Skip to content

Commit

Permalink
Merge pull request #465 from fatchip-Stefan/SW-399
Browse files Browse the repository at this point in the history 
SW-399: fixed some issues regarding transaction status processing
  • Loading branch information
@jvarelmann
jvarelmann authored Sep 5, 2022
2 parents 1ea59e5 + 847a25a commit a9184c8
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 14 deletions.
22 changes: 20 additions & 2 deletions Frontend/MoptPaymentPayone/Controllers/Frontend/MoptPaymentPayone.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -784,14 +784,32 @@ public function errorAction()
*/
public function finishOrderAction()
{
// exit(); // uncomment for testing
$txId = $this->Request()->getParam('txid');
$moptPaymentReference = $this->Request()->getParam('hash');
$session = Shopware()->Session();
$orderIsCorrupted = false;

if (!$this->isOrderFinished($txId)) {
$orderHash = md5(serialize($session['sOrderVariables']));
if ($session->moptOrderHash !== $orderHash) {
$this->saveOrder($txId, $moptPaymentReference, 21);
$orderIsCorrupted = true;
$orderNumber = $this->saveOrder($txId, $moptPaymentReference, 21);
$orderObj = Shopware()->Models()->getRepository('Shopware\Models\Order\Order')->findOneBy(['transactionId' => $txId]);
$comment = Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart1', false)
. ' ' . $orderNumber . ' '
. Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart2', false)
. ' ' . $txId . ' '
. Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart3', false);
$orderObj->setComment($comment);
Shopware()->Models()->persist($orderObj);
Shopware()->Models()->flush();
} else {
$this->saveOrder($txId, $moptPaymentReference);
}
Expand Down Expand Up @@ -837,7 +855,7 @@ public function finishOrderAction()
Shopware()->Db()->query($sql, array($payolutionClearingReference, $payolutionWorkOrderId, $orderId));
}

if ($session->moptIsAuthorized === true) {
if ($session->moptIsAuthorized === true && !$orderIsCorrupted) {
$order = Shopware()->Models()->getRepository('Shopware\Models\Order\Order')->findOneBy(['transactionId' => $txId]);
if ($order) {
$this->moptPayonePaymentHelper->markOrderDetailsAsFullyCaptured($order);
Expand Down
51 changes: 41 additions & 10 deletions Frontend/MoptPaymentPayone/Controllers/Frontend/MoptShopNotification.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ public function getWhitelistedCSRFActions()
*/
public function indexAction()
{
// exit(); // uncomment for testing
$request = $this->Request();

$this->logger->debug('notification controller called');
Expand All @@ -87,6 +88,7 @@ public function indexAction()
$this->logger->debug('received $_POST:' . PHP_EOL . var_export($_POST, true) . PHP_EOL);

$rawPost = $_POST;
$orderIsCorrupted = false;

$_POST = $this->utf8_encode_array($_POST);
$this->logger->debug('successfully converted $_POST to utf-8:' . PHP_EOL . var_export($_POST, true) . PHP_EOL);
Expand All @@ -101,6 +103,9 @@ public function indexAction()
if ($isOrderFinished) {
$order = $this->loadOrderByTransactionId($transactionId);
$paymentId = $order['paymentID'];
if ($order['cleared'] === 21) {
$orderIsCorrupted = true;
}
} else {
$this->restoreSession($request->getParam('param'));
$session = Shopware()->Session();
Expand Down Expand Up @@ -145,24 +150,35 @@ public function indexAction()
exit;
}

$orderIsCorrupted = false;

$payoneRequest = $service->getMapper()->mapByArray($request->getPost());
$clearingData = $this->moptPayone__paymentHelper->extractClearingDataFromResponse($payoneRequest);
if ($clearingData && !$isOrderFinished) {
$session->offsetSet('moptClearingData', $clearingData);
}

if (!$isOrderFinished) {
$orderHash = md5(serialize($session['sOrderVariables']));
$customParam = explode('|', $request->getParam('param'));

if ($request->getParam('txaction') !== 'failed') {
if ($orderHash !== $customParam[2]) {
$orderIsCorrupted = $this->validateBasketSignature($session, $request);
if ($orderIsCorrupted) {
$this->logger->error('order corrupted - order hash mismatch');
$orderIsCorrupted = true;
$paymentStatus = 21;
$orderNumber = $this->saveOrder($transactionId, $request->getParam('reference'), $paymentStatus);
$orderObj = Shopware()->Models()->getRepository(Order::class)->findOneBy(['number' => $orderNumber ]);
$comment = Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart1', false)
. ' (' . $orderNumber . ') '
. Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart2', false)
. ' ' . $transactionId . ' '
. Shopware()->Snippets()
->getNamespace('frontend/MoptPaymentPayone/messages')
->get('fraudCommentPart3', false);
$orderObj->setComment($comment);
Shopware()->Models()->persist($orderObj);
Shopware()->Models()->flush();
} else {
$orderNumber = $this->saveOrder($transactionId, $request->getParam('reference'));
}
Expand Down Expand Up @@ -194,7 +210,6 @@ public function indexAction()
$saveClearingData = true;
}


if (!$orderIsCorrupted) {
$mappedShopwareState = $this->moptPayone__helper->getMappedShopwarePaymentStatusId(
$config,
Expand Down Expand Up @@ -228,7 +243,10 @@ public function indexAction()
// ignore txaction reminder with reminderlevel 0 since this only marks the end of dunning process
} else {
// ! Amazonpay
$this->savePaymentStatus($transactionId, $order['temporaryID'], $mappedShopwareState);
// do not update payment status for corrupted/problematic orders
if (!$orderIsCorrupted) {
$this->savePaymentStatus($transactionId, $order['temporaryID'], $mappedShopwareState);
}
}
}

Expand All @@ -241,7 +259,6 @@ public function indexAction()
Shopware()->Models()->persist($orderObj);
Shopware()->Models()->flush();
}

$this->logger->debug('finished, output TSOK');
echo $response->getStatus();
$this->logger->debug('starting tx forwards');
Expand Down Expand Up @@ -331,7 +348,7 @@ public function Plugin()
protected function loadOrderByTransactionId($transactionId)
{
$sql = '
SELECT id, ordernumber, paymentID, temporaryID, transactionID FROM s_order
SELECT id, ordernumber, paymentID, temporaryID, transactionID, cleared FROM s_order
WHERE transactionID=?';

$order = Shopware()->Db()->fetchRow($sql, array($transactionId));
Expand Down Expand Up @@ -547,4 +564,18 @@ private function utf8_encode_array($array)
return $array;
}

/**
* checks the basket signature send to payone against
* the current basket signature for fraud detection
*
* @param $session
* @param $request
* @return bool
*/
private function validateBasketSignature($session, $request) {
$orderHash = md5(serialize($session['sOrderVariables']));
$customParam = explode('|', $request->getParam('param'));
return ($orderHash !== $customParam[2]);
}

}
22 changes: 20 additions & 2 deletions Frontend/MoptPaymentPayone/Snippets/frontend/MoptPaymentPayone/messages.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,41 @@ amazonAsyncAuthMessage = "Ihre Zahlung mit Amazon Pay ist derzeit noch in Prüfu
cancelMessage = "Der Bezahlvorgang wurde abgebrochen"
consumerscoreAgreementMessage = "Stimmen Sie der Bonitätsprüfung zu?"
consumerscoreNoteMessage = "Es wird eine Bonitätsprüfung durchgeführt."
fraudCommentPart1 = "Betrugsverdacht! Bitte vergleichen Sie die Bestellung"
fraudCommentPart2 = "mit der TXID"
fraudCommentPart3 = "im Payone Merchant Interface"

[en_GB]
amazonAsyncAuthMessage = "Your transaction with Amazon Pay is currently being validated. Please be aware that we will inform you shortly as needed."
cancelMessage = "the payment preocess was canceled"
consumerscoreAgreementMessage = "Do you agree to the credit assessment?"
consumerscoreNoteMessage = "A credit assessment is been processed."
consumerscoreNoteMessage = "A credit assessment isbeen processed."
fraudCommentPart1 = "Suspected fraud! Please compare the order"
fraudCommentPart2 = "with the TXID"
fraudCommentPart3 = "in the Payone Merchant Interface"

[nl_NL]
cancelMessage = "het betalingsproces die geannuleerd"
consumerscoreAgreementMessage = "Gaat u akkoord met de credietwaardigheidscontrole?"
consumerscoreNoteMessage = "Er wordt een credietwaardigheidscontrole uitgevoerd."
fraudCommentPart1 = "Vermoedelijke fraude! Vergelijk de bestelling"
fraudCommentPart2 = "met de TXID"
fraudCommentPart3 = "in de Payone Merchant Interface"

[fr_FR]
amazonAsyncAuthMessage = "Votre transaction avec Amazon Pay est en cours de validation. Vous serez informé prochainement de son suivi."
fraudCommentPart1 = "Fraude suspectée! Veuillez comparer la commande"
fraudCommentPart2 = "avec la TXID"
fraudCommentPart3 = "dans le Payone Merchant Interface"

[it_IT]
amazonAsyncAuthMessage = "La vostra transazione con Amazon Pay è in fase di validazione. Vi informeremo del risultato della transazione a breve."
fraudCommentPart1 = "Sospetta frode! Si prega di confrontare l'ordine"
fraudCommentPart2 = "conr TXID"
fraudCommentPart3 = "nel Payone Merchant Interface"

[es_ES]
amazonAsyncAuthMessage = "Tu transacción con Amazon Pay se está verificando. Te informaremos tan pronto como sea posible."
amazonAsyncAuthMessage = "Tu transacción con Amazon Pay se está verificando. Te informaremos tan pronto como sea posible."
fraudCommentPart1 = "¡Sospecha de fraude! Compara el pedido"
fraudCommentPart2 = "con el TXID"
fraudCommentPart3 = "en el Payone Merchant Interface"

0 comments on commit a9184c8

Please sign in to comment.