Update CyberSource to 10.11.2#13
Merged
Merged
Conversation
NetFramework version was changed to net 8.0 Changed the code according to current request model. Added logo. Added update provider.
Contributor
Author
|
Anyone? |
There was a problem hiding this comment.
Pull request overview
This PR updates the CyberSource checkout handler to Dynamicweb.Ecommerce 10.11.2, moves the project to .NET 8, and refactors the integration by separating REST/JWT API interactions into a dedicated service layer while adding update-provider templates and new configuration (certificate password).
Changes:
- Upgraded package/framework versions (provider 10.11.2, target net8.0) and added package icon packaging.
- Refactored CyberSource handler flow to
BeginCheckout/HandleRequestwithOutputResult, and moved REST API calls intoService/*with new request/response models. - Added update provider + embedded template resources (payment/cancel/error) and new handler parameter for certificate password.
Reviewed changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| src/CyberSource.cs | Refactor handler entrypoints and request flow; integrates new service layer and new certificate password parameter. |
| src/Dynamicweb.Ecommerce.CheckoutHandlers.CyberSource.csproj | Bumps versions, moves to net8.0, embeds update templates, adds package icon. |
| src/Service/CyberSourceService.cs | Adds high-level operations for create payment + capture using request/response models. |
| src/Service/CyberSourceRequest.cs | Implements REST HTTP request sending and JWT generation/signing with certificate. |
| src/Service/ApiCommand.cs | Introduces enum for REST operations used by request layer. |
| src/Service/CommandConfiguration.cs | Adds request configuration object for REST operations. |
| src/Helpers/Helper.cs | Adds shared helper logic (certificate path, name parsing, amount formatting). |
| src/Helpers/SecurityHelper.cs | Reintroduces signature validation/signing utilities previously in Security.cs. |
| src/Models/Request/PaymentRequestData.cs | Adds typed REST request model for payment creation. |
| src/Models/Request/CaptureRequestData.cs | Adds typed REST request model for capture. |
| src/Models/Request/Common/* | Adds typed common request sub-models (amount, billing, token, etc.). |
| src/Models/Request/Error/* | Adds REST error response model(s) used for unsuccessful HTTP responses. |
| src/Models/Response/* | Adds typed REST response model(s) for payment and capture results. |
| src/Updates/CyberSourceUpdateProvider.cs | Adds update provider that installs/updates template files from embedded resources. |
| src/Updates/Payment.html | Adds hosted/embedded payment template (iframe + auto-submit form). |
| src/Updates/checkouthandler_cancel.html | Adds cancel template. |
| src/Updates/checkouthandler_error.html | Adds error template. |
| src/WorkModes.cs | Extracts work mode enum (Test/Production). |
| src/WindowModes.cs | Extracts window mode enum (Redirect/Embedded). |
| src/TransactionTypes.cs | Extracts transaction type enum (ZeroAuthorization/Authorization/Sale). |
| src/Security.cs | Removes legacy security helper (replaced by Helpers/SecurityHelper.cs). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Use correct supported country codes in validation error messages - Format transaction amounts using currency rounding decimals and invariant culture - Set HTTP Host header through typed DefaultRequestHeaders.Host - Hash JWT payloads using UTF-8 to match request body encoding - Add missing DataContract and clearer embedded resource validation - Fixed templates
- Return standard error output when checkout callback processing fails before order completion - Avoid treating full authorization as zero authorization - Make response signature validation null-safe - Remove unused callback amount and certificate serial number code
|
Why AND how has this PR been stale since January 2025??????? |
dw-sha
approved these changes
May 11, 2026
|
The hint in the provider for Profile ID is wrong (This is a security key generated in the CyberSource Business Center under: Tools & Settings > Profiles > Security) It seems to be under Payment Configuration > Secure Acceptance Settings where you have to create a profile, presumably with Hosted Checkout, then add currencies and cards? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaced obsolete methods:
StartCheckout -> BeginCheckout, Redirect -> HandleRequest.
Used OutputResult everywhere according to our new behavior.
Refactored code
Moved API interactions to Service folder, with separate classes to deal with sending requests, getting responses etc.
Version updates.
Updated provider version to 10.11.2.
Target framework updated to net8.0
Added icon logo.
Templates
Added templates update provider and provider related templates.
UI.
Added new editor "Certificate password".
In the original provider in DW9 we somehow made an assumption that user will always use MerchantId as a password. This is not true. The CyberSource admin panel asks to enter the password when we create certificate, and there is nothing related with MerchantId.
So we need this field, otherwise the system could not read the certificate.
The task: https://dev.azure.com/dynamicwebsoftware/Dynamicweb/_workitems/edit/22845
Originally was created because of this bug: https://dev.azure.com/dynamicwebsoftware/Dynamicweb/_workitems/edit/22268