Skip to content

Feature/pre 3360 add refund tool#19

Open
hdelaforce-payplug wants to merge 1 commit into
developfrom
feature/PRE-3360-add-refund-tool
Open

Feature/pre 3360 add refund tool#19
hdelaforce-payplug wants to merge 1 commit into
developfrom
feature/PRE-3360-add-refund-tool

Conversation

@hdelaforce-payplug

@hdelaforce-payplug hdelaforce-payplug commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

Motivation:

Related issue(s): Closes #

Type of Change

  • 🐛 Bug fix (non-breaking change that fixes an issue) [ ]
  • ✨ New feature (non-breaking change that adds functionality) [ ]
  • 💥 Breaking change (fix or feature that causes existing functionality to change and that could impact other libs) [ ]
  • 🔧 Refactor (no functional changes, code improvement only) [ ]
  • 📦 Dependency update [ ]
  • 🔒 Security fix [ ]
  • 📝 Documentation update [ ]

Checklist

Code Quality

  • Code is linted and formatted
  • No unnecessary commented-out code or debug logs
  • No hardcoded values (use env variables or config)

Testing

  • Unit tests added / updated

Security & Ops

  • No sensitive data or secrets introduced
  • Logging and error handling are appropriate

@wiz-14d684d7a6

wiz-14d684d7a6 Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities -
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations 1 High 4 Medium 1 Low 1 Info
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 1 High 4 Medium 1 Low 1 Info

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@hdelaforce-payplug hdelaforce-payplug force-pushed the feature/PRE-3360-add-refund-tool branch from cad117f to e4e1d79 Compare June 19, 2026 08:59
@hdelaforce-payplug hdelaforce-payplug changed the base branch from main to develop June 19, 2026 09:04
@hdelaforce-payplug hdelaforce-payplug force-pushed the feature/PRE-3360-add-refund-tool branch 15 times, most recently from 0fca9c3 to 513bbdf Compare June 24, 2026 09:41
@hdelaforce-payplug hdelaforce-payplug force-pushed the feature/PRE-3360-add-refund-tool branch from 513bbdf to 7baed5a Compare June 24, 2026 09:44
jhoaraupp
jhoaraupp reviewed Jun 24, 2026
View reviewed changes
Comment thread src/Gateways/RefundGateway.php
Comment on lines +21 to +22
'customer_id' => $refund_inputDTO->getCustomerId(),
'reason' => $refund_inputDTO->getReason(),

@jhoaraupp jhoaraupp Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getCustomerId() et getReason() retournent ?int / ?string. Quand ils ne sont pas renseignés, la requête envoie {"metadata": {"customer_id": null, "reason": null}} à l'API PayPlug, qui pourrait rejeter les valeurs null ou écraser des métadonnées existantes. Il faudrait n'inclure ces clés que si elles sont non-null (ex. array_filter ou ajout conditionnel).

jhoaraupp
jhoaraupp reviewed Jun 24, 2026
View reviewed changes
Comment thread src/Actions/PaymentAction.php
use PayplugPluginCore\Models\Entities\PaymentOutputDTO;
use PayplugPluginCore\Utilities\Services\Api;
use PayplugPluginCore\Utilities\Traits\DependenciesLoader;
use Payplug\Refund;

@jhoaraupp jhoaraupp Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Import use Payplug\Refund inutilisé.
Payplug\Refund est utilisé dans Api::refundPaymentResource(), pas dans PaymentAction

jhoaraupp
jhoaraupp reviewed Jun 24, 2026
View reviewed changes
Comment thread src/Actions/PaymentAction.php
Comment on lines +71 to +73
if (null === $refund_inputDTO->getResource()) {
throw new \Exception('Invalid parameter, resource is required.');
}

@jhoaraupp jhoaraupp Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RefundInputDTO::hydrate() déclare resource comme champ required et lève une exception si null avant même que le DTO ne soit créé. Cette garde est donc inatteignable — un DTO valide ne peut jamais avoir resource === null à ce stade.

jhoaraupp
jhoaraupp reviewed Jun 24, 2026
View reviewed changes
Comment thread Makefile
Comment on lines +75 to +76
commit-push:
$(GIT) push --force

@jhoaraupp jhoaraupp Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

N'importe quel développeur qui tape make commit-push va force-push silencieusement la branche courante, effaçant potentiellement le travail d'un collaborateur. Au minimum, utiliser --force-with-lease qui échoue si quelqu'un a poussé entre-temps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhoaraupp jhoaraupp jhoaraupp left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hdelaforce-payplug @jhoaraupp