Removed the need to verify requests as CloudOps added an ACL on the network (#3882)

src/Billing/Controllers/PayPalController.cs

@@ -1,6 +1,5 @@
 using System.Text;
 using Bit.Billing.Models;
-using Bit.Billing.Services;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
@@ -20,7 +19,6 @@ public class PayPalController : Controller
     private readonly IMailService _mailService;
     private readonly IOrganizationRepository _organizationRepository;
     private readonly IPaymentService _paymentService;
-    private readonly IPayPalIPNClient _payPalIPNClient;
     private readonly ITransactionRepository _transactionRepository;
     private readonly IUserRepository _userRepository;
 
@@ -30,7 +28,6 @@ public class PayPalController : Controller
         IMailService mailService,
         IOrganizationRepository organizationRepository,
         IPaymentService paymentService,
-        IPayPalIPNClient payPalIPNClient,
         ITransactionRepository transactionRepository,
         IUserRepository userRepository)
     {
@@ -39,7 +36,6 @@ public class PayPalController : Controller
         _mailService = mailService;
         _organizationRepository = organizationRepository;
         _paymentService = paymentService;
-        _payPalIPNClient = payPalIPNClient;
         _transactionRepository = transactionRepository;
         _userRepository = userRepository;
     }
@@ -91,14 +87,6 @@ public class PayPalController : Controller
             return BadRequest();
         }
 
-        var verified = await _payPalIPNClient.VerifyIPN(transactionModel.TransactionId, requestContent);
-
-        if (!verified)
-        {
-            _logger.LogError("PayPal IPN ({Id}): Verification failed", transactionModel.TransactionId);
-            return BadRequest();
-        }
-
         if (transactionModel.TransactionType != "web_accept" &&
             transactionModel.TransactionType != "merch_pmt" &&
             transactionModel.PaymentStatus != "Refunded")

test/Billing.Test/Controllers/PayPalControllerTests.cs

@@ -1,6 +1,5 @@
 using System.Text;
 using Bit.Billing.Controllers;
-using Bit.Billing.Services;
 using Bit.Billing.Test.Utilities;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Entities;
@@ -31,7 +30,6 @@ public class PayPalControllerTests
     private readonly IMailService _mailService = Substitute.For<IMailService>();
     private readonly IOrganizationRepository _organizationRepository = Substitute.For<IOrganizationRepository>();
     private readonly IPaymentService _paymentService = Substitute.For<IPaymentService>();
-    private readonly IPayPalIPNClient _payPalIPNClient = Substitute.For<IPayPalIPNClient>();
     private readonly ITransactionRepository _transactionRepository = Substitute.For<ITransactionRepository>();
     private readonly IUserRepository _userRepository = Substitute.For<IUserRepository>();
 
@@ -115,31 +113,6 @@ public class PayPalControllerTests
         LoggedError(logger, "PayPal IPN (2PK15573S8089712Y): 'custom' did not contain a User ID or Organization ID");
     }
 
-    [Fact]
-    public async Task PostIpn_Unverified_BadRequest()
-    {
-        var logger = _testOutputHelper.BuildLoggerFor<PayPalController>();
-
-        _billingSettings.Value.Returns(new BillingSettings
-        {
-            PayPal = { WebhookKey = _defaultWebhookKey }
-        });
-
-        var organizationId = new Guid("ca8c6f2b-2d7b-4639-809f-b0e5013a304e");
-
-        var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment);
-
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(false);
-
-        var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
-
-        var result = await controller.PostIpn();
-
-        HasStatusCode(result, 400);
-
-        LoggedError(logger, "PayPal IPN (2PK15573S8089712Y): Verification failed");
-    }
-
     [Fact]
     public async Task PostIpn_OtherTransactionType_Unprocessed_Ok()
     {
@@ -154,8 +127,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.UnsupportedTransactionType);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
 
         var result = await controller.PostIpn();
@@ -183,8 +154,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
 
         var result = await controller.PostIpn();
@@ -212,8 +181,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.RefundMissingParentTransaction);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
 
         var result = await controller.PostIpn();
@@ -241,8 +208,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.ECheckPayment);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
 
         var result = await controller.PostIpn();
@@ -270,8 +235,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.NonUSDPayment);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         var controller = ConfigureControllerContextWith(logger, _defaultWebhookKey, ipnBody);
 
         var result = await controller.PostIpn();
@@ -299,8 +262,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").Returns(new Transaction());
@@ -332,8 +293,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPayment);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").ReturnsNull();
@@ -367,8 +326,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPaymentForOrganizationCredit);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").ReturnsNull();
@@ -417,8 +374,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulPaymentForUserCredit);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").ReturnsNull();
@@ -467,8 +422,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").Returns(new Transaction());
@@ -504,8 +457,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").ReturnsNull();
@@ -545,8 +496,6 @@ public class PayPalControllerTests
 
         var ipnBody = await PayPalTestIPN.GetAsync(IPNBody.SuccessfulRefund);
 
-        _payPalIPNClient.VerifyIPN(Arg.Any<string>(), ipnBody).Returns(true);
-
         _transactionRepository.GetByGatewayIdAsync(
             GatewayType.PayPal,
             "2PK15573S8089712Y").ReturnsNull();
@@ -592,7 +541,6 @@ public class PayPalControllerTests
             _mailService,
             _organizationRepository,
             _paymentService,
-            _payPalIPNClient,
             _transactionRepository,
             _userRepository);