From c3edd55f1cbef455b8276d16de0fd26204511cff Mon Sep 17 00:00:00 2001 From: Vincent Boulanger Date: Thu, 1 Feb 2024 15:50:04 +0100 Subject: [PATCH 1/2] OX6-156: Update hash method --- application/views/admin/tpl/fcpayone_main.tpl | 13 -------- core/fcpayone_events.php | 8 ----- .../controllers/fcPayOnePaymentView.php | 30 ++----------------- 3 files changed, 3 insertions(+), 48 deletions(-) diff --git a/application/views/admin/tpl/fcpayone_main.tpl b/application/views/admin/tpl/fcpayone_main.tpl index b4f2e72..6c2f37a 100755 --- a/application/views/admin/tpl/fcpayone_main.tpl +++ b/application/views/admin/tpl/fcpayone_main.tpl @@ -91,19 +91,6 @@
-
-
- - [{oxinputhelp ident="FCPO_HELP_HASH_METHOD"}] -
-
- [{oxmultilang ident="FCPO_HASH_METHOD"}] -
-
-
diff --git a/core/fcpayone_events.php b/core/fcpayone_events.php index 6b7307b..ac928bc 100755 --- a/core/fcpayone_events.php +++ b/core/fcpayone_events.php @@ -1018,14 +1018,6 @@ public static function deactivatePaymethods() public static function setDefaultConfigValues() { $oConfig = self::$_oFcpoHelper->fcpoGetConfig(); - $blIsUpdate = self::isUpdate(); - $blHashMethodSet = (bool) $oConfig->getConfigParam('sFCPOHashMethod'); - - if (!$blHashMethodSet && $blIsUpdate) { - $oConfig->saveShopConfVar('str', 'sFCPOHashMethod', 'md5'); - } else if (!$blHashMethodSet) { - $oConfig->saveShopConfVar('str', 'sFCPOHashMethod', 'sha2-384'); - } if (!$oConfig->getConfigParam('sFCPOAddresscheck')) { $oConfig->saveShopConfVar('str', 'sFCPOAddresscheck', 'NO'); diff --git a/extend/application/controllers/fcPayOnePaymentView.php b/extend/application/controllers/fcPayOnePaymentView.php index 88dceb3..20b9a25 100755 --- a/extend/application/controllers/fcPayOnePaymentView.php +++ b/extend/application/controllers/fcPayOnePaymentView.php @@ -832,8 +832,6 @@ public function fcGetLangId() */ public function getHashCC($sType = '') { - $oConfig = $this->_oFcpoHelper->fcpoGetConfig(); - $sFCPOHashMethod = $oConfig->getConfigParam('sFCPOHashMethod'); $sKey = $this->getPortalKey(); $sData = @@ -846,13 +844,7 @@ public function getHashCC($sType = '') 'JSON' . 'yes'; - $sHashMD5 = md5($sData.$sKey); - $sHashSha2 = hash_hmac('sha384', $sData, $sKey); - - $sHash = ($sFCPOHashMethod == 'sha2-384') - ? $sHashSha2 : $sHashMD5; - - return $sHash; + return hash_hmac('sha384', $sData, $sKey); } /** @@ -939,8 +931,6 @@ public function fcpoGetActiveThemePath() { */ public function getHashELVWithChecktype() { - $oConfig = $this->_oFcpoHelper->fcpoGetConfig(); - $sFCPOHashMethod = $oConfig->getConfigParam('sFCPOHashMethod'); $sKey = $this->getPortalKey(); $sData = @@ -953,13 +943,7 @@ public function getHashELVWithChecktype() 'bankaccountcheck' . 'JSON'; - $sHashMD5 = md5($sData.$sKey); - $sHashSha2 = hash_hmac('sha384', $sData, $sKey); - - $sHash = ($sFCPOHashMethod == 'sha2-384') - ? $sHashSha2 : $sHashMD5; - - return $sHash; + return hash_hmac('sha384', $sData, $sKey); } /** @@ -969,8 +953,6 @@ public function getHashELVWithChecktype() */ public function getHashELVWithoutChecktype() { - $oConfig = $this->_oFcpoHelper->fcpoGetConfig(); - $sFCPOHashMethod = $oConfig->getConfigParam('sFCPOHashMethod'); $sKey = $this->getPortalKey(); $sData = @@ -982,13 +964,7 @@ public function getHashELVWithoutChecktype() 'bankaccountcheck' . 'JSON'; - $sHashMD5 = md5($sData.$sKey); - $sHashSha2 = hash_hmac('sha384', $sData, $sKey); - - $sHash = ($sFCPOHashMethod == 'sha2-384') - ? $sHashSha2 : $sHashMD5; - - return $sHash; + return hash_hmac('sha384', $sData, $sKey); } /** From dc0ac2731f6c1cc9a14baf487246544fae671e34 Mon Sep 17 00:00:00 2001 From: Vincent Boulanger Date: Thu, 1 Feb 2024 16:18:34 +0100 Subject: [PATCH 2/2] OX6-156: Fix Tests --- .../application/controllers/fcPayonePaymentViewTest.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/unit/fcPayOne/extend/application/controllers/fcPayonePaymentViewTest.php b/tests/unit/fcPayOne/extend/application/controllers/fcPayonePaymentViewTest.php index 3d623ff..8c97cc7 100755 --- a/tests/unit/fcPayOne/extend/application/controllers/fcPayonePaymentViewTest.php +++ b/tests/unit/fcPayOne/extend/application/controllers/fcPayonePaymentViewTest.php @@ -1093,7 +1093,7 @@ public function test_getHashELVWithChecktype_Coverage() $oTestObject->expects($this->any())->method('getPortalId')->will($this->returnValue('somePortalId')); $oTestObject->expects($this->any())->method('getPortalKey')->will($this->returnValue('somePortalKey')); - $sExpectHash = md5('someSubaccountIdsomeChecktypesomeEncodingsomeMerchantIdtestsomePortalIdbankaccountcheckJSONsomePortalKey'); + $sExpectHash = hash_hmac('sha384', 'someSubaccountIdsomeChecktypesomeEncodingsomeMerchantIdtestsomePortalIdbankaccountcheckJSON', 'somePortalKey'); $this->assertEquals($sExpectHash, $this->invokeMethod($oTestObject, 'getHashELVWithChecktype')); } @@ -1131,7 +1131,7 @@ public function test_getHashELVWithoutChecktype_Coverage() $oTestObject->expects($this->any())->method('getPortalId')->will($this->returnValue('somePortalId')); $oTestObject->expects($this->any())->method('getPortalKey')->will($this->returnValue('somePortalKey')); - $sExpectHash = md5('someSubaccountIdsomeEncodingsomeMerchantIdtestsomePortalIdbankaccountcheckJSONsomePortalKey'); + $sExpectHash = hash_hmac('sha384', 'someSubaccountIdsomeEncodingsomeMerchantIdtestsomePortalIdbankaccountcheckJSON', 'somePortalKey'); $this->assertEquals($sExpectHash, $this->invokeMethod($oTestObject, 'getHashELVWithoutChecktype')); }