christiaangoossens/informaticaD4P-2017
Archived
1
0
Fork 0
Code Releases Activity

Added secrets

Browse Source
This commit is contained in:
Christiaan Goossens 2017-03-30 19:42:22 +02:00
parent 516ced5152
commit 819c91e319
1 changed files with 47 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/Application/API/Handler.php
View File

@ -41,20 +41,28 @@ class Handler
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) { if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) {
// Correct request // Correct request
$clientSecret = Handler::getClientSecret($parsedBody['clientId']); if ($parsedBody['clientId'] !== Handler::getClientId()) {
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"redirect" => "https://example.com"
);
} else {
$response = $response->withStatus(403); $response = $response->withStatus(403);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Incorrect sha1 verification hash." "error" => "Incorrect client id."
); );
} else {
$clientSecret = Handler::getClientSecret();
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"redirect" => "https://example.com"
);
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect sha1 verification hash."
);
}
} }
} else { } else {
$response = $response->withStatus(400); $response = $response->withStatus(400);
@ -83,24 +91,32 @@ class Handler
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) { if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) {
// Correct request // Correct request
$clientSecret = Handler::getClientSecret($parsedBody['clientId']); if ($parsedBody['clientId'] !== Handler::getClientId()) {
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"status" => "Success",
"transactionId" => "notyetfromdb",
"someotherrandomkey" => "changethis"
)
);
} else {
$response = $response->withStatus(403); $response = $response->withStatus(403);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Incorrect sha1 verification hash." "error" => "Incorrect client id."
); );
} else {
$clientSecret = Handler::getClientSecret();
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"status" => "Success",
"transactionId" => "notyetfromdb",
"someotherrandomkey" => "changethis"
)
);
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect sha1 verification hash."
);
}
} }
} else { } else {
$response = $response->withStatus(400); $response = $response->withStatus(400);
@ -123,8 +139,13 @@ class Handler
}); });
} }
public static function getClientSecret($clientId) public static function getClientId()
{ {
return '3'; return 'de-webshop';
}
public static function getClientSecret()
{
return '42';
} }
} }