Skip to content

Commit

Permalink
skip address validation in webhook (#254)
Browse files Browse the repository at this point in the history
* version bump to 3.6.1
  • Loading branch information
ramth05 authored Jun 17, 2021
1 parent 8653b6c commit 3369316
Show file tree
Hide file tree
Showing 6 changed files with 58 additions and 5 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@

# Change Log


## [3.6.0] - 2021-06-17

### Changed
### Fixed
- [Signature issue, billing address validation](https://github.com/razorpay/razorpay-magento/pull/254).

Fixed webhook signature mismatch issue and added validation for shipping/billing address and shipping method for quote, before creating RZP order.

## [3.6.0] - 2021-06-11

### Added
Expand Down
43 changes: 41 additions & 2 deletions Controller/Payment/Order.php
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,10 @@ public function execute()
}
else
{
//validate shipping and billing
$validationSuccess = true;
$code = 200;

if(empty($_POST['email']) === true)
{
$this->logger->info("Email field is required");
Expand All @@ -173,9 +177,44 @@ public function execute()
'parameters' => []
];

$code = 200;
$validationSuccess = false;
}
else

if(empty($this->getQuote()->getBillingAddress()->getPostcode()) === true)
{
$responseContent = [
'message' => "Billing Address is required",
'parameters' => []
];

$validationSuccess = false;
}

if(!$this->getQuote()->getIsVirtual())
{
//validate quote Shipping method
if(empty($this->getQuote()->getShippingAddress()->getShippingMethod()) === true)
{
$responseContent = [
'message' => "Shipping method is required",
'parameters' => []
];

$validationSuccess = false;
}

if(empty($this->getQuote()->getShippingAddress()->getPostcode()) === true)
{
$responseContent = [
'message' => "Shipping Address is required",
'parameters' => []
];

$validationSuccess = false;
}
}

if($validationSuccess)
{
$amount = (int) (number_format($this->getQuote()->getGrandTotal() * 100, 0, ".", ""));

Expand Down
4 changes: 4 additions & 0 deletions Controller/Payment/Webhook.php
Original file line number Diff line number Diff line change
Expand Up @@ -414,6 +414,10 @@ protected function getQuoteObject($post, $quoteId)
$quote->setCustomerIsGuest(true);
}

//skip address validation as some time billing/shipping address not set for the quote
$quote->getBillingAddress()->setShouldIgnoreValidation(true);
$quote->getShippingAddress()->setShouldIgnoreValidation(true);

$quote->setStore($store);

$quote->collectTotals();
Expand Down
4 changes: 3 additions & 1 deletion Model/PaymentMethod.php
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,9 @@ public function validateWebhookSignature(array $post)
{
$webhookSecret = $this->config->getWebhookSecret();

$this->rzp->utility->verifyWebhookSignature(json_encode($post), $_SERVER['HTTP_X_RAZORPAY_SIGNATURE'], $webhookSecret);
$postData = file_get_contents('php://input');

$this->rzp->utility->verifyWebhookSignature($postData, $_SERVER['HTTP_X_RAZORPAY_SIGNATURE'], $webhookSecret);
}

protected function getPostData()
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "razorpay/magento",
"description": "Razorpay Magento 2.0 plugin for accepting payments.",
"version": "3.6.0",
"version": "3.6.1",
"require": {
"php": "~5.5.0|~5.6.0|^7.0",
"razorpay/razorpay": "2.*"
Expand Down
2 changes: 1 addition & 1 deletion etc/module.xml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Razorpay_Magento" setup_version="3.6.0">
<module name="Razorpay_Magento" setup_version="3.6.1">
<sequence>
<module name="Magento_Sales" />
<module name="Magento_Payment" />
Expand Down

0 comments on commit 3369316

Please sign in to comment.