Code Sniffer and Varnish fixes

Author: kielsoft

Controller/Payment/AbstractPaystackStandard.php

@@ -105,7 +105,7 @@ public function __construct(
 
         $this->paystack = $this->initPaystackPHP();
 
-
+        
         parent::__construct($context);
     }
 

Controller/Payment/Webhook.php

@@ -22,86 +22,79 @@
 
 namespace Pstk\Paystack\Controller\Payment;
 
-use Magento\Sales\Model\Order;
-use Magento\Framework\App\CsrfAwareActionInterface;
-
-class Webhook extends AbstractPaystackStandard implements CsrfAwareActionInterface
+class Webhook extends AbstractPaystackStandard
 {
 
     public function execute() {
-
-        // Retrieve the request's body and parse it as JSON
-        $event = \Yabacon\Paystack\Event::capture();
-        http_response_code(200);
+        $finalMessage = "failed";
 
         $resultFactory = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_RAW);
+        try {
 
-        /* It is a important to log all events received. Add code *
-         * here to log the signature and body to db or file       */
-        $this->logger->debug("PAYSTACK_LOG: {$event->raw}");
+            // Retrieve the request's body and parse it as JSON
+            $event = \Yabacon\Paystack\Event::capture();
+            http_response_code(200);
+            
+            /* It is a important to log all events received. Add code *
+             * here to log the signature and body to db or file       */
+            $this->logger->debug("PAYSTACK_LOG: {$event->raw}");
 
-        /* Verify that the signature matches one of your keys */
-        $secretKey = $this->configProvider->getSecretKeyArray();
-        $owner = $event->discoverOwner($secretKey);
-        
-        if (!$owner) {
-            // None of the keys matched the event's signature
-            $resultFactory->setContents("auth failed");
-            return $resultFactory;
-        }
+            /* Verify that the signature matches one of your keys */
+            $secretKey = $this->configProvider->getSecretKeyArray();
+            $owner = $event->discoverOwner($secretKey);
+
+            if (!$owner) {
+                // None of the keys matched the event's signature
+                $resultFactory->setContents("auth failed");
+                return $resultFactory;
+            }
+
+            // Do something with $event->obj
+            // Give value to your customer but don't give any output
+            // Remember that this is a call from Paystack's servers and
+            // Your customer is not seeing the response here at all
+            switch ($event->obj->event) {
+                // charge.success
+                case 'charge.success':
+                    if ('success' === $event->obj->data->status) {
+                        $transactionDetails = $this->paystack->transaction->verify([
+                            'reference' => $event->obj->data->reference
+                        ]);
+
+                        $reference = $transactionDetails->data->reference;
 
-        // Do something with $event->obj
-        // Give value to your customer but don't give any output
-        // Remember that this is a call from Paystack's servers and
-        // Your customer is not seeing the response here at all
-        switch ($event->obj->event) {
-            // charge.success
-            case 'charge.success':
-                if ('success' === $event->obj->data->status) {
-                    $transactionDetails = $this->paystack->transaction->verify([
-                        'reference' => $event->obj->data->reference
-                    ]);
+                        $order = $this->orderInterface->loadByIncrementId($reference);
 
-                    $reference = $transactionDetails->data->reference;
+                        //if is popup mode, reference is generated by Paystack and we provided quoteId instead
+                        if((!$order || !$order->getId()) && isset($event->obj->data->metadata->quoteId)){
+
+                            $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
+                            $searchCriteriaBuilder = $objectManager->create('Magento\Framework\Api\SearchCriteriaBuilder');
+                            $searchCriteria = $searchCriteriaBuilder->addFilter('quote_id', $event->obj->data->metadata->quoteId, 'eq')->create();
+                            $items = $this->orderRepository->getList($searchCriteria);
+                            if($items->getTotalCount() == 1){
+                                $order = $items->getFirstItem();
+                            } 
 
-                    $order = $this->orderInterface->loadByIncrementId($reference);
-                    
-                    //if is popup mode, reference is generated by Paystack and we provided quoteId instead
-                    if((!$order || !$order->getId()) && isset($event->obj->data->metadata->quoteId)){
-                        
-                        $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
-                        $searchCriteriaBuilder = $objectManager->create('Magento\Framework\Api\SearchCriteriaBuilder');
-                        $searchCriteria = $searchCriteriaBuilder->addFilter('quote_id', $event->obj->data->metadata->quoteId, 'eq')->create();
-                        $items = $this->orderRepository->getList($searchCriteria);
-                        if($items->getTotalCount() == 1){
-                            $order = $items->getFirstItem();
                         } 
-                        
-                    } 
 
-                    if ($order && $order->getId()) {
-                        // dispatch the `payment_verify_after` event to update the order status
-                        $this->eventManager->dispatch('paystack_payment_verify_after', [
-                            "paystack_order" => $order,
-                        ]);
-                        
-                        $resultFactory->setContents("success");
-                        return $resultFactory;
+                        if ($order && $order->getId()) {
+                            // dispatch the `payment_verify_after` event to update the order status
+                            $this->eventManager->dispatch('paystack_payment_verify_after', [
+                                "paystack_order" => $order,
+                            ]);
+
+                            $resultFactory->setContents("success");
+                            return $resultFactory;
+                        }
                     }
-                }
-                break;
+                    break;
+            }
+        } catch (Exception $exc) {
+            $finalMessage = $exc->getMessage();
         }
 
-        $resultFactory->setContents("failed");
+        $resultFactory->setContents($finalMessage);
         return $resultFactory;
     }
-
-    public function createCsrfValidationException(\Magento\Framework\App\RequestInterface $request) {
-        return null;
-    }
-
-    public function validateForCsrf(\Magento\Framework\App\RequestInterface $request) {
-        return true;
-    }
-
 }

Plugin/CsrfValidatorSkip.php

@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * Paystack Magento2 Module using \Magento\Payment\Model\Method\AbstractMethod
+ * Copyright (C) 2019 Paystack.com
+ * 
+ * This file is part of Pstk/Paystack.
+ * 
+ * Pstk/Paystack is free software => you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http =>//www.gnu.org/licenses/>.
+ */
+
+namespace Pstk\Paystack\Plugin;
+
+/**
+ * Description of CsrfValidatorSkip
+ *
+ * @author Olayode Ezekiel <kielsoft@gmail.com>
+ */
+class CsrfValidatorSkip {
+    /**
+     * @param \Magento\Framework\App\Request\CsrfValidator $subject
+     * @param \Closure $proceed
+     * @param \Magento\Framework\App\RequestInterface $request
+     * @param \Magento\Framework\App\ActionInterface $action
+     */
+    public function aroundValidate(
+        $subject,
+        \Closure $proceed,
+        $request,
+        $action
+    ) {
+        if ("{$request->getModuleName()}/{$request->getActionName()}" == 'paystack/webhook') {
+            return; // Skip CSRF check
+        }
+        $proceed($request, $action); // Proceed Magento 2 core functionalities
+    }
+    
+}

etc/frontend/di.xml

@@ -7,4 +7,7 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Framework\App\Request\CsrfValidator">
+        <plugin name="csrf_validator_skip" type="Pstk\Paystack\Plugin\CsrfValidatorSkip" />
+    </type>
 </config>