Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hmac verification on ipn #18

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

Add hmac verification on ipn #18

wants to merge 6 commits into from

Conversation

joyet-simon
Copy link

@joyet-simon joyet-simon commented Sep 30, 2024
edited
Loading

Reason for change

Linear task
Need to implement HMAC verification for IPN

Code changes

We add a SecurityHelper, a new AlmaException and a SecurityException.
In the SecurityHelper, we use the php client's function to make a verification on the signature.
We call this helper's function in the notify action (=IPN) and we throw exception when it's necessary.

How to test

As a reviewer, you are encouraged to test the PR locally.

Try to make a payment on the QA ENV, leave the Alma checkout before the return on the success page to get IPN call. Check on Datadog if everything is fine.
You can use POSTMAN to make a call with no signature or a bad signature.

Checklist for authors and reviewers

  • The title of the PR uses business wording, not technical jargon, for the changelog readers to understand it
  • The PR implements the changes asked in the referenced task / issue
  • The automated tests are compliant with the testing strategy
  • The tests are relevant, and cover the corner/error cases, not only the happy path
  • You understand the impact of this PR on existing code/features
  • The changes include adequate logging and Datadog traces
  • Documentation is updated (API, developer documentation, ADR, Notion...)

Non applicable

@joyet-simon joyet-simon changed the base branch from main to develop September 30, 2024 12:58
@joyet-simon joyet-simon changed the title Feature/ecom 1822 sylius add hmac verification on ipn Add hmac verification on ipn Oct 1, 2024
Benjamin-Freoua-Alma
Benjamin-Freoua-Alma requested changes Oct 3, 2024
View reviewed changes
src/Helper/SecurityHelper.php Outdated Show resolved Hide resolved
src/Payum/Action/NotifyAction.php Outdated Show resolved Hide resolved
Francois-Gomis
Francois-Gomis requested changes Oct 7, 2024
View reviewed changes
src/Helper/SecurityHelper.php Outdated Show resolved Hide resolved
Francois-Gomis
Francois-Gomis requested changes Oct 7, 2024
View reviewed changes
src/Helper/SecurityHelper.php Outdated Show resolved Hide resolved
Benjamin-Freoua-Alma
Benjamin-Freoua-Alma approved these changes Oct 8, 2024
View reviewed changes
Copy link
Member

@Benjamin-Freoua-Alma Benjamin-Freoua-Alma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without QA Test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Benjamin-Freoua-Alma Benjamin-Freoua-Alma Benjamin-Freoua-Alma approved these changes

@webaaz webaaz Awaiting requested review from webaaz

@FranceBe FranceBe Awaiting requested review from FranceBe

@Francois-Gomis Francois-Gomis Awaiting requested review from Francois-Gomis Francois-Gomis is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joyet-simon @FranceBe @Benjamin-Freoua-Alma @Francois-Gomis