LexikPayboxBundle icon indicating copy to clipboard operation
LexikPayboxBundle copied to clipboard

Published 20 hours ago verified publisher icon lexik

Wrong HMAC calculation when using multiple forms

Open Yondz opened this issue 7 years ago • 3 comments

Hi,

I found a small issue when I tried to generate several forms for one page (one form per payment type), the field PBX_HMAC is not regenerated for each form.

It seems that once the service has been called and a form generated, this parameter is set for the execution lifetime, due to this if condition in Lexik\Bundle\PayboxBundle\Paybox\System\Base\Request (line 129-133) :

   /**
     * Returns all parameters set for a payment.
     *
     * @return array
     */
    public function getParameters()
    {
       // This condition prevent the generation of a new PBX_HMAC
       if (null === $this->getParameter('PBX_HMAC')) {
            $this->setParameter('PBX_TIME', date('c'));
            $this->setParameter('PBX_HMAC', strtoupper($this->computeHmac()));
       }

        $resolver = new ParameterResolver($this->globals['currencies']);

        return $resolver->resolve($this->parameters);
    }

To overcome this, I extended this class in my app by adding this parameter

parameters:
  lexik_paybox.request_handler.class:              'Path\To\Custom\Request'

And commented the condition like this :


    /**
     * Returns all parameters set for a payment.
     *
     * @return array
     */
    public function getParameters()
    {
        //if (null === $this->getParameter('PBX_HMAC')) {
            $this->setParameter('PBX_TIME', date('c'));
            $this->setParameter('PBX_HMAC', strtoupper($this->computeHmac()));
        //}

        $resolver = new ParameterResolver($this->globals['currencies']);

        return $resolver->resolve($this->parameters);
    }

It works well :)

Btw, I also had to extend \Lexik\Bundle\PayboxBundle\Paybox\System\Base\ParameterResolver for another reason, the value "ANCV" was not allowed in the PBX_TYPECARTE options, since the ParameterResolver is manually instanciated in Request::getParameters().

Yondz

Yondz avatar Jul 21 '17 13:07 Yondz

Hi @Yondz

i wonder if inserting multiple forms is the way to go, are you forced to use that behaviour ?

Is it to enhance the UX ?

acidjames avatar Jul 28 '17 09:07 acidjames

Hi @acidjames

I know it is not the way this bundle was designed for, but I need to instanciate several pre-configured payment buttons on the same page (VISA, Mastercard, CB, ..), and thus set PBX_TYPECARTE var to the proper value -> generate the PBX_HMAC for each button.

This way the user goes directly to the pre-configured payment method.

Yondz

Yondz avatar Jul 28 '17 10:07 Yondz

Hi @Yondz

i've never used the VISA, MASTERCARD variables, i have only been using CB, does it make any difference ? (if you have looked into the docs)

acidjames avatar Jul 28 '17 12:07 acidjames