Merge pull request #29 from pronamic/27-webhook-problem-object-does-n…

…ot-have-transactionid-property 27 webhook problem object does not have transactionid property
pronamic · Nov 8, 2023 · 81be3d1 · 81be3d1
2 parents d07077f + c67da40
commit 81be3d1
Show file tree

Hide file tree

Showing 10 changed files with 298 additions and 94 deletions.
diff --git a/src/Gateway.php b/src/Gateway.php
@@ -558,7 +558,6 @@ private function get_payment_by_omnikassa_order_id( $omnikassa_order_id ) {
 	 *
 	 * @param Notification $notification Notification.
 	 * @return void
-	 * @throws \Pronamic\WordPress\Pay\Gateways\OmniKassa2\InvalidSignatureException Throws invalid signature exception when order results message does not match gateway configuration signature.
 	 * @throws \Pronamic\WordPress\Pay\Gateways\OmniKassa2\UnknownOrderIdsException Throws unknown order IDs exception when no payment could be found for on ore more OmniKassa order IDs.
 	 */
 	private function handle_merchant_order_status_changed( Notification $notification ) {
@@ -567,14 +566,7 @@ private function handle_merchant_order_status_changed( Notification $notificatio
 		do {
 			$order_results = $this->client->get_order_results( $notification->get_authentication() );
 
-			if ( ! $order_results->is_valid( $this->config->signing_key ) ) {
-				throw new \Pronamic\WordPress\Pay\Gateways\OmniKassa2\InvalidSignatureException(
-					\sprintf(
-						'Signature on order results message does not match gateway configuration signature (%s).',
-						\esc_html( \substr( $this->config->signing_key, 0, 7 ) )
-					)
-				);
-			}
+			$order_results->verify_signature( $this->config->signing_key );
 
 			foreach ( $order_results as $order_result ) {
 				$omnikassa_order_id = $order_result->get_omnikassa_order_id();

diff --git a/src/Message.php b/src/Message.php
@@ -63,18 +63,44 @@ public function sign( $signing_key ) {
 	 * @return bool True if valid, false otherwise.
 	 */
 	public function is_valid( $signing_key ) {
-		$signature_a = Security::get_signature( $this, $signing_key );
+		try {
+			$this->verify_signature( $signing_key );
 
-		if ( empty( $signature_a ) ) {
+			return true;
+		} catch ( \Exception $e ) {
 			return false;
 		}
+	}
 
-		$signature_b = $this->get_signature();
+	/**
+	 * Verify signature.
+	 * 
+	 * @param string $signing_key Signing key.
+	 * @return void
+	 * @throws \Pronamic\WordPress\Pay\Gateways\OmniKassa2\InvalidSignatureException Throws an exception when the signature cannot be verified.
+	 */
+	public function verify_signature( $signing_key ) {
+		$signature_enclosed = (string) $this->get_signature();
 
-		if ( empty( $signature_b ) ) {
-			return false;
-		}
+		$signature_calculated = Security::get_signature( $this, $signing_key );
 
-		return Security::validate_signature( $signature_a, $signature_b );
+		$result = Security::validate_signature( $signature_enclosed, $signature_calculated );
+
+		if ( false === $result ) {
+			throw new \Pronamic\WordPress\Pay\Gateways\OmniKassa2\InvalidSignatureException(
+				\sprintf(
+					'Signature `%s` in message does not match signature `%s` calculated with signing key: `%s`.',
+					\esc_html( $signature_enclosed ),
+					\esc_html( $signature_calculated ),             
+					\esc_html(
+						\str_pad(
+							\substr( $signing_key, 0, 7 ),
+							\strlen( $signing_key ),
+							'*'
+						)
+					)
+				)
+			);
+		}
 	}
 }
diff --git a/src/OrderResult.php b/src/OrderResult.php
@@ -195,6 +195,30 @@ public function get_transactions() {
 		return $this->transactions;
 	}
 
+	/**
+	 * Get signature fields.
+	 *
+	 * @param array<string> $fields Fields.
+	 * @return array<string>
+	 */
+	public function get_signature_fields( $fields = [] ) {
+		$fields[] = $this->get_merchant_order_id();
+		$fields[] = $this->get_omnikassa_order_id();
+		$fields[] = \strval( $this->get_poi_id() );
+		$fields[] = $this->get_order_status();
+		$fields[] = $this->get_order_status_datetime();
+		$fields[] = $this->get_error_code();
+
+		$fields = $this->get_paid_amount()->get_signature_fields( $fields );
+		$fields = $this->get_total_amount()->get_signature_fields( $fields );
+
+		foreach ( $this->get_transactions() as $item ) {
+			$fields = $item->get_signature_fields( $fields );
+		}
+
+		return $fields;
+	}
+
 	/**
 	 * Get JSON.
 	 *

diff --git a/src/OrderResults.php b/src/OrderResults.php
@@ -67,15 +67,7 @@ public function get_signature_fields() {
 		$fields[] = $this->more_available() ? 'true' : 'false';
 
 		foreach ( $this->order_results as $order_result ) {
-			$fields[] = $order_result->get_merchant_order_id();
-			$fields[] = $order_result->get_omnikassa_order_id();
-			$fields[] = \strval( $order_result->get_poi_id() );
-			$fields[] = $order_result->get_order_status();
-			$fields[] = $order_result->get_order_status_datetime();
-			$fields[] = $order_result->get_error_code();
-
-			$fields = $order_result->get_paid_amount()->get_signature_fields( $fields );
-			$fields = $order_result->get_total_amount()->get_signature_fields( $fields );
+			$fields = $order_result->get_signature_fields( $fields );
 		}
 
 		return $fields;

diff --git a/src/Transaction.php b/src/Transaction.php
@@ -29,7 +29,7 @@ final class Transaction {
 	private $payment_brand;
 
 	/**
-	 * Type.
+	 * Type of the transaction.
 	 *
 	 * @var string
 	 */
@@ -42,19 +42,63 @@ final class Transaction {
 	 */
 	private $status;
 
+	/**
+	 * Amount.
+	 * 
+	 * The total order amount in cents, including VAT. The amount must be equal
+	 * to the sum over all order items of the piece price (including VAT)
+	 * multiplied by the quantity. Note: if the amount is not equal to the sum
+	 * of the amounts of the order items then 1. the order items from the order
+	 * announcement are filtered, and 2. Riverty/AfterPay is not possible as a
+	 * payment method
+	 *
+	 * @var Money
+	 */
+	private $amount;
+
+	/**
+	 * Amount.
+	 * 
+	 * The amount that was confirmed by the external payment processor. This
+	 * field is only filled when the transaction status is SUCCESS or ACCEPTED.
+	 *
+	 * @var Money|null
+	 */
+	private $confirmed_amount;
+
+	/**
+	 * Start time.
+	 * 
+	 * @var string
+	 */
+	private $start_time;
+
+	/**
+	 * Last update time.
+	 * 
+	 * @var string
+	 */
+	private $last_update_time;
+
 	/**
 	 * Construct transaction.
 	 *
 	 * @param string $id            Transaction ID.
 	 * @param string $payment_brand Payment brand.
 	 * @param string $type          Transaction type.
 	 * @param string $status        Transaction status.
+	 * @param Money  $amount        Amount.
+	 * @param string $start_time       Start time.
+	 * @param string $last_update_time Last update time.
 	 */
-	public function __construct( $id, $payment_brand, $type, $status ) {
-		$this->id            = $id;
-		$this->payment_brand = $payment_brand;
-		$this->type          = $type;
-		$this->status        = $status;
+	public function __construct( $id, $payment_brand, $type, $status, Money $amount, $start_time, $last_update_time ) {
+		$this->id               = $id;
+		$this->payment_brand    = $payment_brand;
+		$this->type             = $type;
+		$this->status           = $status;
+		$this->amount           = $amount;
+		$this->start_time       = $start_time;
+		$this->last_update_time = $last_update_time;
 	}
 
 	/**
@@ -93,6 +137,48 @@ public function get_status() {
 		return $this->status;
 	}
 
+	/**
+	 * Get amount.
+	 * 
+	 * @return Money
+	 */
+	public function get_amount() {
+		return $this->amount;
+	}
+
+	/**
+	 * Get confirmed amount.
+	 * 
+	 * @return Money|null
+	 */
+	public function get_confirmed_amount() {
+		return $this->confirmed_amount;
+	}
+
+	/**
+	 * Get signature fields.
+	 *
+	 * @param array<string> $fields Fields.
+	 * @return array<string>
+	 */
+	public function get_signature_fields( $fields = [] ) {
+		$fields[] = $this->get_id();
+		$fields[] = $this->get_payment_brand();
+		$fields[] = $this->get_type();
+		$fields[] = $this->get_status();
+
+		$fields = $this->amount->get_signature_fields( $fields );
+
+		if ( null !== $this->confirmed_amount ) {
+			$fields = $this->confirmed_amount->get_signature_fields( $fields );
+		}
+
+		$fields[] = $this->start_time;
+		$fields[] = $this->last_update_time;
+
+		return $fields;
+	}
+
 	/**
 	 * Create transaction from object.
 	 *
@@ -102,11 +188,22 @@ public function get_status() {
 	public static function from_object( $data ) {
 		$object_access = new ObjectAccess( $data );
 
-		return new self(
-			$object_access->get_string( 'transactionId' ),
+		$transaction = new self(
+			$object_access->get_string( 'id' ),
 			$object_access->get_string( 'paymentBrand' ),
-			$object_access->get_string( 'transactionType' ),
-			$object_access->get_string( 'transactionStatus' )
+			$object_access->get_string( 'type' ),
+			$object_access->get_string( 'status' ),
+			Money::from_object( $object_access->get_object( 'amount' ) ),
+			$object_access->get_string( 'startTime' ),
+			$object_access->get_string( 'lastUpdateTime' )
 		);
+
+		$object = $object_access->get_property( 'confirmedAmount' );
+
+		if ( \is_object( $object ) ) {
+			$transaction->confirmed_amount = Money::from_object( $object );
+		}
+
+		return $transaction;
 	}
 }
diff --git a/tests/http/merchant.order.status.changed-cancelled.http b/tests/http/merchant.order.status.changed-cancelled.http
@@ -9,8 +9,8 @@ Content-Type: application/json
       "omnikassaOrderId": "1d0a95f4-2589-439b-9562-c50aa19f9caf",
       "poiId": "2004",
       "orderStatus": "CANCELLED",
-      "orderStatusDateTime": "2018-11-25T12:20:03.157+00:00",
-      "errorCode": "fakekmirima",
+      "orderStatusDateTime": "2018-11-25T13:20:03.157+01:00",
+      "errorCode": "epcuzkadfobuuzoo",
       "paidAmount": {
         "amount": 10997,
         "currency": "EUR"
@@ -21,10 +21,10 @@ Content-Type: application/json
       },
       "transactions": [
         {
-          "transactionId": "22b36073-57a3-4c3d-9585-87f2e55275a5",
+          "id": "22b36073-57a3-4c3d-9585-87f2e55275a5",
           "paymentBrand": "IDEAL",
-          "transactionType": "AUTHORIZE",
-          "transactionStatus": "CANCELLED",
+          "type": "AUTHORIZE",
+          "status": "CANCELLED",
           "amount": {
             "amount": 10997,
             "currency": "EUR"
@@ -33,7 +33,7 @@ Content-Type: application/json
             "amount": 10997,
             "currency": "EUR"
           },
-          "startDateTime": "2018-03-20T09:12:28Z",
+          "startTime": "2018-03-20T09:12:28Z",
           "lastUpdateTime": "2018-03-20T09:12:28Z"
         }
       ]
@@ -43,8 +43,8 @@ Content-Type: application/json
       "omnikassaOrderId": "1d0a95f4-2589-439b-9562-c50aa19f9caf",
       "poiId": "2004",
       "orderStatus": "CANCELLED",
-      "orderStatusDateTime": "2018-11-25T12:20:03.157+00:00",
-      "errorCode": "gupohaa",
+      "orderStatusDateTime": "2018-11-25T13:20:03.157+01:00",
+      "errorCode": "vihreotufop",
       "paidAmount": {
         "amount": 10997,
         "currency": "EUR"
@@ -55,10 +55,10 @@ Content-Type: application/json
       },
       "transactions": [
         {
-          "transactionId": "22b36073-57a3-4c3d-9585-87f2e55275a5",
+          "id": "22b36073-57a3-4c3d-9585-87f2e55275a5",
           "paymentBrand": "IDEAL",
-          "transactionType": "AUTHORIZE",
-          "transactionStatus": "CANCELLED",
+          "type": "AUTHORIZE",
+          "status": "SUCCESS",
           "amount": {
             "amount": 10997,
             "currency": "EUR"
@@ -67,7 +67,7 @@ Content-Type: application/json
             "amount": 10997,
             "currency": "EUR"
           },
-          "startDateTime": "2018-03-20T09:12:28Z",
+          "startTime": "2018-03-20T09:12:28Z",
           "lastUpdateTime": "2018-03-20T09:12:28Z"
         }
       ]
@@ -77,8 +77,8 @@ Content-Type: application/json
       "omnikassaOrderId": "1d0a95f4-2589-439b-9562-c50aa19f9caf",
       "poiId": "2004",
       "orderStatus": "CANCELLED",
-      "orderStatusDateTime": "2018-11-25T12:20:03.157+00:00",
-      "errorCode": "voldeholu",
+      "orderStatusDateTime": "2018-11-25T13:20:03.157+01:00",
+      "errorCode": "faufa",
       "paidAmount": {
         "amount": 10997,
         "currency": "EUR"
@@ -89,10 +89,10 @@ Content-Type: application/json
       },
       "transactions": [
         {
-          "transactionId": "22b36073-57a3-4c3d-9585-87f2e55275a5",
+          "id": "22b36073-57a3-4c3d-9585-87f2e55275a5",
           "paymentBrand": "IDEAL",
-          "transactionType": "AUTHORIZE",
-          "transactionStatus": "CANCELLED",
+          "type": "AUTHORIZE",
+          "status": "CANCELLED",
           "amount": {
             "amount": 10997,
             "currency": "EUR"
@@ -101,11 +101,11 @@ Content-Type: application/json
             "amount": 10997,
             "currency": "EUR"
           },
-          "startDateTime": "2018-03-20T09:12:28Z",
+          "startTime": "2018-03-20T09:12:28Z",
           "lastUpdateTime": "2018-03-20T09:12:28Z"
         }
       ]
     }
   ],
-  "signature": "338429f1d2ca959a3203921c94c246b8fd4d0ae75e3989eb6c2ce49601e838644b1c31f26a77179cfd6a62e6c24c2b5f99825f59bb1a6f828d72ca4948fd32b1"
+  "signature": "020728ec8d94e389f68f2ff1a6b3a703a606ee02fcfe38a660162a17b0d3cdb005b292b4d5becf7a4e498583ffd04aef5c55ae53994941f1580e9c3e78630f02"
 }