From efc7342359b8c1c4e25e81f63a06b8bcdcd34504 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Tue, 31 Jan 2023 13:38:59 +0100
Subject: [PATCH] fixes #5174 Redsys TPV api migrated to salix

---
 debian/changelog          |  2 +-
 debian/cron.d             |  1 -
 js/hedera/tpv.js          | 17 ++++---
 package.json              |  2 +-
 rest/tpv/confirm-mail.php | 98 ---------------------------------------
 rest/tpv/confirm-post.php | 13 ------
 rest/tpv/confirm-soap.php | 91 ------------------------------------
 rest/tpv/soap-reply.xml   |  6 ---
 rest/tpv/soap-request.dtd | 40 ----------------
 rest/tpv/soap-request.xml | 20 --------
 rest/tpv/soap-test.php    | 56 ----------------------
 rest/tpv/soap.wsdl        | 51 --------------------
 rest/tpv/tpv.php          | 33 -------------
 rest/tpv/transaction.php  | 67 --------------------------
 14 files changed, 10 insertions(+), 487 deletions(-)
 delete mode 100644 rest/tpv/confirm-mail.php
 delete mode 100644 rest/tpv/confirm-post.php
 delete mode 100644 rest/tpv/confirm-soap.php
 delete mode 100644 rest/tpv/soap-reply.xml
 delete mode 100644 rest/tpv/soap-request.dtd
 delete mode 100644 rest/tpv/soap-request.xml
 delete mode 100644 rest/tpv/soap-test.php
 delete mode 100644 rest/tpv/soap.wsdl
 delete mode 100644 rest/tpv/tpv.php
 delete mode 100644 rest/tpv/transaction.php

diff --git a/debian/changelog b/debian/changelog
index 59a72583..da831805 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-hedera-web (22.48.8) stable; urgency=low
+hedera-web (22.48.9) stable; urgency=low
 
   * Initial Release.
 
diff --git a/debian/cron.d b/debian/cron.d
index 1037bb2c..846174c7 100755
--- a/debian/cron.d
+++ b/debian/cron.d
@@ -1,6 +1,5 @@
 MAILTO=webmaster
 */1    *  * * *   root  hedera-web.php -m misc/mail
-*/4    *  * * *   root  hedera-web.php -m tpv/confirm-mail
 */2    *  * * *   root  hedera-web.php -m edi/load
 0     23  * * *   root  hedera-web.php -m edi/clean
 0      5  * * *   root  hedera-web.php -m edi/update
diff --git a/js/hedera/tpv.js b/js/hedera/tpv.js
index dc759476..6deacca8 100644
--- a/js/hedera/tpv.js
+++ b/js/hedera/tpv.js
@@ -9,11 +9,10 @@ module.exports = new Class({
 		this.tpvStatus = this.hash.$.tpvStatus;
 
 		if (this.tpvStatus) {
-			const query = 'CALL myTpvTransaction_end(#transaction, #status)';
-			this.conn.execQuery(query, {
-				transaction: this.tpvOrder,
+			this.conn.post('TpvTransactions/end', {
+				orderId: this.tpvOrder,
 				status: this.tpvStatus
-			});
+			})
 		}
 
 		return this.tpvStatus;
@@ -29,11 +28,11 @@ module.exports = new Class({
 			return;
 		}
 
-		const json = await this.conn.send('tpv/transaction', {
-			amount: parseInt(amount)
-			,urlOk: this._makeUrl('ok')
-			,urlKo: this._makeUrl('ko')
-			,company
+		const json = await this.conn.post('TpvTransactions/start', {
+			amount: parseInt(amount),
+			urlOk: this._makeUrl('ok'),
+			urlKo: this._makeUrl('ko'),
+			company
 		});
 
 		const postValues = json.postValues;
diff --git a/package.json b/package.json
index 2ba47960..a1bdf7e1 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hedera-web",
-  "version": "22.48.8",
+  "version": "22.48.9",
   "description": "Verdnatura web page",
   "license": "GPL-3.0",
   "repository": {
diff --git a/rest/tpv/confirm-mail.php b/rest/tpv/confirm-mail.php
deleted file mode 100644
index 719bfed1..00000000
--- a/rest/tpv/confirm-mail.php
+++ /dev/null
@@ -1,98 +0,0 @@
-<?php
-
-require_once(__DIR__.'/tpv.php');
-
-/**
- * Gets transaction confirmations from the IMAP mailbox.
- */
-class ConfirmMail extends Vn\Lib\Method {
-	function run($db) {
-		$imap = NULL;
-		$imapConf = $db->getObject(
-			'SELECT host, user, pass, cleanPeriod, successFolder, errorFolder
-				FROM tpvImapConfig'
-		);
-
-		$mailbox = sprintf('{%s/imap/ssl/novalidate-cert}',
-			$imapConf->host);
-
-		$imap = imap_open($mailbox
-			,$imapConf->user
-			,base64_decode($imapConf->pass)
-		);
-
-		if (!$imap)
-			throw new Exception(imap_last_error());
-
-		// Fetchs and confirms new transaction mails
-
-		$count = 0;
-		$inbox = imap_search($imap, 'ALL');
-
-		if ($inbox)
-		foreach ($inbox as $msg) {
-			// Decodes the mail body
-
-			$params = [];
-			$body = imap_fetchbody($imap, $msg, '1');
-			$strings = explode(';', $body);
-
-			foreach ($strings as $string) {
-				$x = explode(':', $string);
-				$params[trim($x[0])] = trim($x[1]);
-			}
-	
-			// Confirms the transaction
-			
-			$success = FALSE;
-			
-			try {
-				$success = Tpv::confirm($db, $params);
-			} catch (\Exception $e) {
-				trigger_error($e->getMessage(), E_USER_WARNING); 
-			}
-	
-			// Moves the processed mail to another folder
-
-			if ($success)
-				$folder = $imapConf->successFolder;
-			else
-				$folder = $imapConf->errorFolder;				
-
-			if (!imap_mail_move($imap, $msg, "$folder"))
-				trigger_error(imap_last_error(), E_USER_WARNING);
-
-			$count++;
-		}
-
-		imap_expunge($imap);
-
-		// Cleans the old mails
-		
-		$deleted = 0;
-
-		if (rand(1, 20) == 1) {
-			$folders = array(
-				 $imapConf->successFolder
-				,$imapConf->errorFolder
-			);
-
-			$date = new \DateTime(NULL);
-			$date->sub(new \DateInterval($imapConf->cleanPeriod));
-			$filter = sprintf('BEFORE "%s"', $date->format('D, j M Y'));
-
-			foreach ($folders as $folder)
-			if (imap_reopen($imap, $mailbox.$folder))
-			if ($messages = imap_search($imap, $filter)) {
-				foreach ($messages as $message)
-					imap_delete($imap, $message);
-
-				imap_expunge($imap);
-				$deleted += count($messages);
-			}
-		}
-
-		echo "$count mails processed, $deleted mails deleted.\n";
-	}
-}
-
diff --git a/rest/tpv/confirm-post.php b/rest/tpv/confirm-post.php
deleted file mode 100644
index 20d3cb79..00000000
--- a/rest/tpv/confirm-post.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-
-require_once(__DIR__.'/tpv.php');
-
-/**
- * Gets transaction confirmation from HTTP POST.
- */
-class ConfirmPost extends Vn\Web\RestRequest {
-	function run($db) {
-		Tpv::confirm($db, $_POST);
-	}
-}
-
diff --git a/rest/tpv/confirm-soap.php b/rest/tpv/confirm-soap.php
deleted file mode 100644
index 0af1cd8e..00000000
--- a/rest/tpv/confirm-soap.php
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-
-require_once('vn/web/util.php');
-require_once(__DIR__.'/tpv.php');
-
-/**
- * Gets transaction confirmation from SOAP service.
- */
-class ConfirmSoap extends Vn\Web\RestRequest {
-	function run($db) {
-		global $tpvConfirmSoap;
-
-		$tpvConfirmSoap = $this;
-		ini_set('soap.wsdl_cache_enabled', FALSE);
-
-		$server = new SoapServer(__DIR__ .'/soap.wsdl');
-		$server->addFunction('procesaNotificacionSIS');
-		$server->handle();
-	}
-}
-
-function procesaNotificacionSIS($XML) {
-	global $tpvConfirmSoap;
-
-	$db = $tpvConfirmSoap->app->getSysConn();
-
-	$status = 'OK';
-	$requestString = $XML;
-
-	// Processes the request
-
-	try {
-		$xml = new SimpleXMLElement($requestString);
-		$params =(array) $xml->{'Request'};
-		
-		if (!(isset($params['Ds_Amount'])
-		&& isset($params['Ds_Order'])
-		&& isset($params['Ds_MerchantCode'])
-		&& isset($params['Ds_Currency'])
-		&& isset($params['Ds_Response'])))
-			throw new Exception('Missing required parameters');
-	
-		// Checks the signature
-
-		$start = strpos($requestString, '<Request');
-		$end = strrpos($requestString, '</Request>');
-		$shaString = substr($requestString, $start, $end - $start + 10);
-
-		$key = $db->getValue(
-			'SELECT secretKey FROM tpvMerchant WHERE id = #'
-			,[$params['Ds_MerchantCode']]
-		);
-
-		if (sha1($shaString.$key) != $xml->{'Signature'})
-			throw new Exception('Invalid signature');
-			
-		// Confirms the transaction
-
-		Tpv::confirm($db, $params);
-	} catch (Exception $e) {
-		$status = 'KO';
-	}
-
-	// Generates the response
-
-	$responseString = file_get_contents(__DIR__ .'/soap-reply.xml');
-	$xml = new SimpleXMLElement($responseString);
-
-	$response = $xml->{'Response'};
-	$response->{'Ds_Response_Merchant'} = $status;
-
-	$xml->{'Signature'} = sha1($response->asXML().$key);
-
-	return $xml->asXML();
-/*
-	// Another way to generate the response
-
-	$xmlResponse =
-	'<Response Ds_Version="0.0">
-		<Ds_Response_Merchant>'. $status .'</Ds_Response_Merchant>
-	</Response>';
-
-	$xmlMessage =
-	'<Message>
-		'. $xmlResponse .'
-		<Signature>'. sha1($xmlResponse.$key) .'</Signature>
-	</Message>';
-
-	return $xmlMessage;
-*/}
-
diff --git a/rest/tpv/soap-reply.xml b/rest/tpv/soap-reply.xml
deleted file mode 100644
index c1d454ba..00000000
--- a/rest/tpv/soap-reply.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<Message>
-	<Response Ds_Version="0.0">
-		<Ds_Response_Merchant></Ds_Response_Merchant>
-	</Response>
-	<Signature></Signature>
-</Message>
diff --git a/rest/tpv/soap-request.dtd b/rest/tpv/soap-request.dtd
deleted file mode 100644
index eb73a981..00000000
--- a/rest/tpv/soap-request.dtd
+++ /dev/null
@@ -1,40 +0,0 @@
-<!ELEMENT Message (Request, Signature)>
-
-<!ELEMENT Request (
-	Fecha,
-	Hora,
-	Ds_SecurePayment,
-	Ds_Amount,
-	Ds_Currency,
-	Ds_Order,
-	Ds_MerchantCode,
-	Ds_Terminal,
-	Ds_Response,
-	Ds_MerchantData?,
-	Ds_Card_Type?,
-	Ds_TransactionType,
-	Ds_ConsumerLanguage,
-	Ds_ErrorCode?,
-	Ds_CardCountry?,
-	Ds_AuthorisationCode?
-)>
-
-<!ATTLIST Request Ds_Version CDATA #REQUIRED>
-<!ELEMENT Fecha (#PCDATA)>
-<!ELEMENT Hora (#PCDATA)>
-<!ELEMENT Ds_SecurePayment (#PCDATA)>
-<!ELEMENT Ds_Amount (#PCDATA)>
-<!ELEMENT Ds_Currency (#PCDATA)>
-<!ELEMENT Ds_Order (#PCDATA)>
-<!ELEMENT Ds_MerchantCode (#PCDATA)>
-<!ELEMENT Ds_Terminal (#PCDATA)>
-<!ELEMENT Ds_Response (#PCDATA)>
-<!ELEMENT Ds_MerchantData (#PCDATA)>
-<!ELEMENT Ds_Card_Type (#PCDATA)>
-<!ELEMENT Ds_TransactionType (#PCDATA)>
-<!ELEMENT Ds_ConsumerLanguage (#PCDATA)>
-<!ELEMENT Ds_ErrorCode (#PCDATA)>
-<!ELEMENT Ds_CardCountry (#PCDATA)>
-<!ELEMENT Ds_AuthorisationCode (#PCDATA)>
-<!ELEMENT Signature (#PCDATA)>
-
diff --git a/rest/tpv/soap-request.xml b/rest/tpv/soap-request.xml
deleted file mode 100644
index 25d594db..00000000
--- a/rest/tpv/soap-request.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<Message>
-	<Request Ds_Version='0.0'>
-		<Fecha>21/10/2014</Fecha>
-		<Hora>17:56</Hora>
-		<Ds_SecurePayment>1</Ds_SecurePayment>
-		<DS_Card_Type>D</DS_Card_Type>
-		<Ds_Card_Country>724</Ds_Card_Country>
-		<Ds_Amount>1</Ds_Amount>
-		<Ds_Currency>978</Ds_Currency>
-		<Ds_Order>000000007216</Ds_Order>
-		<Ds_MerchantCode>329744999</Ds_MerchantCode>
-		<Ds_Terminal>001</Ds_Terminal>
-		<Ds_Response>0000</Ds_Response>
-		<Ds_MerchantData></Ds_MerchantData>
-		<Ds_TransactionType>0</Ds_TransactionType>
-		<Ds_ConsumerLanguage>1</Ds_ConsumerLanguage>
-		<Ds_AuthorisationCode>563451</Ds_AuthorisationCode>
-	</Request>
-	<Signature>b97d1aba50aac5efc0915f59a70e24fc94cb3ffe</Signature>
-</Message>
diff --git a/rest/tpv/soap-test.php b/rest/tpv/soap-test.php
deleted file mode 100644
index 5a6bef44..00000000
--- a/rest/tpv/soap-test.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-
-if (isset($_POST['key'])) {
-	ini_set('soap.wsdl_cache_enabled', FALSE);
-
-	$requestString = file_get_contents(__DIR__.'/soap-request.xml');
-
-	$client = new SoapClient(__DIR__.'/soap.wsdl');
-	$result = $client->__soapCall('procesaNotificacionSIS', [
-		'XML' => $requestString
-	]);
-
-	$xml = new SimpleXMLElement($result);
-
-	$key = $_POST['key'];
-
-	$start = strpos($result, '<Response');
-	$end = strrpos($result, '</Response>');
-	$shaString = substr($result, $start, $end - $start + 11);
-	$shaHash = sha1($shaString.$key);
-
-	$isValid = $xml->{'Signature'} == $shaHash;
-} else {
-	$key = '';
-	$result = '';
-	$shaHash = '';
-	$isValid = FALSE;
-}
-
-?>
-
-<html>
-<head>
-	<title>
-		TPV SOAP Client
-	</title>
-</head>
-<body>
-	<form action="?" method="post">
-		<label>Key:</label>
-		<input type="password" value="<?=$key?>" name="key"/>
-		<input type="submit"/>
-	</form>
-	<h2>Response</h2>
-	<p>
-		<pre><?=htmlentities($result)?></pre>
-	</p>
-	<h2>Signature</h2>
-	<p>
-		Calculated: <?=$shaHash?>
-	</p>
-	<p>
-		Valid: <input type="checkbox" <?=($isValid ? 'checked' : '')?>/>
-	</p>
-</body>
-</html>
diff --git a/rest/tpv/soap.wsdl b/rest/tpv/soap.wsdl
deleted file mode 100644
index bd85821d..00000000
--- a/rest/tpv/soap.wsdl
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<definitions name="InotificacionSIS"
-	targetNamespace="https://sis.sermepa.es/sis/InotificacionSIS.wsdl"
-	xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	xmlns:tns="https://sis.sermepa.es/sis/InotificacionSIS.wsdl"
-	xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
-	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
-	xmlns="http://schemas.xmlsoap.org/wsdl/">
-
-	<message name="procesaNotificacionSISRequest">
-		<part name="XML" type="xs:string"/>
-	</message>
-
-	<message name="procesaNotificacionSISResponse">
-		<part name="return" type="xs:string"/>
-	</message>
-
-	<portType name="InotificacionSISPortType">
-		<operation name="procesaNotificacionSIS">
-			<input message="tns:procesaNotificacionSISRequest"/>
-			<output message="tns:procesaNotificacionSISResponse"/>
-		</operation>
-	</portType>
-
-	<binding name="InotificacionSISBinding" type="tns:InotificacionSISPortType">
-		<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="procesaNotificacionSIS">
-			<soap:operation
-				soapAction="urn:InotificacionSIS#procesaNotificacionSIS" style="rpc"/>
-			<input>
-				<soap:body use="encoded"
-					encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
-					namespace="InotificacionSIS"/>
-			</input>
-			<output>
-				<soap:body use="encoded"
-					encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
-					namespace="InotificacionSIS"/>
-			</output>
-		</operation>
-	</binding>
-
-	<service name="InotificacionSISService">
-		<port name="InotificacionSIS" binding="tns:InotificacionSISBinding">
-		<soap:address
-			location="http://localhost/~juan/hedera-web/tpv/soap.php"/>
-		</port>
-	</service>
-
-</definitions>
diff --git a/rest/tpv/tpv.php b/rest/tpv/tpv.php
deleted file mode 100644
index 3ae34f04..00000000
--- a/rest/tpv/tpv.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-
-class Tpv {
-	/**
-	 * Tryes to confirm a transaction with the given params.
-	 */
-	static function confirm($db, $params) {
-		if (!(isset($params['Ds_Amount'])
-		&& isset($params['Ds_Order'])
-		&& isset($params['Ds_MerchantCode'])
-		&& isset($params['Ds_Currency'])
-		&& isset($params['Ds_Response'])))
-			return FALSE;
-
-		if (isset($params['Ds_ErrorCode']))
-			$error = $params['Ds_ErrorCode'];
-		else
-			$error = NULL;
-	
-		return $db->query(
-			'CALL tpvTransaction_confirm(#, #, #, #, #, #)',
-			[
-				 $params['Ds_Amount']
-				,$params['Ds_Order']
-				,$params['Ds_MerchantCode']
-				,$params['Ds_Currency']
-				,$params['Ds_Response']
-				,$error
-			]
-		);		
-	}
-}
-
diff --git a/rest/tpv/transaction.php b/rest/tpv/transaction.php
deleted file mode 100644
index da465c90..00000000
--- a/rest/tpv/transaction.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php
-
-/**
- * Starts a new TPV transaction and returns the params.
- */
-class Transaction extends Vn\Web\JsonRequest {
-	const PARAMS = ['amount'];
-
-	function run($db) {
-		$amount = (int) $_REQUEST['amount'];
-		$companyId = empty($_REQUEST['company']) ? NULL : $_REQUEST['company'];
-			
-		$row = $db->getObject('CALL myTpvTransaction_start(#, #)',
-			[$amount, $companyId]);
-		
-		if (!isset($row))
-			throw new Exception('Transaction error');
-
-		$transactionId = str_pad($row->transactionId, 12, '0', STR_PAD_LEFT);
-		$merchantUrl = $row->merchantUrl ? $row->merchantUrl : '';
-		$urlOk = empty($_REQUEST['urlOk']) ? '' :
-			str_replace('_transactionId_', $transactionId, $_REQUEST['urlOk']);
-		$urlKo = empty($_REQUEST['urlKo']) ? '' :
-			str_replace('_transactionId_', $transactionId, $_REQUEST['urlKo']);
-		
-		$params = [
-			 'Ds_Merchant_Amount'            => $amount
-			,'Ds_Merchant_Order'             => $transactionId
-			,'Ds_Merchant_MerchantCode'      => $row->merchant
-			,'Ds_Merchant_Currency'          => $row->currency
-			,'Ds_Merchant_TransactionType'   => $row->transactionType
-			,'Ds_Merchant_Terminal'          => $row->terminal
-			,'Ds_Merchant_MerchantURL'       => $merchantUrl
-			,'Ds_Merchant_UrlOK'             => $urlOk
-			,'Ds_Merchant_UrlKO'             => $urlKo
-		];
-		
-		$encodedParams = base64_encode(json_encode($params));
-		
-		$key = base64_decode($row->secretKey);
-		
-		$bytes = [0, 0, 0, 0, 0, 0, 0, 0];
-		$iv = implode(array_map('chr', $bytes));
-
-		$paddedData = $transactionId;
-		if (strlen($paddedData) % 8) {
-			$paddedData = str_pad($paddedData,
-				strlen($paddedData) + 8 - strlen($paddedData) % 8, "\0");
-		}
-
-		$encryptedData = openssl_encrypt($paddedData,
-			'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING , $iv);
-		$signature = base64_encode(hash_hmac('sha256', $encodedParams, $encryptedData, TRUE));
-
-		$url = $row->url;
-		$postValues = [
-			'Ds_SignatureVersion'   => 'HMAC_SHA256_V1'
-		   ,'Ds_MerchantParameters' => $encodedParams
-		   ,'Ds_Signature'          => $signature
-		];
-
-		return [
-			 'url'        => $url
-			,'postValues' => $postValues
-		];
-	}
-}