From 67684732c3f014f3a9325fe6308581cc7f10c23e Mon Sep 17 00:00:00 2001 From: RokPopov Date: Fri, 13 Sep 2024 09:46:06 +0200 Subject: [PATCH] add a check to validate merchant reference from details response against order id --- Helper/PaymentResponseHandler.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/Helper/PaymentResponseHandler.php b/Helper/PaymentResponseHandler.php index 7dd404248..5f5c88b01 100644 --- a/Helper/PaymentResponseHandler.php +++ b/Helper/PaymentResponseHandler.php @@ -168,6 +168,18 @@ public function handlePaymentResponse($paymentsResponse, $payment, $order = null return false; } + if(!$this->isValidMerchantReference($paymentDetailsResponse, $order)) { + $order->setState(\Magento\Sales\Model\Order::STATE_NEW); + $order->save(); + $order->setActionFlag(\Magento\Sales\Model\Order::ACTION_FLAG_CANCEL, true); + $this->dataHelper->cancelOrder($order); + $order->addStatusHistoryComment( + __('Invalid /payment/details response. Order has been cancelled due to potential fraud'), + $order->getStatus() + )->save(); + return false; + } + if (!empty($paymentsResponse['resultCode'])) { $payment->setAdditionalInformation('resultCode', $paymentsResponse['resultCode']); } @@ -304,4 +316,20 @@ public function handlePaymentResponse($paymentsResponse, $payment, $order = null } return true; } + + private function isValidMerchantReference($paymentDetailsResponse, $order) + { + $merchantReference = $paymentDetailsResponse['merchantReference'] ?? null; + if(!$merchantReference) { + $this->adyenLogger->error("No merchantReference in the response"); + return false; + } + + if ($order->getIncrementId() !== $merchantReference) { + $this->adyenLogger->error("Incorrect merchantReference"); + return false; + } + + return true; + } }