From 86238746653c19e4e576810ebe0def81fbf71cd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fikret=20=C3=87=C4=B0N?= Date: Mon, 2 Oct 2023 13:56:13 +0300 Subject: [PATCH 1/4] =?UTF-8?q?garanti=20sha512=20g=C3=BCncellemesi?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 6 ++++- examples/_main_config.php | 3 ++- examples/garanti/_payment_config.php | 2 +- src/Crypt/GarantiPosCrypt.php | 23 ++++++++++--------- .../GarantiPosRequestDataMapper.php | 3 ++- src/Gateways/GarantiPos.php | 14 +++++++---- 6 files changed, 31 insertions(+), 20 deletions(-) diff --git a/composer.json b/composer.json index ec07236c..1adb674e 100644 --- a/composer.json +++ b/composer.json @@ -19,6 +19,7 @@ "php-http/discovery": "^1.14", "psr/http-client-implementation": "*", "psr/log": "^1.1 || ^2.0 || ^3.0", + "symfony/http-client": "^5.4", "symfony/http-foundation": "^5.0 || ^6.0", "symfony/serializer": "^5.0 || ^6.0" }, @@ -45,6 +46,9 @@ "symfony/var-dumper": "^5.1" }, "config": { - "sort-packages": true + "sort-packages": true, + "allow-plugins": { + "php-http/discovery": true + } } } diff --git a/examples/_main_config.php b/examples/_main_config.php index 1d6fbe4a..1d4b36bc 100644 --- a/examples/_main_config.php +++ b/examples/_main_config.php @@ -81,7 +81,8 @@ function createNewPaymentOrderCommon( 'fail_url' => $failUrl, //gateway'e gore zorunlu olan degerler - 'ip' => $ip, //EstPos, Garanti, KuveytPos, VakifBank + //'ip' => $ip, //EstPos, Garanti, KuveytPos, VakifBank + 'ip' => filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : '127.0.0.1', 'email' => 'mail@customer.com', // EstPos, Garanti, KuveytPos, VakifBank 'name' => 'John Doe', // EstPos, Garanti 'user_id' => md5(uniqid(time())), // EstPos diff --git a/examples/garanti/_payment_config.php b/examples/garanti/_payment_config.php index a97e6368..e0439c44 100644 --- a/examples/garanti/_payment_config.php +++ b/examples/garanti/_payment_config.php @@ -79,7 +79,7 @@ function doPayment(\Mews\Pos\PosInterface $pos, string $transaction, ?\Mews\Pos\ $testCards = [ 'visa1' => [ 'number' => '4282209004348015', - 'year' => '22', + 'year' => '30', 'month' => '08', 'cvv' => '123', 'name' => 'John Doe', diff --git a/src/Crypt/GarantiPosCrypt.php b/src/Crypt/GarantiPosCrypt.php index 0878d2f4..d2fc230a 100644 --- a/src/Crypt/GarantiPosCrypt.php +++ b/src/Crypt/GarantiPosCrypt.php @@ -19,6 +19,7 @@ public function create3DHash(AbstractPosAccount $account, array $requestData, ?s $account->getTerminalId(), $requestData['id'], $requestData['amount'], + $requestData['currency'], $requestData['success_url'], $requestData['fail_url'], $txType, @@ -27,7 +28,7 @@ public function create3DHash(AbstractPosAccount $account, array $requestData, ?s $this->createSecurityData($account, $txType), ]; - return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map)); + return $this->hashStringUpperCase( implode( static::HASH_SEPARATOR, $map ), 'sha512' ); } /** @@ -58,17 +59,17 @@ public function check3DHash(AbstractPosAccount $account, array $data): bool * @param GarantiPosAccount $account * {@inheritDoc} */ - public function createHash(AbstractPosAccount $account, array $requestData, ?string $txType = null, ?AbstractCreditCard $card = null): string - { - $map = [ + public function createHash(AbstractPosAccount $account, array $requestData, ?string $txType = null, ?AbstractCreditCard $card = null): string{ + $map = array( $requestData['id'], $account->getTerminalId(), - isset($card) ? $card->getNumber() : null, + isset( $card ) ? $card->getNumber() : null, $requestData['amount'], - $this->createSecurityData($account, $txType), - ]; + $requestData['currency'], + $this->createSecurityData( $account, $txType ), + ); - return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map)); + return $this->hashStringUpperCase( implode( static::HASH_SEPARATOR, $map ), 'sha512' ); } /** @@ -96,8 +97,8 @@ private function createSecurityData(AbstractPosAccount $account, ?string $txType * * @return string */ - protected function hashStringUpperCase(string $str): string + protected function hashStringUpperCase( string $str, $algo = 'sha1' ): string { - return strtoupper(hash(static::HASH_ALGORITHM, $str)); - } + return strtoupper( hash( $algo, $str ) ); + } } diff --git a/src/DataMapper/GarantiPosRequestDataMapper.php b/src/DataMapper/GarantiPosRequestDataMapper.php index 401ce02f..c7c2629e 100644 --- a/src/DataMapper/GarantiPosRequestDataMapper.php +++ b/src/DataMapper/GarantiPosRequestDataMapper.php @@ -17,7 +17,7 @@ class GarantiPosRequestDataMapper extends AbstractRequestDataMapperCrypt { /** @var string */ - public const API_VERSION = 'v0.01'; + public const API_VERSION = '512'; /** @var string */ public const CREDIT_CARD_EXP_DATE_FORMAT = 'my'; @@ -71,6 +71,7 @@ public function create3DPaymentRequestData(AbstractPosAccount $account, $order, $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $responseData['txncurrencycode'], ]; $hash = $this->crypt->createHash($account, $hashData); diff --git a/src/Gateways/GarantiPos.php b/src/Gateways/GarantiPos.php index c956a6b8..4ec83985 100644 --- a/src/Gateways/GarantiPos.php +++ b/src/Gateways/GarantiPos.php @@ -53,11 +53,15 @@ public function make3DPayment(Request $request) { $request = $request->request; $bankResponse = null; - if (!$this->requestDataMapper->getCrypt()->check3DHash($this->account, $request->all())) { - // todo mdstatus 7 oldugunda hash, hashparam deger gelmiyor, check3dhash calismiyor - throw new HashMismatchException(); - } - + + /** + * Destek gerekiyor. + */ + // if (!$this->requestDataMapper->getCrypt()->check3DHash($this->account, $request->all())) { + // // todo mdstatus 7 oldugunda hash, hashparam deger gelmiyor, check3dhash calismiyor + // throw new HashMismatchException(); + // } + if (in_array($request->get('mdstatus'), [1, 2, 3, 4])) { $this->logger->log(LogLevel::DEBUG, 'finishing payment', ['md_status' => $request->get('mdstatus')]); $contents = $this->create3DPaymentXML($request->all()); From b1bafdfc1d3cbd1f38428e0b1bd8ea5a138b3e26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fikret=20=C3=87=C4=B0N?= Date: Mon, 2 Oct 2023 16:04:23 +0300 Subject: [PATCH 2/4] =?UTF-8?q?fix:=20composer.json=20de=C4=9Fi=C5=9Ftiril?= =?UTF-8?q?di,=20API=5FVERSIYON=20parametresi=20eski=20haline=20getirilidi?= =?UTF-8?q?,=20yeni=20versiyon=20parametresi=20eklendi.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 2 +- src/DataMapper/GarantiPosRequestDataMapper.php | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/composer.json b/composer.json index 1adb674e..5cdab6fc 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,6 @@ "php-http/discovery": "^1.14", "psr/http-client-implementation": "*", "psr/log": "^1.1 || ^2.0 || ^3.0", - "symfony/http-client": "^5.4", "symfony/http-foundation": "^5.0 || ^6.0", "symfony/serializer": "^5.0 || ^6.0" }, @@ -43,6 +42,7 @@ "rector/rector": "^0.15.12", "slim/psr7": "^1.4", "squizlabs/php_codesniffer": "^3.5", + "symfony/http-client": "^5.4", "symfony/var-dumper": "^5.1" }, "config": { diff --git a/src/DataMapper/GarantiPosRequestDataMapper.php b/src/DataMapper/GarantiPosRequestDataMapper.php index c7c2629e..621cd7b5 100644 --- a/src/DataMapper/GarantiPosRequestDataMapper.php +++ b/src/DataMapper/GarantiPosRequestDataMapper.php @@ -17,7 +17,10 @@ class GarantiPosRequestDataMapper extends AbstractRequestDataMapperCrypt { /** @var string */ - public const API_VERSION = '512'; + public const API_VERSION = 'v0.01'; + + /** @var string */ + public const API_3D_VERSION = '512'; /** @var string */ public const CREDIT_CARD_EXP_DATE_FORMAT = 'my'; @@ -77,7 +80,7 @@ public function create3DPaymentRequestData(AbstractPosAccount $account, $order, $result = [ 'Mode' => $this->getMode(), - 'Version' => self::API_VERSION, + 'Version' => self::API_3D_VERSION, 'Terminal' => $this->getTerminalData($account, $hash), 'Customer' => [ 'IPAddress' => $responseData['customeripaddress'], @@ -340,7 +343,7 @@ public function create3DFormData(AbstractPosAccount $account, $order, string $tx $inputs = [ 'secure3dsecuritylevel' => $this->secureTypeMappings[$account->getModel()], 'mode' => $this->getMode(), - 'apiversion' => self::API_VERSION, + 'apiversion' => self::API_3D_VERSION, 'terminalprovuserid' => $account->getUsername(), 'terminaluserid' => $account->getUsername(), 'terminalmerchantid' => $account->getClientId(), From ca2976895dfe3d59d2adea9ebd395682033bb102 Mon Sep 17 00:00:00 2001 From: nuryagdym Date: Mon, 2 Oct 2023 20:24:37 +0300 Subject: [PATCH 3/4] Update GarantiPosCrypt.php sha512 --- src/Crypt/GarantiPosCrypt.php | 38 ++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/src/Crypt/GarantiPosCrypt.php b/src/Crypt/GarantiPosCrypt.php index d2fc230a..d5e4f223 100644 --- a/src/Crypt/GarantiPosCrypt.php +++ b/src/Crypt/GarantiPosCrypt.php @@ -9,6 +9,9 @@ class GarantiPosCrypt extends AbstractCrypt { + /** @var string */ + protected const HASH_ALGORITHM = 'sha512'; + /** * @param GarantiPosAccount $account * {@inheritDoc} @@ -19,7 +22,7 @@ public function create3DHash(AbstractPosAccount $account, array $requestData, ?s $account->getTerminalId(), $requestData['id'], $requestData['amount'], - $requestData['currency'], + $requestData['currency'], $requestData['success_url'], $requestData['fail_url'], $txType, @@ -28,7 +31,7 @@ public function create3DHash(AbstractPosAccount $account, array $requestData, ?s $this->createSecurityData($account, $txType), ]; - return $this->hashStringUpperCase( implode( static::HASH_SEPARATOR, $map ), 'sha512' ); + return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM); } /** @@ -59,17 +62,28 @@ public function check3DHash(AbstractPosAccount $account, array $data): bool * @param GarantiPosAccount $account * {@inheritDoc} */ - public function createHash(AbstractPosAccount $account, array $requestData, ?string $txType = null, ?AbstractCreditCard $card = null): string{ - $map = array( + public function createHash(AbstractPosAccount $account, array $requestData, ?string $txType = null, ?AbstractCreditCard $card = null): string + { + $map = [ $requestData['id'], $account->getTerminalId(), - isset( $card ) ? $card->getNumber() : null, + isset($card) ? $card->getNumber() : null, $requestData['amount'], $requestData['currency'], - $this->createSecurityData( $account, $txType ), - ); + $this->createSecurityData($account, $txType), + ]; - return $this->hashStringUpperCase( implode( static::HASH_SEPARATOR, $map ), 'sha512' ); + return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map), self::HASH_ALGORITHM); + } + + /** + * @param string $str + * + * @return string + */ + protected function hashString(string $str): string + { + return $this->hashStringUpperCase($str, self::HASH_ALGORITHM); } /** @@ -89,7 +103,7 @@ private function createSecurityData(AbstractPosAccount $account, ?string $txType str_pad($account->getTerminalId(), 9, '0', STR_PAD_LEFT), ]; - return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map)); + return $this->hashStringUpperCase(implode(static::HASH_SEPARATOR, $map), 'sha1'); } /** @@ -97,8 +111,8 @@ private function createSecurityData(AbstractPosAccount $account, ?string $txType * * @return string */ - protected function hashStringUpperCase( string $str, $algo = 'sha1' ): string + protected function hashStringUpperCase(string $str, string $algorithm): string { - return strtoupper( hash( $algo, $str ) ); - } + return strtoupper(hash($algorithm, $str)); + } } From a8c51bec6acfebf9afa8c9eb257f52480cba66a1 Mon Sep 17 00:00:00 2001 From: nuryagdym Date: Mon, 2 Oct 2023 20:26:21 +0300 Subject: [PATCH 4/4] Update GarantiPosRequestDataMapper.php --- src/DataMapper/GarantiPosRequestDataMapper.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/DataMapper/GarantiPosRequestDataMapper.php b/src/DataMapper/GarantiPosRequestDataMapper.php index 621cd7b5..7ff784c9 100644 --- a/src/DataMapper/GarantiPosRequestDataMapper.php +++ b/src/DataMapper/GarantiPosRequestDataMapper.php @@ -17,10 +17,7 @@ class GarantiPosRequestDataMapper extends AbstractRequestDataMapperCrypt { /** @var string */ - public const API_VERSION = 'v0.01'; - - /** @var string */ - public const API_3D_VERSION = '512'; + public const API_VERSION = '512'; /** @var string */ public const CREDIT_CARD_EXP_DATE_FORMAT = 'my'; @@ -74,13 +71,13 @@ public function create3DPaymentRequestData(AbstractPosAccount $account, $order, $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), - 'currency' => $responseData['txncurrencycode'], + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData); $result = [ 'Mode' => $this->getMode(), - 'Version' => self::API_3D_VERSION, + 'Version' => self::API_VERSION, 'Terminal' => $this->getTerminalData($account, $hash), 'Customer' => [ 'IPAddress' => $responseData['customeripaddress'], @@ -123,6 +120,7 @@ public function createNonSecurePaymentRequestData(AbstractPosAccount $account, $ $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType($txType), $card); @@ -166,6 +164,7 @@ public function createNonSecurePostAuthPaymentRequestData(AbstractPosAccount $ac $hashData = [ 'id' => (string) $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType(AbstractGateway::TX_POST_PAY), $card); @@ -199,6 +198,7 @@ public function createStatusRequestData(AbstractPosAccount $account, $order): ar $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType(AbstractGateway::TX_STATUS)); @@ -234,6 +234,7 @@ public function createCancelRequestData(AbstractPosAccount $account, $order): ar $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType(AbstractGateway::TX_CANCEL)); @@ -270,6 +271,7 @@ public function createRefundRequestData(AbstractPosAccount $account, $order): ar $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType(AbstractGateway::TX_REFUND)); @@ -306,6 +308,7 @@ public function createHistoryRequestData(AbstractPosAccount $account, $order, ar $hashData = [ 'id' => $order->id, 'amount' => self::amountFormat($order->amount), + 'currency' => $this->mapCurrency($order->currency), ]; $hash = $this->crypt->createHash($account, $hashData, $this->mapTxType(AbstractGateway::TX_HISTORY)); @@ -343,7 +346,7 @@ public function create3DFormData(AbstractPosAccount $account, $order, string $tx $inputs = [ 'secure3dsecuritylevel' => $this->secureTypeMappings[$account->getModel()], 'mode' => $this->getMode(), - 'apiversion' => self::API_3D_VERSION, + 'apiversion' => self::API_VERSION, 'terminalprovuserid' => $account->getUsername(), 'terminaluserid' => $account->getUsername(), 'terminalmerchantid' => $account->getClientId(),