Merge branch 'master' into master

Author: tkalejaiye

Controller/Payment/AbstractPaystackStandard.php

@@ -66,6 +66,12 @@ abstract class AbstractPaystackStandard extends \Magento\Framework\App\Action\Ac
      * @var \Psr\Log\LoggerInterface
      */
     protected $logger;
+    
+    /**
+     *
+     * @var \Magento\Framework\App\Request\Http 
+     */
+    protected $request;
 
     /**
      * Constructor
@@ -83,6 +89,7 @@ public function __construct(
             \Magento\Framework\Message\ManagerInterface $messageManager,
             \Pstk\Paystack\Model\Ui\ConfigProvider $configProvider,
             \Magento\Framework\Event\Manager $eventManager,
+            \Magento\Framework\App\Request\Http $request,
             \Psr\Log\LoggerInterface $logger
     ) {
         $this->resultPageFactory = $resultPageFactory;
@@ -93,11 +100,12 @@ public function __construct(
         $this->messageManager = $messageManager;
         $this->configProvider = $configProvider;
         $this->eventManager = $eventManager;
+        $this->request = $request;
         $this->logger = $logger;
 
         $this->paystack = $this->initPaystackPHP();
 
-
+        
         parent::__construct($context);
     }
 

Controller/Payment/Callback.php

@@ -31,7 +31,7 @@ class Callback extends AbstractPaystackStandard {
      */
     public function execute() {
 
-        $reference = isset($_GET['reference']) ? $_GET['reference'] : '';
+        $reference = $this->request->get('reference');
         $message = "";
 
         if (!$reference) {
@@ -44,7 +44,7 @@ public function execute() {
             ]);
 
             $reference = explode('_', $transactionDetails->data->reference, 2);
-            $reference = @$reference[0];
+            $reference = ($reference[0])?: 0;
 
             $order = $this->orderInterface->loadByIncrementId($reference);
 

Controller/Payment/Webhook.php

@@ -22,43 +22,58 @@
 
 namespace Pstk\Paystack\Controller\Payment;
 
+
 use Magento\Sales\Model\Order;
 use Magento\Framework\App\CsrfAwareActionInterface;
 
 include_once realpath(dirname(__FILE__)) . '/class-paystack-plugin-tracker.php';
 class Webhook extends AbstractPaystackStandard implements CsrfAwareActionInterface
+
 {
 
     public function execute() {
+        $finalMessage = "failed";
+        
+        $resultFactory = $this->resultFactory->create(\Magento\Framework\Controller\ResultFactory::TYPE_RAW);
+        try {
 
-        // Retrieve the request's body and parse it as JSON
-        $event = \Yabacon\Paystack\Event::capture();
-        http_response_code(200);
+            // Retrieve the request's body and parse it as JSON
+            $event = \Yabacon\Paystack\Event::capture();
+            http_response_code(200);
+            
+            /* It is a important to log all events received. Add code *
+             * here to log the signature and body to db or file       */
+            $this->logger->debug("PAYSTACK_LOG: {$event->raw}");
 
-        /* It is a important to log all events received. Add code *
-         * here to log the signature and body to db or file       */
-        $this->logger->debug("PAYSTACK_LOG: {$event->raw}");
+            /* Verify that the signature matches one of your keys */
+            $secretKey = $this->configProvider->getSecretKeyArray();
+            $owner = $event->discoverOwner($secretKey);
 
-        /* Verify that the signature matches one of your keys */
-        $secretKey = $this->configProvider->getSecretKeyArray();
-        $owner = $event->discoverOwner($secretKey);
-        
-        if (!$owner) {
-            // None of the keys matched the event's signature
-            die("auth failed");
-        }
+            if (!$owner) {
+                // None of the keys matched the event's signature
+                $resultFactory->setContents("auth failed");
+                return $resultFactory;
+            }
+
+            // Do something with $event->obj
+            // Give value to your customer but don't give any output
+            // Remember that this is a call from Paystack's servers and
+            // Your customer is not seeing the response here at all
+            switch ($event->obj->event) {
+                // charge.success
+                case 'charge.success':
+                    if ('success' === $event->obj->data->status) {
+                        $transactionDetails = $this->paystack->transaction->verify([
+                            'reference' => $event->obj->data->reference
+                        ]);
+
+                        $reference = $transactionDetails->data->reference;
+
+                        $order = $this->orderInterface->loadByIncrementId($reference);
+
+                        //if is popup mode, reference is generated by Paystack and we provided quoteId instead
+                        if((!$order || !$order->getId()) && isset($event->obj->data->metadata->quoteId)){
 
-        // Do something with $event->obj
-        // Give value to your customer but don't give any output
-        // Remember that this is a call from Paystack's servers and
-        // Your customer is not seeing the response here at all
-        switch ($event->obj->event) {
-            // charge.success
-            case 'charge.success':
-                if ('success' === $event->obj->data->status) {
-                    $transactionDetails = $this->paystack->transaction->verify([
-                        'reference' => $event->obj->data->reference
-                    ]);
 
                     $reference = $transactionDetails->data->reference;
                     //PSTK LOGGER HERE
@@ -76,30 +91,26 @@ public function execute() {
                         $items = $this->orderRepository->getList($searchCriteria);
                         if($items->getTotalCount() == 1){
                             $order = $items->getFirstItem();
+
                         } 
-                        
-                    } 
 
-                    if ($order && $order->getId()) {
-                        // dispatch the `payment_verify_after` event to update the order status
-                        $this->eventManager->dispatch('paystack_payment_verify_after', [
-                            "paystack_order" => $order,
-                        ]);
-                        die("success");
+                        if ($order && $order->getId()) {
+                            // dispatch the `payment_verify_after` event to update the order status
+                            $this->eventManager->dispatch('paystack_payment_verify_after', [
+                                "paystack_order" => $order,
+                            ]);
+
+                            $resultFactory->setContents("success");
+                            return $resultFactory;
+                        }
                     }
-                }
-                break;
+                    break;
+            }
+        } catch (Exception $exc) {
+            $finalMessage = $exc->getMessage();
         }
 
-        die("failed");
+        $resultFactory->setContents($finalMessage);
+        return $resultFactory;
     }
-
-    public function createCsrfValidationException(\Magento\Framework\App\RequestInterface $request): ?\Magento\Framework\App\Request\InvalidRequestException {
-        return null;
-    }
-
-    public function validateForCsrf(\Magento\Framework\App\RequestInterface $request): ?bool {
-        return true;
-    }
-
 }

Model/Ui/ConfigProvider.php

@@ -8,7 +8,7 @@
 /**
  * Class ConfigProvider
  */
-final class ConfigProvider implements ConfigProviderInterface
+class ConfigProvider implements ConfigProviderInterface
 {
 
     protected $method;

Plugin/CsrfValidatorSkip.php

@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * Paystack Magento2 Module using \Magento\Payment\Model\Method\AbstractMethod
+ * Copyright (C) 2019 Paystack.com
+ * 
+ * This file is part of Pstk/Paystack.
+ * 
+ * Pstk/Paystack is free software => you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http =>//www.gnu.org/licenses/>.
+ */
+
+namespace Pstk\Paystack\Plugin;
+
+/**
+ * Description of CsrfValidatorSkip
+ *
+ * @author Olayode Ezekiel <kielsoft@gmail.com>
+ */
+class CsrfValidatorSkip {
+    /**
+     * @param \Magento\Framework\App\Request\CsrfValidator $subject
+     * @param \Closure $proceed
+     * @param \Magento\Framework\App\RequestInterface $request
+     * @param \Magento\Framework\App\ActionInterface $action
+     */
+    public function aroundValidate(
+        $subject,
+        \Closure $proceed,
+        $request,
+        $action
+    ) {
+        if ("{$request->getModuleName()}/{$request->getActionName()}" == 'paystack/webhook') {
+            return; // Skip CSRF check
+        }
+        $proceed($request, $action); // Proceed Magento 2 core functionalities
+    }
+    
+}

composer.json

@@ -1,6 +1,7 @@
 {
     "name": "pstk/paystack-magento2-module",
     "description": "Paystack Magento2 Module using \\Magento\\Payment\\Model\\Method\\AbstractMethod",
+    "version": "2.3.5",
     "require": {
         "yabacon/paystack-php": "2.*"
     },

etc/frontend/di.xml

@@ -7,4 +7,7 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Framework\App\Request\CsrfValidator">
+        <plugin name="csrf_validator_skip" type="Pstk\Paystack\Plugin\CsrfValidatorSkip" />
+    </type>
 </config>