Add modal for verifying user account with CC
What does this MR do?
In order to validate users credit cards on gl.com we will use Zuora payment form. When we want to validate a credit card we render the iFrame and ask user to enter the credit card information. But to increase security, prevent users from replaying requests, and do some logic on the backend we need to use the callback from Zuora. We don't want to copy all Zuora related logic to GL.com source code so we use CustomersDot. The problem is that Zuora doesn't allow specifying multiple endpoints for their callbacks, i.e. if we render the iFrame on GL.com we must specify endpoint to gitlab.com. We can't do that. Instead we go with double iframes: we render an iFrame from CustomersDot which renders an iFrame from Zuora.
NOTE: This modal will be activated manually in the code hidden behind a feature flag. This feature flag will be added later.
See this epic for more information.
Part of https://gitlab.com/gitlab-org/gitlab/-/issues/329170
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. -
I have not included a changelog entry because this feature is not live yet.
-
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team