Skip to content

Add modal for verifying user account with CC

Vitaly Slobodin requested to merge vs-add-payment-method-modal into master

What does this MR do?

In order to validate users credit cards on gl.com we will use Zuora payment form. When we want to validate a credit card we render the iFrame and ask user to enter the credit card information. But to increase security, prevent users from replaying requests, and do some logic on the backend we need to use the callback from Zuora. We don't want to copy all Zuora related logic to GL.com source code so we use CustomersDot. The problem is that Zuora doesn't allow specifying multiple endpoints for their callbacks, i.e. if we render the iFrame on GL.com we must specify endpoint to gitlab.com. We can't do that. Instead we go with double iframes: we render an iFrame from CustomersDot which renders an iFrame from Zuora.

NOTE: This modal will be activated manually in the code hidden behind a feature flag. This feature flag will be added later.

See this epic for more information.

Part of https://gitlab.com/gitlab-org/gitlab/-/issues/329170

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Ragnar Hardarson

Merge request reports