   2.3 MiB │   2.4 MiB │ +115.4 KiB │   2.3 MiB │   2.4 MiB │ +115.4 KiB 
 manifest │   5.1 KiB │   5.1 KiB │       +1 B │  25.4 KiB │  25.4 KiB │        0 B 
      res │ 922.9 KiB │ 926.8 KiB │   +3.9 KiB │   1.4 MiB │   1.4 MiB │  +14.4 KiB 
   native │   2.6 MiB │   2.6 MiB │        0 B │     6 MiB │     6 MiB │        0 B 
    asset │     3 MiB │     3 MiB │      -18 B │     3 MiB │     3 MiB │      -18 B 
    other │ 205.3 KiB │ 205.5 KiB │     +196 B │ 462.1 KiB │ 462.4 KiB │     +328 B 
──────────┼───────────┼───────────┼────────────┼───────────┼───────────┼────────────
    total │  12.5 MiB │  12.6 MiB │ +119.6 KiB │  20.9 MiB │    21 MiB │ +130.5 KiB 

 DEX     │ old   │ new   │ diff       
─────────┼───────┼───────┼────────────
   files │     1 │     1 │  0         
 strings │ 38811 │ 38814 │ +3 (+4 -1) 
   types │ 12994 │ 12995 │ +1 (+1 -0) 
 classes │ 10978 │ 10979 │ +1 (+1 -0) 
 methods │ 53986 │ 53993 │ +7 (+7 -0) 
  fields │ 35916 │ 35916 │  0 (+0 -0) 

 ARSC    │ old  │ new  │ diff         
─────────┼──────┼──────┼──────────────
 configs │  292 │  327 │ +35 (+35 -0) 
 entries │ 6940 │ 6947 │  +7 (+7 -0)
APK 
      compressed       │      uncompressed      │                                
──────────┬────────────┼───────────┬────────────┤                                
 size     │ diff       │ size      │ diff       │ path                           
──────────┼────────────┼───────────┼────────────┼────────────────────────────────
  2.4 MiB │ +115.4 KiB │   2.4 MiB │ +115.4 KiB │ ∆ resources.arsc               
  3.2 KiB │   +3.2 KiB │  12.8 KiB │  +12.8 KiB │ + res/Sq.xml                   
    785 B │     +785 B │   1.6 KiB │   +1.6 KiB │ + res/Bh.xml                   
 50.4 KiB │     +110 B │ 148.1 KiB │     +164 B │ ∆ META-INF/MANIFEST.MF         
  3.6 MiB │      +96 B │   7.8 MiB │     +376 B │ ∆ classes.dex                  
 66.1 KiB │      +88 B │ 148.2 KiB │     +164 B │ ∆ META-INF/CERT.SF             
  6.7 KiB │      -19 B │   6.6 KiB │      -19 B │ ∆ assets/dexopt/baseline.prof  
  1.2 KiB │       -2 B │   1.2 KiB │        0 B │ ∆ META-INF/CERT.RSA            
    852 B │       +1 B │     720 B │       +1 B │ ∆ assets/dexopt/baseline.profm 
  5.1 KiB │       +1 B │  25.4 KiB │        0 B │ ∆ AndroidManifest.xml          
    805 B │       -1 B │   1.7 KiB │        0 B │ ∆ res/0H.xml                   
    735 B │       +1 B │   1.4 KiB │        0 B │ ∆ res/0o.xml                   
  1.2 KiB │       -1 B │   3.9 KiB │        0 B │ ∆ res/2d.xml                   
    902 B │       +1 B │     2 KiB │        0 B │ ∆ res/2j.xml                   
    596 B │       +1 B │     1 KiB │        0 B │ ∆ res/3A.xml                   
    444 B │       +1 B │     816 B │        0 B │ ∆ res/3h.xml                   
    743 B │       +1 B │   1.5 KiB │        0 B │ ∆ res/9V.xml                   
  1.1 KiB │       +1 B │   3.2 KiB │        0 B │ ∆ res/B7.xml                   
  1.2 KiB │       -1 B │   3.7 KiB │        0 B │ ∆ res/BH.xml                   
    383 B │       +1 B │     504 B │        0 B │ ∆ res/D5.xml                   
    871 B │       -1 B │   2.4 KiB │        0 B │ ∆ res/Jw.xml                   
    708 B │       -1 B │   1.6 KiB │        0 B │ ∆ res/K5.xml                   
    583 B │       -1 B │     1 KiB │        0 B │ ∆ res/S8.xml                   
    370 B │       +1 B │     472 B │        0 B │ ∆ res/TZ.xml                   
    878 B │       +1 B │   2.3 KiB │        0 B │ ∆ res/YB.xml                   
    417 B │       -1 B │     624 B │        0 B │ ∆ res/cy.xml                   
    782 B │       -1 B │   1.7 KiB │        0 B │ ∆ res/dX.xml                   
    949 B │       -1 B │   2.5 KiB │        0 B │ ∆ res/de.xml                   
    810 B │       +1 B │   1.8 KiB │        0 B │ ∆ res/eA.xml                   
    445 B │       +1 B │     816 B │        0 B │ ∆ res/fg.xml                   
    683 B │       -1 B │   1.5 KiB │        0 B │ ∆ res/hP1.xml                  
    383 B │       -1 B │     508 B │        0 B │ ∆ res/in.xml                   
    423 B │       +1 B │     728 B │        0 B │ ∆ res/lE.xml                   
    407 B │       +1 B │     596 B │        0 B │ ∆ res/lW.xml                   
    426 B │       -1 B │     736 B │        0 B │ ∆ res/od.xml                   
    726 B │       +1 B │   1.6 KiB │        0 B │ ∆ res/pq.xml                   
    381 B │       +1 B │     556 B │        0 B │ ∆ res/wF.xml                   
──────────┼────────────┼───────────┼────────────┼────────────────────────────────
  6.1 MiB │ +119.6 KiB │  10.5 MiB │ +130.5 KiB │ (total)
DEX 
STRINGS:

   old   │ new   │ diff       
  ───────┼───────┼────────────
   38811 │ 38814 │ +3 (+4 -1) 
  + Lcom/stripe/hcaptcha/webview/HCaptchaWebView;
  + TEST
  + got content
  + ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:4f1b6ed,r8-mode:full,version:8.2.33}
  
  - ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:3f6dd17,r8-mode:full,version:8.2.33}
  

TYPES:

   old   │ new   │ diff       
  ───────┼───────┼────────────
   12994 │ 12995 │ +1 (+1 -0) 
  + Lcom/stripe/hcaptcha/webview/HCaptchaWebView;
  

METHODS:

   old   │ new   │ diff       
  ───────┼───────┼────────────
   53986 │ 53993 │ +7 (+7 -0) 
  + com.stripe.hcaptcha.webview.HCaptchaWebView <init>(Context, AttributeSet)
  + com.stripe.hcaptcha.webview.HCaptchaWebView onCheckIsTextEditor() → boolean
  + com.stripe.hcaptcha.webview.HCaptchaWebView onReceiveContent(ContentInfo) → ContentInfo
  + com.stripe.hcaptcha.webview.HCaptchaWebView performClick() → boolean
  + android.webkit.WebView <init>(Context, AttributeSet)
  + android.webkit.WebView onCheckIsTextEditor() → boolean
  + android.webkit.WebView onReceiveContent(ContentInfo) → ContentInfo
ARSC 
CONFIGS:

   old │ new │ diff         
  ─────┼─────┼──────────────
   292 │ 327 │ +35 (+35 -0) 
  + string-ceb
  + string-co
  + string-cy
  + string-eo
  + string-fy
  + string-ga
  + string-gd
  + string-ha
  + string-haw
  + string-hmn
  + string-ht
  + string-ig
  + string-ji
  + string-jw
  + string-ku
  + string-la
  + string-lb
  + string-mg
  + string-mi
  + string-no
  + string-ny
  + string-ps
  + string-rw
  + string-sd
  + string-sm
  + string-sn
  + string-so
  + string-st
  + string-su
  + string-tg
  + string-tk
  + string-tt
  + string-ug
  + string-xh
  + string-yo
  

ENTRIES:

   old  │ new  │ diff       
  ──────┼──────┼────────────
   6940 │ 6947 │ +7 (+7 -0) 
  + drawable/stripe_ic_hcaptcha_logo
  + id/loadingContainer
  + id/webView
  + layout/stripe_hcaptcha_fragment
  + string/stripe_hcaptcha_loading_text
  + string/stripe_hcaptcha_logo_description
  + style/StripeHCaptchaDialogTheme

@awush-stripe
Copy link
Collaborator Author

Tests coming shortly

jaynewstrom-stripe
jaynewstrom-stripe reviewed Dec 12, 2023
View reviewed changes
payments-core/src/main/java/com/stripe/android/hcaptcha/HCaptchaProxy.kt Outdated
private val onComplete: (hcaptchaToken: String) -> Unit,
) : HCaptchaProxy {
override fun performPassiveHCaptcha() {
if (BuildConfig.DEBUG) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be false anytime a merchant consumes our SDK (we publish in release mode).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see below comment

jaynewstrom-stripe
jaynewstrom-stripe reviewed Dec 12, 2023
View reviewed changes
payments-core/src/main/java/com/stripe/android/Stripe.kt Outdated
)
).flatMap { radarSession ->
val siteKey = radarSession.passiveCaptchaSiteKey
if (activity == null && BuildConfig.DEBUG) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be false anytime a merchant consumes our SDK (we publish in release mode).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is specifically intended for our own test apps, and mirrors the existing StripeCardScanProxy. In the event I'm trying to track down what went wrong with our test merchant, it'd be nice to have a specific error I can identify within the code.

@awush-stripe awush-stripe force-pushed the awush/add_passive_hcaptcha_to_radar_session branch 2 times, most recently from 6d9bea6 to 729258f Compare December 22, 2023 20:04
@awush-stripe awush-stripe mentioned this pull request Dec 22, 2023
Merged
3 tasks
@awush-stripe awush-stripe force-pushed the awush/add_passive_hcaptcha_to_radar_session branch from 729258f to eddad8a Compare December 22, 2023 21:42
@awush-stripe awush-stripe force-pushed the awush/add_passive_hcaptcha_to_radar_session branch from 15ba712 to bc3f03d Compare January 8, 2024 18:48
@awush-stripe awush-stripe force-pushed the awush/add_passive_hcaptcha_to_radar_session branch from bc3f03d to 5f70a18 Compare January 11, 2024 16:48
jaynewstrom-stripe
jaynewstrom-stripe reviewed Jan 11, 2024
View reviewed changes
hcaptcha/src/main/java/com/stripe/hcaptcha/HCaptcha.kt Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
payments-core/src/main/java/com/stripe/android/Stripe.kt Outdated Show resolved Hide resolved
payments-core/src/main/java/com/stripe/android/model/RadarSession.kt Outdated
@@ -5,5 +5,7 @@ import kotlinx.parcelize.Parcelize

@Parcelize
data class RadarSession(
val id: String
val id: String,
val passiveCaptchaSiteKey: String?,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a public class, with a public constructor, we can't add params here. (at least not without jvmoverloads and defaults.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do these new params need to be exposed to merchants? Can we restrict them?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense. I've created a new internal RadarSessionWithHCaptcha object which comes from the repository, and gets converted here.

jaynewstrom-stripe
jaynewstrom-stripe previously approved these changes Jan 11, 2024
View reviewed changes
payments-core/detekt-baseline.xml Outdated
@@ -25,6 +24,7 @@
<ID>EmptyFunctionBlock:PaymentSessionViewModel.kt$PaymentSessionViewModel${ }</ID>
<ID>EmptyFunctionBlock:StripeTextWatcher.kt$StripeTextWatcher${ }</ID>
<ID>ExplicitGarbageCollectionCall:WeakMapInjectorRegistryTest.kt$WeakMapInjectorRegistryTest$gc()</ID>
<ID>ImportOrdering:com.stripe.android.googlepaylauncher.GooglePayLauncherViewModelTest.kt:3</ID>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we fix this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 I fixed the ordering but forgot to update the detekt baseline. will do.

@awush-stripe awush-stripe force-pushed the awush/add_passive_hcaptcha_to_radar_session branch from ef1e76e to 66ec995 Compare January 12, 2024 16:26
@awush-stripe awush-stripe merged commit f6957e3 into master Jan 16, 2024
17 checks passed
@awush-stripe awush-stripe deleted the awush/add_passive_hcaptcha_to_radar_session branch January 16, 2024 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmathews-stripe bmathews-stripe bmathews-stripe left review comments

@jaynewstrom-stripe jaynewstrom-stripe jaynewstrom-stripe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@awush-stripe @bmathews-stripe @jaynewstrom-stripe