From 5791d9e4c0dbcd3ff496a829c4fdc8b498632190 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20M=C3=BCller?= Date: Wed, 31 Jan 2024 16:28:54 +0100 Subject: [PATCH 1/2] MAG2-304 - Changed Client API hash parameters to sha2-384 encoding --- Helper/Request.php | 26 ++++++++++++------- Helper/Toolkit.php | 14 +++++++++- Model/Api/Request/AddressRequest.php | 4 ++- Model/Api/Request/Addresscheck.php | 4 ++- Model/Api/Request/Authorization.php | 16 +++--------- Model/Api/Request/Base.php | 17 +++++++++--- Model/Api/Request/Capture.php | 4 ++- Model/Api/Request/Consumerscore.php | 4 ++- Model/Api/Request/Debit.php | 16 +++--------- .../Genericpayment/CancelOrderReference.php | 4 ++- .../Genericpayment/ConfirmOrderReference.php | 4 ++- .../Genericpayment/InstallmentOptions.php | 4 ++- .../Request/Genericpayment/StartSession.php | 4 ++- Model/Api/Request/Managemandate.php | 4 ++- Model/Api/Request/PaydirektAgreement.php | 4 ++- Test/Unit/Helper/ToolkitTest.php | 2 +- 16 files changed, 81 insertions(+), 50 deletions(-) diff --git a/Helper/Request.php b/Helper/Request.php index a0ee473c..d9ef57d2 100644 --- a/Helper/Request.php +++ b/Helper/Request.php @@ -47,12 +47,20 @@ class Request extends \Payone\Core\Helper\Base */ protected $shopHelper; + /** + * PAYONE toolkit helper + * + * @var \Payone\Core\Helper\Toolkit + */ + protected $toolkitHelper; + /** * Constructor * * @param \Magento\Framework\App\Helper\Context $context * @param \Magento\Store\Model\StoreManagerInterface $storeManager * @param \Payone\Core\Helper\Shop $shopHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Magento\Framework\App\State $state * @param \Payone\Core\Helper\Environment $environmentHelper */ @@ -60,12 +68,14 @@ public function __construct( \Magento\Framework\App\Helper\Context $context, \Magento\Store\Model\StoreManagerInterface $storeManager, \Payone\Core\Helper\Shop $shopHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Magento\Framework\App\State $state, \Payone\Core\Helper\Environment $environmentHelper ) { parent::__construct($context, $storeManager, $shopHelper, $state); $this->environmentHelper = $environmentHelper; $this->shopHelper = $shopHelper; + $this->toolkitHelper = $toolkitHelper; } /** @@ -104,8 +114,7 @@ public function getBankaccountCheckRequest() */ public function getHostedIframeRequestCCHash() { - $sHash = md5( - $this->getConfigParam('aid'). + $sStringToHash = $this->getConfigParam('aid'). $this->environmentHelper->getEncoding(). $this->getConfigParam('mid'). $this->getConfigParam('mode', PayoneConfig::METHOD_CREDITCARD, 'payone_payment'). @@ -113,9 +122,8 @@ public function getHostedIframeRequestCCHash() 'creditcardcheck'. 'JSON'. 'yes'. - $this->getConfigParam('key') - ); - return $sHash; + $this->getConfigParam('key'); + return $this->toolkitHelper->hashString($sStringToHash, 'sha384'); } /** @@ -125,8 +133,7 @@ public function getHostedIframeRequestCCHash() */ public function getBankaccountCheckRequestHash() { - $sHash = md5( - $this->getConfigParam('aid'). + $sStringToHash = $this->getConfigParam('aid'). $this->getConfigParam('bankaccountcheck_type', PayoneConfig::METHOD_DEBIT, 'payone_payment'). $this->environmentHelper->getEncoding(). $this->getConfigParam('mid'). @@ -134,9 +141,8 @@ public function getBankaccountCheckRequestHash() $this->getConfigParam('portalid'). 'bankaccountcheck'. 'JSON'. - $this->getConfigParam('key') - ); - return $sHash; + $this->getConfigParam('key'); + return $this->toolkitHelper->hashString($sStringToHash, 'sha384'); } /** diff --git a/Helper/Toolkit.php b/Helper/Toolkit.php index f44963c5..75456001 100644 --- a/Helper/Toolkit.php +++ b/Helper/Toolkit.php @@ -108,7 +108,7 @@ public function isKeyValid($sKey) { $aKeyValues = $this->getAllPayoneSecurityKeys(); foreach ($aKeyValues as $sConfigKey) { - if (md5($sConfigKey ?? '') == $sKey) { + if ($this->hashString($sConfigKey ?? '') == $sKey) { return true; } } @@ -258,4 +258,16 @@ public function generateUUIDv4() // Output the 36 character UUID. return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4)); } + + /** + * In the Payone universe different hash mechanisms are needed + * Returns a hashed string and defines a default through the sAlgorithm parameter + * + * @param string $sString + * @return string + */ + public function hashString($sString, $sAlgorithm = 'md5') + { + return hash($sAlgorithm, $sString); + } } diff --git a/Model/Api/Request/AddressRequest.php b/Model/Api/Request/AddressRequest.php index 2f6ed378..d2e8b445 100644 --- a/Model/Api/Request/AddressRequest.php +++ b/Model/Api/Request/AddressRequest.php @@ -50,6 +50,7 @@ abstract class AddressRequest extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper */ @@ -57,10 +58,11 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog); $this->customerHelper = $customerHelper; } diff --git a/Model/Api/Request/Addresscheck.php b/Model/Api/Request/Addresscheck.php index 64d778e1..c4a2e5e2 100644 --- a/Model/Api/Request/Addresscheck.php +++ b/Model/Api/Request/Addresscheck.php @@ -79,6 +79,7 @@ class Addresscheck extends AddressRequest * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Payone\Core\Model\ResourceModel\CheckedAddresses $addressesChecked @@ -88,12 +89,13 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Payone\Core\Model\ResourceModel\CheckedAddresses $addressesChecked, \Payone\Core\Helper\Addresscheck $addresscheckHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->addressesChecked = $addressesChecked; $this->addresscheckHelper = $addresscheckHelper; } diff --git a/Model/Api/Request/Authorization.php b/Model/Api/Request/Authorization.php index e0be897c..3402add2 100644 --- a/Model/Api/Request/Authorization.php +++ b/Model/Api/Request/Authorization.php @@ -57,39 +57,31 @@ class Authorization extends AddressRequest */ protected $checkoutSession; - /** - * PAYONE toolkit helper - * - * @var \Payone\Core\Helper\Toolkit - */ - protected $toolkitHelper; - /** * Constructor * * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Payone\Core\Model\Api\Invoice $invoiceGenerator * @param \Magento\Checkout\Model\Session $checkoutSession - * @param \Payone\Core\Helper\Toolkit $toolkitHelper */ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Payone\Core\Model\Api\Invoice $invoiceGenerator, - \Magento\Checkout\Model\Session $checkoutSession, - \Payone\Core\Helper\Toolkit $toolkitHelper + \Magento\Checkout\Model\Session $checkoutSession ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->invoiceGenerator = $invoiceGenerator; $this->checkoutSession = $checkoutSession; - $this->toolkitHelper = $toolkitHelper; } /** diff --git a/Model/Api/Request/Base.php b/Model/Api/Request/Base.php index 80503f8b..e30980fd 100644 --- a/Model/Api/Request/Base.php +++ b/Model/Api/Request/Base.php @@ -104,6 +104,13 @@ abstract class Base */ protected $apiHelper; + /** + * PAYONE toolkit helper + * + * @var \Payone\Core\Helper\Toolkit + */ + protected $toolkitHelper; + /** * API-log resource model * @@ -124,17 +131,20 @@ abstract class Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog */ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog ) { $this->shopHelper = $shopHelper; $this->environmentHelper = $environmentHelper; $this->apiHelper = $apiHelper; + $this->toolkitHelper = $toolkitHelper; $this->apiLog = $apiLog; $this->initRequest(); } @@ -150,7 +160,7 @@ protected function initRequest() $this->aParameters = []; $this->addParameter('mid', $this->shopHelper->getConfigParam('mid', 'global', 'payone_general', $this->storeCode)); // PayOne Merchant ID $this->addParameter('portalid', $this->shopHelper->getConfigParam('portalid', 'global', 'payone_general', $this->storeCode)); // PayOne Portal ID - $this->addParameter('key', md5($this->shopHelper->getConfigParam('key', 'global', 'payone_general', $this->storeCode) ?? '')); // PayOne Portal Key + $this->addParameter('key', $this->toolkitHelper->hashString($this->shopHelper->getConfigParam('key', 'global', 'payone_general', $this->storeCode) ?? '')); // PayOne Portal Key $this->addParameter('encoding', $this->environmentHelper->getEncoding()); // Encoding $this->addParameter('integrator_name', 'Magento2'); // Shop-system $this->addParameter('integrator_version', $this->shopHelper->getMagentoVersion()); // Shop version @@ -258,10 +268,9 @@ protected function addCustomParameters(PayoneMethod $oPayment) $sCustomConfig = $oPayment->getCustomConfigParam($sConfigName); // get custom config param if (!empty($sCustomConfig)) { // only add if the param is configured if ($sConfigName == 'key') { - $this->addParameter($sParamName, md5($sCustomConfig)); // key isn't hashed in db - } else { - $this->addParameter($sParamName, $sCustomConfig); // add custom param to request + $sCustomConfig = $this->toolkitHelper->hashString($sCustomConfig); // key isn't hashed in db } + $this->addParameter($sParamName, $sCustomConfig); // add custom param to request } } } diff --git a/Model/Api/Request/Capture.php b/Model/Api/Request/Capture.php index bce9f46a..57091b5d 100644 --- a/Model/Api/Request/Capture.php +++ b/Model/Api/Request/Capture.php @@ -54,6 +54,7 @@ class Capture extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Model\Api\Invoice $invoiceGenerator * @param \Payone\Core\Helper\Database $databaseHelper @@ -62,11 +63,12 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Model\Api\Invoice $invoiceGenerator, \Payone\Core\Helper\Database $databaseHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog); $this->invoiceGenerator = $invoiceGenerator; $this->databaseHelper = $databaseHelper; } diff --git a/Model/Api/Request/Consumerscore.php b/Model/Api/Request/Consumerscore.php index fa4e8fb1..6e0684e2 100644 --- a/Model/Api/Request/Consumerscore.php +++ b/Model/Api/Request/Consumerscore.php @@ -49,6 +49,7 @@ class Consumerscore extends AddressRequest * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Payone\Core\Model\ResourceModel\CheckedAddresses $addressesChecked @@ -57,11 +58,12 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Payone\Core\Model\ResourceModel\CheckedAddresses $addressesChecked ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->addressesChecked = $addressesChecked; } diff --git a/Model/Api/Request/Debit.php b/Model/Api/Request/Debit.php index 456a3159..fe7fdaba 100644 --- a/Model/Api/Request/Debit.php +++ b/Model/Api/Request/Debit.php @@ -50,37 +50,29 @@ class Debit extends Base */ protected $databaseHelper; - /** - * PAYONE toolkit helper - * - * @var \Payone\Core\Helper\Toolkit - */ - protected $toolkitHelper; - /** * Constructor * * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Model\Api\Invoice $invoiceGenerator * @param \Payone\Core\Helper\Database $databaseHelper - * @param \Payone\Core\Helper\Toolkit $toolkitHelper */ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Model\Api\Invoice $invoiceGenerator, - \Payone\Core\Helper\Database $databaseHelper, - \Payone\Core\Helper\Toolkit $toolkitHelper + \Payone\Core\Helper\Database $databaseHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog); $this->invoiceGenerator = $invoiceGenerator; $this->databaseHelper = $databaseHelper; - $this->toolkitHelper = $toolkitHelper; } /** diff --git a/Model/Api/Request/Genericpayment/CancelOrderReference.php b/Model/Api/Request/Genericpayment/CancelOrderReference.php index e11ae61a..103ce53a 100644 --- a/Model/Api/Request/Genericpayment/CancelOrderReference.php +++ b/Model/Api/Request/Genericpayment/CancelOrderReference.php @@ -54,6 +54,7 @@ class CancelOrderReference extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Psr\Log\LoggerInterface $logger @@ -63,12 +64,13 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Psr\Log\LoggerInterface $logger, \Magento\Framework\Url $url ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->logger = $logger; $this->url = $url; } diff --git a/Model/Api/Request/Genericpayment/ConfirmOrderReference.php b/Model/Api/Request/Genericpayment/ConfirmOrderReference.php index b64717f6..dd9f7146 100644 --- a/Model/Api/Request/Genericpayment/ConfirmOrderReference.php +++ b/Model/Api/Request/Genericpayment/ConfirmOrderReference.php @@ -54,6 +54,7 @@ class ConfirmOrderReference extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Psr\Log\LoggerInterface $logger @@ -63,12 +64,13 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Psr\Log\LoggerInterface $logger, \Magento\Framework\Url $url ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->logger = $logger; $this->url = $url; } diff --git a/Model/Api/Request/Genericpayment/InstallmentOptions.php b/Model/Api/Request/Genericpayment/InstallmentOptions.php index d657f6eb..c9a6eab6 100644 --- a/Model/Api/Request/Genericpayment/InstallmentOptions.php +++ b/Model/Api/Request/Genericpayment/InstallmentOptions.php @@ -47,6 +47,7 @@ class InstallmentOptions extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Magento\Payment\Helper\Data $dataHelper @@ -55,11 +56,12 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Magento\Payment\Helper\Data $dataHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->dataHelper = $dataHelper; } diff --git a/Model/Api/Request/Genericpayment/StartSession.php b/Model/Api/Request/Genericpayment/StartSession.php index c09b72f7..9bce0a6f 100644 --- a/Model/Api/Request/Genericpayment/StartSession.php +++ b/Model/Api/Request/Genericpayment/StartSession.php @@ -47,6 +47,7 @@ class StartSession extends Base * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Payone\Core\Model\Api\Invoice $invoiceGenerator @@ -55,11 +56,12 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Payone\Core\Model\Api\Invoice $invoiceGenerator ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->customerHelper = $customerHelper; $this->invoiceGenerator = $invoiceGenerator; } diff --git a/Model/Api/Request/Managemandate.php b/Model/Api/Request/Managemandate.php index 774464d1..d49ad09a 100644 --- a/Model/Api/Request/Managemandate.php +++ b/Model/Api/Request/Managemandate.php @@ -47,6 +47,7 @@ class Managemandate extends AddressRequest * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Payone\Core\Helper\Database $databaseHelper @@ -55,11 +56,12 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Payone\Core\Helper\Database $databaseHelper ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->databaseHelper = $databaseHelper; } diff --git a/Model/Api/Request/PaydirektAgreement.php b/Model/Api/Request/PaydirektAgreement.php index 4a39b5d7..31ce4cb0 100644 --- a/Model/Api/Request/PaydirektAgreement.php +++ b/Model/Api/Request/PaydirektAgreement.php @@ -33,6 +33,7 @@ class PaydirektAgreement extends AddressRequest * @param \Payone\Core\Helper\Shop $shopHelper * @param \Payone\Core\Helper\Environment $environmentHelper * @param \Payone\Core\Helper\Api $apiHelper + * @param \Payone\Core\Helper\Toolkit $toolkitHelper * @param \Payone\Core\Model\ResourceModel\ApiLog $apiLog * @param \Payone\Core\Helper\Customer $customerHelper * @param \Magento\Framework\Url $url @@ -41,12 +42,13 @@ public function __construct( \Payone\Core\Helper\Shop $shopHelper, \Payone\Core\Helper\Environment $environmentHelper, \Payone\Core\Helper\Api $apiHelper, + \Payone\Core\Helper\Toolkit $toolkitHelper, \Payone\Core\Model\ResourceModel\ApiLog $apiLog, \Payone\Core\Helper\Customer $customerHelper, \Magento\Framework\Url $url, \Payone\Core\Model\Methods\Paydirekt $paydirekt ) { - parent::__construct($shopHelper, $environmentHelper, $apiHelper, $apiLog, $customerHelper); + parent::__construct($shopHelper, $environmentHelper, $apiHelper, $toolkitHelper, $apiLog, $customerHelper); $this->url = $url; $this->paydirekt = $paydirekt; } diff --git a/Test/Unit/Helper/ToolkitTest.php b/Test/Unit/Helper/ToolkitTest.php index f0fefdcf..ca833a82 100644 --- a/Test/Unit/Helper/ToolkitTest.php +++ b/Test/Unit/Helper/ToolkitTest.php @@ -139,7 +139,7 @@ public function testIsKeyValid() ] ); - $hash = md5($key); + $hash = $this->toolkit->hashString($key); $result = $this->toolkit->isKeyValid($hash); $this->assertTrue($result); From 89959f38ccc7f4302a922dcf83759ad09d3d1b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20M=C3=BCller?= Date: Mon, 5 Feb 2024 17:50:03 +0100 Subject: [PATCH 2/2] MAG2-304 - Changed Client API hash mechanic --- Helper/Request.php | 10 ++++------ Helper/Toolkit.php | 5 ++++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Helper/Request.php b/Helper/Request.php index d9ef57d2..6a28da96 100644 --- a/Helper/Request.php +++ b/Helper/Request.php @@ -121,9 +121,8 @@ public function getHostedIframeRequestCCHash() $this->getConfigParam('portalid'). 'creditcardcheck'. 'JSON'. - 'yes'. - $this->getConfigParam('key'); - return $this->toolkitHelper->hashString($sStringToHash, 'sha384'); + 'yes'; + return $this->toolkitHelper->hashString($sStringToHash, 'sha384', $this->getConfigParam('key')); } /** @@ -140,9 +139,8 @@ public function getBankaccountCheckRequestHash() $this->getConfigParam('mode', PayoneConfig::METHOD_CREDITCARD, 'payone_payment'). $this->getConfigParam('portalid'). 'bankaccountcheck'. - 'JSON'. - $this->getConfigParam('key'); - return $this->toolkitHelper->hashString($sStringToHash, 'sha384'); + 'JSON'; + return $this->toolkitHelper->hashString($sStringToHash, 'sha384', $this->getConfigParam('key')); } /** diff --git a/Helper/Toolkit.php b/Helper/Toolkit.php index 75456001..c177e1f6 100644 --- a/Helper/Toolkit.php +++ b/Helper/Toolkit.php @@ -266,8 +266,11 @@ public function generateUUIDv4() * @param string $sString * @return string */ - public function hashString($sString, $sAlgorithm = 'md5') + public function hashString($sString, $sAlgorithm = 'md5', $sKey = false) { + if ($sAlgorithm == "sha384" && $sKey !== false) { + return hash_hmac($sAlgorithm, $sString, $sKey); + } return hash($sAlgorithm, $sString); } }