christiaangoossens/informaticaD4P-2017
Archived
1
0
Fork 0
Code Releases Activity

Finalized IDOB + small changes concerning redirects

Browse Source
This commit is contained in:
Christiaan Goossens 2017-04-02 11:50:45 +02:00
parent d982b97455
commit fe9d31a076
11 changed files with 434 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
src/Application/API/Handler.php
View File

@ -15,6 +15,8 @@
namespace Inforbank\Application\API; namespace Inforbank\Application\API;
use \Slim\App; use \Slim\App;
use Inforbank\Application\Helper\Idob\Client;
use Inforbank\Application\Helper\Idob\Transactie;
class Handler class Handler
{ {
@ -38,37 +40,64 @@ class Handler
$this->post('/transactionRequest', function ($request, $response, $args) { $this->post('/transactionRequest', function ($request, $response, $args) {
$parsedBody = $request->getParsedBody(); $parsedBody = $request->getParsedBody();
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) { if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['hash'])) {
// Correct request // Correct request
try {
$client = new Client($parsedBody['clientId']);
$clientSecret = $client->getClientSecret();
if ($parsedBody['clientId'] !== Handler::getClientId()) { $sha = hash("sha256", $parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
$response = $response->withStatus(403);
$responseJSON = array( if ($sha === $parsedBody['hash']) {
"success" => false, if ($parsedBody['returnUrl'] === $client->getClientRedirectURI()) {
"error" => "Incorrect client id." // Voeg de transactie toe aan de lijst en stuur een response
); try {
} else { $reference = $parsedBody['transactionId'];
$clientSecret = Handler::getClientSecret(); $amount = ((double) $parsedBody['amount']) / 100;
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret); $description = $parsedBody['description'];
$clientId = $parsedBody['clientId'];
$transactie = Transactie::createTransactie($reference, $clientId, $amount, $description);
$uri = $request->getUri();
if ($sha === $parsedBody['sha1']) {
$responseJSON = array( $responseJSON = array(
"success" => true, "success" => true,
"redirect" => "https://example.com" "redirect" => $uri->getBaseUrl() . "/idob/betalen?trxid=" . $transactie
); );
} else { } catch (\Exception $e) {
$response = $response->withStatus(403); $response = $response->withStatus(500);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Incorrect sha1 verification hash." "error" => $e->getMessage()
); );
} }
}
} else { } else {
$response = $response->withStatus(400); $response = $response->withStatus(400);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, sha1]" "error" => "Unknown return URI."
);
}
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect verification hash."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect client id."
);
}
} else {
$response = $response->withStatus(400);
$responseJSON = array(
"success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, hash]"
); );
} }
@ -88,41 +117,59 @@ class Handler
$this->post('/statusRequest', function ($request, $response, $args) { $this->post('/statusRequest', function ($request, $response, $args) {
$parsedBody = $request->getParsedBody(); $parsedBody = $request->getParsedBody();
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) { if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['hash'])) {
// Correct request // Correct request
try {
$client = new Client($parsedBody['clientId']);
$clientSecret = $client->getClientSecret();
if ($parsedBody['clientId'] !== Handler::getClientId()) { $sha = hash("sha256", $parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['hash']) {
try {
$transactie = Transactie::getTransactie($parsedBody['transactionId']);
if ($transactie['clientId'] === $parsedBody['clientId']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"reference" => $transactie['reference'],
"status" => $transactie['status']
)
);
} else {
$response = $response->withStatus(500);
$responseJSON = array(
"success" => false,
"error" => "Transaction not found."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(500);
$responseJSON = array(
"success" => false,
"error" => $e->getMessage()
);
}
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect verification hash."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(403); $response = $response->withStatus(403);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Incorrect client id." "error" => "Incorrect client id."
); );
} else {
$clientSecret = Handler::getClientSecret();
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"status" => "Success",
"transactionId" => "notyetfromdb",
"someotherrandomkey" => "changethis"
)
);
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect sha1 verification hash."
);
}
} }
} else { } else {
$response = $response->withStatus(400); $response = $response->withStatus(400);
$responseJSON = array( $responseJSON = array(
"success" => false, "success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, sha1]" "error" => "Missing one of the following attributes: [clientId, transactionId, hash]"
); );
} }
@ -138,14 +185,4 @@ class Handler
return $next($request, $response); return $next($request, $response);
}); });
} }
public static function getClientId()
{
return 'de-webshop';
}
public static function getClientSecret()
{
return '42';
}
} }

9
src/Application/Auth/Middleware.php
View File

@ -22,13 +22,22 @@ class Middleware
public function __invoke($request, $response, $next) public function __invoke($request, $response, $next)
{ {
$container = Application::getContainer(); $container = Application::getContainer();
$uri = $request->getUri();
$path = $uri->getPath();
$query = $uri->getQuery();
// Check for an existing session // Check for an existing session
if ($container->auth->isUserAuthenticated()) { if ($container->auth->isUserAuthenticated()) {
return $next($request, $response); return $next($request, $response);
} else { } else {
// Redirect to the login page // Redirect to the login page
if ($query !== "") {
return Redirect::create($request, $response, '/login?redirect='.$path."&".$query);
} elseif ($path = "/") {
return Redirect::create($request, $response, '/login'); return Redirect::create($request, $response, '/login');
} else {
return Redirect::create($request, $response, '/login?redirect='.$path);
}
} }
} }
} }

15
src/Application/Helper/IBAN.php
View File

@ -30,7 +30,8 @@ class IBAN
return $newword; return $newword;
} }
private function getCheckDigits($bignum){ private function getCheckDigits($bignum)
{
//Modulo staartdeling //Modulo staartdeling
$modulo97 = (int)substr($bignum, 0, 6); $modulo97 = (int)substr($bignum, 0, 6);
$modulo97 = $modulo97 % 97; $modulo97 = $modulo97 % 97;
@ -47,7 +48,8 @@ class IBAN
return $checkdigits; return $checkdigits;
} }
public function isValidIBAN($iban){ public function isValidIBAN($iban)
{
$iban = str_replace(" ", "", $iban); $iban = str_replace(" ", "", $iban);
$landcode = substr($iban, 0, 2); $landcode = substr($iban, 0, 2);
$controle = substr($iban, 2, 2); $controle = substr($iban, 2, 2);
@ -58,15 +60,18 @@ class IBAN
return $controle == $this->getCheckDigits($nummer); return $controle == $this->getCheckDigits($nummer);
} }
public function getRekeningNummer($iban){ public function getRekeningNummer($iban)
{
return substr(str_replace(" ", "", $iban), 8); return substr(str_replace(" ", "", $iban), 8);
} }
public function getBank($iban){ public function getBank($iban)
{
return substr(str_replace(" ", "", $iban), 4, 4); return substr(str_replace(" ", "", $iban), 4, 4);
} }
public function getLand($iban){ public function getLand($iban)
{
return substr(str_replace(" ", "", $iban), 0, 2); return substr(str_replace(" ", "", $iban), 0, 2);
} }

54
src/Application/Helper/Idob/Client.php Normal file
View File

@ -0,0 +1,54 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application\Helper\Idob;
use Inforbank\Application;
class Client
{
private $client;
public function __construct($id)
{
$container = Application::getContainer();
$db = $container->db;
$this->client = $db->idobc->where("clientId", $id)->limit(1)->fetch();
if (!$this->client) {
throw new \Exception("There is no client with this id");
}
}
public function getClientSecret()
{
return $this->client['clientSecret'];
}
public function getClientRedirectURI()
{
return $this->client['redirectUri'];
}
public function getClientName()
{
return $this->client['naam'];
}
public function getClientRekening()
{
return $this->client['rekeningnr'];
}
}

75
src/Application/Helper/Idob/Transactie.php Normal file
View File

@ -0,0 +1,75 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application\Helper\Idob;
use Inforbank\Application;
class Transactie
{
public static function createTransactie($reference, $clientId, $amount, $description)
{
$container = Application::getContainer();
$db = $container->db;
$trans = $db->idobt->insert([
"reference" => $reference,
"clientId" => $clientId,
"amount" => $amount,
"description" => $description,
"status" => 1
]);
return $trans['id'];
}
public static function getTransactie($id)
{
$container = Application::getContainer();
$db = $container->db;
$transactie = $db->idobt->where("transactieId", $id)->limit(1)->fetch();
if (!$transactie) {
throw new \Exception("Transaction not found");
}
return array(
"transactieId" => $transactie['transactieId'],
"reference" => $transactie['reference'],
"clientId" => $transactie['clientId'],
"amount" => (double) $transactie['amount'],
"description" => $transactie['description'],
"status" => (int) $transactie['status']
);
}
public static function setTransactionStatus($id, $status)
{
$container = Application::getContainer();
$db = $container->db;
$transactie = $db->idobt->where("transactieId", $id)->limit(1);
if (!$transactie) {
throw new \Exception("Transaction not found");
}
$transactie->update(array(
"status" => $status
));
if (!$transactie) {
throw new \Exception("Failed to update status");
}
}
}

8
src/Application/Helper/Overboekingen.php
View File

@ -16,7 +16,8 @@ use Inforbank\Application;
* *
* @author Sjelm * @author Sjelm
*/ */
class Overboekingen { class Overboekingen
{
/** /**
* *
* @param IBAN $van De rekening waar het bedrag vanaf wordt gehaald * @param IBAN $van De rekening waar het bedrag vanaf wordt gehaald
@ -25,7 +26,8 @@ class Overboekingen {
* @param string $omschrijving De omschrijving van de overoeking * @param string $omschrijving De omschrijving van de overoeking
* $param string $type Het type overboeking * $param string $type Het type overboeking
*/ */
public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type){ public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type)
{
$rekeningen = Rekeningen::getCurrentUserRekeningen(); $rekeningen = Rekeningen::getCurrentUserRekeningen();
$vanRekening = false; $vanRekening = false;
@ -59,7 +61,7 @@ class Overboekingen {
//TODO geldigheid bedrag onderzoeken //TODO geldigheid bedrag onderzoeken
//$bedragValue = (double) $bedrag; //$bedragValue = (double) $bedrag;
if (strlen($omschrijving) > 40) { if (strlen($omschrijving) > 40 && $type !== "id") {
//error: te lange omschrijving //error: te lange omschrijving
throw new Exception("De omschrijving is te lang"); throw new Exception("De omschrijving is te lang");
} }

103
src/Application/Idob.php Normal file
View File

@ -0,0 +1,103 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application;
use \Slim\App;
use Inforbank\Application\Auth\Middleware;
use Inforbank\Application\Helper\Header;
use Inforbank\Application\Helper\Idob\Transactie;
use Inforbank\Application\Helper\Idob\Client;
use Inforbank\Application\Helper\Rekeningen;
use Inforbank\Application\Helper\Berichten;
use Inforbank\Application\Helper\Overboekingen;
use Inforbank\Application\Helper\Redirect;
use Inforbank\Application\Helper\IBAN;
class Idob
{
public function __construct(App $app)
{
/**
* Create the API route group
*/
$app->group('/idob', function () {
$this->get('/betalen', function ($request, $response, $args) {
$query = $request->getQueryParams();
$rekeningen = Rekeningen::getCurrentUserRekeningen();
try {
$transactie = Transactie::getTransactie($query['trxid']);
$client = new Client($transactie['clientId']);
$naam = $client->getClientName();
} catch (\Exception $e) {
$transactie = false;
}
return $this->renderer->render($response, 'idob.phtml', [
'header' => Header::getHeaderData(),
'transactie' => $transactie,
'webwinkel' => $naam,
'rekeningen' => $rekeningen
]);
});
$this->get('/mislukt', function ($request, $response, $args) {
return $this->renderer->render($response, 'idobmislukt.phtml', [
'header' => Header::getHeaderData()
]);
});
$this->post('/betalen', function ($request, $response, $args) {
$query = $request->getQueryParams();
$post = $request->getParsedBody();
$van = $post['van'];
try {
$transactie = Transactie::getTransactie($query['trxid']);
$client = new Client($transactie['clientId']);
$redirectUri = $client->getClientRedirectURI();
$rekening = $client->getClientRekening();
$naam = $client->getClientName();
try {
/**
* All set to pay!
*/
$ibanhelper = new IBAN();
// Do overboeking
Overboekingen::createOverboeking($ibanhelper->getIBAN($van), $ibanhelper->getIBAN($rekening), $transactie['amount'], "Betaling aan " . $naam . " voor transactie " . $transactie['reference'], "id");
// Do Status update
Transactie::setTransactionStatus($transactie['transactieId'], 2);
// Do bericht
Berichten::newBericht($this->auth->getUserID(), $naam, "Betaling met transactiereferentie " . $transactie['reference'] . " gelukt.");
$response = $response->withStatus(302);
$response = $response->withHeader('Location', $redirectUri . "?trxid=".$transactie['transactieId']);
return $response;
} catch (\Exception $e) {
$response = $response->withStatus(302);
$response = $response->withHeader('Location', $redirectUri . "?error=".$e->getMessage());
return $response;
}
} catch (\Exception $e) {
return Redirect::create($request, $response, "/idob/mislukt");
}
});
})->add(new Middleware());
}
}

7
src/Application/Login.php
View File

@ -38,12 +38,19 @@ class Login
$post = $request->getParsedBody(); $post = $request->getParsedBody();
$query = $request->getQueryParams(); $query = $request->getQueryParams();
$redirect = $query['redirect']; $redirect = $query['redirect'];
unset($query['redirect']);
$queryString = http_build_query($query);
try { try {
$resp = $this->auth->login($post['rekeningnr'], $post['pascode']); $resp = $this->auth->login($post['rekeningnr'], $post['pascode']);
if ($resp && $redirect !== "") { if ($resp && $redirect !== "") {
if ($queryString !== "") {
return Redirect::create($request, $response, $redirect . "?" . $queryString);
} else {
return Redirect::create($request, $response, $redirect); return Redirect::create($request, $response, $redirect);
}
} elseif ($resp) { } elseif ($resp) {
return Redirect::create($request, $response, '/rekeningen'); return Redirect::create($request, $response, '/rekeningen');
} else { } else {

3
src/bootstrap.php
View File

@ -136,9 +136,10 @@ new Inforbank\Application\Rekeningen($app);
new Inforbank\Application\Berichten($app); new Inforbank\Application\Berichten($app);
/** /**
* API * Idob
*/ */
new Inforbank\Application\API\Handler($app); new Inforbank\Application\API\Handler($app);
new Inforbank\Application\Idob($app);
/** /**
* Bij het maken van dit object is in de class de __construct functie aangeroepen met de parameter $app. De functies die daar in staan zullen nu worden uitgevoerd. * Bij het maken van dit object is in de class de __construct functie aangeroepen met de parameter $app. De functies die daar in staan zullen nu worden uitgevoerd.

65
templates/idob.phtml Normal file
View File

@ -0,0 +1,65 @@
<?php include '__header.phtml'; ?>
<h2 class="page-header">Betalen via Inforbank Direct Online Betalen</h2>
<?php if (!$transactie) {
?>
<div class="alert alert-danger" role="alert"><b>Fout!</b> Deze transactie bestaat niet.</div>
<?php
} else {
?>
<div class="row">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">Transactie</div>
<div class="panel-body">
<b>Transactiereferentie</b>
<p><?php echo $transactie['reference']; ?></p>
<br/>
<b>Ontvangende partij:</b>
<p><?php echo $webwinkel; ?></p>
<br/>
<b>Te betalen:</b>
<h3><?php echo money_format('%(#1n', $transactie['amount']); ?></h3>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">Omschrijving</div>
<div class="panel-body">
<?php echo $transactie['description']; ?>
</div>
</div>
</div>
<div class="col-md-8">
<form class="form-horizontal" method="post" action="">
<div class="form-group">
<label for="van" class="col-sm-2 control-label">Betalen met</label>
<div class="col-sm-10">
<select name="van" class="form-control">
<?php
foreach ($rekeningen as $rekening) {
echo "<option value=" . $rekening['nr'] . ">" . $rekening['iban'] . "</option>\n";
} ?>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10"><br/>
<p>Door het klikken op "Accepteren" hieronder, accepteert u de betaling en zal er <b><?php echo money_format('%(#1n', $transactie['amount']); ?></b> worden overgemaakt aan <b><?php echo $webwinkel; ?></b> ter betaling van het order met de transactierefrentie <b><?php echo $transactie['reference']; ?></b>.<br/><br/>Ga alleen verder als u zeker weet dat deze gegevens kloppen. U kunt ook de omschrijving van de transactie bekijken. Na de betaling wordt u teruggestuurd naar de webshop.
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Accepteren</button>
</div>
</div>
</form>
</div>
</div>
<?php
} ?>
<?php include '__footer.phtml'; ?>

5
templates/idobmislukt.phtml Normal file
View File

@ -0,0 +1,5 @@
<?php include '__header.phtml'; ?>
<div class="alert alert-danger" role="alert"><b>Oeps!</b> De betaling via Inforbank Direct Online Betalen is mislukt. We konden je niet terugsturen naar de webshop. Sorry.</div>
<?php include '__footer.phtml'; ?>