Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hmac verification on ipn #281

Open
wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

Add hmac verification on ipn #281

wants to merge 9 commits into from
+347 −21

Conversation

joyet-simon
Copy link
Contributor

@joyet-simon joyet-simon commented Sep 25, 2024
edited
Loading

Reason for change

Linear task

Need to implement the verification of HMAC signature on IPN.

Code changes

  • Add a securityHelper to call php-client's function to check HMAC signature.
  • Call this helper in the PaymentHelper.
  • Add some unit tests.

How to test

As a reviewer, you are encouraged to test the PR locally.

You can run unit test locally.

QA ENV

Create a payment and check on Datadog if the log of IPN is ok.
You can try to use Postman to call the IPN url with no signature and bad signature and check the error message.

Checklist for authors and reviewers

  • The title of the PR uses business wording, not technical jargon, for the changelog readers to understand it
  • The PR implements the changes asked in the referenced task / issue
  • The automated tests are compliant with the testing strategy
  • The tests are relevant, and cover the corner/error cases, not only the happy path
  • You understand the impact of this PR on existing code/features
  • The changes include adequate logging and Datadog traces
  • Documentation is updated (API, developer documentation, ADR, Notion...)

Non applicable

@joyet-simon joyet-simon requested a review from a team as a code owner September 25, 2024 09:52
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
Benjamin-Freoua-Alma
Benjamin-Freoua-Alma requested changes Sep 25, 2024
View reviewed changes
src/composer.json Show resolved Hide resolved
src/includes/Helpers/PaymentHelper.php Outdated Show resolved Hide resolved
src/tests/Helpers/PaymentHelperTest.php Show resolved Hide resolved
src/tests/Helpers/PaymentHelperTest.php Show resolved Hide resolved
src/tests/Helpers/SecurityHelperTest.php Show resolved Hide resolved
src/tests/Helpers/SecurityHelperTest.php Show resolved Hide resolved
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2024

⏳E2E tests are currently running.
➡️ You can follow their progression here.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 1, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Benjamin-Freoua-Alma Benjamin-Freoua-Alma Benjamin-Freoua-Alma approved these changes

Assignees
No one assigned
Labels
type: feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joyet-simon @Benjamin-Freoua-Alma @Francois-Gomis