Merge pull request #23 from imikho/master

viplifes · web-flow · commit 55002e4ae42f · 2017-12-05T12:12:33.000+02:00
Fix wrong logic in check signature
diff --git a/app/code/LiqpayMagento/LiqPay/Helper/Data.php b/app/code/LiqpayMagento/LiqPay/Helper/Data.php
@@ -118,11 +118,15 @@ public function checkOrderIsLiqPayPayment(\Magento\Sales\Api\Data\OrderInterface
     public function securityOrderCheck($data, $receivedPublicKey, $receivedSignature)
     {
         if ($this->isSecurityCheck()) {
-            $privateKey = $this->getPrivateKey();
             $publicKey = $this->getPublicKey();
+            if ($publicKey !== $receivedPublicKey) {
+                return false;
+            }            
+            
+            $privateKey = $this->getPrivateKey();
             $generatedSignature = base64_encode(sha1($privateKey . $data . $privateKey, 1));
-            return $privateKey && $publicKey
-                && $receivedSignature == $generatedSignature || $publicKey == $receivedPublicKey;
+            
+            return $receivedSignature === $generatedSignature;
         } else {
             return true;
         }
@@ -132,4 +136,4 @@ public function getLogger()
     {
         return $this->_logger;
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -118,11 +118,15 @@ public function checkOrderIsLiqPayPayment(\Magento\Sales\Api\Data\OrderInterface`
`118`	`118`	`public function securityOrderCheck($data, $receivedPublicKey, $receivedSignature)`
`119`	`119`	`{`
`120`	`120`	`if ($this->isSecurityCheck()) {`
`121`		`- $privateKey = $this->getPrivateKey();`
`122`	`121`	`$publicKey = $this->getPublicKey();`
	`122`	`+ if ($publicKey !== $receivedPublicKey) {`
	`123`	`+ return false;`
	`124`	`+ }`
	`125`	`+`
	`126`	`+ $privateKey = $this->getPrivateKey();`
`123`	`127`	`$generatedSignature = base64_encode(sha1($privateKey . $data . $privateKey, 1));`
`124`		`- return $privateKey && $publicKey`
`125`		`- && $receivedSignature == $generatedSignature \|\| $publicKey == $receivedPublicKey;`
	`128`	`+`
	`129`	`+ return $receivedSignature === $generatedSignature;`
`126`	`130`	`} else {`
`127`	`131`	`return true;`
`128`	`132`	`}`
`@@ -132,4 +136,4 @@ public function getLogger()`
`132`	`136`	`{`
`133`	`137`	`return $this->_logger;`
`134`	`138`	`}`
`135`		`-}`
	`139`	`+}`