use request data instead of account data for hash calculation

mewebstudio · Nov 17, 2024 · 0c2eb5b · 0c2eb5b
1 parent d45a955
commit 0c2eb5b
Show file tree

Hide file tree

Showing 22 changed files with 246 additions and 182 deletions.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -10,6 +10,11 @@ parameters:
 			count: 1
 			path: src/Client/HttpClient.php
 
+		-
+			message: "#^Default value of the parameter \\#3 \\$order \\(array\\{\\}\\) of method Mews\\\\Pos\\\\Crypt\\\\PosNetCrypt\\:\\:createHash\\(\\) is incompatible with type array\\{amount\\: int, currency\\: string, id\\: string\\}\\.$#"
+			count: 1
+			path: src/Crypt/PosNetCrypt.php
+
 		-
 			message: "#^Parameter \\#1 \\$currency of method Mews\\\\Pos\\\\DataMapper\\\\RequestDataMapper\\\\AkbankPosRequestDataMapper\\:\\:mapCurrency\\(\\) expects 'EUR'\\|'GBP'\\|'JPY'\\|'RUB'\\|'TRY'\\|'USD', string given\\.$#"
 			count: 5

diff --git a/src/Crypt/AkbankPosCrypt.php b/src/Crypt/AkbankPosCrypt.php
@@ -6,7 +6,6 @@
 namespace Mews\Pos\Crypt;
 
 use Mews\Pos\Entity\Account\AbstractPosAccount;
-use Mews\Pos\Entity\Account\AkbankPosAccount;
 use Mews\Pos\Exceptions\NotImplementedException;
 
 class AkbankPosCrypt extends AbstractCrypt
@@ -24,16 +23,15 @@ public function generateRandomString(int $length = 128): string
     }
 
     /**
-     * @param AkbankPosAccount $posAccount
      * {@inheritDoc}
      */
     public function create3DHash(AbstractPosAccount $posAccount, array $formInputs): string
     {
         $hashData = [
             $formInputs['paymentModel'],
             $formInputs['txnCode'],
-            $posAccount->getClientId(),
-            $posAccount->getTerminalId(),
+            $formInputs['merchantSafeId'],
+            $formInputs['terminalSafeId'],
             $formInputs['orderId'],
             $formInputs['lang'],
             $formInputs['amount'],
@@ -45,7 +43,7 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs):
             $formInputs['okUrl'],
             $formInputs['failUrl'],
             $formInputs['emailAddress'] ?? '',
-            $posAccount->getSubMerchantId() ?? '',
+            $formInputs['subMerchantId'] ?? '',
 
             // 3D hosting model does not have credit card information
             $formInputs['creditCard'] ?? '',

diff --git a/src/Crypt/EstPosCrypt.php b/src/Crypt/EstPosCrypt.php
@@ -16,7 +16,7 @@ class EstPosCrypt extends AbstractCrypt
     public function create3DHash(AbstractPosAccount $posAccount, array $formInputs): string
     {
         $hashData = [
-            $posAccount->getClientId(),
+            $formInputs['clientid'],
             $formInputs['oid'],
             $formInputs['amount'],
             $formInputs['okUrl'],
@@ -27,7 +27,7 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs):
             $posAccount->getStoreKey(),
         ];
 
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }

diff --git a/src/Crypt/GarantiPosCrypt.php b/src/Crypt/GarantiPosCrypt.php
@@ -20,7 +20,7 @@ class GarantiPosCrypt extends AbstractCrypt
     public function create3DHash(AbstractPosAccount $posAccount, array $formInputs): string
     {
         $map = [
-            $posAccount->getTerminalId(),
+            $formInputs['terminalid'],
             $formInputs['orderid'],
             $formInputs['txnamount'],
             $formInputs['txncurrencycode'],
@@ -29,10 +29,10 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs):
             $formInputs['txntype'],
             $formInputs['txninstallmentcount'],
             $posAccount->getStoreKey(),
-            $this->createSecurityData($posAccount, $formInputs['txntype']),
+            $this->createSecurityData($posAccount, $formInputs['terminalid'], $formInputs['txntype']),
         ];
 
-        return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM);
+        return $this->hashStringUpperCase(\implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM);
     }
 
     /**
@@ -71,14 +71,14 @@ public function createHash(AbstractPosAccount $posAccount, array $requestData):
     {
         $map = [
             $requestData['Order']['OrderID'],
-            $posAccount->getTerminalId(),
+            $requestData['Terminal']['ID'],
             $requestData['Card']['Number'] ?? null,
             $requestData['Transaction']['Amount'],
             $requestData['Transaction']['CurrencyCode'] ?? null,
-            $this->createSecurityData($posAccount, $requestData['Transaction']['Type']),
+            $this->createSecurityData($posAccount, $requestData['Terminal']['ID'], $requestData['Transaction']['Type']),
         ];
 
-        return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM);
+        return $this->hashStringUpperCase(\implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM);
     }
 
     /**
@@ -93,17 +93,18 @@ public function hashString(string $str, ?string $encryptionKey = null): string
      * Make Security Data
      *
      * @param GarantiPosAccount $posAccount
+     * @param string            $terminalId
      * @param string|null       $txType
      *
      * @return string
      */
-    private function createSecurityData(AbstractPosAccount $posAccount, ?string $txType = null): string
+    private function createSecurityData(AbstractPosAccount $posAccount, string $terminalId, ?string $txType = null): string
     {
-        $password = 'void' === $txType || 'refund' === $txType ? $posAccount->getRefundPassword() : $posAccount->getPassword();
+        $password = ('void' === $txType || 'refund' === $txType) ? $posAccount->getRefundPassword() : $posAccount->getPassword();
 
         $map = [
             $password,
-            \str_pad($posAccount->getTerminalId(), 9, '0', STR_PAD_LEFT),
+            \str_pad($terminalId, 9, '0', STR_PAD_LEFT),
         ];
 
         return $this->hashStringUpperCase(\implode(static::HASH_SEPARATOR, $map), 'sha1');
@@ -116,6 +117,6 @@ private function createSecurityData(AbstractPosAccount $posAccount, ?string $txT
      */
     private function hashStringUpperCase(string $str, string $algorithm): string
     {
-        return strtoupper(hash($algorithm, $str));
+        return strtoupper(\hash($algorithm, $str));
     }
 }
diff --git a/src/Crypt/InterPosCrypt.php b/src/Crypt/InterPosCrypt.php
@@ -16,7 +16,7 @@ class InterPosCrypt extends AbstractCrypt
     public function create3DHash(AbstractPosAccount $posAccount, array $formInputs): string
     {
         $hashData = [
-            $posAccount->getClientId(),
+            $formInputs['ShopCode'],
             $formInputs['OrderId'],
             $formInputs['PurchAmount'],
             $formInputs['OkUrl'],
@@ -27,7 +27,7 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs):
             $posAccount->getStoreKey(),
         ];
 
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }

diff --git a/src/Crypt/KuveytPosCrypt.php b/src/Crypt/KuveytPosCrypt.php
@@ -38,7 +38,7 @@ public function createHash(AbstractPosAccount $posAccount, array $requestData):
         $hashedPassword = $this->hashString($posAccount->getStoreKey());
 
         $hashData = [
-            $posAccount->getClientId(),
+            $requestData['MerchantId'],
             // non-payment request may not have MerchantOrderId and Amount fields
             $requestData['MerchantOrderId'] ?? '',
             $requestData['Amount'] ?? '',
@@ -47,7 +47,7 @@ public function createHash(AbstractPosAccount $posAccount, array $requestData):
             $requestData['OkUrl'] ?? '',
             $requestData['FailUrl'] ?? '',
 
-            $posAccount->getUsername(),
+            $requestData['UserName'],
             $hashedPassword,
         ];
 

diff --git a/src/Crypt/PayFlexCPV4Crypt.php b/src/Crypt/PayFlexCPV4Crypt.php
@@ -35,15 +35,15 @@ public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
     public function createHash(AbstractPosAccount $posAccount, array $requestData): string
     {
         $hashData = [
-            $posAccount->getClientId(),
+            $requestData['HostMerchantId'],
             $requestData['AmountCode'],
             $requestData['Amount'],
-            $posAccount->getPassword(),
+            $requestData['MerchantPassword'],
             '',
             'VBank3DPay2014', // todo
         ];
 
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }

diff --git a/src/Crypt/PayForPosCrypt.php b/src/Crypt/PayForPosCrypt.php
@@ -26,7 +26,7 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs):
             $formInputs['Rnd'],
             $posAccount->getStoreKey(),
         ];
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }
@@ -47,7 +47,7 @@ public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
             $posAccount->getUsername(),
         ];
 
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         $hash = $this->hashString($hashStr);
 

diff --git a/src/Crypt/PosNetCrypt.php b/src/Crypt/PosNetCrypt.php
@@ -32,13 +32,17 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs,
      */
     public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
     {
+        if (null === $posAccount->getStoreKey()) {
+            throw new \LogicException('Account storeKey eksik!');
+        }
+
         $secondHashData = [
             $data['mdStatus'],
             $data['xid'],
             $data['amount'],
             $data['currency'],
             $posAccount->getClientId(),
-            $this->createSecurityData($posAccount),
+            $this->createSecurityData($posAccount->getStoreKey(), $posAccount->getTerminalId()),
         ];
         $hashStr        = implode(static::HASH_SEPARATOR, $secondHashData);
 
@@ -58,38 +62,43 @@ public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
     }
 
     /**
-     * @param PosNetAccount $posAccount
+     * @param array{amount: int, currency: string, id: string} $order
      *
      * @inheritdoc
      */
-    public function createHash(AbstractPosAccount $posAccount, array $requestData): string
+    public function createHash(AbstractPosAccount $posAccount, array $requestData, array $order = []): string
     {
+        if (null === $posAccount->getStoreKey()) {
+            throw new \LogicException('Account storeKey eksik!');
+        }
+
         $hashData = [
-            $requestData['id'],
-            $requestData['amount'],
-            $requestData['currency'],
-            $posAccount->getClientId(),
-            $this->createSecurityData($posAccount),
+            $order['id'],
+            $order['amount'],
+            $order['currency'],
+            $requestData['mid'],
+            $this->createSecurityData($posAccount->getStoreKey(), $requestData['tid']),
         ];
-        $hashStr  = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr  = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }
 
     /**
      * Make Security Data
      *
-     * @param PosNetAccount $posAccount
+     * @param string $storeKey
+     * @param string $terminalId
      *
      * @return string
      */
-    public function createSecurityData(AbstractPosAccount $posAccount): string
+    private function createSecurityData(string $storeKey, string $terminalId): string
     {
         $hashData = [
-            $posAccount->getStoreKey(),
-            $posAccount->getTerminalId(),
+            $storeKey,
+            $terminalId,
         ];
-        $hashStr  = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr  = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }

diff --git a/src/Crypt/PosNetV1PosCrypt.php b/src/Crypt/PosNetV1PosCrypt.php
@@ -6,7 +6,6 @@
 namespace Mews\Pos\Crypt;
 
 use Mews\Pos\Entity\Account\AbstractPosAccount;
-use Mews\Pos\Entity\Account\PosNetAccount;
 
 class PosNetV1PosCrypt extends AbstractCrypt
 {
@@ -17,15 +16,13 @@ class PosNetV1PosCrypt extends AbstractCrypt
     protected const HASH_SEPARATOR = '';
 
     /**
-     * @param PosNetAccount $posAccount
-     *
      * {@inheritDoc}
      */
     public function create3DHash(AbstractPosAccount $posAccount, array $formInputs, ?string $txType = null): string
     {
         $hashData = [
-            $posAccount->getClientId(),
-            $posAccount->getTerminalId(),
+            $formInputs['MerchantNo'],
+            $formInputs['TerminalNo'],
             // no card data for 3D host payment
             $formInputs['CardNo'] ?? null,
             $formInputs['Cvv'] ?? null,
@@ -40,8 +37,6 @@ public function create3DHash(AbstractPosAccount $posAccount, array $formInputs,
     }
 
     /**
-     * @param PosNetAccount $posAccount
-     *
      * {@inheritdoc}
      */
     public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
@@ -68,7 +63,6 @@ public function check3DHash(AbstractPosAccount $posAccount, array $data): bool
     }
 
     /**
-     * @param PosNetAccount                               $posAccount
      * @param array<string, string|array<string, string>> $requestData
      *
      * @inheritDoc
@@ -77,17 +71,19 @@ public function createHash(AbstractPosAccount $posAccount, array $requestData):
     {
         /** @var array<string, string> $threeDSecureData */
         $threeDSecureData = $requestData['ThreeDSecureData'];
+
+        /** @var array<string, string> $hashData */
         $hashData = [
-            $posAccount->getClientId(),
-            $posAccount->getTerminalId(),
+            $requestData['MerchantNo'],
+            $requestData['TerminalNo'],
             $threeDSecureData['SecureTransactionId'],
             $threeDSecureData['CavvData'],
             $threeDSecureData['Eci'],
             $threeDSecureData['MdStatus'],
             $posAccount->getStoreKey(),
         ];
 
-        $hashStr = implode(static::HASH_SEPARATOR, $hashData);
+        $hashStr = \implode(static::HASH_SEPARATOR, $hashData);
 
         return $this->hashString($hashStr);
     }

diff --git a/src/Crypt/ToslaPosCrypt.php b/src/Crypt/ToslaPosCrypt.php
@@ -57,8 +57,8 @@ public function createHash(AbstractPosAccount $posAccount, array $requestData):
     {
         $hashData = [
             $posAccount->getStoreKey(),
-            $posAccount->getClientId(),
-            $posAccount->getUsername(),
+            $requestData['clientId'],
+            $requestData['apiUser'],
             $requestData['rnd'],
             $requestData['timeSpan'],
         ];