add a check to validate merchant reference from details response agai…

…nst order id
Adyen · Sep 13, 2024 · 6768473 · 6768473
1 parent 055ab67
commit 6768473
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/Helper/PaymentResponseHandler.php b/Helper/PaymentResponseHandler.php
@@ -168,6 +168,18 @@ public function handlePaymentResponse($paymentsResponse, $payment, $order = null
             return false;
         }
 
+        if(!$this->isValidMerchantReference($paymentDetailsResponse, $order)) {
+            $order->setState(\Magento\Sales\Model\Order::STATE_NEW);
+            $order->save();
+            $order->setActionFlag(\Magento\Sales\Model\Order::ACTION_FLAG_CANCEL, true);
+            $this->dataHelper->cancelOrder($order);
+            $order->addStatusHistoryComment(
+                __('Invalid /payment/details response. Order has been cancelled due to potential fraud'),
+                $order->getStatus()
+            )->save();
+            return false;
+        }
+
         if (!empty($paymentsResponse['resultCode'])) {
             $payment->setAdditionalInformation('resultCode', $paymentsResponse['resultCode']);
         }
@@ -304,4 +316,20 @@ public function handlePaymentResponse($paymentsResponse, $payment, $order = null
         }
         return true;
     }
+
+    private function isValidMerchantReference($paymentDetailsResponse, $order)
+    {
+        $merchantReference = $paymentDetailsResponse['merchantReference'] ?? null;
+        if(!$merchantReference) {
+            $this->adyenLogger->error("No merchantReference in the response");
+            return false;
+        }
+
+        if ($order->getIncrementId() !== $merchantReference) {
+            $this->adyenLogger->error("Incorrect merchantReference");
+            return false;
+        }
+
+        return true;
+    }
 }