Skip to content

Commit a8f2d25

Browse files
Merge pull request #12 from PaystackOSS/patch/webhook
Patch/webhook
2 parents db30459 + 2583983 commit a8f2d25

4 files changed

Lines changed: 41 additions & 28 deletions

File tree

classes/REST/Order_Endpoint.php

Lines changed: 33 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -251,17 +251,17 @@ public function handle_update_order( WP_REST_Request $request ) {
251251
$response = array(
252252
'success' => false,
253253
);
254-
254+
$path = $request->get_route();
255+
256+
if($path == "/tribe/tickets/v1/commerce/paystack/order/webhook"){
257+
return $this->handle_webhook( $request );
258+
}
255259
$order_id = $request->get_param( 'reference' );
260+
$order = tec_tc_get_order($order_id);
256261

257-
$order = tec_tc_orders()->by_args( array(
258-
'status' => tribe( Pending::class )->get_wp_slug(),
259-
'gateway_order_id' => $order_id,
260-
) )->first();
261-
262-
if ( ! $order ) {
263-
return new WP_Error( 'tec-tc-gateway-paystack-nonexistent-order-id', $messages['nonexistent-order-id'], $order );
264-
}
262+
if (!$order) {
263+
return new WP_Error('tec-tc-gateway-paystack-nonexistent-order-id-d', $messages['nonexistent-order-id'], $order);
264+
}
265265

266266
$transaction_status = $request->get_param( 'status' );
267267
$transaction_id = $request->get_param( 'transaction' );
@@ -320,17 +320,25 @@ public function handle_update_order( WP_REST_Request $request ) {
320320

321321
public function handle_webhook( WP_REST_Request $request ) {
322322
// only a post with paystack signature header gets our attention
323-
if ( ( strtoupper( $_SERVER['REQUEST_METHOD']) != 'POST' ) || ! array_key_exists( 'x-paystack-signature', $_SERVER ) ) {
324-
exit();
323+
if ( ( strtoupper( $_SERVER['REQUEST_METHOD']) != 'POST' ) || ! array_key_exists( 'HTTP_X_PAYSTACK_SIGNATURE', $_SERVER ) ) {
324+
return new WP_Error( 'tec-tc-gateway-paystack-unauthorized-webhookk', $messages['unauthorized-webhook'], $input );exit();
325325
}
326+
$response = array(
327+
'success' => false,
328+
);
326329

327330
// Retrieve the request's body
328331
$input = @file_get_contents( "php://input" );
329332
$client = tribe( Client::class );
330-
333+
$decodedInput = json_decode($input);
334+
$jsonString = json_encode($decodedInput, JSON_UNESCAPED_SLASHES);
335+
$jsonString = stripslashes($jsonString);
331336
// validate event do all at once to avoid timing attack
332-
if( $_SERVER['HTTP_X_PAYSTACK_SIGNATURE'] !== hash_hmac( 'sha512', $input, $client->get_barer_key() ) ) {
333-
exit();
337+
$secret = $client->get_barer_key(); // Replace with your actual secret key
338+
$hash = hash_hmac('sha512', $jsonString, $secret);
339+
$paystackSignature = $_SERVER['HTTP_X_PAYSTACK_SIGNATURE'] ?? '';
340+
if( $paystackSignature !== $hash ) {
341+
return new WP_Error( 'tec-tc-gateway-paystack-unauthorized-webhook', $messages['unauthorized-webhook'], 'invalid-signature' );
334342
}
335343

336344
http_response_code( 200 );
@@ -339,14 +347,11 @@ public function handle_webhook( WP_REST_Request $request ) {
339347
// Do something - that will not take long - with $event
340348
$event = json_decode( $input );
341349

342-
if ( isset( $event->event ) && in_array( $event->event, array( 'transfer.success', 'charge.success' ) ) ) {
350+
if ( isset( $event->event ) && in_array( $event->event, array('charge.success' ) ) ) {
343351
if ( isset( $event->data ) && isset( $event->data->reference ) && isset( $event->data->status ) && '' !== $event->data->reference ) {
344-
345-
$order = tec_tc_orders()->by_args( array(
346-
'status' => tribe( Pending::class )->get_wp_slug(),
347-
'gateway_order_id' => $event->data->reference,
348-
) )->first();
349-
352+
$order_id = $event->data->reference;
353+
$order = tec_tc_get_order($order_id);
354+
$response['order_id'] = $order_id;
350355
if ( ! $order ) {
351356
return new WP_Error( 'tec-tc-gateway-paystack-nonexistent-order-id', $messages['nonexistent-order-id'], $order );
352357
}
@@ -359,28 +364,33 @@ public function handle_webhook( WP_REST_Request $request ) {
359364
if ( 'success' === $event->data->status ) {
360365
// Flag the order as Completed.
361366
tribe( Order::class )->modify_status(
362-
$order->ID,
367+
$order_id,
363368
Completed::SLUG,
364369
array(
365370
'gateway_transaction_id' => $event->data->reference,
366371
'gateway_response' => $gateway_repsone,
367372
)
368373
);
374+
$response['success'] = true;
375+
$response['order_status'] = 'complete';
369376
} else if ( 'failed' === $event->data->status ) {
370377

371378

372379
// Flag the order as Completed.
373380
tribe( Order::class )->modify_status(
374-
$order->ID,
381+
$order_id,
375382
Denied::SLUG,
376383
array(
377384
'gateway_transaction_id' => $event->data->reference,
378385
'gateway_response' => $gateway_repsone,
379386
)
380387
);
388+
$response['success'] = true;
389+
$response['order_status'] = 'denied';
381390
}
382391
}
383392
}
393+
return new WP_REST_Response( $response );
384394
exit();
385395
}
386396

classes/class-gateway.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ class Gateway extends Abstract_Gateway {
3232
/**
3333
* @inheritDoc
3434
*/
35-
protected static $supported_currencies = array( 'NGN', 'GHS', 'USD', 'KES', 'CZK', 'ZAR', 'XOF' );
35+
protected static $supported_currencies = array( 'NGN', 'GHS', 'USD', 'KES', 'ZAR', 'XOF', 'EGP' );
3636

3737
/**
3838
* @inheritDoc
@@ -116,7 +116,7 @@ public function filter_admin_notices() {
116116
*/
117117
public function render_unsupported_currency_notice() {
118118
$notice_header = esc_html__( 'Paystack doesn\'t support your selected currency', 'paystack-for-events-calendar' );
119-
$notice_text = esc_html__( 'Paystack does not support your store currency. Kindly set it to either NGN (₦), GHS (₵), USD ($), KES (KSh), ZAR (R), or XOF (CFA)', 'paystack-for-events-calendar' );
119+
$notice_text = esc_html__( 'Paystack does not support your store currency. Kindly set it to either NGN (₦), GHS (₵), USD ($), KES (KSh), ZAR (R), XOF (CFA), or EGP (£) ', 'paystack-for-events-calendar' );
120120

121121
return sprintf(
122122
'<p><strong>%1$s</strong></p><p>%2$s</p>',

paystack-tec.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* Plugin URI: https://github.com/PaystackOSS/plugin-the-events-calendar
55
* Description: Add-on for The Event Calendar that allows you to accept payments for event tickets via Paystack
66
* Author: Paystack
7-
* Version: 1.0.3
7+
* Version: 1.0.5
88
* Author URI: https://paystack.com/
99
* License: GPL3
1010
* Text Domain: paystack-for-events-calendar
@@ -19,7 +19,7 @@
1919
define( 'PS_TEC_PATH', plugin_dir_path( __FILE__ ) );
2020
define( 'PS_TEC_CORE', __FILE__ );
2121
define( 'PS_TEC_URL', plugin_dir_url( __FILE__ ) );
22-
define( 'PS_TEC_VER', '1.0.3' );
22+
define( 'PS_TEC_VER', '1.0.5' );
2323

2424
/* ======================= Below is the Plugin Class init ========================= */
2525
require_once PS_TEC_PATH . '/classes/class-core.php';

readme.txt

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Contributors: paystack, feedmymedia, krugazul, lightspeed, kaneahabagale
33
Tags: the events calendar, paystack, payment gateway
44
Requires at least: 5.8.6
55
Tested up to: 6.2.2
6-
Stable tag: 1.0.4
6+
Stable tag: 1.0.5
77
Requires PHP: 8.0 and higher
88
License: GPL3
99
License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -46,6 +46,9 @@ When you go to the Settings Page to get your API keys, please note the mode that
4646

4747
== Changelog ==
4848

49+
= 1.0.5 =
50+
* Bug fixes
51+
4952
= 1.0.4 =
5053
* Compatibility with WordPress 6.2.2 and PHP 8.1.17
5154

0 commit comments

Comments
 (0)