Commit 02ef12ac authored by Łukasz Nowak's avatar Łukasz Nowak

Check incoming data signature.

parent 2a85fcdf
...@@ -17,11 +17,40 @@ else: ...@@ -17,11 +17,40 @@ else:
Methods are returning list of: Methods are returning list of:
* parsed response * parsed response
* signature check (True or False)
* sent XML * sent XML
* received XML * received XML
SOAP protocol is assumed as untrusted and dangerous, users of those methods SOAP protocol is assumed as untrusted and dangerous, users of those methods
are encouraged to log such messages for future debugging.""" are encouraged to log such messages for future debugging."""
def _check_transcationInfoSignature(self, data):
received_sorted_keys = ['errorCode', 'extendedErrorCode',
'transactionStatus', 'shopId', 'paymentMethod', 'contractNumber',
'orderId', 'orderInfo', 'orderInfo2', 'orderInfo3', 'transmissionDate',
'transactionId', 'sequenceNb', 'amount', 'initialAmount', 'devise',
'cvAmount', 'cvDevise', 'presentationDate', 'type', 'multiplePaiement',
'ctxMode', 'cardNumber', 'cardNetwork', 'cardType', 'cardCountry',
'cardExpirationDate', 'customerId', 'customerTitle', 'customerName',
'customerPhone', 'customerMail', 'customerAddress', 'customerZipCode',
'customerCity', 'customerCountry', 'customerLanguage', 'customerIP',
'transactionCondition', 'vadsEnrolled', 'vadsStatus', 'vadsECI',
'vafdsXID', 'vadsCAVVAlgorithm', 'vadsCAVV', 'vadsSignatureValid',
'directoryServer', 'authMode', 'markAmount', 'markDevise', 'markDate',
'markNb', 'markResult', 'markCVV2_CVC2', 'authAmount', 'authDevise',
'authDate', 'authNb', 'authResult', 'authCVV2_CVC2', 'warrantlyResult',
'captureDate', 'captureNumber', 'rapprochementStatut', 'refoundAmount',
'refundDevise', 'timestamp']
signature = ''
for k in received_sorted_keys:
v = getattr(data, k, None)
if v is not None:
signature += str(v) + '+'
else:
signature += '+'
signature += self.getServicePassword()
signature = hashlib.sha1(signature).hexdigest()
return signature == data.signature
def soap_getInfo(self, transmissionDate, transactionId): def soap_getInfo(self, transmissionDate, transactionId):
"""Returns getInfo """Returns getInfo
...@@ -49,7 +78,8 @@ else: ...@@ -49,7 +78,8 @@ else:
signature += self.getServicePassword() signature += self.getServicePassword()
kw['wsSignature'] = hashlib.sha1(signature).hexdigest() kw['wsSignature'] = hashlib.sha1(signature).hexdigest()
data = client.service.getInfo(**kw) data = client.service.getInfo(**kw)
return [data, str(client.last_sent()), str(client.last_received())] return [data, self._check_transcationInfoSignature(data),
str(client.last_sent()), str(client.last_received())]
class PayzenService(XMLObject, PayzenSOAP): class PayzenService(XMLObject, PayzenSOAP):
meta_type = 'Payzen Service' meta_type = 'Payzen Service'
......
24 25
\ No newline at end of file \ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment