Merge pull request #6 from gitkv/master

*fix bug callback signature verify, change verifying action

Author: roquie

README.md

@@ -173,7 +173,7 @@ Receive incoming parameters from gateway and verifying signature.
 
 ```php
 <?php
-if (! $uniteller->getSignaturePayment()->verify('signature_from_post_params', ['all_parameters_from_post'])) {
+if (! $uniteller->verifyCallbackRequest(['all_parameters_from_post_with_signature'])) {
     return 'invalid_signature';
 }
 ```

README_RU.md

@@ -172,11 +172,11 @@ var_dump($results);
 
 ### Callback
 
-Приём данных от шлюза и проверка сигнатуры.
+Проверка сигнатуры при приёме данных от шлюза.
 
 ```php
 <?php
-if (! $uniteller->getSignaturePayment()->verify('signature_from_post_params', ['all_parameters_from_post'])) {
+if (! $uniteller->verifyCallbackRequest(['all_parameters_from_post_with_signature'])) {
     return 'invalid_signature';
 }
 ```

src/Client.php

@@ -17,6 +17,7 @@
 use Tmconsulting\Uniteller\Recurrent\RecurrentRequest;
 use Tmconsulting\Uniteller\Request\RequestInterface;
 use Tmconsulting\Uniteller\Results\ResultsRequest;
+use Tmconsulting\Uniteller\Signature\SignatureCallback;
 use Tmconsulting\Uniteller\Signature\SignatureInterface;
 use Tmconsulting\Uniteller\Signature\SignaturePayment;
 use Tmconsulting\Uniteller\Signature\SignatureRecurrent;
@@ -50,6 +51,11 @@ class Client implements ClientInterface
      */
     protected $signatureRecurrent;
 
+    /**
+     * @var SignatureInterface
+     */
+    protected $signatureCallback;
+
     /**
      * @var RequestInterface
      */
@@ -81,6 +87,7 @@ public function __construct()
         $this->registerRecurrentRequest(new RecurrentRequest());
         $this->registerSignaturePayment(new SignaturePayment());
         $this->registerSignatureRecurrent(new SignatureRecurrent());
+        $this->registerSignatureCallback(new SignatureCallback());
     }
 
     /**
@@ -215,6 +222,17 @@ public function registerSignatureRecurrent(SignatureInterface $signature)
         return $this;
     }
 
+    /**
+     * @param \Tmconsulting\Uniteller\Signature\SignatureInterface $signature
+     * @return $this
+     */
+    public function registerSignatureCallback(SignatureInterface $signature)
+    {
+        $this->signatureCallback = $signature;
+
+        return $this;
+    }
+
     /**
      * @return array
      */
@@ -317,6 +335,14 @@ public function getSignatureRecurrent()
         return $this->signatureRecurrent;
     }
 
+    /**
+     * @return \Tmconsulting\Uniteller\Signature\SignatureInterface
+     */
+    public function getSignatureCallback()
+    {
+        return $this->signatureCallback;
+    }
+
     /**
      * @return \Tmconsulting\Uniteller\Http\HttpManagerInterface
      */
@@ -458,4 +484,20 @@ private function getParameters($parameters)
 
         return $parameters;
     }
+
+    /**
+     * Verify signature when Client will be send callback request.
+     *
+     * @param array $params
+     * @return bool
+     */
+    public function verifyCallbackRequest(array $params)
+    {
+        return $this->signatureCallback
+            ->setOrderId(array_get($params, 'Order_ID'))
+            ->setStatus(array_get($params, 'Status'))
+            ->setFields(array_except($params, ['Order_ID', 'Status', 'Signature']))
+            ->setPassword($this->getPassword())
+            ->verify(array_get($params, 'Signature'));
+    }
 }

src/ClientInterface.php

@@ -52,4 +52,12 @@ public function confirm($parameters);
      * @return mixed
      */
     public function card($parameters);
-}
+
+    /**
+     * Verify signature when Client will be send callback request.
+     *
+     * @param array $params
+     * @return bool
+     */
+    public function verifyCallbackRequest(array $params);
+}

src/Signature/AbstractSignature.php

@@ -19,7 +19,7 @@ abstract class AbstractSignature implements SignatureInterface, ArraybleInterfac
 {
 
     /**
-     * Create signature for send payment request.
+     * Create signature
      *
      * @return string
      */
@@ -33,14 +33,13 @@ public function create()
     }
 
     /**
-     * Verify signature when Client will be send callback request.
+     * Verify signature
      *
-     * @param $signature
-     * @param array $params
+     * @param string $signature
      * @return bool
      */
-    public function verify($signature, array $params)
+    public function verify($signature)
     {
-        return strtoupper(md5(join('', $params))) === $signature;
+        return $this->create() === $signature;
     }
 }

src/Signature/SignatureCallback.php

@@ -0,0 +1,137 @@
+<?php
+/**
+ * Created by gitkv.
+ * E-mail: [email protected]
+ * GitHub: gitkv
+ */
+
+namespace Tmconsulting\Uniteller\Signature;
+
+
+/**
+ * Class SignatureCallback
+ * @package Tmconsulting\Uniteller\Signature
+ */
+final class SignatureCallback extends AbstractSignature
+{
+
+    /**
+     * @var string
+     */
+    protected $orderId;
+
+    /**
+     * @var string
+     */
+    protected $status;
+
+    /**
+     * @var array
+     */
+    protected $fields = [];
+
+    /**
+     * @var string
+     */
+    protected $password;
+
+    /**
+     * @param $orderId
+     * @return SignatureCallback
+     */
+    public function setOrderId($orderId)
+    {
+        $this->orderId = $orderId;
+
+        return $this;
+    }
+
+    /**
+     * @param $status
+     * @return SignatureCallback
+     */
+    public function setStatus($status)
+    {
+        $this->status = $status;
+
+        return $this;
+    }
+
+    /**
+     * @param array $fields
+     * @return SignatureCallback
+     */
+    public function setFields($fields)
+    {
+        $this->fields = $fields;
+
+        return $this;
+    }
+
+    /**
+     * @param string $password
+     * @return SignatureCallback
+     */
+    public function setPassword($password)
+    {
+        $this->password = $password;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getOrderId()
+    {
+        return $this->orderId;
+    }
+
+    /**
+     * @return string
+     */
+    public function getStatus()
+    {
+        return $this->status;
+    }
+
+    /**
+     * @return array
+     */
+    public function getFields()
+    {
+        return $this->fields;
+    }
+
+    /**
+     * @return string
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    /**
+     * @return array
+     */
+    public function toArray()
+    {
+        $array = [];
+        $array['Order_ID'] = $this->getOrderId();
+        $array['Status'] = $this->getStatus();
+        $array = array_merge($array, $this->getFields());
+        $array['Password'] = $this->getPassword();
+
+        return $array;
+    }
+
+    /**
+     * Create signature
+     *
+     * @return string
+     */
+    public function create()
+    {
+        return strtoupper(md5(join('', $this->toArray())));
+    }
+}

src/Signature/SignatureInterface.php

@@ -15,18 +15,24 @@
 interface SignatureInterface
 {
     /**
-     * Create signature for send payment request.
+     * Create signature
      *
      * @return string
      */
     public function create();
 
     /**
-     * Verify signature when Client will be send callback request.
+     * Array params signature
      *
-     * @param $signature
-     * @param array $params
+     * @return array
+     */
+    public function toArray();
+
+    /**
+     * Verify signature
+     *
+     * @param string $signature
      * @return bool
      */
-    public function verify($signature, array $params);
+    public function verify($signature);
 }

src/helpers.php

@@ -64,4 +64,18 @@ function csv_to_array($string, $isFlat = false)
     }
 
     return $data;
+}
+
+/**
+ * @param $array
+ * @param array $excludeKeys
+ * @return mixed
+ */
+function array_except($array, array $excludeKeys)
+{
+    foreach ($excludeKeys as $key) {
+        unset($array[$key]);
+    }
+
+    return $array;
 }

tests/ClientTest.php

@@ -241,6 +241,33 @@ public function testShouldBeActionsAcceptClassesWhichImplementArraybleInterface(
         $client->{$methodName}($arrayble);
     }
 
+    public function testCallbackSignatureVerifying()
+    {
+        $params = [
+            'Order_ID'  => 'FOO',
+            'Status'    => 'paid',
+            'Signature' => '3F728AA479E50F5B10EE6C20258BFF88',
+        ];
+        $client = new Client();
+        $client->setPassword('LONG-PWD');
+        $this->assertTrue($client->verifyCallbackRequest($params));
+    }
+
+    public function testCallbackSignatureVerifyingWithFields()
+    {
+        $params = [
+            'Order_ID'     => 'FOO',
+            'Status'       => 'paid',
+            'AcquirerID'   => 'fOO',
+            'ApprovalCode' => 'BaR',
+            'BillNumber'   => 'baz',
+            'Signature'    => '1F4E3B63AE408D0BE1E33965E6697236',
+        ];
+        $client = new Client();
+        $client->setPassword('LONG-PWD');
+        $this->assertTrue($client->verifyCallbackRequest($params));
+    }
+
 }
 
 class HttpManagerStub implements HttpManagerInterface {