nopSolutions · skoshelev · Feb 5, 2025 · Dec 25, 2024 · Feb 5, 2025 · Feb 5, 2025
diff --git a/src/Libraries/Nop.Services/Orders/IOrderProcessingService.cs b/src/Libraries/Nop.Services/Orders/IOrderProcessingService.cs
@@ -338,4 +338,10 @@ public partial interface IOrderProcessingService
     /// <param name="recurringPayment">Recurring payment</param>
     /// <returns>A task that represents the asynchronous operation</returns>
     Task<int> GetCyclesRemainingAsync(RecurringPayment recurringPayment);
+
+    /// <summary>
+    /// Generate an order GUID
+    /// </summary>
+    /// <param name="processPaymentRequest">Process payment request</param>
+    Task GenerateOrderGuidAsync(ProcessPaymentRequest processPaymentRequest);
 }
diff --git a/src/Libraries/Nop.Services/Orders/OrderProcessingService.cs b/src/Libraries/Nop.Services/Orders/OrderProcessingService.cs
@@ -1,4 +1,5 @@
 using System.Globalization;
+using Microsoft.AspNetCore.Http;
 using Nop.Core;
 using Nop.Core.Caching;
 using Nop.Core.Domain.Catalog;
@@ -14,6 +15,7 @@
 using Nop.Core.Domain.Tax;
 using Nop.Core.Domain.Vendors;
 using Nop.Core.Events;
+using Nop.Core.Http.Extensions;
 using Nop.Services.Affiliates;
 using Nop.Services.Catalog;
 using Nop.Services.Common;
@@ -53,6 +55,7 @@ public partial class OrderProcessingService : IOrderProcessingService
     protected readonly IEventPublisher _eventPublisher;
     protected readonly IGenericAttributeService _genericAttributeService;
     protected readonly IGiftCardService _giftCardService;
+    protected readonly IHttpContextAccessor _httpContextAccessor;
     protected readonly ILanguageService _languageService;
     protected readonly ILocalizationService _localizationService;
     protected readonly ILogger _logger;
@@ -105,6 +108,7 @@ public OrderProcessingService(CurrencySettings currencySettings,
         IEventPublisher eventPublisher,
         IGenericAttributeService genericAttributeService,
         IGiftCardService giftCardService,
+        IHttpContextAccessor httpContextAccessor,
         ILanguageService languageService,
         ILocalizationService localizationService,
         ILogger logger,
@@ -153,6 +157,7 @@ public OrderProcessingService(CurrencySettings currencySettings,
         _eventPublisher = eventPublisher;
         _genericAttributeService = genericAttributeService;
         _giftCardService = giftCardService;
+        _httpContextAccessor = httpContextAccessor;
         _languageService = languageService;
         _localizationService = localizationService;
         _logger = logger;
@@ -3231,6 +3236,38 @@ public virtual async Task<int> GetCyclesRemainingAsync(RecurringPayment recurrin
         return result;
     }
 
+    /// <summary>
+    /// Generate an order GUID
+    /// </summary>
+    /// <param name="processPaymentRequest">Process payment request</param>
+    public virtual async Task GenerateOrderGuidAsync(ProcessPaymentRequest processPaymentRequest)
+    {
+        if (processPaymentRequest == null)
+            return;
+
+        //we should use the same GUID for multiple payment attempts
+        //this way a payment gateway can prevent security issues such as credit card brute-force attacks
+        //in order to avoid any possible limitations by payment gateway we reset GUID periodically
+        var previousPaymentRequest = await _httpContextAccessor.HttpContext.Session.GetAsync<ProcessPaymentRequest>("OrderPaymentInfo");
+        if (_paymentSettings.RegenerateOrderGuidInterval > 0 &&
+            previousPaymentRequest != null &&
+            previousPaymentRequest.OrderGuidGeneratedOnUtc.HasValue)
+        {
+            var interval = DateTime.UtcNow - previousPaymentRequest.OrderGuidGeneratedOnUtc.Value;
+            if (interval.TotalSeconds < _paymentSettings.RegenerateOrderGuidInterval)
+            {
+                processPaymentRequest.OrderGuid = previousPaymentRequest.OrderGuid;
+                processPaymentRequest.OrderGuidGeneratedOnUtc = previousPaymentRequest.OrderGuidGeneratedOnUtc;
+            }
+        }
+
+        if (processPaymentRequest.OrderGuid == Guid.Empty)
+        {
+            processPaymentRequest.OrderGuid = Guid.NewGuid();
+            processPaymentRequest.OrderGuidGeneratedOnUtc = DateTime.UtcNow;
+        }
+    }
+
     #endregion
 
     #region Nested class

diff --git a/src/Libraries/Nop.Services/Payments/IPaymentService.cs b/src/Libraries/Nop.Services/Payments/IPaymentService.cs
@@ -165,10 +165,4 @@ public partial interface IPaymentService
     /// <param name="order">Order</param>
     /// <returns>Serialized CustomValues CustomValues</returns>
     Dictionary<string, object> DeserializeCustomValues(Order order);
-
-    /// <summary>
-    /// Generate an order GUID
-    /// </summary>
-    /// <param name="processPaymentRequest">Process payment request</param>
-    Task GenerateOrderGuidAsync(ProcessPaymentRequest processPaymentRequest);
 }
diff --git a/src/Libraries/Nop.Services/Payments/PaymentService.cs b/src/Libraries/Nop.Services/Payments/PaymentService.cs
@@ -1,10 +1,8 @@
 using System.Xml;
 using System.Xml.Serialization;
-using Microsoft.AspNetCore.Http;
 using Nop.Core;
 using Nop.Core.Domain.Orders;
 using Nop.Core.Domain.Payments;
-using Nop.Core.Http.Extensions;
 using Nop.Services.Catalog;
 using Nop.Services.Customers;
 
@@ -18,7 +16,6 @@ public partial class PaymentService : IPaymentService
     #region Fields
 
     protected readonly ICustomerService _customerService;
-    protected readonly IHttpContextAccessor _httpContextAccessor;
     protected readonly IPaymentPluginManager _paymentPluginManager;
     protected readonly IPriceCalculationService _priceCalculationService;
     protected readonly PaymentSettings _paymentSettings;
@@ -29,14 +26,12 @@ public partial class PaymentService : IPaymentService
     #region Ctor
 
     public PaymentService(ICustomerService customerService,
-        IHttpContextAccessor httpContextAccessor,
         IPaymentPluginManager paymentPluginManager,
         IPriceCalculationService priceCalculationService,
         PaymentSettings paymentSettings,
         ShoppingCartSettings shoppingCartSettings)
     {
         _customerService = customerService;
-        _httpContextAccessor = httpContextAccessor;
         _paymentPluginManager = paymentPluginManager;
         _priceCalculationService = priceCalculationService;
         _paymentSettings = paymentSettings;
@@ -415,37 +410,5 @@ public virtual Dictionary<string, object> DeserializeCustomValues(Order order)
         return [];
     }
 
-    /// <summary>
-    /// Generate an order GUID
-    /// </summary>
-    /// <param name="processPaymentRequest">Process payment request</param>
-    public virtual async Task GenerateOrderGuidAsync(ProcessPaymentRequest processPaymentRequest)
-    {
-        if (processPaymentRequest == null)
-            return;
-
-        //we should use the same GUID for multiple payment attempts
-        //this way a payment gateway can prevent security issues such as credit card brute-force attacks
-        //in order to avoid any possible limitations by payment gateway we reset GUID periodically
-        var previousPaymentRequest = await _httpContextAccessor.HttpContext.Session.GetAsync<ProcessPaymentRequest>("OrderPaymentInfo");
-        if (_paymentSettings.RegenerateOrderGuidInterval > 0 &&
-            previousPaymentRequest != null &&
-            previousPaymentRequest.OrderGuidGeneratedOnUtc.HasValue)
-        {
-            var interval = DateTime.UtcNow - previousPaymentRequest.OrderGuidGeneratedOnUtc.Value;
-            if (interval.TotalSeconds < _paymentSettings.RegenerateOrderGuidInterval)
-            {
-                processPaymentRequest.OrderGuid = previousPaymentRequest.OrderGuid;
-                processPaymentRequest.OrderGuidGeneratedOnUtc = previousPaymentRequest.OrderGuidGeneratedOnUtc;
-            }
-        }
-
-        if (processPaymentRequest.OrderGuid == Guid.Empty)
-        {
-            processPaymentRequest.OrderGuid = Guid.NewGuid();
-            processPaymentRequest.OrderGuidGeneratedOnUtc = DateTime.UtcNow;
-        }
-    }
-
     #endregion
 }
diff --git a/src/Plugins/Nop.Plugin.Payments.PayPalCommerce/Services/PayPalCommerceServiceManager.cs b/src/Plugins/Nop.Plugin.Payments.PayPalCommerce/Services/PayPalCommerceServiceManager.cs
@@ -1494,7 +1494,7 @@ public static bool IsConnected(PayPalCommerceSettings settings)
             if (paymentRequest is null || order is null)
             {
                 paymentRequest = new();
-                await _paymentService.GenerateOrderGuidAsync(paymentRequest);
+                await _orderProcessingService.GenerateOrderGuidAsync(paymentRequest);
             }
             var orderGuid = paymentRequest.OrderGuid.ToString();
 

diff --git a/src/Presentation/Nop.Web/Controllers/CheckoutController.cs b/src/Presentation/Nop.Web/Controllers/CheckoutController.cs
@@ -1220,7 +1220,7 @@ public virtual async Task<IActionResult> EnterPaymentInfo(IFormCollection form)
             //get payment info
             var paymentInfo = await paymentMethod.GetPaymentInfoAsync(form);
             //set previous order GUID (if exists)
-            await _paymentService.GenerateOrderGuidAsync(paymentInfo);
+            await _orderProcessingService.GenerateOrderGuidAsync(paymentInfo);
 
             //session save
             await HttpContext.Session.SetAsync("OrderPaymentInfo", paymentInfo);
@@ -1307,7 +1307,7 @@ public virtual async Task<IActionResult> ConfirmOrder(bool captchaValid)
 
                 processPaymentRequest = new ProcessPaymentRequest();
             }
-            await _paymentService.GenerateOrderGuidAsync(processPaymentRequest);
+            await _orderProcessingService.GenerateOrderGuidAsync(processPaymentRequest);
             processPaymentRequest.StoreId = store.Id;
             processPaymentRequest.CustomerId = customer.Id;
             processPaymentRequest.PaymentMethodSystemName = await _genericAttributeService.GetAttributeAsync<string>(customer,
@@ -1972,7 +1972,7 @@ public virtual async Task<IActionResult> OpcSavePaymentInfo(IFormCollection form
                 //get payment info
                 var paymentInfo = await paymentMethod.GetPaymentInfoAsync(form);
                 //set previous order GUID (if exists)
-                await _paymentService.GenerateOrderGuidAsync(paymentInfo);
+                await _orderProcessingService.GenerateOrderGuidAsync(paymentInfo);
 
                 //session save
                 await HttpContext.Session.SetAsync("OrderPaymentInfo", paymentInfo);
@@ -2058,7 +2058,7 @@ public virtual async Task<IActionResult> OpcConfirmOrder(bool captchaValid)
 
                     processPaymentRequest = new ProcessPaymentRequest();
                 }
-                await _paymentService.GenerateOrderGuidAsync(processPaymentRequest);
+                await _orderProcessingService.GenerateOrderGuidAsync(processPaymentRequest);
                 processPaymentRequest.StoreId = store.Id;
                 processPaymentRequest.CustomerId = customer.Id;
                 processPaymentRequest.PaymentMethodSystemName = await _genericAttributeService.GetAttributeAsync<string>(customer,

diff --git a/src/Tests/Nop.Tests/Nop.Services.Tests/Orders/OrderProcessingServiceTests.cs b/src/Tests/Nop.Tests/Nop.Services.Tests/Orders/OrderProcessingServiceTests.cs
@@ -1,10 +1,13 @@
 using FluentAssertions;
+using Microsoft.AspNetCore.Http;
 using Nop.Core.Domain.Catalog;
 using Nop.Core.Domain.Orders;
 using Nop.Core.Domain.Payments;
 using Nop.Core.Domain.Shipping;
+using Nop.Core.Http.Extensions;
 using Nop.Data;
 using Nop.Services.Orders;
+using Nop.Services.Payments;
 using Nop.Tests.Nop.Services.Tests.Payments;
 using NUnit.Framework;
 
@@ -15,12 +18,14 @@ public class OrderProcessingServiceTests : ServiceTest
 {
     private IOrderService _orderService;
     private IOrderProcessingService _orderProcessingService;
+    private IHttpContextAccessor _httpContextAccessor;
 
     [OneTimeSetUp]
     public void SetUp()
     {
         _orderService = GetService<IOrderService>();
         _orderProcessingService = GetService<IOrderProcessingService>();
+        _httpContextAccessor = GetService<IHttpContextAccessor>();
     }
 
     [OneTimeTearDown]
@@ -34,6 +39,29 @@ public async Task TearDown()
         await GetService<IRepository<RecurringPayment>>().TruncateAsync();
     }
 
+    [Test]
+    public async Task CanGenerateOrderGuid()
+    {
+        var request = new ProcessPaymentRequest();
+        request.OrderGuid.Should().Be(Guid.Empty);
+        await _orderProcessingService.GenerateOrderGuidAsync(request);
+        request.OrderGuid.Should().NotBe(Guid.Empty);
+        var oldGuid = request.OrderGuid;
+        await _orderProcessingService.GenerateOrderGuidAsync(request);
+        request.OrderGuid.Should().Be(oldGuid);
+        request = new ProcessPaymentRequest();
+        await _orderProcessingService.GenerateOrderGuidAsync(request);
+        request.OrderGuid.Should().NotBe(oldGuid);
+        oldGuid = request.OrderGuid;
+        ArgumentNullException.ThrowIfNull(_httpContextAccessor.HttpContext);
+        await _httpContextAccessor.HttpContext.Session.SetAsync("OrderPaymentInfo", request);
+        await _orderProcessingService.GenerateOrderGuidAsync(request);
+        request.OrderGuid.Should().Be(oldGuid);
+        request = new ProcessPaymentRequest();
+        await _orderProcessingService.GenerateOrderGuidAsync(request);
+        request.OrderGuid.Should().Be(oldGuid);
+    }
+
     [Test]
     public void EnsureOrderCanOnlyBeCancelledWhenOrderStatusIsNotCanCelledYet()
     {

diff --git a/src/Tests/Nop.Tests/Nop.Services.Tests/Payments/PaymentServiceTests.cs b/src/Tests/Nop.Tests/Nop.Services.Tests/Payments/PaymentServiceTests.cs
@@ -1,7 +1,5 @@
 using FluentAssertions;
-using Microsoft.AspNetCore.Http;
 using Nop.Core.Domain.Orders;
-using Nop.Core.Http.Extensions;
 using Nop.Services.Payments;
 using NUnit.Framework;
 
@@ -12,37 +10,12 @@ public class PaymentServiceTests : ServiceTest
 {
     private IPaymentPluginManager _paymentPluginManager;
     private IPaymentService _paymentService;
-    private IHttpContextAccessor _httpContextAccessor;
 
     [OneTimeSetUp]
     public void SetUp()
     {
         _paymentService = GetService<IPaymentService>();
         _paymentPluginManager = GetService<IPaymentPluginManager>();
-        _httpContextAccessor = GetService<IHttpContextAccessor>();
-    }
-
-    [Test]
-    public async Task CanGenerateOrderGuid()
-    {
-        var request = new ProcessPaymentRequest();
-        request.OrderGuid.Should().Be(Guid.Empty);
-        await _paymentService.GenerateOrderGuidAsync(request);
-        request.OrderGuid.Should().NotBe(Guid.Empty);
-        var oldGuid = request.OrderGuid;
-        await _paymentService.GenerateOrderGuidAsync(request);
-        request.OrderGuid.Should().Be(oldGuid);
-        request = new ProcessPaymentRequest();
-        await _paymentService.GenerateOrderGuidAsync(request);
-        request.OrderGuid.Should().NotBe(oldGuid);
-        oldGuid = request.OrderGuid;
-        ArgumentNullException.ThrowIfNull(_httpContextAccessor.HttpContext);
-        await _httpContextAccessor.HttpContext.Session.SetAsync("OrderPaymentInfo", request);
-        await _paymentService.GenerateOrderGuidAsync(request);
-        request.OrderGuid.Should().Be(oldGuid);
-        request = new ProcessPaymentRequest();
-        await _paymentService.GenerateOrderGuidAsync(request);
-        request.OrderGuid.Should().Be(oldGuid);
     }
 
     [Test]