Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* CheckoutEventTracker class file.

[2] Fix | Delete

[3] Fix | Delete

[4] Fix | Delete

declare( strict_types=1 );

[5] Fix | Delete

[6] Fix | Delete

namespace Automattic\WooCommerce\Internal\FraudProtection;

[7] Fix | Delete

[8] Fix | Delete

defined( 'ABSPATH' ) || exit;

[9] Fix | Delete

[10] Fix | Delete

/**

[11] Fix | Delete

* Tracks checkout events for fraud protection analysis.

[12] Fix | Delete

[13] Fix | Delete

* This class provides methods to track both WooCommerce Blocks (Store API) and traditional

[14] Fix | Delete

* shortcode checkout events for fraud protection. Event-specific data is passed to the

[15] Fix | Delete

* SessionDataCollector which handles session data storage internally.

[16] Fix | Delete

[17] Fix | Delete

* @since 10.5.0

[18] Fix | Delete

* @internal This class is part of the internal API and is subject to change without notice.

[19] Fix | Delete

[20] Fix | Delete

class CheckoutEventTracker {

[21] Fix | Delete

/**

[22] Fix | Delete

* Session data collector instance.

[23] Fix | Delete

[24] Fix | Delete

* @var SessionDataCollector

[25] Fix | Delete

[26] Fix | Delete

private SessionDataCollector $session_data_collector;

[27] Fix | Delete

[28] Fix | Delete

/**

[29] Fix | Delete

* Initialize with dependencies.

[30] Fix | Delete

[31] Fix | Delete

* @internal

[32] Fix | Delete

[33] Fix | Delete

* @param SessionDataCollector $session_data_collector The session data collector instance.

[34] Fix | Delete

[35] Fix | Delete

final public function init( SessionDataCollector $session_data_collector ): void {

[36] Fix | Delete

$this->session_data_collector = $session_data_collector;

[37] Fix | Delete

}

[38] Fix | Delete

[39] Fix | Delete

/**

[40] Fix | Delete

* Track checkout page loaded event.

[41] Fix | Delete

[42] Fix | Delete

* Collects session data when the checkout page is initially loaded.

[43] Fix | Delete

* This captures the initial session state before any user interactions.

[44] Fix | Delete

[45] Fix | Delete

* @internal

[46] Fix | Delete

* @return void

[47] Fix | Delete

[48] Fix | Delete

public function track_checkout_page_loaded(): void {

[49] Fix | Delete

$this->session_data_collector->collect( 'checkout_page_loaded', array() );

[50] Fix | Delete

}

[51] Fix | Delete

[52] Fix | Delete

/**

[53] Fix | Delete

* Track Store API customer update event (WooCommerce Blocks checkout).

[54] Fix | Delete

[55] Fix | Delete

* Triggered when customer information is updated via the Store API endpoint

[56] Fix | Delete

* /wc/store/v1/cart/update-customer during Blocks checkout flow.

[57] Fix | Delete

[58] Fix | Delete

* @internal

[59] Fix | Delete

* @return void

[60] Fix | Delete

[61] Fix | Delete

public function track_blocks_checkout_update(): void {

[62] Fix | Delete

// At this point we don't have any payment or shipping data, so we pass an empty array.

[63] Fix | Delete

$this->session_data_collector->collect( 'checkout_update', array() );

[64] Fix | Delete

}

[65] Fix | Delete

[66] Fix | Delete

/**

[67] Fix | Delete

* Track shortcode checkout field update event.

[68] Fix | Delete

[69] Fix | Delete

* Triggered when checkout fields are updated via AJAX (woocommerce_update_order_review).

[70] Fix | Delete

* Only dispatches event when billing or shipping country changes to reduce unnecessary API calls.

[71] Fix | Delete

[72] Fix | Delete

* @internal

[73] Fix | Delete

[74] Fix | Delete

* @param string $posted_data Serialized checkout form data.

[75] Fix | Delete

* @return void

[76] Fix | Delete

[77] Fix | Delete

public function track_shortcode_checkout_field_update( $posted_data ): void {

[78] Fix | Delete

// Parse the posted data to extract relevant fields.

[79] Fix | Delete

$data = array();

[80] Fix | Delete

if ( $posted_data ) {

[81] Fix | Delete

parse_str( $posted_data, $data );

[82] Fix | Delete

}

[83] Fix | Delete

[84] Fix | Delete

// Get current customer countries using SessionDataCollector.

[85] Fix | Delete

$current_billing_country = $this->session_data_collector->get_current_billing_country();

[86] Fix | Delete

$current_shipping_country = $this->session_data_collector->get_current_shipping_country();

[87] Fix | Delete

[88] Fix | Delete

// Get posted countries.

[89] Fix | Delete

$posted_billing_country = $data['billing_country'] ?? '';

[90] Fix | Delete

$posted_shipping_country = $data['shipping_country'] ?? '';

[91] Fix | Delete

[92] Fix | Delete

// Check if billing country changed.

[93] Fix | Delete

$billing_changed = ! empty( $posted_billing_country ) && $posted_billing_country !== $current_billing_country;

[94] Fix | Delete

[95] Fix | Delete

// Check if shipping country changed.

[96] Fix | Delete

$ship_to_different = ! empty( $data['ship_to_different_address'] );

[97] Fix | Delete

if ( $ship_to_different ) {

[98] Fix | Delete

// User wants different shipping address - check if shipping country changed.

[99] Fix | Delete

$shipping_changed = ! empty( $posted_shipping_country ) && $posted_shipping_country !== $current_shipping_country;

[100] Fix | Delete

} else {

[101] Fix | Delete

// User wants same address for billing and shipping.

[102] Fix | Delete

// If current shipping country exists and differs from billing country, it's a change.

[103] Fix | Delete

$effective_billing_country = ! empty( $posted_billing_country ) ? $posted_billing_country : $current_billing_country;

[104] Fix | Delete

$shipping_changed = ! empty( $current_shipping_country ) && $current_shipping_country !== $effective_billing_country;

[105] Fix | Delete

}

[106] Fix | Delete

[107] Fix | Delete

// Only dispatch if either country changed.

[108] Fix | Delete

if ( $billing_changed || $shipping_changed ) {

[109] Fix | Delete

$event_data = $this->format_checkout_event_data( 'field_update', $data );

[110] Fix | Delete

$this->session_data_collector->collect( 'checkout_update', $event_data );

[111] Fix | Delete

}

[112] Fix | Delete

}

[113] Fix | Delete

[114] Fix | Delete

/**

[115] Fix | Delete

* Build checkout event-specific data.

[116] Fix | Delete

[117] Fix | Delete

* Prepares the checkout event data including action type and any changed fields.

[118] Fix | Delete

[119] Fix | Delete

* @param string $action Action type (field_update, store_api_update).

[120] Fix | Delete

* @param array $collected_event_data Posted form data or event context (may include session data).

[121] Fix | Delete

* @return array Checkout event data.

[122] Fix | Delete

[123] Fix | Delete

private function format_checkout_event_data( string $action, array $collected_event_data ): array {

[124] Fix | Delete

$event_data = array( 'action' => $action );

[125] Fix | Delete

[126] Fix | Delete

// Extract and merge all checkout field groups.

[127] Fix | Delete

$event_data = array_merge(

[128] Fix | Delete

$event_data,

[129] Fix | Delete

$this->extract_billing_fields( $collected_event_data ),

[130] Fix | Delete

$this->extract_shipping_fields( $collected_event_data ),

[131] Fix | Delete

$this->extract_payment_method( $collected_event_data ),

[132] Fix | Delete

);

[133] Fix | Delete

[134] Fix | Delete

return $event_data;

[135] Fix | Delete

}

[136] Fix | Delete

[137] Fix | Delete

/**

[138] Fix | Delete

* Extract billing fields from posted data.

[139] Fix | Delete

[140] Fix | Delete

* @param array $posted_data Posted form data.

[141] Fix | Delete

* @return array Billing fields.

[142] Fix | Delete

[143] Fix | Delete

private function extract_billing_fields( array $posted_data ): array {

[144] Fix | Delete

$field_map = array(

[145] Fix | Delete

'billing_email' => 'sanitize_email',

[146] Fix | Delete

'billing_first_name' => 'sanitize_text_field',

[147] Fix | Delete

'billing_last_name' => 'sanitize_text_field',

[148] Fix | Delete

'billing_country' => 'sanitize_text_field',

[149] Fix | Delete

'billing_address_1' => 'sanitize_text_field',

[150] Fix | Delete

'billing_address_2' => 'sanitize_text_field',

[151] Fix | Delete

'billing_city' => 'sanitize_text_field',

[152] Fix | Delete

'billing_state' => 'sanitize_text_field',

[153] Fix | Delete

'billing_postcode' => 'sanitize_text_field',

[154] Fix | Delete

'billing_phone' => 'sanitize_text_field',

[155] Fix | Delete

);

[156] Fix | Delete

[157] Fix | Delete

$extracted_fields = $this->extract_fields_by_map( $field_map, $posted_data );

[158] Fix | Delete

[159] Fix | Delete

// Store API uses 'email' instead of 'billing_email'.

[160] Fix | Delete

if ( empty( $extracted_fields['billing_email'] ) && ! empty( $posted_data['email'] ) ) {

[161] Fix | Delete

$extracted_fields['email'] = sanitize_email( $posted_data['email'] );

[162] Fix | Delete

}

[163] Fix | Delete

[164] Fix | Delete

return $extracted_fields;

[165] Fix | Delete

}

[166] Fix | Delete

[167] Fix | Delete

/**

[168] Fix | Delete

* Extract shipping fields from posted data.

[169] Fix | Delete

[170] Fix | Delete

* @param array $posted_data Posted form data.

[171] Fix | Delete

* @return array Shipping fields.

[172] Fix | Delete

[173] Fix | Delete

private function extract_shipping_fields( array $posted_data ): array {

[174] Fix | Delete

if ( ! isset( $posted_data['ship_to_different_address'] ) || ! $posted_data['ship_to_different_address'] ) {

[175] Fix | Delete

return array();

[176] Fix | Delete

}

[177] Fix | Delete

[178] Fix | Delete

$field_map = array(

[179] Fix | Delete

'shipping_first_name' => 'sanitize_text_field',

[180] Fix | Delete

'shipping_last_name' => 'sanitize_text_field',

[181] Fix | Delete

'shipping_country' => 'sanitize_text_field',

[182] Fix | Delete

'shipping_address_1' => 'sanitize_text_field',

[183] Fix | Delete

'shipping_address_2' => 'sanitize_text_field',

[184] Fix | Delete

'shipping_city' => 'sanitize_text_field',

[185] Fix | Delete

'shipping_state' => 'sanitize_text_field',

[186] Fix | Delete

'shipping_postcode' => 'sanitize_text_field',

[187] Fix | Delete

);

[188] Fix | Delete

[189] Fix | Delete

return $this->extract_fields_by_map( $field_map, $posted_data );

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

/**

[193] Fix | Delete

* Extract and sanitize fields from posted data using a field map.

[194] Fix | Delete

[195] Fix | Delete

* Generic extraction method that iterates through a field map and extracts

[196] Fix | Delete

* non-empty fields from posted data, applying the appropriate sanitization

[197] Fix | Delete

* function to each field.

[198] Fix | Delete

[199] Fix | Delete

* @param array $field_map Map of field names to sanitization functions.

[200] Fix | Delete

* @param array $posted_data Posted form data.

[201] Fix | Delete

* @return array Extracted and sanitized fields.

[202] Fix | Delete

[203] Fix | Delete

private function extract_fields_by_map( array $field_map, array $posted_data ): array {

[204] Fix | Delete

$extracted_fields = array();

[205] Fix | Delete

[206] Fix | Delete

foreach ( $field_map as $field_name => $sanitize_function ) {

[207] Fix | Delete

if ( ! empty( $posted_data[ $field_name ] ) ) {

[208] Fix | Delete

$extracted_fields[ $field_name ] = $sanitize_function( wp_unslash( $posted_data[ $field_name ] ) );

[209] Fix | Delete

}

[210] Fix | Delete

}

[211] Fix | Delete

[212] Fix | Delete

return $extracted_fields;

[213] Fix | Delete

}

[214] Fix | Delete

[215] Fix | Delete

/**

[216] Fix | Delete

* Extract payment method data from posted data.

[217] Fix | Delete

[218] Fix | Delete

* Extracts payment method ID and retrieves the readable gateway name.

[219] Fix | Delete

[220] Fix | Delete

* @param array $posted_data Posted form data.

[221] Fix | Delete

* @return array Payment method data with ID and name, or empty array if not found.

[222] Fix | Delete

[223] Fix | Delete

private function extract_payment_method( array $posted_data ): array {

[224] Fix | Delete

$payment_data = array();

[225] Fix | Delete

[226] Fix | Delete

if ( ! empty( $posted_data['payment_method'] ) ) {

[227] Fix | Delete

$payment_gateway_name = WC()->payment_gateways()->get_payment_gateway_name_by_id( $posted_data['payment_method'] );

[228] Fix | Delete

[229] Fix | Delete

$payment_data['payment'] = array(

[230] Fix | Delete

'payment_gateway_type' => $posted_data['payment_method'],

[231] Fix | Delete

'payment_gateway_name' => $payment_gateway_name,

[232] Fix | Delete

);

[233] Fix | Delete

}

[234] Fix | Delete

[235] Fix | Delete

return $payment_data;

[236] Fix | Delete

}

[237] Fix | Delete

[238] Fix | Delete

/**

[239] Fix | Delete

* Track successful order placement.

[240] Fix | Delete

[241] Fix | Delete

* Called when an order is successfully placed, with or without payment.

[242] Fix | Delete

* Works for both shortcode and Store API checkout flows.

[243] Fix | Delete

[244] Fix | Delete

* @internal

[245] Fix | Delete

[246] Fix | Delete

* @param int $order_id The order ID.

[247] Fix | Delete

* @param \WC_Order $order The order object.

[248] Fix | Delete

* @return void

[249] Fix | Delete

[250] Fix | Delete

public function track_order_placed( int $order_id, \WC_Order $order ): void {

[251] Fix | Delete

$customer_id = $order->get_customer_id();

[252] Fix | Delete

$event_data = array(

[253] Fix | Delete

'order_id' => $order_id,

[254] Fix | Delete

'payment_method' => $order->get_payment_method(),

[255] Fix | Delete

'total' => (float) $order->get_total(),

[256] Fix | Delete

'currency' => $order->get_currency(),

[257] Fix | Delete

'customer_id' => $customer_id ? $customer_id : 'guest',

[258] Fix | Delete

'status' => $order->get_status(),

[259] Fix | Delete

);

[260] Fix | Delete

[261] Fix | Delete

$this->session_data_collector->collect( 'order_placed', $event_data );

[262] Fix | Delete

}

[263] Fix | Delete

}

[264] Fix | Delete

[265] Fix | Delete