Skip to content

Commit

Permalink
Merge pull request #249 from TransbankDevelopers/feat/add-protections…
Browse files Browse the repository at this point in the history
…-in-authorization-oneclick-flow

feat: add protections in Oneclick authorization flow
  • Loading branch information
mastudillot authored Jul 25, 2024
2 parents 862bdb2 + 4fb143e commit bd89b4a
Showing 1 changed file with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,10 @@ private function handleAuthorization(WC_Order $order, string $paymentTokenId)
$paymentToken = $this->getWcPaymentToken($paymentTokenId);
$amount = $this->getTotalAmountFromOrder($order);

if (!$this->validatePayerMatchesCardInscription($paymentToken)) {
throw new EcommerceException("Datos incorrectos para autorizar la transacción.");
}

$authorizeResponse = $this->oneclickTransbankSdk->authorize(
$order->get_id(),
$amount,
Expand Down Expand Up @@ -703,6 +707,22 @@ private function getTotalAmountFromOrder(WC_Order $order): int
return (int) number_format($order->get_total(), 0, ',', '');
}

/**
* Validate that the user paying for the order is the same as the one who registered the card.
*
* @param WC_Payment_Token_Oneclick $inscriptionData The card inscription data.
*
* @return bool True if the payer matches the card inscription, false otherwise.
*/
private function validatePayerMatchesCardInscription(WC_Payment_Token_Oneclick $paymentToken): bool
{
$currentUser = wp_get_current_user();
$userEmail = $currentUser->user_email;
$inscriptionEmail = $paymentToken->get_email();

return $userEmail == $inscriptionEmail;
}

public function getOneclickPaymentTokenClass()
{
return WC_Payment_Token_Oneclick::class;
Expand Down

0 comments on commit bd89b4a

Please sign in to comment.