Issues in Client.php - Failed Issues - Inspection of "Update libraries, coding standards, tests and Trav..." - wp-pay-gateways/ogone - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — develop ( 9cc0c5...5590ec )

by Reüel

created 2019-02-09 02:20 UTC

src/OrderStandard/Client.php (4 issues)

Labels

Severity

Major 4

<?php

namespace Pronamic\WordPress\Pay\Gateways\Ingenico\OrderStandard;

use Pronamic\WordPress\Pay\Core\Util;
use Pronamic\WordPress\Pay\Core\XML\Security as XML_Security;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Data;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Ingenico;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Parameters;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Statuses;
use Pronamic\WordPress\Pay\Gateways\Ingenico\Security;
use Pronamic\WordPress\Pay\Gateways\Ingenico\XML\OrderResponseParser;

/**
 * Title: Ingenico order standard client
 * Description:
 * Copyright: 2005-2019 Pronamic
 * Company: Pronamic
 *
 * @author  Remco Tolsma
 * @version 2.0.0
 * @since   1.0.0
 */
class Client {
	/**
	 * The payment server URL
	 *
	 * @var string
	 */
	private $payment_server_url;

	/**
	 * Direct Query URL.
	 *
	 * @since 1.3.2
	 * @var string
	 */
	private $direct_query_url;

	/**
	 * The amount
	 *
	 * @var int
	 */
	private $amount;

	/**
	 * Pass phrase IN
	 *
	 * @var string
	 */
	private $pass_phrase_in;

	/**
	 * Pass phrase OUT
	 *
	 * @var string
	 */
	private $pass_phrase_out;

	/**
	 * API user ID.
	 *
	 * @var string
	 */
	private $user_id;

	/**
	 * API user password.
	 *
	 * @var string
	 */
	private $password;

	/**
	 * Data
	 *
	 * @var Data
	 */
	private $data;

	/**
	 * Constructs and initialize a iDEAL kassa object
	 *
	 * @param string $psp_id PSP ID.
	 */
	public function __construct( $psp_id ) {
		$this->data = new Data();
		$this->data->set_field( Parameters::PSPID, $psp_id );

		$this->hash_algorithm = Ingenico::SHA_1;

	}

	/**
	 * Get the payment server URL
	 *
	 * @return the payment server URL
filter:
    dependency_paths: ["lib/*"]
	 */
	public function get_payment_server_url() {
		return $this->payment_server_url;

	}

	/**
	 * Set the payment server URL
	 *
	 * @param string $url Payment server URL.
	 */
	public function set_payment_server_url( $url ) {
		$this->payment_server_url = $url;
	}

	/**
	 * Get the Direct Query URL.
	 *
	 * @return string
	 */
	public function get_direct_query_url() {
		return $this->direct_query_url;
	}

	/**
	 * Set the Direct Query URL.
	 *
	 * @param string $url Direct query URL.
	 */
	public function set_direct_query_url( $url ) {
		$this->direct_query_url = $url;
	}

	/**
	 * Get hash algorithm
	 *
	 * @return string
	 */
	public function get_hash_algorithm() {
		return $this->hash_algorithm;
	}

	/**
	 * Set hash algorithm
	 *
	 * @param string $hash_algorithm Hashing algorithm.
	 */
	public function set_hash_algorithm( $hash_algorithm ) {
		$this->hash_algorithm = $hash_algorithm;

	}

	/**
	 * Get password phrase IN
	 *
	 * @return string
	 */
	public function get_pass_phrase_in() {
		return $this->pass_phrase_in;
	}

	/**
	 * Set password phrase IN
	 *
	 * @param string $pass_phrase_in Pass phrase IN.
	 */
	public function set_pass_phrase_in( $pass_phrase_in ) {
		$this->pass_phrase_in = $pass_phrase_in;
	}

	/**
	 * Get password phrase OUT
	 *
	 * @return string
	 */
	public function get_pass_phrase_out() {
		return $this->pass_phrase_out;
	}

	/**
	 * Set password phrase OUT
	 *
	 * @param string $pass_phrase_out Pass phrase OUT.
	 */
	public function set_pass_phrase_out( $pass_phrase_out ) {
		$this->pass_phrase_out = $pass_phrase_out;
	}

	/**
	 * Get API user ID.
	 *
	 * @return string
	 */
	public function get_user_id() {
		return $this->user_id;
	}

	/**
	 * Set API user ID.
	 *
	 * @param string $user_id API user ID.
	 */
	public function set_user_id( $user_id ) {
		$this->user_id = $user_id;
	}

	/**
	 * Get API user password.
	 *
	 * @return string
	 */
	public function get_password() {
		return $this->password;
	}

	/**
	 * Set API user password.
	 *
	 * @param string $password API user password.
	 */
	public function set_password( $password ) {
		$this->password = $password;
	}

	/**
	 * Get data
	 *
	 * @return Data
	 */
	public function get_data() {
		return $this->data;
	}

	/**
	 * Get signature IN
	 *
	 * @return string
	 */
	public function get_signature_in() {
		$calculation_fields = Security::get_calculations_parameters_in();

		$fields = Security::get_calculation_fields( $calculation_fields, $this->data->get_fields() );

		return Security::get_signature( $fields, $this->get_pass_phrase_in(), $this->hash_algorithm );
	}

	/**
	 * Get signature OUT
	 *
	 * @param array $fields Fields to calculate signature for.
	 *
	 * @return string
	 */
	public function get_signature_out( $fields ) {
		$calculation_fields = Security::get_calculations_parameters_out();

		$fields = Security::get_calculation_fields( $calculation_fields, $fields );

		return Security::get_signature( $fields, $this->get_pass_phrase_out(), $this->hash_algorithm );
	}

	/**
	 * Get fields
	 *
	 * @since 1.2.1
	 * @return array
	 */
	public function get_fields() {
		Security::sign_data( $this->data, $this->get_pass_phrase_in(), $this->hash_algorithm );

		return $this->data->get_fields();
	}

	/**
	 * Get order status
	 *
	 * @param string $order_id Order ID.
	 */
	public function get_order_status( $order_id ) {
		$return = null;

		// API user ID and password.
		$user_id  = $this->get_user_id();
		$password = $this->get_password();

		if ( '' === $user_id || '' === $password ) {
			return $return;
		}

		$result = Util::remote_get_body(
			$this->get_direct_query_url(),
			200,
			array(
				'method'  => 'POST',
				'body'    => array(
					Parameters::ORDERID  => $order_id,
					Parameters::PSPID    => $this->data->get_field( Parameters::PSPID ),
					Parameters::USER_ID  => $user_id,
					Parameters::PASSWORD => $password,
				),
				'timeout' => 30,
			)
		);

		$xml = Util::simplexml_load_string( $result );

		if ( ! is_wp_error( $xml ) ) {
			$order_response = OrderResponseParser::parse( $xml );

			$status = XML_Security::filter( $order_response->status );

			$return = Statuses::transform( $status );
		}

		return $return;
	}

	/**
	 * Verify request
	 *
	 * @param array $data Request data.
	 */
	public function verify_request( $data ) {
		$result = false;

		$data = array_change_key_case( $data, CASE_UPPER );

		if ( isset( $data['SHASIGN'] ) ) {
			$signature = $data['SHASIGN'];

			$signature_out = $this->get_signature_out( $data );

			if ( 0 === strcasecmp( $signature, $signature_out ) ) {
				$result = filter_var_array(
					$data,
					array(
						Parameters::ORDERID  => FILTER_SANITIZE_STRING,
						Parameters::AMOUNT   => FILTER_VALIDATE_FLOAT,
						Parameters::CURRENCY => FILTER_SANITIZE_STRING,
						'PM'                 => FILTER_SANITIZE_STRING,
						'ACCEPTANCE'         => FILTER_SANITIZE_STRING,
						'STATUS'             => FILTER_VALIDATE_INT,
						'CARDNO'             => FILTER_SANITIZE_STRING,
						'PAYID'              => FILTER_VALIDATE_INT,
						'NCERROR'            => FILTER_SANITIZE_STRING,
						'BRAND'              => FILTER_SANITIZE_STRING,
						'SHASIGN'            => FILTER_SANITIZE_STRING,
					)
				);
			}
		}

		return $result;
	}
}


1		<?php
2
3		namespace Pronamic\WordPress\Pay\Gateways\Ingenico\OrderStandard;
4
5		use Pronamic\WordPress\Pay\Core\Util;
6		use Pronamic\WordPress\Pay\Core\XML\Security as XML_Security;
7		use Pronamic\WordPress\Pay\Gateways\Ingenico\Data;
8		use Pronamic\WordPress\Pay\Gateways\Ingenico\Ingenico;
9		use Pronamic\WordPress\Pay\Gateways\Ingenico\Parameters;
10		use Pronamic\WordPress\Pay\Gateways\Ingenico\Statuses;
11		use Pronamic\WordPress\Pay\Gateways\Ingenico\Security;
12		use Pronamic\WordPress\Pay\Gateways\Ingenico\XML\OrderResponseParser;
13
14		/**
15		* Title: Ingenico order standard client
16		* Description:
17		* Copyright: 2005-2019 Pronamic
18		* Company: Pronamic
19		*
20		* @author Remco Tolsma
21		* @version 2.0.0
22		* @since 1.0.0
23		*/
24		class Client {
25		/**
26		* The payment server URL
27		*
28		* @var string
29		*/
30		private $payment_server_url;
31
32		/**
33		* Direct Query URL.
34		*
35		* @since 1.3.2
36		* @var string
37		*/
38		private $direct_query_url;
39
40		/**
41		* The amount
42		*
43		* @var int
44		*/
45		private $amount;
46
47		/**
48		* Pass phrase IN
49		*
50		* @var string
51		*/
52		private $pass_phrase_in;
53
54		/**
55		* Pass phrase OUT
56		*
57		* @var string
58		*/
59		private $pass_phrase_out;
60
61		/**
62		* API user ID.
63		*
64		* @var string
65		*/
66		private $user_id;
67
68		/**
69		* API user password.
70		*
71		* @var string
72		*/
73		private $password;
74
75		/**
76		* Data
77		*
78		* @var Data
79		*/
80		private $data;
81
82		/**
83		* Constructs and initialize a iDEAL kassa object
84		*
85		* @param string $psp_id PSP ID.
86		*/
87	3	public function __construct( $psp_id ) {
88	3	$this->data = new Data();
89	3	$this->data->set_field( Parameters::PSPID, $psp_id );
90
91	3	$this->hash_algorithm = Ingenico::SHA_1;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `hash_algorithm` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
92	3	}
93
94		/**
95		* Get the payment server URL
96		*
97		* @return the payment server URL
		0 ignored issues – show Bug introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Pronamic\WordPress\Pay\G...enico\OrderStandard\the` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
98		*/
99		public function get_payment_server_url() {
100		return $this->payment_server_url;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $this->payment_server_url` returns the type `string` which is incompatible with the documented return type `Pronamic\WordPress\Pay\G...enico\OrderStandard\the`. Loading history...
101		}
102
103		/**
104		* Set the payment server URL
105		*
106		* @param string $url Payment server URL.
107		*/
108		public function set_payment_server_url( $url ) {
109		$this->payment_server_url = $url;
110		}
111
112		/**
113		* Get the Direct Query URL.
114		*
115		* @return string
116		*/
117		public function get_direct_query_url() {
118		return $this->direct_query_url;
119		}
120
121		/**
122		* Set the Direct Query URL.
123		*
124		* @param string $url Direct query URL.
125		*/
126		public function set_direct_query_url( $url ) {
127		$this->direct_query_url = $url;
128		}
129
130		/**
131		* Get hash algorithm
132		*
133		* @return string
134		*/
135		public function get_hash_algorithm() {
136		return $this->hash_algorithm;
137		}
138
139		/**
140		* Set hash algorithm
141		*
142		* @param string $hash_algorithm Hashing algorithm.
143		*/
144		public function set_hash_algorithm( $hash_algorithm ) {
145		$this->hash_algorithm = $hash_algorithm;
		0 ignored issues – show Bug Best Practice introduced 2018-10-23 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `hash_algorithm` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
146		}
147
148		/**
149		* Get password phrase IN
150		*
151		* @return string
152		*/
153	2	public function get_pass_phrase_in() {
154	2	return $this->pass_phrase_in;
155		}
156
157		/**
158		* Set password phrase IN
159		*
160		* @param string $pass_phrase_in Pass phrase IN.
161		*/
162	1	public function set_pass_phrase_in( $pass_phrase_in ) {
163	1	$this->pass_phrase_in = $pass_phrase_in;
164	1	}
165
166		/**
167		* Get password phrase OUT
168		*
169		* @return string
170		*/
171	1	public function get_pass_phrase_out() {
172	1	return $this->pass_phrase_out;
173		}
174
175		/**
176		* Set password phrase OUT
177		*
178		* @param string $pass_phrase_out Pass phrase OUT.
179		*/
180	1	public function set_pass_phrase_out( $pass_phrase_out ) {
181	1	$this->pass_phrase_out = $pass_phrase_out;
182	1	}
183
184		/**
185		* Get API user ID.
186		*
187		* @return string
188		*/
189		public function get_user_id() {
190		return $this->user_id;
191		}
192
193		/**
194		* Set API user ID.
195		*
196		* @param string $user_id API user ID.
197		*/
198		public function set_user_id( $user_id ) {
199		$this->user_id = $user_id;
200		}
201
202		/**
203		* Get API user password.
204		*
205		* @return string
206		*/
207		public function get_password() {
208		return $this->password;
209		}
210
211		/**
212		* Set API user password.
213		*
214		* @param string $password API user password.
215		*/
216		public function set_password( $password ) {
217		$this->password = $password;
218		}
219
220		/**
221		* Get data
222		*
223		* @return Data
224		*/
225	1	public function get_data() {
226	1	return $this->data;
227		}
228
229		/**
230		* Get signature IN
231		*
232		* @return string
233		*/
234	2	public function get_signature_in() {
235	2	$calculation_fields = Security::get_calculations_parameters_in();
236
237	2	$fields = Security::get_calculation_fields( $calculation_fields, $this->data->get_fields() );
238
239	2	return Security::get_signature( $fields, $this->get_pass_phrase_in(), $this->hash_algorithm );
240		}
241
242		/**
243		* Get signature OUT
244		*
245		* @param array $fields Fields to calculate signature for.
246		*
247		* @return string
248		*/
249	1	public function get_signature_out( $fields ) {
250	1	$calculation_fields = Security::get_calculations_parameters_out();
251
252	1	$fields = Security::get_calculation_fields( $calculation_fields, $fields );
253
254	1	return Security::get_signature( $fields, $this->get_pass_phrase_out(), $this->hash_algorithm );
255		}
256
257		/**
258		* Get fields
259		*
260		* @since 1.2.1
261		* @return array
262		*/
263		public function get_fields() {
264		Security::sign_data( $this->data, $this->get_pass_phrase_in(), $this->hash_algorithm );
265
266		return $this->data->get_fields();
267		}
268
269		/**
270		* Get order status
271		*
272		* @param string $order_id Order ID.
273		*/
274		public function get_order_status( $order_id ) {
275		$return = null;
276
277		// API user ID and password.
278		$user_id = $this->get_user_id();
279		$password = $this->get_password();
280
281		if ( '' === $user_id \|\| '' === $password ) {
282		return $return;
283		}
284
285		$result = Util::remote_get_body(
286		$this->get_direct_query_url(),
287		200,
288		array(
289		'method' => 'POST',
290		'body' => array(
291		Parameters::ORDERID => $order_id,
292		Parameters::PSPID => $this->data->get_field( Parameters::PSPID ),
293		Parameters::USER_ID => $user_id,
294		Parameters::PASSWORD => $password,
295		),
296		'timeout' => 30,
297		)
298		);
299
300		$xml = Util::simplexml_load_string( $result );
301
302		if ( ! is_wp_error( $xml ) ) {
303		$order_response = OrderResponseParser::parse( $xml );
304
305		$status = XML_Security::filter( $order_response->status );
306
307		$return = Statuses::transform( $status );
308		}
309
310		return $return;
311		}
312
313		/**
314		* Verify request
315		*
316		* @param array $data Request data.
317		*/
318	1	public function verify_request( $data ) {
319	1	$result = false;
320
321	1	$data = array_change_key_case( $data, CASE_UPPER );
322
323	1	if ( isset( $data['SHASIGN'] ) ) {
324	1	$signature = $data['SHASIGN'];
325
326	1	$signature_out = $this->get_signature_out( $data );
327
328	1	if ( 0 === strcasecmp( $signature, $signature_out ) ) {
329	1	$result = filter_var_array(
330	1	$data,
331		array(
332	1	Parameters::ORDERID => FILTER_SANITIZE_STRING,
333	1	Parameters::AMOUNT => FILTER_VALIDATE_FLOAT,
334	1	Parameters::CURRENCY => FILTER_SANITIZE_STRING,
335	1	'PM' => FILTER_SANITIZE_STRING,
336	1	'ACCEPTANCE' => FILTER_SANITIZE_STRING,
337	1	'STATUS' => FILTER_VALIDATE_INT,
338	1	'CARDNO' => FILTER_SANITIZE_STRING,
339	1	'PAYID' => FILTER_VALIDATE_INT,
340	1	'NCERROR' => FILTER_SANITIZE_STRING,
341	1	'BRAND' => FILTER_SANITIZE_STRING,
342	1	'SHASIGN' => FILTER_SANITIZE_STRING,
343		)
344		);
345		}
346		}
347
348	1	return $result;
349		}
350		}
351

wp-pay-gateways / ogone

Push — develop ( 9cc0c5...5590ec )

src/OrderStandard/Client.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like