=== Payments via Teya Payments for Woocommerce ===
Contributors: tacticais
Tags: teya, credit card, payments
Requires at least: 5.0
Tested up to: 6.9
Requires PHP: 7.4
WC requires at least: 5.0
WC tested up to: 10.5.3
Stable tag: 1.1.3
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Secure online card payments powered by Teya

== Description ==

This Teya Payments for WooCommerce adds Teya Payments Gateway to your WooCommerce store, uses Teya Hosted Checkout for payment processing.
[Teya Hosted Checkout](https://www.teya.com/online-payments/hosted-checkout)

== External Services ==

This plugin connects to external services to provide payment processing functionality. The following external services are used:

1. **Merchant Registration**
  *  **Purpose:** Redirect the admin user to the Teya Registration during plugin configure
  *  **Service Provider:** Teya
  *  **Data Sent:** Teya Payments gateway registration and payments IPN urls, plugin version
  *  **Service Link:** [Production]`https://business.teya.com/ecom/plugin-registration` | [Staging]`https://business.teya.xyz/ecom/plugin-registration`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

2. **Merchant Registration Signature Verification**
  *  **Purpose:** Used to retrieve Teya public key to verify webhook data
  *  **Service Provider:** Teya
  *  **Data Sent:** none
  *  **Service Link:** [Production]`https://cdn.teya.com/dynamic/4eb143f2/public-key` | [Staging]`https://cdn.teya.xyz/dynamic/4eb143f2/public-key`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

3. **Token Management**
  *  **Purpose**: Used to obtain Teya access token after Merchant Registration or to refresh the access token if it is expired
  *  **Service Provider:** Teya
  *  **Data Sent;** Teya Payments gateway registration IPN url, Teya client id and client secret
  *  **Service Link:** [Production]`https://id.teya.com/oauth/v2/oauth-token` | [Staging]`https://id.teya.xyz/oauth/v2/oauth-token`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

4. **Payment Session Creation**
  *  **Purpose:** Used to create Teya Hosted Checkout which process payments. Fires after a WooCommerce order is created
  *  **Service Provider:** Teya
  *  **Data Sent:** order data, customer details
  *  **Service Link:** [Production]`https://api.teya.com/v2/checkout/sessions` | [Staging]`https://api.teya.xyz/v2/checkout/sessions`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

5. **Payment Session Check**
  *  **Purpose:** Used to check Teya Hosted Checkout payment status. Fires after a WooCommerce order is created
  *  **Service Provider:** Teya
  *  **Data Sent:** Teya Hosted Checkout session_id
  *  **Service Link:** [Production]`https://api.teya.com/v2/checkout/sessions/[session_id]` | [Staging]`https://api.teya.xyz/v2/checkout/sessions/[session_id]`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

6. **Payment refund**
  *  **Purpose:** Used to refund payment created on Teya Hosted Checkout
  *  **Service Provider:** Teya
  *  **Data Sent:** transaction id, order id, order number, refund reason
  *  **Service Link:** [Production]`https://api.teya.com/v2/refunds` | [Staging]`https://api.teya.xyz/v2/refunds`
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

7. **Teya deactivation**
  *  **Purpose:** Used to deactivate Teya Registration
  *  **Service Provider:** Teya
  *  **Data Sent:** Teya access token
  *  **Service Link:** `https://api.teya.com/v1/ecommerce/registrations/current`(Production) | `https://api.teya.xyz/v1/ecommerce/registrations/current`(Staging)
  *  **Terms of Use/Privacy Policy:** `https://www.teya.com/legal/general-terms` | `https://www.teya.com/legal/privacy-policy`

== Installation ==

1. Upload `teya-payments-for-woocommerce.zip` to the `/wp-content/plugins/` directory and extract
2. Activate the plugin through the 'Plugins' menu in WordPress

== Changelog ==

= 1.1.3 =
* Fix: verify payment webhook signature against raw request body
* Security: obfuscate sensitive values (client secret, access token) in debug log
* Security: disable debug logging automatically after successful registration
* Remove IP allowlist check; log real client IP for diagnostics instead
* Tested with WooCommerce 10.5.3

= 1.1.2 =
* Fix: verify OAuth registration signature against raw request body instead of re-serialized subset
* Fix: consume state token only after signature verification succeeds

= 1.1.1 =
* Fix: correct locale mapping for languages where WordPress omits the region code (e.g. Croatian hr → hr-HR)

= 1.1.0 =
* Security: block OAuth callback re-registration when plugin is already connected
* Security: add state token CSRF protection to OAuth registration flow
* Security: IP whitelist for webhook and OAuth callback endpoints
* Fix: webhook order lookup now uses session_id to avoid conflicts with custom merchant references
* Add webstore URL to transaction metadata
* Add manual credential fallback for when automatic OAuth registration fails

= 1.0.9 =
* Improve data processing

= 1.0.8 =
* Implement v3 refunds
* Implement fallback payment success

= 1.0.7 =
* Change Plugin name

= 1.0.6 =
* Fix amount when converting amounts to smallest units
* Add metadata when creating Teya Hosted checkout
* Tested with WordPress 6.9 and WooCommerce 10.4.2

= 1.0.5 =
* Fix issue with multiplying int and float when converting amounts to smallest units

= 1.0.4 =
* Fix webhook verification

= 1.0.0 =
* Initial release