From 293cdeb07a9bd11c24cd97960adc989582f324c8 Mon Sep 17 00:00:00 2001 From: twisted1919 Date: Thu, 5 Jul 2018 11:40:15 +0300 Subject: [PATCH 1/3] use isset to avoid undefined indexes --- src/Message/NotificationResponse.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/Message/NotificationResponse.php b/src/Message/NotificationResponse.php index 920b5aa..ebae144 100644 --- a/src/Message/NotificationResponse.php +++ b/src/Message/NotificationResponse.php @@ -8,18 +8,19 @@ class NotificationResponse extends AbstractResponse implements NotificationInterface { /** - * Is the notification harsh correct after validation? + * Is the notification hash correct after validation? */ public function isSuccessful() { - # Validate the Hash - $hashSecretWord = $this->data['secretWord']; # Input your secret word - $hashSid = $this->data['accountNumber']; #Input your seller ID (2Checkout account number) - $hashOrder = $this->data['sale_id']; - $hashInvoice = $this->data['invoice_id']; - $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); - - return $StringToHash == $this->data['md5_hash']; + // Validate the Hash + $hashSecretWord = isset($this->data['secretWord']) ? $this->data['secretWord'] : ''; // Input your secret word + $hashSid = isset($this->data['accountNumber']) ? $this->data['accountNumber'] : ''; // Input your seller ID (2Checkout account number) + $hashOrder = isset($this->data['sale_id']) ? $this->data['sale_id'] : ''; + $hashInvoice = isset($this->data['invoice_id']) ? $this->data['invoice_id'] : ''; + $md5_hash = isset($this->data['md5_hash']) ? $this->data['md5_hash'] : ''; + $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); + + return $StringToHash == $md5_hash; } /** @@ -29,7 +30,7 @@ public function isSuccessful() */ public function getTransactionReference() { - return $this->data['sale_id']; + return isset($this->data['sale_id']) ? $this->data['sale_id'] : ''; } /** @@ -39,7 +40,7 @@ public function getTransactionReference() */ public function getTransactionId() { - return $this->data['vendor_order_id']; + return isset($this->data['vendor_order_id']) ? $this->data['vendor_order_id'] : ''; } /** @@ -49,7 +50,7 @@ public function getTransactionId() */ public function getNotificationType() { - return $this->data['message_type']; + return isset($this->data['message_type']) ? $this->data['message_type'] : ''; } /** From 4ebe2dd18f265df6ca5d135855c475452d49a9bd Mon Sep 17 00:00:00 2001 From: twisted1919 Date: Thu, 5 Jul 2018 12:01:04 +0300 Subject: [PATCH 2/3] null fallback and test addition --- src/Message/NotificationResponse.php | 128 +++++++++++---------- tests/Message/NotificationResponseTest.php | 13 +++ 2 files changed, 80 insertions(+), 61 deletions(-) diff --git a/src/Message/NotificationResponse.php b/src/Message/NotificationResponse.php index ebae144..770576d 100644 --- a/src/Message/NotificationResponse.php +++ b/src/Message/NotificationResponse.php @@ -7,71 +7,77 @@ class NotificationResponse extends AbstractResponse implements NotificationInterface { - /** - * Is the notification hash correct after validation? - */ - public function isSuccessful() - { - // Validate the Hash - $hashSecretWord = isset($this->data['secretWord']) ? $this->data['secretWord'] : ''; // Input your secret word - $hashSid = isset($this->data['accountNumber']) ? $this->data['accountNumber'] : ''; // Input your seller ID (2Checkout account number) - $hashOrder = isset($this->data['sale_id']) ? $this->data['sale_id'] : ''; - $hashInvoice = isset($this->data['invoice_id']) ? $this->data['invoice_id'] : ''; - $md5_hash = isset($this->data['md5_hash']) ? $this->data['md5_hash'] : ''; - $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); + /** + * Is the notification hash correct after validation? + */ + public function isSuccessful() + { + // Validate the Hash + $hashSecretWord = isset($this->data['secretWord']) ? $this->data['secretWord'] : null; // Input your secret word + $hashSid = isset($this->data['accountNumber']) ? $this->data['accountNumber'] : null; // Input your seller ID (2Checkout account number) + $hashOrder = isset($this->data['sale_id']) ? $this->data['sale_id'] : null; + $hashInvoice = isset($this->data['invoice_id']) ? $this->data['invoice_id'] : null; + $md5_hash = isset($this->data['md5_hash']) ? $this->data['md5_hash'] : null; - return $StringToHash == $md5_hash; - } + // if no value has been posted, it has no way to be valid + if ($hashSecretWord === null || $hashSid === null || $hashOrder === null || $hashInvoice === null || $md5_hash === null) { + return false; + } + + $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); + + return (string)$StringToHash == (string)$md5_hash; + } - /** - * 2Checkout transaction reference. - * - * @return mixed - */ - public function getTransactionReference() - { - return isset($this->data['sale_id']) ? $this->data['sale_id'] : ''; - } + /** + * 2Checkout transaction reference. + * + * @return mixed + */ + public function getTransactionReference() + { + return isset($this->data['sale_id']) ? $this->data['sale_id'] : null; + } - /** - * Order or transaction ID. - * - * @return mixed - */ - public function getTransactionId() - { - return isset($this->data['vendor_order_id']) ? $this->data['vendor_order_id'] : ''; - } + /** + * Order or transaction ID. + * + * @return mixed + */ + public function getTransactionId() + { + return isset($this->data['vendor_order_id']) ? $this->data['vendor_order_id'] : null; + } - /** - * Indicate what type of 2Checkout notification this is. - * - * @return string - */ - public function getNotificationType() - { - return isset($this->data['message_type']) ? $this->data['message_type'] : ''; - } + /** + * Indicate what type of 2Checkout notification this is. + * + * @return string + */ + public function getNotificationType() + { + return isset($this->data['message_type']) ? $this->data['message_type'] : null; + } - /** - * Get transaction/notification status. - * - * SInce this is an IPN notification, we made this true. - * - * @return bool - */ - public function getTransactionStatus() - { - return true; - } + /** + * Get transaction/notification status. + * + * SInce this is an IPN notification, we made this true. + * + * @return bool + */ + public function getTransactionStatus() + { + return true; + } - /** - * Notification response. - * - * @return mixed - */ - public function getMessage() - { - return $this->data; - } + /** + * Notification response. + * + * @return mixed + */ + public function getMessage() + { + return $this->data; + } } diff --git a/tests/Message/NotificationResponseTest.php b/tests/Message/NotificationResponseTest.php index fe67ee7..03ebc70 100644 --- a/tests/Message/NotificationResponseTest.php +++ b/tests/Message/NotificationResponseTest.php @@ -20,6 +20,7 @@ public function testResponseFail() $this->assertTrue($response->getTransactionStatus()); $this->assertSame($data, $response->getMessage()); } + public function testResponsePass() { $data = $this->getMockHttpResponse('FraudChangeNotificationPass.txt')->json(); @@ -44,4 +45,16 @@ public function testForResponseOtherThanFraudReview() { $this->assertTrue($response->getTransactionStatus()); } + + public function testResponseNoData() + { + $data = array(); + $response = new NotificationResponse($this->getMockRequest(), $data); + + $this->assertFalse($response->isSuccessful()); + $this->assertSame(null, $response->getTransactionReference()); + $this->assertSame(null, $response->getTransactionId()); + $this->assertSame(null, $response->getNotificationType()); + $this->assertTrue($response->getTransactionStatus()); + } } \ No newline at end of file From b92c0c4386cfe6bb93df55d74d97841e0d3cce4b Mon Sep 17 00:00:00 2001 From: twisted1919 Date: Thu, 5 Jul 2018 12:33:02 +0300 Subject: [PATCH 3/3] make phpcs happy --- src/Message/NotificationResponse.php | 132 ++++++++++++++------------- 1 file changed, 67 insertions(+), 65 deletions(-) diff --git a/src/Message/NotificationResponse.php b/src/Message/NotificationResponse.php index 770576d..3db3510 100644 --- a/src/Message/NotificationResponse.php +++ b/src/Message/NotificationResponse.php @@ -7,77 +7,79 @@ class NotificationResponse extends AbstractResponse implements NotificationInterface { - /** + /** * Is the notification hash correct after validation? */ - public function isSuccessful() - { - // Validate the Hash - $hashSecretWord = isset($this->data['secretWord']) ? $this->data['secretWord'] : null; // Input your secret word - $hashSid = isset($this->data['accountNumber']) ? $this->data['accountNumber'] : null; // Input your seller ID (2Checkout account number) - $hashOrder = isset($this->data['sale_id']) ? $this->data['sale_id'] : null; - $hashInvoice = isset($this->data['invoice_id']) ? $this->data['invoice_id'] : null; - $md5_hash = isset($this->data['md5_hash']) ? $this->data['md5_hash'] : null; - - // if no value has been posted, it has no way to be valid - if ($hashSecretWord === null || $hashSid === null || $hashOrder === null || $hashInvoice === null || $md5_hash === null) { - return false; - } - - $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); + public function isSuccessful() + { + // Validate the Hash + $hashSecretWord = isset($this->data['secretWord']) ? $this->data['secretWord'] : null; + $hashSid = isset($this->data['accountNumber']) ? $this->data['accountNumber'] : null; + $hashOrder = isset($this->data['sale_id']) ? $this->data['sale_id'] : null; + $hashInvoice = isset($this->data['invoice_id']) ? $this->data['invoice_id'] : null; + $md5_hash = isset($this->data['md5_hash']) ? $this->data['md5_hash'] : null; - return (string)$StringToHash == (string)$md5_hash; - } + // if no value has been posted, it has no way to be valid + if ($hashSecretWord === null || $hashSid === null || + $hashOrder === null || $hashInvoice === null || + $md5_hash === null) { + return false; + } + + $StringToHash = strtoupper(md5($hashOrder.$hashSid.$hashInvoice.$hashSecretWord)); + + return (string)$StringToHash == (string)$md5_hash; + } - /** - * 2Checkout transaction reference. - * - * @return mixed - */ - public function getTransactionReference() - { - return isset($this->data['sale_id']) ? $this->data['sale_id'] : null; - } + /** + * 2Checkout transaction reference. + * + * @return mixed + */ + public function getTransactionReference() + { + return isset($this->data['sale_id']) ? $this->data['sale_id'] : null; + } - /** - * Order or transaction ID. - * - * @return mixed - */ - public function getTransactionId() - { - return isset($this->data['vendor_order_id']) ? $this->data['vendor_order_id'] : null; - } + /** + * Order or transaction ID. + * + * @return mixed + */ + public function getTransactionId() + { + return isset($this->data['vendor_order_id']) ? $this->data['vendor_order_id'] : null; + } - /** - * Indicate what type of 2Checkout notification this is. - * - * @return string - */ - public function getNotificationType() - { - return isset($this->data['message_type']) ? $this->data['message_type'] : null; - } + /** + * Indicate what type of 2Checkout notification this is. + * + * @return string + */ + public function getNotificationType() + { + return isset($this->data['message_type']) ? $this->data['message_type'] : null; + } - /** - * Get transaction/notification status. - * - * SInce this is an IPN notification, we made this true. - * - * @return bool - */ - public function getTransactionStatus() - { - return true; - } + /** + * Get transaction/notification status. + * + * SInce this is an IPN notification, we made this true. + * + * @return bool + */ + public function getTransactionStatus() + { + return true; + } - /** - * Notification response. - * - * @return mixed - */ - public function getMessage() - { - return $this->data; - } + /** + * Notification response. + * + * @return mixed + */ + public function getMessage() + { + return $this->data; + } }