[MIT-3381] Add authentication to Paynow status endpoint#530
Merged
Conversation
b63a4fa to
69c0e48
Compare
There was a problem hiding this comment.
Pull Request Overview
Adds nonce-based authentication to the order status endpoint, renames it from paynow-payment-status to a more generic order-status, and updates Paynow display logic and tests accordingly.
- Renamed and secured the REST route in
Omise_Rest_Webhooks_Controllerwith nonce verification. - Updated the Paynow QR code display to include two nonces in its polling URL and adjusted its JavaScript polling logic.
- Expanded and adjusted unit tests and bootstrap setup to cover the new endpoint and authentication behavior.
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| includes/class-omise-rest-webhooks-controller.php | Renamed endpoint constant, replaced old callback, added nonce checks and error responses. |
| includes/gateway/class-omise-payment-paynow.php | Inserted nonce query parameters, updated JS polling URL and variable names. |
| includes/gateway/abstract-omise-payment-offline.php | Added an empty constructor that only calls the parent. |
| assets/css/omise-css.css | Adjusted green-check SVG sizing and positioning. |
| phpcs.xml | Added exclusions for additional commenting and security sniffs. |
| tests/unit/includes/class-omise-rest-webhooks-controller-test.php | New tests for registering and handling the authenticated order-status route. |
| tests/unit/includes/gateway/bootstrap-test-setup.php | Introduced stubs for WP_Error and WP_REST_Server, updated mockOmiseSetting. |
| tests/unit/includes/gateway/class-omise-payment-test.php | Removed redundant mockOmiseSetting override. |
| tests/unit/includes/gateway/class-omise-payment-paynow-test.php | Added comprehensive Paynow display and email QR code tests. |
Comments suppressed due to low confidence (2)
assets/css/omise-css.css:126
- [nitpick] The green-check icon height was reduced from 150px to 50px; verify this change matches design requirements to prevent unintended UI issues.
height: 50px;
phpcs.xml:41
- [nitpick] Excluding sanitization sniffs may hide missing input validation. Ensure inputs are validated and sanitized elsewhere if you disable these rules.
<rule ref="WordPress.Security.ValidatedSanitizedInput.InputNotSanitized">
FhanOmise
approved these changes
Jul 1, 2025
hpariwat
approved these changes
Jul 1, 2025
Narum11
approved these changes
Jul 1, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add authentication to endpoint for checking order status.
paynow-payment-statustoorder-statusto be more genericRelated links:
Rollback procedure
default rollback procedure