0
1
Fork 0

fixes #5174 Redsys TPV api migrated to salix

This commit is contained in:
Juan Ferrer 2023-01-31 13:38:59 +01:00
parent c463e967ca
commit efc7342359
14 changed files with 10 additions and 487 deletions

2
debian/changelog vendored
View File

@ -1,4 +1,4 @@
hedera-web (22.48.8) stable; urgency=low
hedera-web (22.48.9) stable; urgency=low
* Initial Release.

1
debian/cron.d vendored
View File

@ -1,6 +1,5 @@
MAILTO=webmaster
*/1 * * * * root hedera-web.php -m misc/mail
*/4 * * * * root hedera-web.php -m tpv/confirm-mail
*/2 * * * * root hedera-web.php -m edi/load
0 23 * * * root hedera-web.php -m edi/clean
0 5 * * * root hedera-web.php -m edi/update

View File

@ -9,11 +9,10 @@ module.exports = new Class({
this.tpvStatus = this.hash.$.tpvStatus;
if (this.tpvStatus) {
const query = 'CALL myTpvTransaction_end(#transaction, #status)';
this.conn.execQuery(query, {
transaction: this.tpvOrder,
this.conn.post('TpvTransactions/end', {
orderId: this.tpvOrder,
status: this.tpvStatus
});
})
}
return this.tpvStatus;
@ -29,11 +28,11 @@ module.exports = new Class({
return;
}
const json = await this.conn.send('tpv/transaction', {
amount: parseInt(amount)
,urlOk: this._makeUrl('ok')
,urlKo: this._makeUrl('ko')
,company
const json = await this.conn.post('TpvTransactions/start', {
amount: parseInt(amount),
urlOk: this._makeUrl('ok'),
urlKo: this._makeUrl('ko'),
company
});
const postValues = json.postValues;

View File

@ -1,6 +1,6 @@
{
"name": "hedera-web",
"version": "22.48.8",
"version": "22.48.9",
"description": "Verdnatura web page",
"license": "GPL-3.0",
"repository": {

View File

@ -1,98 +0,0 @@
<?php
require_once(__DIR__.'/tpv.php');
/**
* Gets transaction confirmations from the IMAP mailbox.
*/
class ConfirmMail extends Vn\Lib\Method {
function run($db) {
$imap = NULL;
$imapConf = $db->getObject(
'SELECT host, user, pass, cleanPeriod, successFolder, errorFolder
FROM tpvImapConfig'
);
$mailbox = sprintf('{%s/imap/ssl/novalidate-cert}',
$imapConf->host);
$imap = imap_open($mailbox
,$imapConf->user
,base64_decode($imapConf->pass)
);
if (!$imap)
throw new Exception(imap_last_error());
// Fetchs and confirms new transaction mails
$count = 0;
$inbox = imap_search($imap, 'ALL');
if ($inbox)
foreach ($inbox as $msg) {
// Decodes the mail body
$params = [];
$body = imap_fetchbody($imap, $msg, '1');
$strings = explode(';', $body);
foreach ($strings as $string) {
$x = explode(':', $string);
$params[trim($x[0])] = trim($x[1]);
}
// Confirms the transaction
$success = FALSE;
try {
$success = Tpv::confirm($db, $params);
} catch (\Exception $e) {
trigger_error($e->getMessage(), E_USER_WARNING);
}
// Moves the processed mail to another folder
if ($success)
$folder = $imapConf->successFolder;
else
$folder = $imapConf->errorFolder;
if (!imap_mail_move($imap, $msg, "$folder"))
trigger_error(imap_last_error(), E_USER_WARNING);
$count++;
}
imap_expunge($imap);
// Cleans the old mails
$deleted = 0;
if (rand(1, 20) == 1) {
$folders = array(
$imapConf->successFolder
,$imapConf->errorFolder
);
$date = new \DateTime(NULL);
$date->sub(new \DateInterval($imapConf->cleanPeriod));
$filter = sprintf('BEFORE "%s"', $date->format('D, j M Y'));
foreach ($folders as $folder)
if (imap_reopen($imap, $mailbox.$folder))
if ($messages = imap_search($imap, $filter)) {
foreach ($messages as $message)
imap_delete($imap, $message);
imap_expunge($imap);
$deleted += count($messages);
}
}
echo "$count mails processed, $deleted mails deleted.\n";
}
}

View File

@ -1,13 +0,0 @@
<?php
require_once(__DIR__.'/tpv.php');
/**
* Gets transaction confirmation from HTTP POST.
*/
class ConfirmPost extends Vn\Web\RestRequest {
function run($db) {
Tpv::confirm($db, $_POST);
}
}

View File

@ -1,91 +0,0 @@
<?php
require_once('vn/web/util.php');
require_once(__DIR__.'/tpv.php');
/**
* Gets transaction confirmation from SOAP service.
*/
class ConfirmSoap extends Vn\Web\RestRequest {
function run($db) {
global $tpvConfirmSoap;
$tpvConfirmSoap = $this;
ini_set('soap.wsdl_cache_enabled', FALSE);
$server = new SoapServer(__DIR__ .'/soap.wsdl');
$server->addFunction('procesaNotificacionSIS');
$server->handle();
}
}
function procesaNotificacionSIS($XML) {
global $tpvConfirmSoap;
$db = $tpvConfirmSoap->app->getSysConn();
$status = 'OK';
$requestString = $XML;
// Processes the request
try {
$xml = new SimpleXMLElement($requestString);
$params =(array) $xml->{'Request'};
if (!(isset($params['Ds_Amount'])
&& isset($params['Ds_Order'])
&& isset($params['Ds_MerchantCode'])
&& isset($params['Ds_Currency'])
&& isset($params['Ds_Response'])))
throw new Exception('Missing required parameters');
// Checks the signature
$start = strpos($requestString, '<Request');
$end = strrpos($requestString, '</Request>');
$shaString = substr($requestString, $start, $end - $start + 10);
$key = $db->getValue(
'SELECT secretKey FROM tpvMerchant WHERE id = #'
,[$params['Ds_MerchantCode']]
);
if (sha1($shaString.$key) != $xml->{'Signature'})
throw new Exception('Invalid signature');
// Confirms the transaction
Tpv::confirm($db, $params);
} catch (Exception $e) {
$status = 'KO';
}
// Generates the response
$responseString = file_get_contents(__DIR__ .'/soap-reply.xml');
$xml = new SimpleXMLElement($responseString);
$response = $xml->{'Response'};
$response->{'Ds_Response_Merchant'} = $status;
$xml->{'Signature'} = sha1($response->asXML().$key);
return $xml->asXML();
/*
// Another way to generate the response
$xmlResponse =
'<Response Ds_Version="0.0">
<Ds_Response_Merchant>'. $status .'</Ds_Response_Merchant>
</Response>';
$xmlMessage =
'<Message>
'. $xmlResponse .'
<Signature>'. sha1($xmlResponse.$key) .'</Signature>
</Message>';
return $xmlMessage;
*/}

View File

@ -1,6 +0,0 @@
<Message>
<Response Ds_Version="0.0">
<Ds_Response_Merchant></Ds_Response_Merchant>
</Response>
<Signature></Signature>
</Message>

View File

@ -1,40 +0,0 @@
<!ELEMENT Message (Request, Signature)>
<!ELEMENT Request (
Fecha,
Hora,
Ds_SecurePayment,
Ds_Amount,
Ds_Currency,
Ds_Order,
Ds_MerchantCode,
Ds_Terminal,
Ds_Response,
Ds_MerchantData?,
Ds_Card_Type?,
Ds_TransactionType,
Ds_ConsumerLanguage,
Ds_ErrorCode?,
Ds_CardCountry?,
Ds_AuthorisationCode?
)>
<!ATTLIST Request Ds_Version CDATA #REQUIRED>
<!ELEMENT Fecha (#PCDATA)>
<!ELEMENT Hora (#PCDATA)>
<!ELEMENT Ds_SecurePayment (#PCDATA)>
<!ELEMENT Ds_Amount (#PCDATA)>
<!ELEMENT Ds_Currency (#PCDATA)>
<!ELEMENT Ds_Order (#PCDATA)>
<!ELEMENT Ds_MerchantCode (#PCDATA)>
<!ELEMENT Ds_Terminal (#PCDATA)>
<!ELEMENT Ds_Response (#PCDATA)>
<!ELEMENT Ds_MerchantData (#PCDATA)>
<!ELEMENT Ds_Card_Type (#PCDATA)>
<!ELEMENT Ds_TransactionType (#PCDATA)>
<!ELEMENT Ds_ConsumerLanguage (#PCDATA)>
<!ELEMENT Ds_ErrorCode (#PCDATA)>
<!ELEMENT Ds_CardCountry (#PCDATA)>
<!ELEMENT Ds_AuthorisationCode (#PCDATA)>
<!ELEMENT Signature (#PCDATA)>

View File

@ -1,20 +0,0 @@
<Message>
<Request Ds_Version='0.0'>
<Fecha>21/10/2014</Fecha>
<Hora>17:56</Hora>
<Ds_SecurePayment>1</Ds_SecurePayment>
<DS_Card_Type>D</DS_Card_Type>
<Ds_Card_Country>724</Ds_Card_Country>
<Ds_Amount>1</Ds_Amount>
<Ds_Currency>978</Ds_Currency>
<Ds_Order>000000007216</Ds_Order>
<Ds_MerchantCode>329744999</Ds_MerchantCode>
<Ds_Terminal>001</Ds_Terminal>
<Ds_Response>0000</Ds_Response>
<Ds_MerchantData></Ds_MerchantData>
<Ds_TransactionType>0</Ds_TransactionType>
<Ds_ConsumerLanguage>1</Ds_ConsumerLanguage>
<Ds_AuthorisationCode>563451</Ds_AuthorisationCode>
</Request>
<Signature>b97d1aba50aac5efc0915f59a70e24fc94cb3ffe</Signature>
</Message>

View File

@ -1,56 +0,0 @@
<?php
if (isset($_POST['key'])) {
ini_set('soap.wsdl_cache_enabled', FALSE);
$requestString = file_get_contents(__DIR__.'/soap-request.xml');
$client = new SoapClient(__DIR__.'/soap.wsdl');
$result = $client->__soapCall('procesaNotificacionSIS', [
'XML' => $requestString
]);
$xml = new SimpleXMLElement($result);
$key = $_POST['key'];
$start = strpos($result, '<Response');
$end = strrpos($result, '</Response>');
$shaString = substr($result, $start, $end - $start + 11);
$shaHash = sha1($shaString.$key);
$isValid = $xml->{'Signature'} == $shaHash;
} else {
$key = '';
$result = '';
$shaHash = '';
$isValid = FALSE;
}
?>
<html>
<head>
<title>
TPV SOAP Client
</title>
</head>
<body>
<form action="?" method="post">
<label>Key:</label>
<input type="password" value="<?=$key?>" name="key"/>
<input type="submit"/>
</form>
<h2>Response</h2>
<p>
<pre><?=htmlentities($result)?></pre>
</p>
<h2>Signature</h2>
<p>
Calculated: <?=$shaHash?>
</p>
<p>
Valid: <input type="checkbox" <?=($isValid ? 'checked' : '')?>/>
</p>
</body>
</html>

View File

@ -1,51 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<definitions name="InotificacionSIS"
targetNamespace="https://sis.sermepa.es/sis/InotificacionSIS.wsdl"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:tns="https://sis.sermepa.es/sis/InotificacionSIS.wsdl"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/">
<message name="procesaNotificacionSISRequest">
<part name="XML" type="xs:string"/>
</message>
<message name="procesaNotificacionSISResponse">
<part name="return" type="xs:string"/>
</message>
<portType name="InotificacionSISPortType">
<operation name="procesaNotificacionSIS">
<input message="tns:procesaNotificacionSISRequest"/>
<output message="tns:procesaNotificacionSISResponse"/>
</operation>
</portType>
<binding name="InotificacionSISBinding" type="tns:InotificacionSISPortType">
<soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="procesaNotificacionSIS">
<soap:operation
soapAction="urn:InotificacionSIS#procesaNotificacionSIS" style="rpc"/>
<input>
<soap:body use="encoded"
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="InotificacionSIS"/>
</input>
<output>
<soap:body use="encoded"
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="InotificacionSIS"/>
</output>
</operation>
</binding>
<service name="InotificacionSISService">
<port name="InotificacionSIS" binding="tns:InotificacionSISBinding">
<soap:address
location="http://localhost/~juan/hedera-web/tpv/soap.php"/>
</port>
</service>
</definitions>

View File

@ -1,33 +0,0 @@
<?php
class Tpv {
/**
* Tryes to confirm a transaction with the given params.
*/
static function confirm($db, $params) {
if (!(isset($params['Ds_Amount'])
&& isset($params['Ds_Order'])
&& isset($params['Ds_MerchantCode'])
&& isset($params['Ds_Currency'])
&& isset($params['Ds_Response'])))
return FALSE;
if (isset($params['Ds_ErrorCode']))
$error = $params['Ds_ErrorCode'];
else
$error = NULL;
return $db->query(
'CALL tpvTransaction_confirm(#, #, #, #, #, #)',
[
$params['Ds_Amount']
,$params['Ds_Order']
,$params['Ds_MerchantCode']
,$params['Ds_Currency']
,$params['Ds_Response']
,$error
]
);
}
}

View File

@ -1,67 +0,0 @@
<?php
/**
* Starts a new TPV transaction and returns the params.
*/
class Transaction extends Vn\Web\JsonRequest {
const PARAMS = ['amount'];
function run($db) {
$amount = (int) $_REQUEST['amount'];
$companyId = empty($_REQUEST['company']) ? NULL : $_REQUEST['company'];
$row = $db->getObject('CALL myTpvTransaction_start(#, #)',
[$amount, $companyId]);
if (!isset($row))
throw new Exception('Transaction error');
$transactionId = str_pad($row->transactionId, 12, '0', STR_PAD_LEFT);
$merchantUrl = $row->merchantUrl ? $row->merchantUrl : '';
$urlOk = empty($_REQUEST['urlOk']) ? '' :
str_replace('_transactionId_', $transactionId, $_REQUEST['urlOk']);
$urlKo = empty($_REQUEST['urlKo']) ? '' :
str_replace('_transactionId_', $transactionId, $_REQUEST['urlKo']);
$params = [
'Ds_Merchant_Amount' => $amount
,'Ds_Merchant_Order' => $transactionId
,'Ds_Merchant_MerchantCode' => $row->merchant
,'Ds_Merchant_Currency' => $row->currency
,'Ds_Merchant_TransactionType' => $row->transactionType
,'Ds_Merchant_Terminal' => $row->terminal
,'Ds_Merchant_MerchantURL' => $merchantUrl
,'Ds_Merchant_UrlOK' => $urlOk
,'Ds_Merchant_UrlKO' => $urlKo
];
$encodedParams = base64_encode(json_encode($params));
$key = base64_decode($row->secretKey);
$bytes = [0, 0, 0, 0, 0, 0, 0, 0];
$iv = implode(array_map('chr', $bytes));
$paddedData = $transactionId;
if (strlen($paddedData) % 8) {
$paddedData = str_pad($paddedData,
strlen($paddedData) + 8 - strlen($paddedData) % 8, "\0");
}
$encryptedData = openssl_encrypt($paddedData,
'des-ede3-cbc', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING , $iv);
$signature = base64_encode(hash_hmac('sha256', $encodedParams, $encryptedData, TRUE));
$url = $row->url;
$postValues = [
'Ds_SignatureVersion' => 'HMAC_SHA256_V1'
,'Ds_MerchantParameters' => $encodedParams
,'Ds_Signature' => $signature
];
return [
'url' => $url
,'postValues' => $postValues
];
}
}