From 66580362aff2db4ad65307a7966f8692d1e2ee6c Mon Sep 17 00:00:00 2001
From: Mario Lorenz <mario.lorenz@oxid-esales.com>
Date: Tue, 16 Jul 2024 16:19:55 +0200
Subject: [PATCH] add actionHash to make Request Unique

---
 src/Core/ServiceFactory.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Core/ServiceFactory.php b/src/Core/ServiceFactory.php
index 021da211..c604bbce 100644
--- a/src/Core/ServiceFactory.php
+++ b/src/Core/ServiceFactory.php
@@ -9,6 +9,7 @@
 
 namespace OxidSolutionCatalysts\PayPal\Core;
 
+use OxidEsales\Eshop\Core\Registry;
 use OxidSolutionCatalysts\PayPal\Traits\ServiceContainer;
 use OxidSolutionCatalysts\PayPalApi\Client;
 use OxidSolutionCatalysts\PayPalApi\Service\Partner;
@@ -120,12 +121,21 @@ private function getClient(): Client
             /** @var LoggerInterface $logger */
             $logger = $this->getServiceFromContainer('OxidSolutionCatalysts\PayPal\Logger');
 
+            $debug = Registry::getConfig()->getConfigParam('sLogLevel') === 'debug';
+
+            // prepare a unique action hash
+            $session = Registry::getSession();
+            $sessionId = $session->getId();
+            $basketId = $session->getVariable('sess_challenge');
+            $actionHash = md5($sessionId . $basketId);
+
             $client = new Client(
                 $logger,
                 $config->isSandbox() ? Client::SANDBOX_URL : Client::PRODUCTION_URL,
                 $config->getClientId(),
                 $config->getClientSecret(),
                 $config->getTokenCacheFileName(),
+                $actionHash,
                 // must be empty. We do not have the merchant's payerid
                 //and confirmed by paypal we should not use it for auth and
                 //so not ask for it on the configuration page