feat: add protections in Oneclick authorization flow

plugin/src/PaymentGateways/WC_Gateway_Transbank_Oneclick_Mall_REST.php

@@ -396,6 +396,10 @@ private function handleAuthorization(WC_Order $order, string $paymentTokenId)
             $paymentToken = $this->getWcPaymentToken($paymentTokenId);
             $amount = $this->getTotalAmountFromOrder($order);
 
+            if (!$this->validatePayerMatchesCardInscription($paymentToken)) {
+                throw new EcommerceException("Datos incorrectos para autorizar la transacción.");
+            }
+
             $authorizeResponse = $this->oneclickTransbankSdk->authorize(
                 $order->get_id(),
                 $amount,
@@ -703,6 +707,22 @@ private function getTotalAmountFromOrder(WC_Order $order): int
         return (int) number_format($order->get_total(), 0, ',', '');
     }
 
+    /**
+     * Validate that the user paying for the order is the same as the one who registered the card.
+     *
+     * @param WC_Payment_Token_Oneclick $inscriptionData The card inscription data.
+     *
+     * @return bool True if the payer matches the card inscription, false otherwise.
+     */
+    private function validatePayerMatchesCardInscription(WC_Payment_Token_Oneclick $paymentToken): bool
+    {
+        $currentUser = wp_get_current_user();
+        $userEmail = $currentUser->user_email;
+        $inscriptionEmail = $paymentToken->get_email();
+
+        return $userEmail == $inscriptionEmail;
+    }
+
     public function getOneclickPaymentTokenClass()
     {
         return WC_Payment_Token_Oneclick::class;