Added secrets

7 years ago · 819c91e319
parent 516ced5152
commit 819c91e319
1 changed files with 47 additions and 26 deletions
--- a/src/Application/API/Handler.php
+++ b/src/Application/API/Handler.php
@ -41,7 +41,14 @@ class Handler
                if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) {
                    // Correct request

-                    $clientSecret = Handler::getClientSecret($parsedBody['clientId']);
+                    if ($parsedBody['clientId'] !== Handler::getClientId()) {
+                        $response = $response->withStatus(403);
+                        $responseJSON = array(
+                            "success" => false,
+                            "error" => "Incorrect client id."
+                        );
+                    } else {
+                        $clientSecret = Handler::getClientSecret();
                        $sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);

                        if ($sha === $parsedBody['sha1']) {
@ -56,6 +63,7 @@ class Handler
                                "error" => "Incorrect sha1 verification hash."
                            );
                        }
+                    }
                } else {
                    $response = $response->withStatus(400);
                    $responseJSON = array(
@ -83,7 +91,14 @@ class Handler
                if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) {
                    // Correct request

-                    $clientSecret = Handler::getClientSecret($parsedBody['clientId']);
+                    if ($parsedBody['clientId'] !== Handler::getClientId()) {
+                        $response = $response->withStatus(403);
+                        $responseJSON = array(
+                            "success" => false,
+                            "error" => "Incorrect client id."
+                        );
+                    } else {
+                        $clientSecret = Handler::getClientSecret();
                        $sha = sha1($parsedBody['transactionId'] . $clientSecret);

                        if ($sha === $parsedBody['sha1']) {
@ -102,6 +117,7 @@ class Handler
                                "error" => "Incorrect sha1 verification hash."
                            );
                        }
+                    }
                } else {
                    $response = $response->withStatus(400);
                    $responseJSON = array(
@ -123,8 +139,13 @@ class Handler
        });
    }

-    public static function getClientSecret($clientId)
+    public static function getClientId()
+    {
+        return 'de-webshop';
+    }
+
+    public static function getClientSecret()
    {
-        return '3';
+        return '42';
    }
 }