1
0

Finalized IDOB + small changes concerning redirects

This commit is contained in:
Christiaan Goossens 2017-04-02 11:50:45 +02:00
parent d982b97455
commit fe9d31a076
11 changed files with 434 additions and 71 deletions

View File

@ -15,6 +15,8 @@
namespace Inforbank\Application\API;
use \Slim\App;
use Inforbank\Application\Helper\Idob\Client;
use Inforbank\Application\Helper\Idob\Transactie;
class Handler
{
@ -38,37 +40,64 @@ class Handler
$this->post('/transactionRequest', function ($request, $response, $args) {
$parsedBody = $request->getParsedBody();
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['sha1'])) {
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['amount']) && isset($parsedBody['description']) && isset($parsedBody['returnUrl']) && isset($parsedBody['hash'])) {
// Correct request
try {
$client = new Client($parsedBody['clientId']);
$clientSecret = $client->getClientSecret();
if ($parsedBody['clientId'] !== Handler::getClientId()) {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect client id."
);
} else {
$clientSecret = Handler::getClientSecret();
$sha = sha1($parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
$sha = hash("sha256", $parsedBody['transactionId'] . $parsedBody['amount'] . $clientSecret);
if ($sha === $parsedBody['hash']) {
if ($parsedBody['returnUrl'] === $client->getClientRedirectURI()) {
// Voeg de transactie toe aan de lijst en stuur een response
try {
$reference = $parsedBody['transactionId'];
$amount = ((double) $parsedBody['amount']) / 100;
$description = $parsedBody['description'];
$clientId = $parsedBody['clientId'];
$transactie = Transactie::createTransactie($reference, $clientId, $amount, $description);
$uri = $request->getUri();
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"redirect" => "https://example.com"
"redirect" => $uri->getBaseUrl() . "/idob/betalen?trxid=" . $transactie
);
} else {
$response = $response->withStatus(403);
} catch (\Exception $e) {
$response = $response->withStatus(500);
$responseJSON = array(
"success" => false,
"error" => "Incorrect sha1 verification hash."
"error" => $e->getMessage()
);
}
}
} else {
$response = $response->withStatus(400);
$responseJSON = array(
"success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, sha1]"
"error" => "Unknown return URI."
);
}
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect verification hash."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect client id."
);
}
} else {
$response = $response->withStatus(400);
$responseJSON = array(
"success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, amount, description, returnUrl, hash]"
);
}
@ -88,41 +117,59 @@ class Handler
$this->post('/statusRequest', function ($request, $response, $args) {
$parsedBody = $request->getParsedBody();
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['sha1'])) {
if (isset($parsedBody['clientId']) && isset($parsedBody['transactionId']) && isset($parsedBody['hash'])) {
// Correct request
try {
$client = new Client($parsedBody['clientId']);
$clientSecret = $client->getClientSecret();
if ($parsedBody['clientId'] !== Handler::getClientId()) {
$sha = hash("sha256", $parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['hash']) {
try {
$transactie = Transactie::getTransactie($parsedBody['transactionId']);
if ($transactie['clientId'] === $parsedBody['clientId']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"reference" => $transactie['reference'],
"status" => $transactie['status']
)
);
} else {
$response = $response->withStatus(500);
$responseJSON = array(
"success" => false,
"error" => "Transaction not found."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(500);
$responseJSON = array(
"success" => false,
"error" => $e->getMessage()
);
}
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect verification hash."
);
}
} catch (\Exception $e) {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect client id."
);
} else {
$clientSecret = Handler::getClientSecret();
$sha = sha1($parsedBody['transactionId'] . $clientSecret);
if ($sha === $parsedBody['sha1']) {
$responseJSON = array(
"success" => true,
"transaction" => array(
"status" => "Success",
"transactionId" => "notyetfromdb",
"someotherrandomkey" => "changethis"
)
);
} else {
$response = $response->withStatus(403);
$responseJSON = array(
"success" => false,
"error" => "Incorrect sha1 verification hash."
);
}
}
} else {
$response = $response->withStatus(400);
$responseJSON = array(
"success" => false,
"error" => "Missing one of the following attributes: [clientId, transactionId, sha1]"
"error" => "Missing one of the following attributes: [clientId, transactionId, hash]"
);
}
@ -138,14 +185,4 @@ class Handler
return $next($request, $response);
});
}
public static function getClientId()
{
return 'de-webshop';
}
public static function getClientSecret()
{
return '42';
}
}

View File

@ -22,13 +22,22 @@ class Middleware
public function __invoke($request, $response, $next)
{
$container = Application::getContainer();
$uri = $request->getUri();
$path = $uri->getPath();
$query = $uri->getQuery();
// Check for an existing session
if ($container->auth->isUserAuthenticated()) {
return $next($request, $response);
} else {
// Redirect to the login page
if ($query !== "") {
return Redirect::create($request, $response, '/login?redirect='.$path."&".$query);
} elseif ($path = "/") {
return Redirect::create($request, $response, '/login');
} else {
return Redirect::create($request, $response, '/login?redirect='.$path);
}
}
}
}

View File

@ -21,16 +21,17 @@ class IBAN
$newword = "";
$wordarray = str_split($word);
foreach ($wordarray as $v) {
if(ctype_alpha($v)){
if (ctype_alpha($v)) {
$newword .= ord(strtolower($v)) - 87;
}else{
} else {
$newword .= $v;
}
}
return $newword;
}
private function getCheckDigits($bignum){
private function getCheckDigits($bignum)
{
//Modulo staartdeling
$modulo97 = (int)substr($bignum, 0, 6);
$modulo97 = $modulo97 % 97;
@ -47,7 +48,8 @@ class IBAN
return $checkdigits;
}
public function isValidIBAN($iban){
public function isValidIBAN($iban)
{
$iban = str_replace(" ", "", $iban);
$landcode = substr($iban, 0, 2);
$controle = substr($iban, 2, 2);
@ -58,15 +60,18 @@ class IBAN
return $controle == $this->getCheckDigits($nummer);
}
public function getRekeningNummer($iban){
public function getRekeningNummer($iban)
{
return substr(str_replace(" ", "", $iban), 8);
}
public function getBank($iban){
public function getBank($iban)
{
return substr(str_replace(" ", "", $iban), 4, 4);
}
public function getLand($iban){
public function getLand($iban)
{
return substr(str_replace(" ", "", $iban), 0, 2);
}

View File

@ -0,0 +1,54 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application\Helper\Idob;
use Inforbank\Application;
class Client
{
private $client;
public function __construct($id)
{
$container = Application::getContainer();
$db = $container->db;
$this->client = $db->idobc->where("clientId", $id)->limit(1)->fetch();
if (!$this->client) {
throw new \Exception("There is no client with this id");
}
}
public function getClientSecret()
{
return $this->client['clientSecret'];
}
public function getClientRedirectURI()
{
return $this->client['redirectUri'];
}
public function getClientName()
{
return $this->client['naam'];
}
public function getClientRekening()
{
return $this->client['rekeningnr'];
}
}

View File

@ -0,0 +1,75 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application\Helper\Idob;
use Inforbank\Application;
class Transactie
{
public static function createTransactie($reference, $clientId, $amount, $description)
{
$container = Application::getContainer();
$db = $container->db;
$trans = $db->idobt->insert([
"reference" => $reference,
"clientId" => $clientId,
"amount" => $amount,
"description" => $description,
"status" => 1
]);
return $trans['id'];
}
public static function getTransactie($id)
{
$container = Application::getContainer();
$db = $container->db;
$transactie = $db->idobt->where("transactieId", $id)->limit(1)->fetch();
if (!$transactie) {
throw new \Exception("Transaction not found");
}
return array(
"transactieId" => $transactie['transactieId'],
"reference" => $transactie['reference'],
"clientId" => $transactie['clientId'],
"amount" => (double) $transactie['amount'],
"description" => $transactie['description'],
"status" => (int) $transactie['status']
);
}
public static function setTransactionStatus($id, $status)
{
$container = Application::getContainer();
$db = $container->db;
$transactie = $db->idobt->where("transactieId", $id)->limit(1);
if (!$transactie) {
throw new \Exception("Transaction not found");
}
$transactie->update(array(
"status" => $status
));
if (!$transactie) {
throw new \Exception("Failed to update status");
}
}
}

View File

@ -16,7 +16,8 @@ use Inforbank\Application;
*
* @author Sjelm
*/
class Overboekingen {
class Overboekingen
{
/**
*
* @param IBAN $van De rekening waar het bedrag vanaf wordt gehaald
@ -25,7 +26,8 @@ class Overboekingen {
* @param string $omschrijving De omschrijving van de overoeking
* $param string $type Het type overboeking
*/
public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type){
public static function createOverboeking($van, $naar, $bedrag, $omschrijving, $type)
{
$rekeningen = Rekeningen::getCurrentUserRekeningen();
$vanRekening = false;
@ -59,7 +61,7 @@ class Overboekingen {
//TODO geldigheid bedrag onderzoeken
//$bedragValue = (double) $bedrag;
if (strlen($omschrijving) > 40) {
if (strlen($omschrijving) > 40 && $type !== "id") {
//error: te lange omschrijving
throw new Exception("De omschrijving is te lang");
}

103
src/Application/Idob.php Normal file
View File

@ -0,0 +1,103 @@
<?php
/**
* Informatica Eindproject D4p
* 6in3, Stedelijk Gymnasium Nijmegen
* Docent: Hans de Wolf
*
* ==================
*
* Daniel Boutros,
* Christiaan Goossens,
* Jelmer Hinssen
*/
namespace Inforbank\Application;
use \Slim\App;
use Inforbank\Application\Auth\Middleware;
use Inforbank\Application\Helper\Header;
use Inforbank\Application\Helper\Idob\Transactie;
use Inforbank\Application\Helper\Idob\Client;
use Inforbank\Application\Helper\Rekeningen;
use Inforbank\Application\Helper\Berichten;
use Inforbank\Application\Helper\Overboekingen;
use Inforbank\Application\Helper\Redirect;
use Inforbank\Application\Helper\IBAN;
class Idob
{
public function __construct(App $app)
{
/**
* Create the API route group
*/
$app->group('/idob', function () {
$this->get('/betalen', function ($request, $response, $args) {
$query = $request->getQueryParams();
$rekeningen = Rekeningen::getCurrentUserRekeningen();
try {
$transactie = Transactie::getTransactie($query['trxid']);
$client = new Client($transactie['clientId']);
$naam = $client->getClientName();
} catch (\Exception $e) {
$transactie = false;
}
return $this->renderer->render($response, 'idob.phtml', [
'header' => Header::getHeaderData(),
'transactie' => $transactie,
'webwinkel' => $naam,
'rekeningen' => $rekeningen
]);
});
$this->get('/mislukt', function ($request, $response, $args) {
return $this->renderer->render($response, 'idobmislukt.phtml', [
'header' => Header::getHeaderData()
]);
});
$this->post('/betalen', function ($request, $response, $args) {
$query = $request->getQueryParams();
$post = $request->getParsedBody();
$van = $post['van'];
try {
$transactie = Transactie::getTransactie($query['trxid']);
$client = new Client($transactie['clientId']);
$redirectUri = $client->getClientRedirectURI();
$rekening = $client->getClientRekening();
$naam = $client->getClientName();
try {
/**
* All set to pay!
*/
$ibanhelper = new IBAN();
// Do overboeking
Overboekingen::createOverboeking($ibanhelper->getIBAN($van), $ibanhelper->getIBAN($rekening), $transactie['amount'], "Betaling aan " . $naam . " voor transactie " . $transactie['reference'], "id");
// Do Status update
Transactie::setTransactionStatus($transactie['transactieId'], 2);
// Do bericht
Berichten::newBericht($this->auth->getUserID(), $naam, "Betaling met transactiereferentie " . $transactie['reference'] . " gelukt.");
$response = $response->withStatus(302);
$response = $response->withHeader('Location', $redirectUri . "?trxid=".$transactie['transactieId']);
return $response;
} catch (\Exception $e) {
$response = $response->withStatus(302);
$response = $response->withHeader('Location', $redirectUri . "?error=".$e->getMessage());
return $response;
}
} catch (\Exception $e) {
return Redirect::create($request, $response, "/idob/mislukt");
}
});
})->add(new Middleware());
}
}

View File

@ -38,12 +38,19 @@ class Login
$post = $request->getParsedBody();
$query = $request->getQueryParams();
$redirect = $query['redirect'];
unset($query['redirect']);
$queryString = http_build_query($query);
try {
$resp = $this->auth->login($post['rekeningnr'], $post['pascode']);
if ($resp && $redirect !== "") {
if ($queryString !== "") {
return Redirect::create($request, $response, $redirect . "?" . $queryString);
} else {
return Redirect::create($request, $response, $redirect);
}
} elseif ($resp) {
return Redirect::create($request, $response, '/rekeningen');
} else {

View File

@ -136,9 +136,10 @@ new Inforbank\Application\Rekeningen($app);
new Inforbank\Application\Berichten($app);
/**
* API
* Idob
*/
new Inforbank\Application\API\Handler($app);
new Inforbank\Application\Idob($app);
/**
* Bij het maken van dit object is in de class de __construct functie aangeroepen met de parameter $app. De functies die daar in staan zullen nu worden uitgevoerd.

65
templates/idob.phtml Normal file
View File

@ -0,0 +1,65 @@
<?php include '__header.phtml'; ?>
<h2 class="page-header">Betalen via Inforbank Direct Online Betalen</h2>
<?php if (!$transactie) {
?>
<div class="alert alert-danger" role="alert"><b>Fout!</b> Deze transactie bestaat niet.</div>
<?php
} else {
?>
<div class="row">
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">Transactie</div>
<div class="panel-body">
<b>Transactiereferentie</b>
<p><?php echo $transactie['reference']; ?></p>
<br/>
<b>Ontvangende partij:</b>
<p><?php echo $webwinkel; ?></p>
<br/>
<b>Te betalen:</b>
<h3><?php echo money_format('%(#1n', $transactie['amount']); ?></h3>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">Omschrijving</div>
<div class="panel-body">
<?php echo $transactie['description']; ?>
</div>
</div>
</div>
<div class="col-md-8">
<form class="form-horizontal" method="post" action="">
<div class="form-group">
<label for="van" class="col-sm-2 control-label">Betalen met</label>
<div class="col-sm-10">
<select name="van" class="form-control">
<?php
foreach ($rekeningen as $rekening) {
echo "<option value=" . $rekening['nr'] . ">" . $rekening['iban'] . "</option>\n";
} ?>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10"><br/>
<p>Door het klikken op "Accepteren" hieronder, accepteert u de betaling en zal er <b><?php echo money_format('%(#1n', $transactie['amount']); ?></b> worden overgemaakt aan <b><?php echo $webwinkel; ?></b> ter betaling van het order met de transactierefrentie <b><?php echo $transactie['reference']; ?></b>.<br/><br/>Ga alleen verder als u zeker weet dat deze gegevens kloppen. U kunt ook de omschrijving van de transactie bekijken. Na de betaling wordt u teruggestuurd naar de webshop.
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">Accepteren</button>
</div>
</div>
</form>
</div>
</div>
<?php
} ?>
<?php include '__footer.phtml'; ?>

View File

@ -0,0 +1,5 @@
<?php include '__header.phtml'; ?>
<div class="alert alert-danger" role="alert"><b>Oeps!</b> De betaling via Inforbank Direct Online Betalen is mislukt. We konden je niet terugsturen naar de webshop. Sorry.</div>
<?php include '__footer.phtml'; ?>