Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the HMAC Key field to be empty instead of null #924

Merged
merged 2 commits into from
Jun 26, 2023
Merged

Update the HMAC Key field to be empty instead of null #924

merged 2 commits into from
Jun 26, 2023

Conversation

zenit2001
Copy link
Contributor

This PR sets the HMAC Key field in BM to empty instead of null if no input is provided and updates the hmacVerification to not be false in case no hmac key is setup

@zenit2001 zenit2001 added the fix Fixes a bug label Jun 26, 2023
@zenit2001 zenit2001 marked this pull request as ready for review June 26, 2023 13:46
@zenit2001 zenit2001 changed the title Update the HMAC Key field to be empty instead of null and fix the verification scenario Update the HMAC Key field to be empty instead of null Jun 26, 2023
@zenit2001 zenit2001 removed the fix Fixes a bug label Jun 26, 2023
@zenit2001 zenit2001 merged commit e432186 into develop Jun 26, 2023
12 of 15 checks passed
@zenit2001 zenit2001 deleted the bugfix/hmac-key_BM branch June 26, 2023 13:58
maassenbas
maassenbas reviewed Jun 29, 2023
View reviewed changes
src/cartridges/int_adyen_SFRA/cartridge/controllers/middlewares/adyen/notify.js
}
return checkAuth.validateHmacSignature(req);
return true;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How are we handling cases without HMAC validation?
Should we add a log to make a merchant aware that they are not using HMAC and that we are recommending using that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For cases where the HMAC key is not setup in the BM, the HMAC validation will not be triggered. If we add a log for recommending the usage of HMAC validation, every time a payment is made and merchant doesn't use HMAC validation, a log will be added in the log file, which may not be the best approach to follow.
Instead, I think it will be better to recommend the usage of HMAC validation in the documentation.

amihajlovski pushed a commit that referenced this pull request Sep 28, 2023
@zenit2001 @amihajlovski
Update the HMAC Key field to be empty instead of null (#924)
ee3f55a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maassenbas maassenbas maassenbas left review comments

@amihajlovski amihajlovski amihajlovski approved these changes

@shanikantsingh shanikantsingh shanikantsingh approved these changes

@zaiddreakh zaiddreakh Awaiting requested review from zaiddreakh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@zenit2001 @amihajlovski @maassenbas @shanikantsingh