PagantisNotifyModuleFrontController - Code Metrics - Inspection of "notify DOS" - pagantis/prestashop - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Pull Request — master (#76)

by Raúl
created 2020-05-13 15:09 UTC
PagantisNotifyModuleFrontController F

↳ Parent: Project
Complexity

Total Complexity
Size/Duplication

Total Lines	559
Duplicated Lines	0 %
Importance

Changes	21
Bugs	3	Features	4
Metric	Value
eloc	275
c	21
b	3
f	4
dl	0
loc	559
rs	2.32
wmc	76
17 Methods

Rating	Name	Size	Complexity
A	validateAmount()	25	3
A	getMerchantOrder()	13	4
A	getPagantisOrderId()	12	3
A	unblockConcurrency()	13	3
B	blockConcurrency()	36	6
B	prepareVariables()	36	8
A	processMerchantOrder()	35	5
A	checkConcurrency()	4	1
A	checkOrderStatus()	17	4
C	postProcess()	58	12
A	cancelProcess()	16	3
A	checkMerchantOrderStatus()	25	5
A	confirmPagantisOrder()	15	4
A	getPagantisOrder()	6	2
A	rollbackMerchantOrder()	16	3
A	preventDOS()	24	4
A	finishProcess()	23	6
How to fix Complexity

<?php
/**
 * This file is part of the official Pagantis module for PrestaShop.
 *
 * @author    Pagantis <[email protected]>
 * @copyright 2019 Pagantis
 * @license   proprietary
 */

require_once('AbstractController.php');

use Pagantis\OrdersApiClient\Client as PagantisClient;
use Pagantis\OrdersApiClient\Model\Order as PagantisModelOrder;
use Pagantis\ModuleUtils\Exception\ConcurrencyException;
use Pagantis\ModuleUtils\Exception\MerchantOrderNotFoundException;
use Pagantis\ModuleUtils\Exception\NoIdentificationException;
use Pagantis\ModuleUtils\Exception\OrderNotFoundException;
use Pagantis\ModuleUtils\Exception\QuoteNotFoundException;
use Pagantis\ModuleUtils\Exception\ConfigurationNotFoundException;
use Pagantis\ModuleUtils\Exception\UnknownException;
use Pagantis\ModuleUtils\Exception\WrongStatusException;
use Pagantis\ModuleUtils\Model\Response\JsonSuccessResponse;
use Pagantis\ModuleUtils\Model\Response\JsonExceptionResponse;

/**
 * Class PagantisNotifyModuleFrontController
 */
class PagantisNotifyModuleFrontController extends AbstractController
{
    /**
     * Seconds to expire a locked request
     */
    const CONCURRENCY_TIMEOUT = 10;

    /**
     * Seconds to expire a locked request
     */
    const MAX_TRIES = 5;

    /**
     * @var int $merchantOrderId
     */
    protected $merchantOrderId;

    /**
     * @var \Cart $merchantOrder
filter:
    dependency_paths: ["lib/*"]
     */
    protected $merchantOrder;

    /**
     * @var string $pagantisOrderId
     */
    protected $pagantisOrderId;

    /**
     * @var string $amountMismatchError
     */
    protected $amountMismatchError = '';

    /**
     * @var \Pagantis\OrdersApiClient\Model\Order $pagantisOrder
     */
    protected $pagantisOrder;

    /**
     * @var Pagantis\OrdersApiClient\Client $orderClient
     */
    protected $orderClient;

    /**
     * @var mixed $config
     */
    protected $config;

    /**
     * @var Object $jsonResponse
     */
    protected $jsonResponse;

    /**
     * @throws Exception
     */
    public function postProcess()
    {
        try {
            if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                // prevent colision between POST and GET requests
                sleep(self::CONCURRENCY_TIMEOUT + 2);
            }
            $this->prepareVariables();
            if (Tools::getValue('origin') == 'notification' && $_SERVER['REQUEST_METHOD'] == 'GET') {
filter:
    dependency_paths: ["lib/*"]
                return $this->cancelProcess();
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
            if ($this->preventDOS()) {
                return $this->cancelProcess();
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
            $this->checkConcurrency();
            $this->getMerchantOrder();
            $this->getPagantisOrderId();
            $this->getPagantisOrder();
            if ($this->checkOrderStatus()) {
                return $this->finishProcess(false);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
            $this->validateAmount();
            if ($this->checkMerchantOrderStatus()) {
                $this->processMerchantOrder();
            }
        } catch (\Exception $exception) {
            if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                $this->jsonResponse = new JsonExceptionResponse();
                $this->jsonResponse->setMerchantOrderId($this->merchantOrderId);
                $this->jsonResponse->setPagantisOrderId($this->pagantisOrderId);
                $this->jsonResponse->setException($exception);
            }
            return $this->cancelProcess($exception);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
        }

        try {
            $this->jsonResponse = new JsonSuccessResponse();
            $this->jsonResponse->setMerchantOrderId($this->merchantOrderId);
            $this->jsonResponse->setPagantisOrderId($this->pagantisOrderId);
            $this->confirmPagantisOrder();
        } catch (\Exception $exception) {
            $this->rollbackMerchantOrder();
            if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                $this->jsonResponse = new JsonExceptionResponse();
                $this->jsonResponse->setMerchantOrderId($this->merchantOrderId);
                $this->jsonResponse->setPagantisOrderId($this->pagantisOrderId);
                $this->jsonResponse->setException($exception);
            }
            return $this->cancelProcess($exception);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
        }

        try {
            $this->unblockConcurrency($this->merchantOrderId);
        } catch (\Exception $exception) {
            // Do nothing
        }

        return $this->finishProcess(false);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
    }

    /**
     * Check the concurrency of the purchase
     *
     * @throws Exception
     */
    public function checkConcurrency()
    {
        $this->unblockConcurrency();
        $this->blockConcurrency($this->merchantOrderId);
    }

    /**
     * Find and init variables needed to process payment
     *
     * @throws Exception
     */
    public function prepareVariables()
    {
        $callbackOkUrl = $this->context->link->getPageLink(
            'order-confirmation',
            null,
            null
        );
        $callbackKoUrl = $this->context->link->getPageLink(
            'order',
            null,
            null,
            array('step'=>3)
        );
        try {
            $this->config = array(
                'urlOK' => (Pagantis::getExtraConfig('PAGANTIS_URL_OK') !== '') ?
                    Pagantis::getExtraConfig('PAGANTIS_URL_OK') : $callbackOkUrl,
                'urlKO' => (Pagantis::getExtraConfig('PAGANTIS_URL_KO') !== '') ?
                    Pagantis::getExtraConfig('PAGANTIS_URL_KO') : $callbackKoUrl,
                'publicKey' => Configuration::get('pagantis_public_key'),
filter:
    dependency_paths: ["lib/*"]
                'privateKey' => Configuration::get('pagantis_private_key'),
                'secureKey' => Tools::getValue('key'),
            );
        } catch (\Exception $exception) {
            throw new ConfigurationNotFoundException();
        }

        $this->merchantOrderId = Tools::getValue('id_cart');
        if ($this->merchantOrderId == '') {
            throw new QuoteNotFoundException();
        }


        if (!($this->config['secureKey'] && $this->merchantOrderId && Module::isEnabled(self::PAGANTIS_CODE))) {
filter:
    dependency_paths: ["lib/*"]
            // This exception is only for Prestashop
            throw new UnknownException('Module may not be enabled');
        }
    }

    /**
     * Retrieve the merchant order by id
     *
     * @throws Exception
     */
    public function getMerchantOrder()
    {
        try {
            $this->merchantOrder = new Cart($this->merchantOrderId);
            if (!Validate::isLoadedObject($this->merchantOrder)) {
filter:
    dependency_paths: ["lib/*"]
                // This exception is only for Prestashop
                throw new UnknownException('Unable to load cart');
            }
            if ($this->merchantOrder->secure_key != $this->config['secureKey']) {
                throw new UnknownException('Secure Key is not valid');
            }
        } catch (\Exception $exception) {
            throw new MerchantOrderNotFoundException();
        }
    }

    /**
     * Find PAGANTIS Order Id in AbstractController::PAGANTIS_ORDERS_TABLE
     *
     * @throws Exception
     */
    private function getPagantisOrderId()
    {
        try {
            $this->pagantisOrderId= Db::getInstance()->getValue(
filter:
    dependency_paths: ["lib/*"]
                'select order_id from '._DB_PREFIX_.'pagantis_order where id = '.(int)$this->merchantOrderId

            );

            if (is_null($this->pagantisOrderId)) {
                throw new NoIdentificationException();
            }
        } catch (\Exception $exception) {
            throw new NoIdentificationException();
        }
    }

    /**
     * Find PAGANTIS Order in Orders Server using Pagantis\OrdersApiClient
     *
     * @throws Exception
     */
    private function getPagantisOrder()
    {
        $this->orderClient = new PagantisClient($this->config['publicKey'], $this->config['privateKey']);
        $this->pagantisOrder = $this->orderClient->getOrder($this->pagantisOrderId);
        if (!($this->pagantisOrder instanceof PagantisModelOrder)) {

            throw new OrderNotFoundException();
        }
    }

    /**
     * Compare statuses of merchant order and PAGANTIS order, witch have to be the same.
     *
     * @throws Exception
     */
    public function checkOrderStatus()
    {
        if ($this->pagantisOrder->getStatus() === PagantisModelOrder::STATUS_CONFIRMED) {
            $this->jsonResponse = new JsonSuccessResponse();
            $this->jsonResponse->setMerchantOrderId($this->merchantOrderId);
            $this->jsonResponse->setPagantisOrderId($this->pagantisOrderId);
            return true;
        }

        if ($this->pagantisOrder->getStatus() !== PagantisModelOrder::STATUS_AUTHORIZED) {
            $status = '-';
            if ($this->pagantisOrder instanceof \Pagantis\OrdersApiClient\Model\Order) {

                $status = $this->pagantisOrder->getStatus();
            }
            throw new WrongStatusException($status);
        }
        return false;
    }

    /**
     * Check that the merchant order and the order in PAGANTIS have the same amount to prevent hacking
     *
     * @throws Exception
     */
    public function validateAmount()
    {
        $totalAmount = (string) $this->pagantisOrder->getShoppingCart()->getTotalAmount();
        $merchantAmount = (string) (100 * $this->merchantOrder->getOrderTotal(true));
        $merchantAmount = explode('.', explode(',', $merchantAmount)[0])[0];
        if ($totalAmount != $merchantAmount) {
            try {
                $psTotalAmount = substr_replace($merchantAmount, '.', (Tools::strlen($merchantAmount) -2), 0);

                $pgTotalAmountInCents = (string) $this->pagantisOrder->getShoppingCart()->getTotalAmount();
                $pgTotalAmount = substr_replace(
                    $pgTotalAmountInCents,
                    '.',
                    (Tools::strlen($pgTotalAmountInCents) -2),
                    0
                );

                $this->amountMismatchError = '. Amount mismatch in PrestaShop Order #'. $this->merchantOrderId .
                    ' compared with Pagantis Order: ' . $this->pagantisOrderId .
                    '. The order in PrestaShop has an amount of ' . $psTotalAmount . ' and in Pagantis ' .
                    $pgTotalAmount . ' PLEASE REVIEW THE ORDER';
                $this->saveLog(array(
                    'message' => $this->amountMismatchError
                ));
            } catch (\Exception $exception) {
                // Do nothing
            }
        }
    }

    /**
     * Check that the merchant order was not previously processes and is ready to be paid
     *
     * @throws Exception
     */
    public function checkMerchantOrderStatus()
    {
        try {
            if ($this->merchantOrder->orderExists() !== false) {
                throw new WrongStatusException('PS->orderExists() cart_id = '
                    . $this->merchantOrderId . ' pagantis_id = '
                    . $this->pagantisOrderId . '): already_processed');
            }

            // Double check
            $tableName = _DB_PREFIX_ . 'pagantis_order';

            $fieldName = 'ps_order_id';
            $sql = ('select ' . $fieldName . ' from `' . $tableName . '` where `id` = ' . (int)$this->merchantOrderId
                . ' and `order_id` = \'' . $this->pagantisOrderId . '\''
                . ' and `' . $fieldName . '` is not null');
            $results = Db::getInstance()->ExecuteS($sql);
            if (is_array($results) && count($results) === 1) {
                throw new WrongStatusException('PS->record found in ' . $tableName
                    . ' (cart_id = ' . $this->merchantOrderId . ' pagantis_id = '
                    . $this->pagantisOrderId . '): already_processed');
            }
        } catch (\Exception $exception) {
            throw new UnknownException($exception->getMessage());
        }
        return true;
    }

    /**
     * Process the merchant order and notify client
     *
     * @throws Exception
     */
    public function processMerchantOrder()
    {
        try {
            $metadataOrder = $this->pagantisOrder->getMetadata();
            $metadataInfo = '';
            foreach ($metadataOrder as $metadataKey => $metadataValue) {
                if ($metadataKey == 'promotedProduct') {
                    $metadataInfo .= $metadataValue;
                }
            }

            $this->module->validateOrder(
                $this->merchantOrderId,
                Configuration::get('PS_OS_PAYMENT'),
                $this->merchantOrder->getOrderTotal(true),
                $this->module->displayName,
                'pagantisOrderId: ' . $this->pagantisOrder->getId() . ' ' .
                'pagantisOrderStatus: '. $this->pagantisOrder->getStatus() .
                $this->amountMismatchError .
                $metadataInfo,
                array('transaction_id' => $this->pagantisOrderId),
                null,
                false,
                $this->config['secureKey']
            );
        } catch (\Exception $exception) {
            throw new UnknownException($exception->getMessage());
        }
        try {
            Db::getInstance()->update(
                'pagantis_order',
                array('ps_order_id' => $this->module->currentOrder),
                'id = '. (int)$this->merchantOrderId . ' and order_id = \'' . $this->pagantisOrderId . '\''
            );
        } catch (\Exception $exception) {
            // Do nothing
        }
    }

    /**
     * Confirm the order in PAGANTIS
     *
     * @throws Exception
     */
    private function confirmPagantisOrder()
    {
        try {
            $this->orderClient->confirmOrder($this->pagantisOrderId);
            try {
                $mode = ($_SERVER['REQUEST_METHOD'] == 'POST') ? 'NOTIFICATION' : 'REDIRECTION';
                $message = 'Order CONFIRMED. The order was confirmed by a ' . $mode .
                    '. Pagantis OrderId=' . $this->pagantisOrderId .
                    '. Prestashop OrderId=' . $this->module->currentOrder;
                $this->saveLog(array('message' => $message));
            } catch (\Exception $exception) {
                // Do nothing
            }
        } catch (\Exception $exception) {
            throw new UnknownException($exception->getMessage());
        }
    }

    /**
     * Leave the merchant order as it was previously
     *
     * @throws Exception
     */
    public function rollbackMerchantOrder()
    {
        try {
            $message = 'Roolback method: ' .
                '. Pagantis OrderId=' . $this->pagantisOrderId .
                '. Prestashop CartId=' . $this->merchantOrderId;
            if ($this->module->currentOrder) {
                $objOrder = new Order($this->module->currentOrder);
filter:
    dependency_paths: ["lib/*"]
                $history = new OrderHistory();
filter:
    dependency_paths: ["lib/*"]
                $history->id_order = (int)$objOrder->id;
                $history->changeIdOrderState(8, (int)($objOrder->id));
                $message .= ' Prestashop OrderId=' . $this->merchantOrderId;
            }
            $this->saveLog(array('message' => $message));
        } catch (\Exception $exception) {
            $this->saveLog(array('message' => $exception->getMessage()));
        }
    }

    /**
     * @return bool
     * @throws Exception
     */
    protected function preventDOS()
    {
        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
            $this->getPagantisOrderId();
            $tableName = _DB_PREFIX_ . 'pagantis_order';

            $tries = Db::getInstance()->getValue(
                'SELECT tries FROM ' . $tableName . ' WHERE id = ' .
                (int)$this->merchantOrderId . ' and order_id = \'' . $this->pagantisOrderId . '\''
            );
            if ($tries < self::MAX_TRIES) {
                try {
                    Db::getInstance()->update(
                        'pagantis_order',
                        array('tries' => $tries + 1),
                        'id = ' . (int)$this->merchantOrderId . ' and order_id = \'' . $this->pagantisOrderId . '\''
                    );
                } catch (\Exception $exception) {
                    // Do nothing
                }
                return false;
            }
            return true;
        }
        return false;
    }

    /**
     * Lock the concurrency to prevent duplicated inputs
     *
     * @param $orderId
     * @return bool|void
     * @throws ConcurrencyException
     */
    protected function blockConcurrency($orderId)
    {
        try {
            $table = 'pagantis_cart_process';
            if (Db::getInstance()->insert($table, array('id' => (int)$orderId, 'timestamp' => (time()))) === false) {
                if ($_SERVER['REQUEST_METHOD'] == 'POST') {
                    throw new ConcurrencyException();
                }

                $query = sprintf(
                    "SELECT TIMESTAMPDIFF(SECOND,NOW()-INTERVAL %s SECOND, FROM_UNIXTIME(timestamp)) as rest 
                            FROM %s WHERE %s",
                    self::CONCURRENCY_TIMEOUT,
                    _DB_PREFIX_.$table,

                    'id='.(int)$orderId
                );
                $resultSeconds = Db::getInstance()->getValue($query);
                $restSeconds = isset($resultSeconds) ? ($resultSeconds) : 0;
                $secondsToExpire = ($restSeconds>self::CONCURRENCY_TIMEOUT) ? self::CONCURRENCY_TIMEOUT : $restSeconds;

                $logMessage = sprintf(
                    "Redirect concurrency, User have to wait %s seconds, default seconds %s. CartId=" . $orderId,
                    $secondsToExpire,
                    self::CONCURRENCY_TIMEOUT,
                    $restSeconds
                );

                $this->saveLog(array(
                    'message' => $logMessage
                ));
                sleep($secondsToExpire+1);
                // After waiting...user continue the confirmation, hoping that previous call have finished.
                return true;
            }
        } catch (\Exception $exception) {
            throw new ConcurrencyException();
        }
    }

    /**
     * @param null $orderId

     *
     * @throws ConcurrencyException
     */
    private function unblockConcurrency($orderId = null)
    {
        try {
            if (is_null($orderId)) {

                Db::getInstance()->delete(
                    'pagantis_cart_process',
                    'timestamp < ' . (time() - self::CONCURRENCY_TIMEOUT)
                );
                return;
            }
            Db::getInstance()->delete('pagantis_cart_process', 'id = ' . (int)$orderId);
        } catch (\Exception $exception) {
            throw new ConcurrencyException();
        }
    }

    /**
     * Do all the necessary actions to cancel the confirmation process in case of error
     * 1. Unblock concurrency
     * 2. Save log
     *
     * @param null $exception

     * @return mixed
     */
    public function cancelProcess($exception = null)
    {
        $debug = debug_backtrace();
        $method = $debug[1]['function'];
        $line = $debug[1]['line'];
        $data = array(
            'merchantOrderId' => $this->merchantOrderId,
            'pagantisOrderId' => $this->pagantisOrderId,
            'message' => ($exception)? $exception->getMessage() : 'Unable to get Exception message',

            'statusCode' => ($exception)? $exception->getCode() : 'Unable to get Exception statusCode',

            'method' => $method,
            'file' => __FILE__,
            'line' => $line,
        );
        $this->saveLog($data);
        return $this->finishProcess(true);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
    }

    /**
     * Redirect the request to the e-commerce or show the output in json
     *
     * @param bool $error
     * @return mixed
     */
    public function finishProcess($error = true)
    {
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            if (!isset($this->jsonResponse)) {
                if ($error) {
                    $this->jsonResponse = new JsonSuccessResponse();
                } else {
                    $this->jsonResponse = new JsonExceptionResponse();
                }
                $this->jsonResponse->setMerchantOrderId($this->merchantOrderId);
                $this->jsonResponse->setPagantisOrderId($this->pagantisOrderId);
            }
            $this->jsonResponse->printResponse();
        }

        $parameters = array(
            'id_cart' => $this->merchantOrderId,
            'key' => $this->config['secureKey'],
            'id_module' => $this->module->id,
            'id_order' => ($this->pagantisOrder)?$this->pagantisOrder->getId(): null,
        );
        $url = ($error)? $this->config['urlKO'] : $this->config['urlOK'];
        return $this->redirect($url, $parameters);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
    }
}

1			<?php
2			/**
3			* This file is part of the official Pagantis module for PrestaShop.
4			*
5			* @author Pagantis <[email protected]>
6			* @copyright 2019 Pagantis
7			* @license proprietary
8			*/
9
10			require_once('AbstractController.php');
11
12			use Pagantis\OrdersApiClient\Client as PagantisClient;
13			use Pagantis\OrdersApiClient\Model\Order as PagantisModelOrder;
14			use Pagantis\ModuleUtils\Exception\ConcurrencyException;
15			use Pagantis\ModuleUtils\Exception\MerchantOrderNotFoundException;
16			use Pagantis\ModuleUtils\Exception\NoIdentificationException;
17			use Pagantis\ModuleUtils\Exception\OrderNotFoundException;
18			use Pagantis\ModuleUtils\Exception\QuoteNotFoundException;
19			use Pagantis\ModuleUtils\Exception\ConfigurationNotFoundException;
20			use Pagantis\ModuleUtils\Exception\UnknownException;
21			use Pagantis\ModuleUtils\Exception\WrongStatusException;
22			use Pagantis\ModuleUtils\Model\Response\JsonSuccessResponse;
23			use Pagantis\ModuleUtils\Model\Response\JsonExceptionResponse;
24
25			/**
26			* Class PagantisNotifyModuleFrontController
27			*/
28			class PagantisNotifyModuleFrontController extends AbstractController
29			{
30			/**
31			* Seconds to expire a locked request
32			*/
33			const CONCURRENCY_TIMEOUT = 10;
34
35			/**
36			* Seconds to expire a locked request
37			*/
38			const MAX_TRIES = 5;
39
40			/**
pagantis / prestashop

Pull Request — master (#76)

PagantisNotifyModuleFrontController F

Complexity

Size/Duplication

Importance

17 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like
