Commit 1e2c6188 authored by vensires's avatar vensires Committed by bserem

Issue #3015748 by k.skarlatos, vensires: New hashing algorithm for HashKey (HMACSHA256)

parent 1ed368b8
......@@ -5,11 +5,10 @@
* Provides Redirection Payment method with Winbank for Drupal Commerce.
*/
// URLs.
define('WINBANK_PAY_COMPLETED', 'checkout/winbank/success');
define('WINBANK_PAY_ERROR', 'checkout/winbank/error');
define('WINBANK_PAY_CANCEL', 'checkout/winbank/cancel');
define('COMMERCE_WINBANK_REDIRECT_PAY_COMPLETED', 'checkout/winbank/success');
define('COMMERCE_WINBANK_REDIRECT_PAY_ERROR', 'checkout/winbank/error');
define('COMMERCE_WINBANK_REDIRECT_PAY_CANCEL', 'checkout/winbank/cancel');
/**
* Implements hook_menu().
......@@ -17,7 +16,7 @@ define('WINBANK_PAY_CANCEL', 'checkout/winbank/cancel');
function commerce_winbank_redirect_menu() {
$items = array();
$items[WINBANK_PAY_COMPLETED] = array(
$items[COMMERCE_WINBANK_REDIRECT_PAY_COMPLETED] = array(
'title' => 'Order complete',
'page callback' => 'commerce_winbank_redirect_complete',
'page arguments' => array(),
......@@ -26,7 +25,7 @@ function commerce_winbank_redirect_menu() {
'file' => 'commerce_winbank_redirect.pages.inc',
);
$items[WINBANK_PAY_ERROR] = array(
$items[COMMERCE_WINBANK_REDIRECT_PAY_ERROR] = array(
'title' => 'Order complete',
'page callback' => 'commerce_winbank_redirect_error',
'page arguments' => array(),
......@@ -35,7 +34,7 @@ function commerce_winbank_redirect_menu() {
'file' => 'commerce_winbank_redirect.pages.inc',
);
$items[WINBANK_PAY_CANCEL] = array(
$items[COMMERCE_WINBANK_REDIRECT_PAY_CANCEL] = array(
'title' => 'Order complete',
'page callback' => 'commerce_winbank_redirect_cancel',
'page arguments' => array(),
......@@ -59,9 +58,9 @@ function commerce_winbank_redirect_completion_access() {
*/
function commerce_winbank_redirect_static_checkout_url_links() {
return array(
'Winbank: return link after success' => WINBANK_PAY_COMPLETED,
'Winbank: return link after error' => WINBANK_PAY_ERROR,
'Winbank: return link after cancelation' => WINBANK_PAY_CANCEL,
'Winbank: return link after success' => COMMERCE_WINBANK_REDIRECT_PAY_COMPLETED,
'Winbank: return link after error' => COMMERCE_WINBANK_REDIRECT_PAY_ERROR,
'Winbank: return link after cancelation' => COMMERCE_WINBANK_REDIRECT_PAY_CANCEL,
);
}
......@@ -92,10 +91,10 @@ function commerce_winbank_redirect_settings_form($settings = NULL) {
$form = array();
$default_currency = variable_get('commerce_default_currency', 'EUR');
$settings = (array) $settings + array(
'merchant_id' => '',
'acquirer_id'=>'',
'acquirer_id' => '',
'pos_id' => '',
'username' => '',
'password' => '',
......@@ -165,7 +164,7 @@ function commerce_winbank_redirect_settings_form($settings = NULL) {
'#options' => $cur,
'#default_value' => $settings['currency_code'],
);
return $form;
}
......@@ -173,9 +172,7 @@ function commerce_winbank_redirect_settings_form($settings = NULL) {
* Implements hook_redirect_form().
*/
function commerce_winbank_redirect_redirect_form($form, &$form_state, $order, $payment_method) {
$ticket = get_ticket($order, $payment_method);
commerce_winbank_redirect_get_ticket($order, $payment_method);
$settings = array();
// Return an error if the enabling action's settings haven't been configured.
......@@ -208,9 +205,8 @@ function commerce_winbank_redirect_order_form($form, &$form_state, $order, $tota
// Ensure a default value for the payment_method setting.
// Probably, we don't have to..
$settings += array('payment_method' => '');
// Build the data array that will be translated into hidden form values.
// Build the data array that will be translated into hidden form values.
$data = array(
'MerchantId' => $settings['merchant_id'],
'AcquirerId' => $settings['acquirer_id'],
......@@ -219,28 +215,20 @@ function commerce_winbank_redirect_order_form($form, &$form_state, $order, $tota
'LanguageCode' => commerce_winbank_redirect_get_current_lang_for_winbank(),
'MerchantReference' => $order->order_id,
'ParamBackLink' => 'order_id=' . $order->order_id,
//'ParamBackLink' => '',
// Optional: If not provided then the user will be prompted to enter it.
/* 'CardHolderName' => $cardholdername, */
// Optional: If not provided then the user will be prompted to enter it.
//'CardHolderEmail' => drupal_substr($order->mail, 0, 64),
// TODO: Ask for installments from the user
/* 'Installments' => $settings['instance_id'], */
//'TransactionType' => $settings['transaction_type'] == COMMERCE_CREDIT_AUTH_ONLY ? 0 : 1,
//'Param1' => $order->order_id,
//'Param2' => $order->order_number,
// Anchor for greek banks
// commerce_static_checkout_url_form_commerce_checkout_form_payment_alter
// Anchor for greek banks.
// @see commerce_static_checkout_url_form_commerce_checkout_form_payment_alter
'bank' => 'winbank',
);
$form['#action'] = $settings['post_url'];
foreach ($data as $name => $value) {
if (!empty($value)) {
$form[$name] = array('#type' => 'hidden', '#value' => $value);
......@@ -252,20 +240,24 @@ function commerce_winbank_redirect_order_form($form, &$form_state, $order, $tota
'#value' => t('Proceed to Winbank'),
);
$form['#action'] = $settings['post_url'];
return $form;
}
function get_ticket($order, $payment_method) {
/**
* Get a ticket for payment.
*/
function commerce_winbank_redirect_get_ticket($order, $payment_method) {
$amount = $order->commerce_order_total['und'][0]['amount'];
$currency_code = $order->commerce_order_total['und'][0]['currency_code'];
$amount = commerce_currency_amount_to_decimal($amount,$currency_code);
$amount = commerce_currency_amount_to_decimal($amount, $currency_code);
$password = md5($payment_method['settings']['password']);
$client = new SoapClient("https://paycenter.piraeusbank.gr/services/tickets/issuer.asmx?WSDL");
$available_currencies = commerce_winbank_redirect_available_currencies();
$request = array(
'Username' => $payment_method['settings']['username'],
'Password' => $password,
......@@ -279,13 +271,12 @@ function get_ticket($order, $payment_method) {
'CurrencyCode' => $available_currencies[$payment_method['settings']['currency_code']],
'Installments' => '0',
'Bnpl' => '0',
'Parameters' => 'order_id=' . $order->order_id
'Parameters' => 'order_id=' . $order->order_id,
);
$_SESSION['koobebe']['ticket_request']=$request;
$_SESSION['koobebe']['ticket_request'] = $request;
$result = $client->IssueNewTicket(array('Request' => $request));
//$request['type']='soap request';
$result = array(
'order_id' => $order->order_id,
'result_code' => $result->IssueNewTicketResult->ResultCode,
......@@ -295,7 +286,6 @@ function get_ticket($order, $payment_method) {
'minutes_to_expiration' => $result->IssueNewTicketResult->MinutesToExpiration,
);
$_SESSION['koobebe']['ticket_response'] = $result;
//$result['type']='soap result';
}
/**
......
......@@ -11,44 +11,52 @@
function commerce_winbank_redirect_complete() {
$order_id = $_POST['MerchantReference'];
$order = commerce_static_checkout_url_load_order_or_die($order_id);
if(!isset($_SESSION['koobebe']['ticket_response'])){
if (!isset($_SESSION['koobebe']['ticket_response'])) {
commerce_static_checkout_url_redirect_with_error('winbank', $order, 'can not get values from session', TRUE);
}
$ticket_request = $_SESSION['koobebe']['ticket_request'];
$ticket_response = $_SESSION['koobebe']['ticket_response'];
$long_str = $ticket_response['trans_ticket'] . $ticket_request['PosId'] . $ticket_request['AcquirerId'];
$long_str .= $ticket_request['MerchantReference'] . $_POST['ApprovalCode'] . $_POST['Parameters'];
$long_str .= $_POST['ResponseCode'] . $_POST['SupportReferenceID'] . $_POST['AuthStatus'] . $_POST['PackageNo'] . $_POST['StatusFlag'];
$hash = strtoupper(hash('sha256',$long_str));
if ($_POST['ResultCode'] != 0 or !in_array($_POST['ResponseCode'], array('00', '08', '10', '11', '16'))) {
$long_str = array();
$long_str[]= $ticket_response['trans_ticket'];
$long_str[] = $ticket_request['PosId'];
$long_str[] = $ticket_request['AcquirerId'];
$long_str[] = $ticket_request['MerchantReference'];
$long_str[] = $_POST['ApprovalCode'];
$long_str[] = $_POST['Parameters'];
$long_str[] = $_POST['ResponseCode'];
$long_str[] = $_POST['SupportReferenceID'];
$long_str[] = $_POST['AuthStatus'];
$long_str[] = $_POST['PackageNo'];
$long_str[] = $_POST['StatusFlag'];
$hash = strtoupper(hash_hmac('sha256', implode(';', $long_str), $ticket_response['trans_ticket']));
if ($_POST['ResultCode'] != 0 ||
!in_array($_POST['ResponseCode'], array('00', '08', '10', '11', '16'))) {
commerce_static_checkout_url_redirect_with_error('winbank', $order, 'Wrong POST DATA', TRUE);
}
else if ($hash != $_POST['HashKey']) {
elseif ($hash != $_POST['HashKey']) {
commerce_static_checkout_url_redirect_with_error('winbank', $order, 'hashes do not match ' . $hash . ' ' . $_POST['HashKey'], TRUE);
}
if($_POST['ResponseCode'] == '11'){
watchdog('commerce_winbank_redirect', 'Double charge attempted. Order id: @order_id.', array('@order_id' => $order_id));
if ($_POST['ResponseCode'] == '11') {
watchdog('commerce_winbank_redirect', 'Double charge attempted. Order id: @order_id.', array('@order_id' => $order_id), WATCHDOG_NOTICE);
}
// successfull payment
if($_POST['ResultCode']==0 && $_POST['StatusFlag'] == 'Success'){
// Successfull payment.
if ($_POST['ResultCode'] == 0 && $_POST['StatusFlag'] == 'Success') {
$payment = commerce_payment_method_instance_load('commerce_winbank_redirect|commerce_payment_commerce_winbank_redirect');
$transaction = commerce_payment_transaction_new('commerce_winbank_redirect', $order_id);
// $transaction->instance_id = $delta_pay_id;
$transaction->amount = $order->commerce_order_total['und'][0]['amount'];;
$transaction->currency_code = $payment['settings']['currency_code'];
$transaction->amount = $order->commerce_order_total[LANGUAGE_NONE][0]['amount'];
$transaction->payload[REQUEST_TIME] = $_POST;
$transaction->status = COMMERCE_PAYMENT_STATUS_SUCCESS;
//$transaction->remote_id = '';
// $transaction->remote_status = '';
$transaction->message = t('Payment was successful');
$result = commerce_payment_transaction_save($transaction);
commerce_payment_transaction_save($transaction);
commerce_checkout_complete($order);
watchdog('commerce_winbank_redirect', 'Payment received for order: @order_id.', array('@order_id' => $order_id));
commerce_static_checkout_url_redirect_with_success('winbank',$order);
commerce_static_checkout_url_redirect_with_success('winbank', $order);
}
}
......@@ -59,15 +67,11 @@ function commerce_winbank_redirect_error() {
$order_id = $_POST['MerchantReference'];
$order = commerce_static_checkout_url_load_order_or_die($order_id);
$transaction = commerce_payment_transaction_new('commerce_winbank_redirect', $order_id);
//$transaction->instance_id = -1;
$transaction->payload[REQUEST_TIME] = $_POST;
$transaction->status = COMMERCE_PAYMENT_STATUS_FAILURE;
//$transaction->remote_id = $delta_pay_id;
//$transaction->remote_status = $payment_status;
$transaction->message = $_POST['ResponseDescription'];
$result = commerce_payment_transaction_save($transaction);
commerce_static_checkout_url_redirect_with_error('winbank', $order, $_POST['ResponseDescription'].$_POST['ResultDescription']);
commerce_payment_transaction_save($transaction);
commerce_static_checkout_url_redirect_with_error('winbank', $order, $_POST['ResponseDescription'] . $_POST['ResultDescription']);
}
/**
......@@ -76,6 +80,5 @@ function commerce_winbank_redirect_error() {
function commerce_winbank_redirect_cancel() {
$order_id = $_GET['order_id'];
$order = commerce_static_checkout_url_load_order_or_die($order_id);
commerce_static_checkout_url_redirect_with_cancel('winbank', $order);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment