1 | <?php |
||||
2 | |||||
3 | namespace Pronamic\WordPress\Pay\Gateways\Ingenico\OrderStandard; |
||||
4 | |||||
5 | use Pronamic\WordPress\Pay\Core\Util; |
||||
6 | use Pronamic\WordPress\Pay\Core\XML\Security as XML_Security; |
||||
7 | use Pronamic\WordPress\Pay\Gateways\Ingenico\Data; |
||||
8 | use Pronamic\WordPress\Pay\Gateways\Ingenico\Ingenico; |
||||
9 | use Pronamic\WordPress\Pay\Gateways\Ingenico\Parameters; |
||||
10 | use Pronamic\WordPress\Pay\Gateways\Ingenico\Statuses; |
||||
11 | use Pronamic\WordPress\Pay\Gateways\Ingenico\Security; |
||||
12 | use Pronamic\WordPress\Pay\Gateways\Ingenico\XML\OrderResponseParser; |
||||
13 | |||||
14 | /** |
||||
15 | * Title: Ingenico order standard client |
||||
16 | * Description: |
||||
17 | * Copyright: 2005-2019 Pronamic |
||||
18 | * Company: Pronamic |
||||
19 | * |
||||
20 | * @author Remco Tolsma |
||||
21 | * @version 2.0.0 |
||||
22 | * @since 1.0.0 |
||||
23 | */ |
||||
24 | class Client { |
||||
25 | /** |
||||
26 | * The payment server URL |
||||
27 | * |
||||
28 | * @var string |
||||
29 | */ |
||||
30 | private $payment_server_url; |
||||
31 | |||||
32 | /** |
||||
33 | * Direct Query URL. |
||||
34 | * |
||||
35 | * @since 1.3.2 |
||||
36 | * @var string |
||||
37 | */ |
||||
38 | private $direct_query_url; |
||||
39 | |||||
40 | /** |
||||
41 | * The amount |
||||
42 | * |
||||
43 | * @var int |
||||
44 | */ |
||||
45 | private $amount; |
||||
46 | |||||
47 | /** |
||||
48 | * Pass phrase IN |
||||
49 | * |
||||
50 | * @var string |
||||
51 | */ |
||||
52 | private $pass_phrase_in; |
||||
53 | |||||
54 | /** |
||||
55 | * Pass phrase OUT |
||||
56 | * |
||||
57 | * @var string |
||||
58 | */ |
||||
59 | private $pass_phrase_out; |
||||
60 | |||||
61 | /** |
||||
62 | * API user ID. |
||||
63 | * |
||||
64 | * @var string |
||||
65 | */ |
||||
66 | private $user_id; |
||||
67 | |||||
68 | /** |
||||
69 | * API user password. |
||||
70 | * |
||||
71 | * @var string |
||||
72 | */ |
||||
73 | private $password; |
||||
74 | |||||
75 | /** |
||||
76 | * Data |
||||
77 | * |
||||
78 | * @var Data |
||||
79 | */ |
||||
80 | private $data; |
||||
81 | |||||
82 | /** |
||||
83 | * Constructs and initialize a iDEAL kassa object |
||||
84 | * |
||||
85 | * @param string $psp_id PSP ID. |
||||
86 | */ |
||||
87 | 3 | public function __construct( $psp_id ) { |
|||
88 | 3 | $this->data = new Data(); |
|||
89 | 3 | $this->data->set_field( Parameters::PSPID, $psp_id ); |
|||
90 | |||||
91 | 3 | $this->hash_algorithm = Ingenico::SHA_1; |
|||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||||
92 | 3 | } |
|||
93 | |||||
94 | /** |
||||
95 | * Get the payment server URL |
||||
96 | * |
||||
97 | * @return the payment server URL |
||||
0 ignored issues
–
show
The type
Pronamic\WordPress\Pay\G...enico\OrderStandard\the was not found. Maybe you did not declare it correctly or list all dependencies?
The issue could also be caused by a filter entry in the build configuration.
If the path has been excluded in your configuration, e.g. filter:
dependency_paths: ["lib/*"]
For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths
Loading history...
|
|||||
98 | */ |
||||
99 | public function get_payment_server_url() { |
||||
100 | return $this->payment_server_url; |
||||
0 ignored issues
–
show
|
|||||
101 | } |
||||
102 | |||||
103 | /** |
||||
104 | * Set the payment server URL |
||||
105 | * |
||||
106 | * @param string $url Payment server URL. |
||||
107 | */ |
||||
108 | public function set_payment_server_url( $url ) { |
||||
109 | $this->payment_server_url = $url; |
||||
110 | } |
||||
111 | |||||
112 | /** |
||||
113 | * Get the Direct Query URL. |
||||
114 | * |
||||
115 | * @return string |
||||
116 | */ |
||||
117 | public function get_direct_query_url() { |
||||
118 | return $this->direct_query_url; |
||||
119 | } |
||||
120 | |||||
121 | /** |
||||
122 | * Set the Direct Query URL. |
||||
123 | * |
||||
124 | * @param string $url Direct query URL. |
||||
125 | */ |
||||
126 | public function set_direct_query_url( $url ) { |
||||
127 | $this->direct_query_url = $url; |
||||
128 | } |
||||
129 | |||||
130 | /** |
||||
131 | * Get hash algorithm |
||||
132 | * |
||||
133 | * @return string |
||||
134 | */ |
||||
135 | public function get_hash_algorithm() { |
||||
136 | return $this->hash_algorithm; |
||||
137 | } |
||||
138 | |||||
139 | /** |
||||
140 | * Set hash algorithm |
||||
141 | * |
||||
142 | * @param string $hash_algorithm Hashing algorithm. |
||||
143 | */ |
||||
144 | public function set_hash_algorithm( $hash_algorithm ) { |
||||
145 | $this->hash_algorithm = $hash_algorithm; |
||||
0 ignored issues
–
show
|
|||||
146 | } |
||||
147 | |||||
148 | /** |
||||
149 | * Get password phrase IN |
||||
150 | * |
||||
151 | * @return string |
||||
152 | */ |
||||
153 | 2 | public function get_pass_phrase_in() { |
|||
154 | 2 | return $this->pass_phrase_in; |
|||
155 | } |
||||
156 | |||||
157 | /** |
||||
158 | * Set password phrase IN |
||||
159 | * |
||||
160 | * @param string $pass_phrase_in Pass phrase IN. |
||||
161 | */ |
||||
162 | 1 | public function set_pass_phrase_in( $pass_phrase_in ) { |
|||
163 | 1 | $this->pass_phrase_in = $pass_phrase_in; |
|||
164 | 1 | } |
|||
165 | |||||
166 | /** |
||||
167 | * Get password phrase OUT |
||||
168 | * |
||||
169 | * @return string |
||||
170 | */ |
||||
171 | 1 | public function get_pass_phrase_out() { |
|||
172 | 1 | return $this->pass_phrase_out; |
|||
173 | } |
||||
174 | |||||
175 | /** |
||||
176 | * Set password phrase OUT |
||||
177 | * |
||||
178 | * @param string $pass_phrase_out Pass phrase OUT. |
||||
179 | */ |
||||
180 | 1 | public function set_pass_phrase_out( $pass_phrase_out ) { |
|||
181 | 1 | $this->pass_phrase_out = $pass_phrase_out; |
|||
182 | 1 | } |
|||
183 | |||||
184 | /** |
||||
185 | * Get API user ID. |
||||
186 | * |
||||
187 | * @return string |
||||
188 | */ |
||||
189 | public function get_user_id() { |
||||
190 | return $this->user_id; |
||||
191 | } |
||||
192 | |||||
193 | /** |
||||
194 | * Set API user ID. |
||||
195 | * |
||||
196 | * @param string $user_id API user ID. |
||||
197 | */ |
||||
198 | public function set_user_id( $user_id ) { |
||||
199 | $this->user_id = $user_id; |
||||
200 | } |
||||
201 | |||||
202 | /** |
||||
203 | * Get API user password. |
||||
204 | * |
||||
205 | * @return string |
||||
206 | */ |
||||
207 | public function get_password() { |
||||
208 | return $this->password; |
||||
209 | } |
||||
210 | |||||
211 | /** |
||||
212 | * Set API user password. |
||||
213 | * |
||||
214 | * @param string $password API user password. |
||||
215 | */ |
||||
216 | public function set_password( $password ) { |
||||
217 | $this->password = $password; |
||||
218 | } |
||||
219 | |||||
220 | /** |
||||
221 | * Get data |
||||
222 | * |
||||
223 | * @return Data |
||||
224 | */ |
||||
225 | 1 | public function get_data() { |
|||
226 | 1 | return $this->data; |
|||
227 | } |
||||
228 | |||||
229 | /** |
||||
230 | * Get signature IN |
||||
231 | * |
||||
232 | * @return string |
||||
233 | */ |
||||
234 | 2 | public function get_signature_in() { |
|||
235 | 2 | $calculation_fields = Security::get_calculations_parameters_in(); |
|||
236 | |||||
237 | 2 | $fields = Security::get_calculation_fields( $calculation_fields, $this->data->get_fields() ); |
|||
0 ignored issues
–
show
It seems like
$calculation_fields can also be of type false ; however, parameter $calculation_fields of Pronamic\WordPress\Pay\G...et_calculation_fields() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
238 | |||||
239 | 2 | return Security::get_signature( $fields, $this->get_pass_phrase_in(), $this->hash_algorithm ); |
|||
240 | } |
||||
241 | |||||
242 | /** |
||||
243 | * Get signature OUT |
||||
244 | * |
||||
245 | * @param array $fields Fields to calculate signature for. |
||||
246 | * |
||||
247 | * @return string |
||||
248 | */ |
||||
249 | 1 | public function get_signature_out( $fields ) { |
|||
250 | 1 | $calculation_fields = Security::get_calculations_parameters_out(); |
|||
251 | |||||
252 | 1 | $fields = Security::get_calculation_fields( $calculation_fields, $fields ); |
|||
0 ignored issues
–
show
It seems like
$calculation_fields can also be of type false ; however, parameter $calculation_fields of Pronamic\WordPress\Pay\G...et_calculation_fields() does only seem to accept array , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
253 | |||||
254 | 1 | return Security::get_signature( $fields, $this->get_pass_phrase_out(), $this->hash_algorithm ); |
|||
255 | } |
||||
256 | |||||
257 | /** |
||||
258 | * Get fields |
||||
259 | * |
||||
260 | * @since 1.2.1 |
||||
261 | * @return array |
||||
262 | */ |
||||
263 | public function get_fields() { |
||||
264 | Security::sign_data( $this->data, $this->get_pass_phrase_in(), $this->hash_algorithm ); |
||||
265 | |||||
266 | return $this->data->get_fields(); |
||||
267 | } |
||||
268 | |||||
269 | /** |
||||
270 | * Get order status |
||||
271 | * |
||||
272 | * @param string $order_id Order ID. |
||||
273 | */ |
||||
274 | public function get_order_status( $order_id ) { |
||||
275 | $return = null; |
||||
276 | |||||
277 | // API user ID and password. |
||||
278 | $user_id = $this->get_user_id(); |
||||
279 | $password = $this->get_password(); |
||||
280 | |||||
281 | if ( '' === $user_id || '' === $password ) { |
||||
282 | return $return; |
||||
283 | } |
||||
284 | |||||
285 | $result = Util::remote_get_body( |
||||
286 | $this->get_direct_query_url(), |
||||
287 | 200, |
||||
288 | array( |
||||
289 | 'method' => 'POST', |
||||
290 | 'body' => array( |
||||
291 | Parameters::ORDERID => $order_id, |
||||
292 | Parameters::PSPID => $this->data->get_field( Parameters::PSPID ), |
||||
293 | Parameters::USER_ID => $user_id, |
||||
294 | Parameters::PASSWORD => $password, |
||||
295 | ), |
||||
296 | 'timeout' => 30, |
||||
297 | ) |
||||
298 | ); |
||||
299 | |||||
300 | $xml = Util::simplexml_load_string( $result ); |
||||
301 | |||||
302 | if ( ! is_wp_error( $xml ) ) { |
||||
303 | $order_response = OrderResponseParser::parse( $xml ); |
||||
304 | |||||
305 | $status = XML_Security::filter( $order_response->status ); |
||||
306 | |||||
307 | $return = Statuses::transform( $status ); |
||||
308 | } |
||||
309 | |||||
310 | return $return; |
||||
311 | } |
||||
312 | |||||
313 | /** |
||||
314 | * Verify request |
||||
315 | * |
||||
316 | * @param array $data Request data. |
||||
317 | */ |
||||
318 | 1 | public function verify_request( $data ) { |
|||
319 | 1 | $result = false; |
|||
320 | |||||
321 | 1 | $data = array_change_key_case( $data, CASE_UPPER ); |
|||
322 | |||||
323 | 1 | if ( isset( $data['SHASIGN'] ) ) { |
|||
324 | 1 | $signature = $data['SHASIGN']; |
|||
325 | |||||
326 | 1 | $signature_out = $this->get_signature_out( $data ); |
|||
327 | |||||
328 | 1 | if ( 0 === strcasecmp( $signature, $signature_out ) ) { |
|||
329 | 1 | $result = filter_var_array( |
|||
330 | 1 | $data, |
|||
331 | array( |
||||
332 | 1 | Parameters::ORDERID => FILTER_SANITIZE_STRING, |
|||
333 | 1 | Parameters::AMOUNT => FILTER_VALIDATE_FLOAT, |
|||
334 | 1 | Parameters::CURRENCY => FILTER_SANITIZE_STRING, |
|||
335 | 1 | 'PM' => FILTER_SANITIZE_STRING, |
|||
336 | 1 | 'ACCEPTANCE' => FILTER_SANITIZE_STRING, |
|||
337 | 1 | 'STATUS' => FILTER_VALIDATE_INT, |
|||
338 | 1 | 'CARDNO' => FILTER_SANITIZE_STRING, |
|||
339 | 1 | 'PAYID' => FILTER_VALIDATE_INT, |
|||
340 | 1 | 'NCERROR' => FILTER_SANITIZE_STRING, |
|||
341 | 1 | 'BRAND' => FILTER_SANITIZE_STRING, |
|||
342 | 1 | 'SHASIGN' => FILTER_SANITIZE_STRING, |
|||
343 | ) |
||||
344 | ); |
||||
345 | } |
||||
346 | } |
||||
347 | |||||
348 | 1 | return $result; |
|||
349 | } |
||||
350 | } |
||||
351 |