Skip to content

I
iwl-live
Commit 1dfc78c1 authored by Antonio.Suerte's avatar Antonio.Suerte
Browse files
Options

Payment API Session Expiration Enhancement

parent 57f9b8dc
Show whitespace changes
Inline Side-by-side
Showing with 50 additions and 18 deletions
logic/settlement/controller.php
View file @ 1dfc78c1
...@@ -41,6 +41,9 @@ class ControlSettlement extends LogicSettlement { ...@@ -41,6 +41,9 @@ class ControlSettlement extends LogicSettlement {
case TYPE_FAIL: case TYPE_FAIL:
require_once($this -> getUserHTML('TEMPLATE_SETTLEMENT_FAIL_PATH')); require_once($this -> getUserHTML('TEMPLATE_SETTLEMENT_FAIL_PATH'));
break; break;
case TYPE_REQUEST_SESSION_EXPIRED:
require_once($this -> getUserHTML('TEMPLATE_SETTLEMENT_REQUEST_EXPIRED_PATH'));
break;
} }
} catch (Exception $e) { } catch (Exception $e) {
......
logic/settlement/model.php
View file @ 1dfc78c1
...@@ -343,11 +343,11 @@ class SettlementModelClass extends ModelClassEx { ...@@ -343,11 +343,11 @@ class SettlementModelClass extends ModelClassEx {
$this -> settleForm = $this -> getSettlementForm($midsign -> uniqueKey); $this -> settleForm = $this -> getSettlementForm($midsign -> uniqueKey);
$redirection = function($deleteForm = true) use ($midsign, $settleData) { $redirection = function($deleteForm = true) use ($midsign, $settleData) {
if($deleteForm) if($deleteForm){
$this -> accessModify("DELETE_SETTLEMENT_FORM", [$midsign -> uniqueKey], false); $this -> accessModify("DELETE_SETTLEMENT_FORM", [$midsign -> uniqueKey], false);
$this -> setType(TYPE_REQUEST_SESSION_EXPIRED);
}else
header("Location: /{$settleData -> language}"); header("Location: /{$settleData -> language}");
exit();
}; };
if($this -> settleForm){ if($this -> settleForm){
...@@ -456,6 +456,30 @@ class SettlementModelClass extends ModelClassEx { ...@@ -456,6 +456,30 @@ class SettlementModelClass extends ModelClassEx {
} }
private function validateProcessing(){ private function validateProcessing(){
try{
$midPsignKey = $this -> paymentAPIConf -> middleware_sig_passphrase;
$jwtTokenKey = $this -> midconf -> token_secretkey.strtotime(date("Ymd"));
// throwable
$decoded = JWT::decode(
$this -> paymentToken,
$jwtTokenKey,
[$this -> midconf -> algorithm]);
// throwable
$midsign = Crypto::decryptWithPassword($decoded -> midsign, $midPsignKey);
if($this -> checkJSONString($midsign)){
$midsign = json_decode($midsign);
$expire = strtotime($midsign -> expiration);
$now = strtotime(date("YmdHis"));
if($now > $expire)
throw new Exception("Session Expired");
}else
throw new Exception("Not a JSON String");
if($this -> uniqueSubmission == $this -> formName.md5($this -> paymentAPIConf -> middleware_sig_passphrase)){ if($this -> uniqueSubmission == $this -> formName.md5($this -> paymentAPIConf -> middleware_sig_passphrase)){
$this -> setData(); $this -> setData();
$this -> arrangeFreeParams(); $this -> arrangeFreeParams();
...@@ -470,6 +494,11 @@ class SettlementModelClass extends ModelClassEx { ...@@ -470,6 +494,11 @@ class SettlementModelClass extends ModelClassEx {
if($this -> isLoopData($this -> invalidFormParams)) if($this -> isLoopData($this -> invalidFormParams))
$this -> setType(TYPE_FAIL); $this -> setType(TYPE_FAIL);
}catch(Exception $e){
$this -> accessModify("DELETE_SETTLEMENT_FORM", [$this -> formName], false);
$this -> setType(TYPE_REQUEST_SESSION_EXPIRED);
}
} }
private function arrangeFormLink(){ private function arrangeFormLink(){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment