MONEI · presteamshop · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 9, 2024
diff --git a/controllers/front/confirmation.php b/controllers/front/confirmation.php
@@ -3,6 +3,7 @@
     exit;
 }
 
+use Monei\MoneiException;
 use Monei\Model\MoneiPaymentStatus;
 
 class MoneiConfirmationModuleFrontController extends ModuleFrontController
@@ -20,10 +21,10 @@ public function initContent()
             } else {
                 Tools::redirect('index.php?controller=order');
             }
-        } catch (Exception $ex) {
+        } catch (MoneiException $ex) {
             PrestaShopLogger::addLog(
-                'MONEI - Exception - validation.php - postProcess: ' . $ex->getMessage() . ' - ' . $ex->getFile(),
-                PrestaShopLogger::LOG_SEVERITY_LEVEL_ERROR
+                'MONEI - Exception - confirmation.php - initContent: ' . $ex->getMessage() . ' - ' . $ex->getFile(),
+                $this->module::LOG_SEVERITY_LEVELS['error']
             );
 
             $this->context->cookie->monei_error = $ex->getMessage();

diff --git a/controllers/front/redirect.php b/controllers/front/redirect.php
@@ -98,7 +98,7 @@ public function postProcess()
             $this->context->cookie->monei_error = 'API: ' . $ex->getMessage();
             Tools::redirect($this->context->link->getModuleLink($this->module->name, 'errors'));
         } catch (Exception $ex) {
-            $this->context->cookie->monei_error = 'API: ' . $ex->getMessage();
+            $this->context->cookie->monei_error = $ex->getMessage();
             Tools::redirect($this->context->link->getModuleLink($this->module->name, 'errors'));
         }
 

diff --git a/controllers/front/validation.php b/controllers/front/validation.php
@@ -1,6 +1,7 @@
 <?php
 use Monei\ApiException;
 use Monei\Model\MoneiPayment;
+use Monei\MoneiException;
 use Monei\Traits\ValidationHelpers;
 
 if (!defined('_PS_VERSION_')) {
@@ -14,46 +15,66 @@ class MoneiValidationModuleFrontController extends ModuleFrontController
     public function postProcess()
     {
         // If the module is not active anymore, no need to process anything.
-        if ($this->module->active == false) {
+        if (!$this->module->active) {
             die('Module is not active');
         }
 
-        $data = Tools::file_get_contents('php://input');
+        if (!isset($_SERVER['HTTP_MONEI_SIGNATURE'])) {
+            die('HTTP_MONEI_SIGNATURE is not set');
+        }
+
+        $requestBody = Tools::file_get_contents('php://input');
+        $sigHeader = $_SERVER['HTTP_MONEI_SIGNATURE'];
+
+        try {
+            $this->module->getMoneiClient()->verifySignature($requestBody, $sigHeader);
+        } catch (ApiException $e) {
+            PrestaShopLogger::addLog(
+                'MONEI - Exception - validation.php - postProcess: ' . $e->getMessage() . ' - ' . $e->getFile(),
+                $this->module::LOG_SEVERITY_LEVELS['error']
+            );
+
+            header('HTTP/1.1 401 Unauthorized');
+            echo '<h1>Unauthorized</h1>';
+            echo $e->getMessage();
+            exit;
+        }
 
         try {
             // Check if the data is a valid JSON
-            $json_array = $this->vJSON($data);
+            $json_array = $this->vJSON($requestBody);
             if (!$json_array) {
                 throw new ApiException('Invalid JSON');
             }
 
             // Log the JSON array for debugging
             PrestaShopLogger::addLog(
                 'MONEI - JSON Data: ' . json_encode($json_array),
-                PrestaShopLogger::LOG_SEVERITY_LEVEL_INFORMATIVE
+                $this->module::LOG_SEVERITY_LEVELS['info']
             );
 
             // Parse the JSON to a MoneiPayment object
             $moneiPayment = new MoneiPayment($json_array);
 
             // Create or update the order
-            $this->module->createOrUpdateOrder($moneiPayment);
+            // The ID is sent instead of the object, as if the card token is to be saved, it must be queried via the API and cannot be done from the object.
+            // https://docs.monei.com/docs/guides/save-payment-method/#2-obtain-and-store-payment-token
+            $this->module->createOrUpdateOrder($moneiPayment->getId());
 
             // Log the order creation/update for debugging
             PrestaShopLogger::addLog(
                 'MONEI - Order created/updated for Payment ID: ' . $moneiPayment->getId(),
-                PrestaShopLogger::LOG_SEVERITY_LEVEL_INFORMATIVE
+                $this->module::LOG_SEVERITY_LEVELS['info']
             );
-        } catch (Exception $ex) {
+        } catch (MoneiException $ex) {
             PrestaShopLogger::addLog(
                 'MONEI - Exception - validation.php - postProcess: ' . $ex->getMessage() . ' - ' . $ex->getFile(),
-                PrestaShopLogger::LOG_SEVERITY_LEVEL_ERROR
+                $this->module::LOG_SEVERITY_LEVELS['error']
             );
 
             header('HTTP/1.1 400 Bad Request');
             echo '<h1>Internal Monei Exception</h1>';
             echo $ex->getMessage();
-            exit;
         }
 
         exit;