Issues in Client.php - Failed Issues - Inspection of "Add support for PayPal payment method (pronamic/wp..." - wp-pay-gateways/ogone - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — develop ( 59650a...3d7b28 )

by Reüel

created 2021-07-26 14:17 UTC

src/OrderStandard/Client.php (4 issues)

Labels

Severity

Major 4

<?php

namespace Pronamic\WordPress\Pay\Gateways\Ingenico\OrderStandard;

use Pronamic\WordPress\Pay\Core\Util;
use Pronamic\WordPress\Pay\Core\XML\Security as XML_Security;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Data;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Error;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Ingenico;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Parameters;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Statuses;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Security;
use Pronamic\WordPress\Pay\Gateways\Ingenico\XML\OrderResponseParser;

/**
 * Title: Ingenico order standard client
 * Description:
 * Copyright: 2005-2021 Pronamic
 * Company: Pronamic
 *
 * @author  Remco Tolsma
 * @version 2.1.1
 * @since   1.0.0
 */
class Client {
	/**
	 * The payment server URL
	 *
	 * @var string
	 */
	private $payment_server_url;

	/**
	 * Direct Query URL.
	 *
	 * @since 1.3.2
	 * @var string
	 */
	private $direct_query_url;

	/**
	 * The amount
	 *
	 * @var int
	 */
	private $amount;

	/**
	 * Pass phrase IN
	 *
	 * @var string
	 */
	private $pass_phrase_in;

	/**
	 * Pass phrase OUT
	 *
	 * @var string
	 */
	private $pass_phrase_out;

	/**
	 * API user ID.
	 *
	 * @var string
	 */
	private $user_id;

	/**
	 * API user password.
	 *
	 * @var string
	 */
	private $password;

	/**
	 * Data
	 *
	 * @var Data
	 */
	private $data;

	/**
	 * Constructs and initialize a iDEAL kassa object
	 *
	 * @param string $psp_id PSP ID.
	 */
	public function __construct( $psp_id ) {
		$this->data = new Data();
		$this->data->set_field( Parameters::PSPID, $psp_id );

		$this->hash_algorithm = Ingenico::SHA_1;

	}

	/**
	 * Get the payment server URL
	 *
	 * @return the payment server URL
filter:
    dependency_paths: ["lib/*"]
	 */
	public function get_payment_server_url() {
		return $this->payment_server_url;

	}

	/**
	 * Set the payment server URL
	 *
	 * @param string $url Payment server URL.
	 */
	public function set_payment_server_url( $url ) {
		$this->payment_server_url = $url;
	}

	/**
	 * Get the Direct Query URL.
	 *
	 * @return string
	 */
	public function get_direct_query_url() {
		return $this->direct_query_url;
	}

	/**
	 * Set the Direct Query URL.
	 *
	 * @param string $url Direct query URL.
	 */
	public function set_direct_query_url( $url ) {
		$this->direct_query_url = $url;
	}

	/**
	 * Get hash algorithm
	 *
	 * @return string
	 */
	public function get_hash_algorithm() {
		return $this->hash_algorithm;
	}

	/**
	 * Set hash algorithm
	 *
	 * @param string $hash_algorithm Hashing algorithm.
	 */
	public function set_hash_algorithm( $hash_algorithm ) {
		$this->hash_algorithm = $hash_algorithm;

	}

	/**
	 * Get password phrase IN
	 *
	 * @return string
	 */
	public function get_pass_phrase_in() {
		return $this->pass_phrase_in;
	}

	/**
	 * Set password phrase IN
	 *
	 * @param string $pass_phrase_in Pass phrase IN.
	 */
	public function set_pass_phrase_in( $pass_phrase_in ) {
		$this->pass_phrase_in = $pass_phrase_in;
	}

	/**
	 * Get password phrase OUT
	 *
	 * @return string
	 */
	public function get_pass_phrase_out() {
		return $this->pass_phrase_out;
	}

	/**
	 * Set password phrase OUT
	 *
	 * @param string $pass_phrase_out Pass phrase OUT.
	 */
	public function set_pass_phrase_out( $pass_phrase_out ) {
		$this->pass_phrase_out = $pass_phrase_out;
	}

	/**
	 * Get API user ID.
	 *
	 * @return string
	 */
	public function get_user_id() {
		return $this->user_id;
	}

	/**
	 * Set API user ID.
	 *
	 * @param string $user_id API user ID.
	 */
	public function set_user_id( $user_id ) {
		$this->user_id = $user_id;
	}

	/**
	 * Get API user password.
	 *
	 * @return string
	 */
	public function get_password() {
		return $this->password;
	}

	/**
	 * Set API user password.
	 *
	 * @param string $password API user password.
	 */
	public function set_password( $password ) {
		$this->password = $password;
	}

	/**
	 * Get data
	 *
	 * @return Data
	 */
	public function get_data() {
		return $this->data;
	}

	/**
	 * Get signature IN
	 *
	 * @return string
	 */
	public function get_signature_in() {
		$calculation_fields = Security::get_calculations_parameters_in();

		$fields = Security::get_calculation_fields( $calculation_fields, $this->data->get_fields() );

		return Security::get_signature( $fields, $this->get_pass_phrase_in(), $this->hash_algorithm );
	}

	/**
	 * Get signature OUT
	 *
	 * @param array $fields Fields to calculate signature for.
	 *
	 * @return string
	 */
	public function get_signature_out( $fields ) {
		$calculation_fields = Security::get_calculations_parameters_out();

		$fields = Security::get_calculation_fields( $calculation_fields, $fields );

		return Security::get_signature( $fields, $this->get_pass_phrase_out(), $this->hash_algorithm );
	}

	/**
	 * Get fields
	 *
	 * @since 1.2.1
	 * @return array
	 */
	public function get_fields() {
		Security::sign_data( $this->data, $this->get_pass_phrase_in(), $this->hash_algorithm );

		return $this->data->get_fields();
	}

	/**
	 * Get order status
	 *
	 * @param string $order_id Order ID.
	 *
	 * @return string|null
	 * @throws \Exception Throw exception on error in retrieving order status.
	 */
	public function get_order_status( $order_id ) {
		$return = null;

		// API user ID and password.
		$user_id  = $this->get_user_id();
		$password = $this->get_password();

		if ( '' === $user_id || '' === $password ) {
			return $return;
		}

		$result = Util::remote_get_body(
			$this->get_direct_query_url(),
			200,
			array(
				'method'  => 'POST',
				'body'    => array(
					Parameters::ORDERID  => $order_id,
					Parameters::PSPID    => $this->data->get_field( Parameters::PSPID ),
					Parameters::USER_ID  => $user_id,
					Parameters::PASSWORD => $password,
				),
				'timeout' => 30,
			)
		);

		if ( $result instanceof \WP_Error ) {
			throw new \Exception( sprintf( 'Could not get order status for order ID %s.', $order_id ) );
		}

		$xml = Util::simplexml_load_string( $result );

		$order_response = OrderResponseParser::parse( $xml );

		if ( ! empty( $order_response->nc_error ) ) {
			$ogone_error = new Error(
				XML_Security::filter( $order_response->nc_error ),
				XML_Security::filter( $order_response->nc_error_plus )
			);

			throw new \Exception(
				\sprintf(
					'%s<br>%s',
					sprintf( 'Could not get order status for order ID %s.', $order_id ),
					(string) $ogone_error
				)
			);
		}

		$status = XML_Security::filter( $order_response->status );

		$return = Statuses::transform( $status );

		return $return;
	}

	/**
	 * Verify request
	 *
	 * @param array $data Request data.
	 */
	public function verify_request( $data ) {
		$result = false;

		$data = array_change_key_case( $data, CASE_UPPER );

		if ( isset( $data['SHASIGN'] ) ) {
			$signature = $data['SHASIGN'];

			$signature_out = $this->get_signature_out( $data );

			if ( 0 === strcasecmp( $signature, $signature_out ) ) {
				$result = filter_var_array(
					$data,
					array(
						Parameters::ORDERID  => FILTER_SANITIZE_STRING,
						Parameters::AMOUNT   => FILTER_VALIDATE_FLOAT,
						Parameters::CURRENCY => FILTER_SANITIZE_STRING,
						'PM'                 => FILTER_SANITIZE_STRING,
						'ACCEPTANCE'         => FILTER_SANITIZE_STRING,
						'STATUS'             => FILTER_VALIDATE_INT,
						'CARDNO'             => FILTER_SANITIZE_STRING,
						'PAYID'              => FILTER_VALIDATE_INT,
						'NCERROR'            => FILTER_SANITIZE_STRING,
						'BRAND'              => FILTER_SANITIZE_STRING,
						'SHASIGN'            => FILTER_SANITIZE_STRING,
					)
				);
			}
		}

		return $result;
	}
}


1		<?php
2
3		namespace Pronamic\WordPress\Pay\Gateways\Ingenico\OrderStandard;
4
5		use Pronamic\WordPress\Pay\Core\Util;
6		use Pronamic\WordPress\Pay\Core\XML\Security as XML_Security;
7		use Pronamic\WordPress\Pay\Gateways\Ingenico\Data;
8		use Pronamic\WordPress\Pay\Gateways\Ingenico\Error;
9		use Pronamic\WordPress\Pay\Gateways\Ingenico\Ingenico;
10		use Pronamic\WordPress\Pay\Gateways\Ingenico\Parameters;
11		use Pronamic\WordPress\Pay\Gateways\Ingenico\Statuses;
12		use Pronamic\WordPress\Pay\Gateways\Ingenico\Security;
13		use Pronamic\WordPress\Pay\Gateways\Ingenico\XML\OrderResponseParser;
14
15		/**
16		* Title: Ingenico order standard client
17		* Description:
18		* Copyright: 2005-2021 Pronamic
19		* Company: Pronamic
20		*
21		* @author Remco Tolsma
22		* @version 2.1.1
23		* @since 1.0.0
24		*/
25		class Client {
26		/**
27		* The payment server URL
28		*
29		* @var string
30		*/
31		private $payment_server_url;
32
33		/**
34		* Direct Query URL.
35		*
36		* @since 1.3.2
37		* @var string
38		*/
39		private $direct_query_url;
40
41		/**
42		* The amount
43		*
44		* @var int
45		*/
46		private $amount;
47
48		/**
49		* Pass phrase IN
50		*
51		* @var string
52		*/
53		private $pass_phrase_in;
54
55		/**
56		* Pass phrase OUT
57		*
58		* @var string
59		*/
60		private $pass_phrase_out;
61
62		/**
63		* API user ID.
64		*
65		* @var string
66		*/
67		private $user_id;
68
69		/**
70		* API user password.
71		*
72		* @var string
73		*/
74		private $password;
75
76		/**
77		* Data
78		*
79		* @var Data
80		*/
81		private $data;
82
83		/**
84		* Constructs and initialize a iDEAL kassa object
85		*
86		* @param string $psp_id PSP ID.
87		*/
88	3	public function __construct( $psp_id ) {
89	3	$this->data = new Data();
90	3	$this->data->set_field( Parameters::PSPID, $psp_id );
91
92	3	$this->hash_algorithm = Ingenico::SHA_1;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `hash_algorithm` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
93	3	}
94
95		/**
96		* Get the payment server URL
97		*
98		* @return the payment server URL
		0 ignored issues – show Bug introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Pronamic\WordPress\Pay\G...enico\OrderStandard\the` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
99		*/
100		public function get_payment_server_url() {
101		return $this->payment_server_url;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $this->payment_server_url` returns the type `string` which is incompatible with the documented return type `Pronamic\WordPress\Pay\G...enico\OrderStandard\the`. Loading history...
102		}
103
104		/**
105		* Set the payment server URL
106		*
107		* @param string $url Payment server URL.
108		*/
109		public function set_payment_server_url( $url ) {
110		$this->payment_server_url = $url;
111		}
112
113		/**
114		* Get the Direct Query URL.
115		*
116		* @return string
117		*/
118		public function get_direct_query_url() {
119		return $this->direct_query_url;
120		}
121
122		/**
123		* Set the Direct Query URL.
124		*
125		* @param string $url Direct query URL.
126		*/
127		public function set_direct_query_url( $url ) {
128		$this->direct_query_url = $url;
129		}
130
131		/**
132		* Get hash algorithm
133		*
134		* @return string
135		*/
136		public function get_hash_algorithm() {
137		return $this->hash_algorithm;
138		}
139
140		/**
141		* Set hash algorithm
142		*
143		* @param string $hash_algorithm Hashing algorithm.
144		*/
145		public function set_hash_algorithm( $hash_algorithm ) {
146		$this->hash_algorithm = $hash_algorithm;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `hash_algorithm` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
147		}
148
149		/**
150		* Get password phrase IN
151		*
152		* @return string
153		*/
154	2	public function get_pass_phrase_in() {
155	2	return $this->pass_phrase_in;
156		}
157
158		/**
159		* Set password phrase IN
160		*
161		* @param string $pass_phrase_in Pass phrase IN.
162		*/
163	1	public function set_pass_phrase_in( $pass_phrase_in ) {
164	1	$this->pass_phrase_in = $pass_phrase_in;
165	1	}
166
167		/**
168		* Get password phrase OUT
169		*
170		* @return string
171		*/
172	1	public function get_pass_phrase_out() {
173	1	return $this->pass_phrase_out;
174		}
175
176		/**
177		* Set password phrase OUT
178		*
179		* @param string $pass_phrase_out Pass phrase OUT.
180		*/
181	1	public function set_pass_phrase_out( $pass_phrase_out ) {
182	1	$this->pass_phrase_out = $pass_phrase_out;
183	1	}
184
185		/**
186		* Get API user ID.
187		*
188		* @return string
189		*/
190		public function get_user_id() {
191		return $this->user_id;
192		}
193
194		/**
195		* Set API user ID.
196		*
197		* @param string $user_id API user ID.
198		*/
199		public function set_user_id( $user_id ) {
200		$this->user_id = $user_id;
201		}
202
203		/**
204		* Get API user password.
205		*
206		* @return string
207		*/
208		public function get_password() {
209		return $this->password;
210		}
211
212		/**
213		* Set API user password.
214		*
215		* @param string $password API user password.
216		*/
217		public function set_password( $password ) {
218		$this->password = $password;
219		}
220
221		/**
222		* Get data
223		*
224		* @return Data
225		*/
226	1	public function get_data() {
227	1	return $this->data;
228		}
229
230		/**
231		* Get signature IN
232		*
233		* @return string
234		*/
235	2	public function get_signature_in() {
236	2	$calculation_fields = Security::get_calculations_parameters_in();
237
238	2	$fields = Security::get_calculation_fields( $calculation_fields, $this->data->get_fields() );
239
240	2	return Security::get_signature( $fields, $this->get_pass_phrase_in(), $this->hash_algorithm );
241		}
242
243		/**
244		* Get signature OUT
245		*
246		* @param array $fields Fields to calculate signature for.
247		*
248		* @return string
249		*/
250	1	public function get_signature_out( $fields ) {
251	1	$calculation_fields = Security::get_calculations_parameters_out();
252
253	1	$fields = Security::get_calculation_fields( $calculation_fields, $fields );
254
255	1	return Security::get_signature( $fields, $this->get_pass_phrase_out(), $this->hash_algorithm );
256		}
257
258		/**
259		* Get fields
260		*
261		* @since 1.2.1
262		* @return array
263		*/
264		public function get_fields() {
265		Security::sign_data( $this->data, $this->get_pass_phrase_in(), $this->hash_algorithm );
266
267		return $this->data->get_fields();
268		}
269
270		/**
271		* Get order status
272		*
273		* @param string $order_id Order ID.
274		*
275		* @return string\|null
276		* @throws \Exception Throw exception on error in retrieving order status.
277		*/
278		public function get_order_status( $order_id ) {
279		$return = null;
280
281		// API user ID and password.
282		$user_id = $this->get_user_id();
283		$password = $this->get_password();
284
285		if ( '' === $user_id \|\| '' === $password ) {
286		return $return;
287		}
288
289		$result = Util::remote_get_body(
290		$this->get_direct_query_url(),
291		200,
292		array(
293		'method' => 'POST',
294		'body' => array(
295		Parameters::ORDERID => $order_id,
296		Parameters::PSPID => $this->data->get_field( Parameters::PSPID ),
297		Parameters::USER_ID => $user_id,
298		Parameters::PASSWORD => $password,
299		),
300		'timeout' => 30,
301		)
302		);
303
304		if ( $result instanceof \WP_Error ) {
305		throw new \Exception( sprintf( 'Could not get order status for order ID %s.', $order_id ) );
306		}
307
308		$xml = Util::simplexml_load_string( $result );
309
310		$order_response = OrderResponseParser::parse( $xml );
311
312		if ( ! empty( $order_response->nc_error ) ) {
313		$ogone_error = new Error(
314		XML_Security::filter( $order_response->nc_error ),
315		XML_Security::filter( $order_response->nc_error_plus )
316		);
317
318		throw new \Exception(
319		\sprintf(
320		'%s<br>%s',
321		sprintf( 'Could not get order status for order ID %s.', $order_id ),
322		(string) $ogone_error
323		)
324		);
325		}
326
327		$status = XML_Security::filter( $order_response->status );
328
329		$return = Statuses::transform( $status );
330
331		return $return;
332		}
333
334		/**
335		* Verify request
336		*
337		* @param array $data Request data.
338		*/
339	1	public function verify_request( $data ) {
340	1	$result = false;
341
342	1	$data = array_change_key_case( $data, CASE_UPPER );
343
344	1	if ( isset( $data['SHASIGN'] ) ) {
345	1	$signature = $data['SHASIGN'];
346
347	1	$signature_out = $this->get_signature_out( $data );
348
349	1	if ( 0 === strcasecmp( $signature, $signature_out ) ) {
350	1	$result = filter_var_array(
351	1	$data,
352		array(
353	1	Parameters::ORDERID => FILTER_SANITIZE_STRING,
354	1	Parameters::AMOUNT => FILTER_VALIDATE_FLOAT,
355	1	Parameters::CURRENCY => FILTER_SANITIZE_STRING,
356	1	'PM' => FILTER_SANITIZE_STRING,
357	1	'ACCEPTANCE' => FILTER_SANITIZE_STRING,
358	1	'STATUS' => FILTER_VALIDATE_INT,
359	1	'CARDNO' => FILTER_SANITIZE_STRING,
360	1	'PAYID' => FILTER_VALIDATE_INT,
361	1	'NCERROR' => FILTER_SANITIZE_STRING,
362	1	'BRAND' => FILTER_SANITIZE_STRING,
363	1	'SHASIGN' => FILTER_SANITIZE_STRING,
364		)
365		);
366		}
367		}
368
369	1	return $result;
370		}
371		}
372

wp-pay-gateways / ogone

Push — develop ( 59650a...3d7b28 )

src/OrderStandard/Client.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like