Merge branch 'develop' into feature/MOL-439/PICT-253_resolved-develop

mollie · Oct 14, 2024 · 930c971 · 930c971
2 parents fce4dfe + d495beb
commit 930c971
Show file tree

Hide file tree

Showing 23 changed files with 6,753 additions and 6,506 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,4 +7,6 @@ dist
 .idea
 build/
 processor/.env
-processor/junit-report.xml
+processor/junit-report.xml
+application/.env
+application/*/.env
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,13 @@ Updated
   }
   ```
 
+## v1.1.2
+
+Added
+
+- Add configuration to enable authorization mode
+- OAuth middleware for securing connector endpoint
+
 ## v1.1.1
 
 Fixes
@@ -56,6 +63,7 @@ Added
 
 Added
 
+- Add docs for status checking endpoint
 - Endpoints for checking connector statuses
 
 ## v1.0.2

diff --git a/connect.yaml b/connect.yaml
@@ -26,6 +26,10 @@ deployAs:
         - key: MOLLIE_BANK_TRANSFER_DUE_DATE
           description: Payment method Bank Transfer due date (1d -> 100d)
           default: "14d"
+        - key: AUTHENTICATION_MODE
+          description: To enable secure mode for connector requests using OAuth authentication (0 or 1)
+          required: true
+          default: "0"
       securedConfiguration:
         - key: MOLLIE_API_TEST_KEY
           description: Mollie PSP test API key

diff --git a/docs/Authorization.md b/docs/Authorization.md
@@ -4,6 +4,29 @@
 
 This guide explains how to connect to the Mollie client and verify the connection. The initial connection setup will be used across various features requiring Mollie integration.
 
+## Securing connector endpoints
+
+To called our connector endpoint esp. the processor endpoint (/processor/*), a valid access token (with client credentials grant type) is required. This token must be updated into the extension destination.
+
+``` MD
+CREAT/UPDATE Extension 
+{
+    ...
+    "destination": {
+        "type": "HTTP",
+        "url": "https://efd6-115-74-115-119.ngrok-free.app/processor",
+        "authorization": {
+            "type": "AuthorizationHeader",
+            "headerValue": "_token_"
+        }
+    }
+    ...
+}
+
+```
+
+Kindly recheck your extension record if facing unauthorized error when communicating with the connector. Also the token do expire after a time, please consider to implement a scheduled job to update this token.
+
 ## Connecting to Mollie
 
 To connect to the Mollie account, you must specify the `MOLLIE_API_TEST_KEY` and `MOLLIE_API_LIVE_KEY` in your .env file. You can get the API key from your Mollie Dashboard.

diff --git a/processor/.env.example b/processor/.env.example
@@ -4,6 +4,7 @@ CTP_CLIENT_SECRET=<YOUR_CTP_CLIENT_SECRET>
 CTP_PROJECT_KEY=<YOUR_CTP_PROJECT_KEY>
 CTP_SCOPE=<YOUR_CTP_PROJECT_SCOPE> 
 CTP_REGION=<YOUR_CTP_REGION>
+AUTHENTICATION_MODE=<YOUR_AUTHENTICATION_MODE>
 
 ## Commercetools API URLs
 CTP_AUTH_URL=https://auth.<YOUR_CTP_REGION>.commercetools.com

diff --git a/processor/.env.jest b/processor/.env.jest
@@ -5,6 +5,7 @@ CTP_CLIENT_SECRET=12345678901234567890123456789012
 CTP_PROJECT_KEY=TEST
 CTP_SCOPE=TEST
 CTP_REGION=europe-west1.gcp
+AUTHENTICATION_MODE=0
 CTP_SESSION_AUDIENCE=https://mc.europe-west1.gcp.commercetools.com
 CTP_SESSION_ISSUER=gcp-eu
 ## MOLLIE vars