Merge pull request #124 from heidelpay/develop

Develop

CHANGELOG.md

@@ -3,6 +3,18 @@
 ## Versioning
 
 This project does not follow a versioning standard. Versions are crafted after the dates; for example, the version 17.7.25 was released on July, 25th in 2017
+## 19.10.17
+### Added
+- Hash validation to push requests.
+- Compatibility with Magento 2.3
+
+### Fixed
+- Use the correct store config now for orders made in sub stores.
+- online refund failed with orders via invoice payment methods.
+
+### Changed
+- Redirect controller: redirect to cart if oder could not be loaded correctly.
+
 ## 19.7.29
 
 ### Added

Controller/Adminhtml/Order/Shipment/Save.php

@@ -95,6 +95,7 @@ public function beforeExecute()
         // get the payment method instance and the heidelpay method instance
         /** @var HeidelpayAbstractPaymentMethod $method */
         $method = $order->getPayment()->getMethodInstance();
+        $storeId = $order->getStoreId();
 
         // only fire the shipping when a heidelpay payment method is used.
         if ($method instanceof HeidelpayAbstractPaymentMethod) {
@@ -108,13 +109,12 @@ public function beforeExecute()
 
                 /** @var HgwBasePaymentConfigInterface $methodConfig */
                 $methodConfig = $method->getConfig();
-
                 $heidelpayMethod->getRequest()->authentification(
-                    $mainConfig->getSecuritySender(),
-                    $mainConfig->getUserLogin(),
-                    $mainConfig->getUserPasswd(),
-                    $methodConfig->getChannel(),
-                    $mainConfig->isSandboxModeActive()
+                    $mainConfig->getSecuritySender($storeId),
+                    $mainConfig->getUserLogin($storeId),
+                    $mainConfig->getUserPasswd($storeId),
+                    $methodConfig->getChannel($storeId),
+                    $mainConfig->isSandboxModeActive($storeId)
                 );
 
                 // set the basket data (for amount and currency and a secret hash for fraud checking)

Controller/HgwAbstract.php

@@ -3,10 +3,13 @@
 namespace Heidelpay\Gateway\Controller;
 
 use Heidelpay\Gateway\Helper\Payment as HeidelpayHelper;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Controller\ResultInterface;
 use Magento\Quote\Model\QuoteManagement;
 use Magento\Sales\Model\Order\Email\Sender\OrderSender;
 use Magento\Sales\Model\Order\Email\Sender\OrderCommentSender;
 use Magento\Sales\Model\Order\Email\Sender\InvoiceSender;
+use Netresearch\Compatibility\Controller\CsrfAware\Action as CsrfAwareAction;
 
 /**
  * Abstract controller class
@@ -18,7 +21,7 @@
  * @subpackage Magento2
  * @category Magento2
  */
-abstract class HgwAbstract extends \Magento\Framework\App\Action\Action
+abstract class HgwAbstract extends CsrfAwareAction
 {
     protected $resultPageFactory;
     protected $logger;
@@ -59,10 +62,6 @@ abstract class HgwAbstract extends \Magento\Framework\App\Action\Action
      */
     protected $_orderCommentSender;
 
-    /*
-     *
-     */
-
     protected $_invoiceSender;
 
     /**
@@ -144,4 +143,15 @@ protected function getQuote()
         }
         return $this->_quote;
     }
+
+    protected function getCsrfExceptionResponse(RequestInterface $request)
+    {
+    }
+
+    protected function proxyValidateForCsrf(RequestInterface $request)
+    {
+        return true;
+    }
+
+
 }

Controller/Index/Push.php

@@ -2,6 +2,7 @@
 
 namespace Heidelpay\Gateway\Controller\Index;
 
+use Heidelpay\Gateway\Helper\Response as ResponseHelper;
 use Magento\Framework\Api\SearchCriteriaBuilder;
 use Magento\Sales\Model\Order\Email\Sender\InvoiceSender;
 use Magento\Sales\Model\Order\Email\Sender\OrderCommentSender;
@@ -37,6 +38,9 @@ class Push extends \Heidelpay\Gateway\Controller\HgwAbstract
     /** @var SearchCriteriaBuilder */
     private $searchCriteriaBuilder;
 
+    /** @var ResponseHelper */
+    private $repsonseHelper;
+
     /**
      * @param \Magento\Framework\App\Action\Context $context
      * @param \Magento\Customer\Model\Session $customerSession
@@ -56,6 +60,7 @@ class Push extends \Heidelpay\Gateway\Controller\HgwAbstract
      * @param OrderRepository $orderRepository
      * @param \Heidelpay\PhpPaymentApi\Push $heidelpayPush
      * @param SearchCriteriaBuilder $searchCriteriaBuilder
+     * @param ResponseHelper $repsonseHelper
      */
     public function __construct(
         \Magento\Framework\App\Action\Context $context,
@@ -75,7 +80,8 @@ public function __construct(
         \Magento\Customer\Model\Url $customerUrl,
         OrderRepository $orderRepository,
         \Heidelpay\PhpPaymentApi\Push $heidelpayPush,
-        SearchCriteriaBuilder $searchCriteriaBuilder
+        SearchCriteriaBuilder $searchCriteriaBuilder,
+        ResponseHelper $repsonseHelper
     ) {
         parent::__construct(
             $context,
@@ -98,6 +104,7 @@ public function __construct(
         $this->orderRepository = $orderRepository;
         $this->heidelpayPush = $heidelpayPush;
         $this->searchCriteriaBuilder = $searchCriteriaBuilder;
+        $this->repsonseHelper = $repsonseHelper;
     }
 
     /**
@@ -136,6 +143,12 @@ public function execute()
         $pushResponse = $this->heidelpayPush->getResponse();
         $this->_logger->debug('Push Response: ' . print_r($pushResponse, true));
 
+        // Stop processing if hash validation fails.
+        $remoteAddress = $this->getRequest()->getServer('REMOTE_ADDR');
+        if(!$this->repsonseHelper->validateSecurityHash($pushResponse, $remoteAddress)) {
+            return;
+        }
+
         list($paymentMethod, $paymentType) = $this->_paymentHelper->splitPaymentCode(
             $pushResponse->getPayment()->getCode()
         );