Added secrets
This commit is contained in:
@@ -41,20 +41,28 @@ class Handler
|
||||
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) {
|
||||
// Correct request
|
||||
|
||||
$clientSecret = Handler::getClientSecret($parsedBody['clientId']);
|
||||
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
|
||||
|
||||
if ($sha === $parsedBody['sha1']) {
|
||||
$responseJSON = array(
|
||||
"success" => true,
|
||||
"redirect" => "https://example.com"
|
||||
);
|
||||
} else {
|
||||
if ($parsedBody['clientId'] !== Handler::getClientId()) {
|
||||
$response = $response->withStatus(403);
|
||||
$responseJSON = array(
|
||||
"success" => false,
|
||||
"error" => "Incorrect sha1 verification hash."
|
||||
"error" => "Incorrect client id."
|
||||
);
|
||||
} else {
|
||||
$clientSecret = Handler::getClientSecret();
|
||||
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
|
||||
|
||||
if ($sha === $parsedBody['sha1']) {
|
||||
$responseJSON = array(
|
||||
"success" => true,
|
||||
"redirect" => "https://example.com"
|
||||
);
|
||||
} else {
|
||||
$response = $response->withStatus(403);
|
||||
$responseJSON = array(
|
||||
"success" => false,
|
||||
"error" => "Incorrect sha1 verification hash."
|
||||
);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$response = $response->withStatus(400);
|
||||
@@ -83,24 +91,32 @@ class Handler
|
||||
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) {
|
||||
// Correct request
|
||||
|
||||
$clientSecret = Handler::getClientSecret($parsedBody['clientId']);
|
||||
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
|
||||
|
||||
if ($sha === $parsedBody['sha1']) {
|
||||
$responseJSON = array(
|
||||
"success" => true,
|
||||
"transaction" => array(
|
||||
"status" => "Success",
|
||||
"transactionId" => "notyetfromdb",
|
||||
"someotherrandomkey" => "changethis"
|
||||
)
|
||||
);
|
||||
} else {
|
||||
if ($parsedBody['clientId'] !== Handler::getClientId()) {
|
||||
$response = $response->withStatus(403);
|
||||
$responseJSON = array(
|
||||
"success" => false,
|
||||
"error" => "Incorrect sha1 verification hash."
|
||||
"error" => "Incorrect client id."
|
||||
);
|
||||
} else {
|
||||
$clientSecret = Handler::getClientSecret();
|
||||
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
|
||||
|
||||
if ($sha === $parsedBody['sha1']) {
|
||||
$responseJSON = array(
|
||||
"success" => true,
|
||||
"transaction" => array(
|
||||
"status" => "Success",
|
||||
"transactionId" => "notyetfromdb",
|
||||
"someotherrandomkey" => "changethis"
|
||||
)
|
||||
);
|
||||
} else {
|
||||
$response = $response->withStatus(403);
|
||||
$responseJSON = array(
|
||||
"success" => false,
|
||||
"error" => "Incorrect sha1 verification hash."
|
||||
);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$response = $response->withStatus(400);
|
||||
@@ -123,8 +139,13 @@ class Handler
|
||||
});
|
||||
}
|
||||
|
||||
public static function getClientSecret($clientId)
|
||||
public static function getClientId()
|
||||
{
|
||||
return '3';
|
||||
return 'de-webshop';
|
||||
}
|
||||
|
||||
public static function getClientSecret()
|
||||
{
|
||||
return '42';
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user