From 819c91e319be6cca0b19658b75513ad98cc9e7b0 Mon Sep 17 00:00:00 2001 From: Christiaan Goossens Date: Thu, 30 Mar 2017 19:42:22 +0200 Subject: [PATCH] Added secrets --- src/Application/API/Handler.php | 73 +++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 26 deletions(-) diff --git a/src/Application/API/Handler.php b/src/Application/API/Handler.php index 3690c71..972f7fe 100644 --- a/src/Application/API/Handler.php +++ b/src/Application/API/Handler.php @@ -41,20 +41,28 @@ class Handler if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) { // Correct request - $clientSecret = Handler::getClientSecret($parsedBody['clientId']); - $sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret); - - if ($sha === $parsedBody['sha1']) { - $responseJSON = array( - "success" => true, - "redirect" => "https://example.com" - ); - } else { + if ($parsedBody['clientId'] !== Handler::getClientId()) { $response = $response->withStatus(403); $responseJSON = array( "success" => false, - "error" => "Incorrect sha1 verification hash." + "error" => "Incorrect client id." ); + } else { + $clientSecret = Handler::getClientSecret(); + $sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret); + + if ($sha === $parsedBody['sha1']) { + $responseJSON = array( + "success" => true, + "redirect" => "https://example.com" + ); + } else { + $response = $response->withStatus(403); + $responseJSON = array( + "success" => false, + "error" => "Incorrect sha1 verification hash." + ); + } } } else { $response = $response->withStatus(400); @@ -83,24 +91,32 @@ class Handler if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) { // Correct request - $clientSecret = Handler::getClientSecret($parsedBody['clientId']); - $sha = sha1($parsedBody['transactionId'] . $clientSecret); - - if ($sha === $parsedBody['sha1']) { - $responseJSON = array( - "success" => true, - "transaction" => array( - "status" => "Success", - "transactionId" => "notyetfromdb", - "someotherrandomkey" => "changethis" - ) - ); - } else { + if ($parsedBody['clientId'] !== Handler::getClientId()) { $response = $response->withStatus(403); $responseJSON = array( "success" => false, - "error" => "Incorrect sha1 verification hash." + "error" => "Incorrect client id." ); + } else { + $clientSecret = Handler::getClientSecret(); + $sha = sha1($parsedBody['transactionId'] . $clientSecret); + + if ($sha === $parsedBody['sha1']) { + $responseJSON = array( + "success" => true, + "transaction" => array( + "status" => "Success", + "transactionId" => "notyetfromdb", + "someotherrandomkey" => "changethis" + ) + ); + } else { + $response = $response->withStatus(403); + $responseJSON = array( + "success" => false, + "error" => "Incorrect sha1 verification hash." + ); + } } } else { $response = $response->withStatus(400); @@ -123,8 +139,13 @@ class Handler }); } - public static function getClientSecret($clientId) + public static function getClientId() + { + return 'de-webshop'; + } + + public static function getClientSecret() { - return '3'; + return '42'; } }