diff --git a/README.md b/README.md index e3b693c3..6bf31f30 100644 --- a/README.md +++ b/README.md @@ -111,15 +111,16 @@ $data = $response->getData(); $data['paymentProfile']['customerProfileId']; $data['paymentProfile']['customerPaymentProfileId']; -//Now you can use these 2 fields to reference this customer and this payment profile for later use with -//the rest of the CIM driver features as usual. + +// Now you can use these 2 fields to reference this customer and this payment profile for later use with +// the rest of the CIM driver features as usual. ``` ## DPM and SIM Signatures DPM and SIM used to sign their requests with the `transactionKey` using the mdh HMAC algorithm. From early 2019, this algorithm is being removed completely. -Instead, the SHA-512 HMAC algorithm is used to sign the DPM and SIM requsts, +Instead, the SHA-512 HMAC algorithm is used to sign the DPM and SIM requests, and to validate the received notifications. To start using the SHA-512 signing, set your `signatureKey` in the gateway: diff --git a/src/Message/DPMAuthorizeRequest.php b/src/Message/DPMAuthorizeRequest.php index 8bcf1829..8fd631d9 100644 --- a/src/Message/DPMAuthorizeRequest.php +++ b/src/Message/DPMAuthorizeRequest.php @@ -6,6 +6,7 @@ * Authorize.Net DPM Authorize Request. * Takes the data that will be used to create the direct-post form. */ + class DPMAuthorizeRequest extends SIMAuthorizeRequest { protected $action = 'AUTH_ONLY'; diff --git a/src/Message/DPMCompleteRequest.php b/src/Message/DPMCompleteRequest.php index 54cf5774..28a75dcf 100644 --- a/src/Message/DPMCompleteRequest.php +++ b/src/Message/DPMCompleteRequest.php @@ -5,7 +5,7 @@ /** * Authorize.Net DPM Complete Authorize Request */ -class DPMCompleteRequest extends SIMCompleteAuthorizeRequest +class DPMCompleteRequest extends SIMCompleteRequest { public function sendData($data) { diff --git a/src/Message/DPMCompleteResponse.php b/src/Message/DPMCompleteResponse.php index 92975509..26df385f 100644 --- a/src/Message/DPMCompleteResponse.php +++ b/src/Message/DPMCompleteResponse.php @@ -5,6 +5,6 @@ /** * SIM and DPM both have identical needs when handling the notify request. */ -class DPMCompleteResponse extends SIMCompleteAuthorizeResponse +class DPMCompleteResponse extends SIMCompleteResponse { } diff --git a/src/Message/SIMAbstractRequest.php b/src/Message/SIMAbstractRequest.php index 7224cb9b..05668230 100644 --- a/src/Message/SIMAbstractRequest.php +++ b/src/Message/SIMAbstractRequest.php @@ -2,11 +2,12 @@ namespace Omnipay\AuthorizeNet\Message; -use Omnipay\Common\Message\AbstractRequest; - /** * Authorize.Net SIM Abstract Request */ + +use Omnipay\Common\Message\AbstractRequest; + abstract class SIMAbstractRequest extends AbstractRequest { /** diff --git a/src/Message/SIMAuthorizeRequest.php b/src/Message/SIMAuthorizeRequest.php index 4c35f219..fbbf0766 100644 --- a/src/Message/SIMAuthorizeRequest.php +++ b/src/Message/SIMAuthorizeRequest.php @@ -54,7 +54,8 @@ public function getData() } $data = array_merge($data, $this->getBillingData()); - $data['x_fp_hash'] = $this->getHash($data); + + $data['x_fp_hash'] = $this->createHash($data); return $data; } @@ -64,10 +65,11 @@ public function getData() * modified en-route. * It uses the TransactionKey, which is a shared secret between the merchant * and Authorize.Net The sequence and timestamp provide additional salt. + * * @param $data * @return string */ - public function getHash($data) + public function createHash($data) { $fingerprint = implode( '^', diff --git a/src/Message/SIMAuthorizeResponse.php b/src/Message/SIMAuthorizeResponse.php index 8be92d00..e0972a53 100644 --- a/src/Message/SIMAuthorizeResponse.php +++ b/src/Message/SIMAuthorizeResponse.php @@ -47,6 +47,8 @@ public function getRedirectData() public function getTransactionId() { - return isset($this->data[SIMAbstractRequest::TRANSACTION_ID_PARAM]) ? $this->data[SIMAbstractRequest::TRANSACTION_ID_PARAM] : null; + return isset($this->data[SIMAbstractRequest::TRANSACTION_ID_PARAM]) + ? $this->data[SIMAbstractRequest::TRANSACTION_ID_PARAM] + : null; } } diff --git a/src/Message/SIMCompleteAuthorizeRequest.php b/src/Message/SIMCompleteAuthorizeRequest.php deleted file mode 100644 index a36ea1f2..00000000 --- a/src/Message/SIMCompleteAuthorizeRequest.php +++ /dev/null @@ -1,171 +0,0 @@ -httpRequest->request->get(static::TRANSACTION_ID_PARAM); - } - - public function getData() - { - // The hash sent in the callback from the Authorize.Net gateway. - $hash_posted = $this->getPostedHash(); - - // The transaction reference generated by the Authorize.Net gateway and sent in the callback. - $posted_transaction_reference = $this->httpRequest->request->get('x_trans_id'); - - // The amount that the callback has authorized. - $posted_amount = $this->httpRequest->request->get('x_amount'); - - // Calculate the hash locally, using the shared "hash secret" and login ID. - $hash_calculated = $this->getHash($posted_transaction_reference, $posted_amount); - - if ($hash_posted !== $hash_calculated) { - // If the hash is incorrect, then we can't trust the source nor anything sent. - // Throwing exceptions here is probably a bad idea. We are trying to get the data, - // and if it is invalid, then we need to be able to log that data for analysis. - // Except we can't, baceuse the exception means we can't get to the data. - // For now, this is consistent with other OmniPay gateway drivers. - - throw new InvalidRequestException('Incorrect hash'); - } - - // The hashes have passed, but the amount should also be validated against the - // amount in the stored and retrieved transaction. If the application has the - // ability to retrieve the transaction (using the transaction_id sent as a custom - // form field, or perhaps in an otherwise unused field such as x_invoice_id. - - $amount = $this->getAmount(); - - if (isset($amount) && $amount != $posted_amount) { - // The amounts don't match. Someone may have been playing with the - // transaction references. - - throw new InvalidRequestException('Incorrect amount'); - } - - return $this->httpRequest->request->all(); - } - - /** - * CHECKME: should this be the transactionReference in the hash, not the transactionId? - * The transaction reference and the amount are both sent by the remote gateway (x_trans_id - * and x_amount) and it is those that should be checked against. - * @param $transaction_reference - * @param $amount - * @param $httpRequest - * @return string - */ - public function getHash($transaction_reference, $amount) - { - if ($this->getSignatureKey()) { - return $this->getSha512Hash(); - } else { - return $this->getMd5Hash($transaction_reference, $amount); - } - } - - /** - * Generate md5 hash. - * - * @param $transaction_reference - * @param $amount - * @return string - */ - public function getMd5Hash($transaction_reference, $amount) - { - $key = array( - $this->getHashSecret(), - $this->getApiLoginId(), - $transaction_reference, - $amount, - ); - - return md5(implode('', $key)); - } - - /** - * Generate sha512 hash. - * Required fields are provided in Table 18 in - * https://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf#page=73 - * @param $httpRequest - * @return string|null - */ - public function getSha512Hash() - { - $signatureKey = $this->getSignatureKey(); - $httpRequest = $this->httpRequest->request; - - if (empty($signatureKey)) { - return null; - } - - $hashData = implode('^', [ - $httpRequest->get('x_trans_id'), - $httpRequest->get('x_test_request'), - $httpRequest->get('x_response_code'), - $httpRequest->get('x_auth_code'), - $httpRequest->get('x_cvv2_resp_code'), - $httpRequest->get('x_cavv_response'), - $httpRequest->get('x_avs_code'), - $httpRequest->get('x_method'), - $httpRequest->get('x_account_number'), - $httpRequest->get('x_amount'), - $httpRequest->get('x_company'), - $httpRequest->get('x_first_name'), - $httpRequest->get('x_last_name'), - $httpRequest->get('x_address'), - $httpRequest->get('x_city'), - $httpRequest->get('x_state'), - $httpRequest->get('x_zip'), - $httpRequest->get('x_country'), - $httpRequest->get('x_phone'), - $httpRequest->get('x_fax'), - $httpRequest->get('x_email'), - $httpRequest->get('x_ship_to_company'), - $httpRequest->get('x_ship_to_first_name'), - $httpRequest->get('x_ship_to_last_name'), - $httpRequest->get('x_ship_to_address'), - $httpRequest->get('x_ship_to_city'), - $httpRequest->get('x_ship_to_state'), - $httpRequest->get('x_ship_to_zip'), - $httpRequest->get('x_ship_to_country'), - $httpRequest->get('x_invoice_num'), - ]); - $hash = hash_hmac('sha512', '^' . $hashData . '^', hex2bin($signatureKey)); - $hash = strtoupper($hash); - - return $hash; - } - - /** - * Get posted hash from the callback from the Authorize.Net gateway. - * - * @return string|null - */ - public function getPostedHash() - { - if ($signatureKey = $this->getSignatureKey()) { - return strtoupper($this->httpRequest->request->get('x_SHA2_Hash')); - } - - return strtolower($this->httpRequest->request->get('x_MD5_Hash')); - } - - public function sendData($data) - { - return $this->response = new SIMCompleteAuthorizeResponse($this, $data); - } -} diff --git a/src/Message/SIMCompleteRequest.php b/src/Message/SIMCompleteRequest.php new file mode 100644 index 00000000..72427692 --- /dev/null +++ b/src/Message/SIMCompleteRequest.php @@ -0,0 +1,158 @@ +httpRequest->request->get(static::TRANSACTION_ID_PARAM); + } + + public function getData() + { + // The hash sent in the callback from the Authorize.Net gateway. + $hashPosted = $this->getPostedHash(); + + // Calculate the hash locally, using the shared "hash secret" and login ID. + $hashCalculated = $this->getHash(); + + if ($hashPosted !== $hashCalculated) { + // If the hash is incorrect, then we can't trust the source nor anything sent. + // Throwing exceptions here is probably a bad idea. We are trying to get the data, + // and if it is invalid, then we need to be able to log that data for analysis. + // Except we can't, baceuse the exception means we can't get to the data. + // For now, this is consistent with other OmniPay gateway drivers. + + throw new InvalidRequestException('Incorrect hash'); + } + + // The hashes have passed, but the amount should also be validated against the + // amount in the stored and retrieved transaction. If the application has the + // ability to retrieve the transaction (using the transaction_id sent as a custom + // form field, or perhaps in an otherwise unused field such as x_invoice_id. + + $amount = $this->getAmount(); + $postedAmount = $this->httpRequest->request->get('x_amount'); + + if (isset($amount) && $amount != $postedAmount) { + // The amounts don't match. Someone may have been playing with the + // transaction references. + + throw new InvalidRequestException('Incorrect amount'); + } + + return $this->httpRequest->request->all(); + } + + /** + * @return string + */ + public function getHash() + { + if ($this->getSignatureKey()) { + return $this->getSha512Hash(); + } else { + return $this->getMd5Hash(); + } + } + + /** + * Generate md5 hash. + * + * @param $transaction_reference + * @param $amount + * @return string + */ + public function getMd5Hash() + { + $transactionReference = $this->httpRequest->request->get('x_trans_id'); + $amount = $this->httpRequest->request->get('x_amount'); + + $key = array( + $this->getHashSecret(), + $this->getApiLoginId(), + $transactionReference, + $amount, + ); + + return md5(implode('', $key)); + } + + /** + * Generate sha512 hash. + * Required fields are provided in Table 18 in + * https://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf#page=73 + * + * @return string hash generated from server request transformed to upper case + */ + public function getSha512Hash() + { + $signatureKey = $this->getSignatureKey(); + $request = $this->httpRequest->request; + + $hashData = '^' . implode('^', [ + $request->get('x_trans_id'), + $request->get('x_test_request'), + $request->get('x_response_code'), + $request->get('x_auth_code'), + $request->get('x_cvv2_resp_code'), + $request->get('x_cavv_response'), + $request->get('x_avs_code'), + $request->get('x_method'), + $request->get('x_account_number'), + $request->get('x_amount'), + $request->get('x_company'), + $request->get('x_first_name'), + $request->get('x_last_name'), + $request->get('x_address'), + $request->get('x_city'), + $request->get('x_state'), + $request->get('x_zip'), + $request->get('x_country'), + $request->get('x_phone'), + $request->get('x_fax'), + $request->get('x_email'), + $request->get('x_ship_to_company'), + $request->get('x_ship_to_first_name'), + $request->get('x_ship_to_last_name'), + $request->get('x_ship_to_address'), + $request->get('x_ship_to_city'), + $request->get('x_ship_to_state'), + $request->get('x_ship_to_zip'), + $request->get('x_ship_to_country'), + $request->get('x_invoice_num'), + ]) . '^'; + $hash = hash_hmac('sha512', $hashData, hex2bin($signatureKey)); + + return strtoupper($hash); + } + + /** + * Get posted hash from the callback from the Authorize.Net gateway. + * + * @return string|null + */ + public function getPostedHash() + { + if ($signatureKey = $this->getSignatureKey()) { + return strtoupper($this->httpRequest->request->get('x_SHA2_Hash')); + } + + return strtolower($this->httpRequest->request->get('x_MD5_Hash')); + } + + public function sendData($data) + { + return $this->response = new SIMCompleteResponse($this, $data); + } +} diff --git a/src/Message/SIMCompleteAuthorizeResponse.php b/src/Message/SIMCompleteResponse.php similarity index 97% rename from src/Message/SIMCompleteAuthorizeResponse.php rename to src/Message/SIMCompleteResponse.php index b7270d34..ed05befa 100644 --- a/src/Message/SIMCompleteAuthorizeResponse.php +++ b/src/Message/SIMCompleteResponse.php @@ -2,14 +2,15 @@ namespace Omnipay\AuthorizeNet\Message; +/** + * Authorize.Net SIM Complete Authorize Response + */ + use Omnipay\Common\Message\AbstractResponse; use Omnipay\Common\Message\RedirectResponseInterface; use Symfony\Component\HttpFoundation\Response as HttpResponse; -/** - * Authorize.Net SIM Complete Authorize Response - */ -class SIMCompleteAuthorizeResponse extends AbstractResponse implements RedirectResponseInterface +class SIMCompleteResponse extends AbstractResponse implements RedirectResponseInterface { // Response codes returned by Authorize.Net diff --git a/src/SIMGateway.php b/src/SIMGateway.php index ae8a143b..b8566a56 100644 --- a/src/SIMGateway.php +++ b/src/SIMGateway.php @@ -60,7 +60,7 @@ public function authorize(array $parameters = array()) public function completeAuthorize(array $parameters = array()) { - return $this->createRequest('\Omnipay\AuthorizeNet\Message\SIMCompleteAuthorizeRequest', $parameters); + return $this->createRequest('\Omnipay\AuthorizeNet\Message\SIMCompleteRequest', $parameters); } public function capture(array $parameters = array()) diff --git a/tests/Message/DPMAuthorizeRequestTest.php b/tests/Message/DPMAuthorizeRequestTest.php index 54521bd1..9b018ea7 100644 --- a/tests/Message/DPMAuthorizeRequestTest.php +++ b/tests/Message/DPMAuthorizeRequestTest.php @@ -81,7 +81,7 @@ public function testGetHash() $expected = hash_hmac('md5', 'user^a^b^c^', 'key'); - $this->assertSame($expected, $this->request->getHash($data)); + $this->assertSame($expected, $this->request->createHash($data)); } public function testSend() diff --git a/tests/Message/DPMCompleteRequestTest.php b/tests/Message/DPMCompleteRequestTest.php index c22202b5..28684d41 100644 --- a/tests/Message/DPMCompleteRequestTest.php +++ b/tests/Message/DPMCompleteRequestTest.php @@ -8,7 +8,7 @@ use Omnipay\Tests\TestCase; -class DPMCompleteAuthorizeRequestTest extends TestCase +class DPMCompleteRequestTest extends TestCase { public function setUp() { @@ -25,14 +25,69 @@ public function testGetDataInvalid() $this->request->getData(); } - public function testGetHash() + public function testGetMd5Hash() { - $this->assertSame(md5(''), $this->request->getHash('', '')); + $this->assertSame(md5(''), $this->request->getHash()); $this->request->setHashSecret('hashsec'); $this->request->setApiLoginId('apilogin'); - $this->assertSame(md5('hashsec' . 'apilogin' . 'trnid' . '10.00'), $this->request->getHash('trnid', '10.00')); + $this->getHttpRequest()->request->replace( + array( + 'x_trans_id' => 'trnid', + 'x_amount' => '10.00', + ) + ); + + $this->assertSame( + md5('hashsec' . 'apilogin' . 'trnid' . '10.00'), + $this->request->getHash() + ); + } + + public function testGetSha512Hash() + { + $this->request->setSignatureKey('48D2C629E4AE7CA3C4E6CD7223DA'); + + $this->getHttpRequest()->request->replace( + array( + 'x_trans_id' => 'trn123456', + 'x_test_request' => 'xxx', + 'x_response_code' => 'xxx', + 'x_auth_code' => 'xxx', + 'x_cvv2_resp_code' => 'xxx', + 'x_cavv_response' => 'xxx', + 'x_avs_code' => 'xxx', + 'x_method' => 'xxx', + 'x_account_number' => 'xxx', + 'x_amount' => '10.99', + 'x_company' => 'xxx', + 'x_first_name' => 'xxx', + 'x_last_name' => 'xxx', + 'x_address' => 'xxx', + 'x_city' => 'xxx', + 'x_state' => 'xxx', + 'x_zip' => 'xxx', + 'x_country' => 'xxx', + 'x_phone' => 'xxx', + 'x_fax' => 'xxx', + 'x_email' => 'xxx', + 'x_ship_to_company' => 'xxx', + 'x_ship_to_first_name' => 'xxx', + 'x_ship_to_last_name' => 'xxx', + 'x_ship_to_address' => 'xxx', + 'x_ship_to_city' => 'xxx', + 'x_ship_to_state' => 'xxx', + 'x_ship_to_zip' => 'xxx', + 'x_ship_to_country' => 'xxx', + 'x_invoice_num' => 'xxx', + ) + ); + + $this->assertSame( + 'F9A0DE7A9AC83E0B8043CD7CBD804ED41FE6BFDDB2C10C486DB4E3C4F3E7163237837A5CD6AEE1FAFF03BAD076DF287F7E81E17ED38752999D1AA6249ECC1613', + $this->request->getHash() + ); } public function testSend() diff --git a/tests/Message/DPMPurchaseRequestTest.php b/tests/Message/DPMPurchaseRequestTest.php index cceaf94f..07c6f458 100644 --- a/tests/Message/DPMPurchaseRequestTest.php +++ b/tests/Message/DPMPurchaseRequestTest.php @@ -70,7 +70,7 @@ public function testGetHash() $expected = hash_hmac('md5', 'user^a^b^c^', 'key'); - $this->assertSame($expected, $this->request->getHash($data)); + $this->assertSame($expected, $this->request->createHash($data)); } public function testSend() diff --git a/tests/Message/SIMAuthorizeRequestTest.php b/tests/Message/SIMAuthorizeRequestTest.php index 497f9ecd..7cc56474 100644 --- a/tests/Message/SIMAuthorizeRequestTest.php +++ b/tests/Message/SIMAuthorizeRequestTest.php @@ -52,7 +52,7 @@ public function testGetHash() $expected = hash_hmac('md5', 'user^a^b^c^', 'key'); - $this->assertSame($expected, $this->request->getHash($data)); + $this->assertSame($expected, $this->request->createHash($data)); } public function testSend() diff --git a/tests/Message/SIMCompleteAuthorizeRequestTest.php b/tests/Message/SIMCompleteAuthorizeRequestTest.php deleted file mode 100644 index 840e7424..00000000 --- a/tests/Message/SIMCompleteAuthorizeRequestTest.php +++ /dev/null @@ -1,66 +0,0 @@ -request = new SIMCompleteAuthorizeRequest($this->getHttpClient(), $this->getHttpRequest()); - } - - /** - * @expectedException \Omnipay\Common\Exception\InvalidRequestException - * @expectedExceptionMessage Incorrect hash - */ - public function testGetDataInvalid() - { - $this->getHttpRequest()->request->replace(array('x_MD5_Hash' => 'invalid')); - $this->request->getData(); - } - - public function testGetHash() - { - $this->assertSame(md5(''), $this->request->getHash('', '')); - - $this->request->setHashSecret('hashsec'); - $this->request->setApiLoginId('apilogin'); - - $this->assertSame(md5('hashsec' . 'apilogin' . 'trnref ' . '10.00'), $this->request->getHash('trnref ', '10.00')); - } - - public function testSend() - { - $posted_trans_id = '12345'; // transactionReference in POST. - $posted_amount = '10.00'; // amount authothorised in POST. - - $this->getHttpRequest()->request->replace( - array( - 'x_response_code' => '1', - 'x_trans_id' => $posted_trans_id, - 'x_amount' => $posted_amount, - 'x_MD5_Hash' => md5('shhh' . 'user' . $posted_trans_id . $posted_amount), - 'omnipay_transaction_id' => '99', - ) - ); - $this->request->setApiLoginId('user'); - $this->request->setHashSecret('shhh'); - $this->request->setAmount('10.00'); - $this->request->setReturnUrl('http://example.com/'); - - // Issue #22 Transaction ID in request is picked up from custom field. - $this->assertSame('99', $this->request->getTransactionId()); - - $response = $this->request->send(); - - $this->assertTrue($response->isSuccessful()); - $this->assertSame($posted_trans_id, $response->getTransactionReference()); - $this->assertSame(true, $response->isRedirect()); - // CHECKME: does it matter what letter case the method is? - $this->assertSame('GET', $response->getRedirectMethod()); - $this->assertSame('http://example.com/', $response->getRedirectUrl()); - $this->assertNull($response->getMessage()); - } -} diff --git a/tests/Message/SIMCompleteRequestTest.php b/tests/Message/SIMCompleteRequestTest.php new file mode 100644 index 00000000..594a710c --- /dev/null +++ b/tests/Message/SIMCompleteRequestTest.php @@ -0,0 +1,124 @@ +request = new SIMCompleteRequest( + $this->getHttpClient(), + $this->getHttpRequest() + ); + } + + /** + * @expectedException \Omnipay\Common\Exception\InvalidRequestException + * @expectedExceptionMessage Incorrect hash + */ + public function testGetDataInvalid() + { + $this->getHttpRequest()->request->replace(array('x_MD5_Hash' => 'invalid')); + $this->request->getData(); + } + + public function testGetMd5Hash() + { + $this->assertSame(md5(''), $this->request->getHash()); + + $this->request->setHashSecret('hashsec'); + $this->request->setApiLoginId('apilogin'); + + $this->getHttpRequest()->request->replace( + array( + 'x_trans_id' => 'trnref', + 'x_amount' => '10.00', + ) + ); + + $this->assertSame( + md5('hashsec' . 'apilogin' . 'trnref' . '10.00'), + $this->request->getHash() + ); + } + + public function testGetSha512Hash() + { + $this->request->setSignatureKey('48D2C629E4AE7CA3C4E6CD7223DA'); + + $this->getHttpRequest()->request->replace( + array( + 'x_trans_id' => 'trn123456', + 'x_test_request' => 'xxx', + 'x_response_code' => 'xxx', + 'x_auth_code' => 'xxx', + 'x_cvv2_resp_code' => 'xxx', + 'x_cavv_response' => 'xxx', + 'x_avs_code' => 'xxx', + 'x_method' => 'xxx', + 'x_account_number' => 'xxx', + 'x_amount' => '10.99', + 'x_company' => 'xxx', + 'x_first_name' => 'xxx', + 'x_last_name' => 'xxx', + 'x_address' => 'xxx', + 'x_city' => 'xxx', + 'x_state' => 'xxx', + 'x_zip' => 'xxx', + 'x_country' => 'xxx', + 'x_phone' => 'xxx', + 'x_fax' => 'xxx', + 'x_email' => 'xxx', + 'x_ship_to_company' => 'xxx', + 'x_ship_to_first_name' => 'xxx', + 'x_ship_to_last_name' => 'xxx', + 'x_ship_to_address' => 'xxx', + 'x_ship_to_city' => 'xxx', + 'x_ship_to_state' => 'xxx', + 'x_ship_to_zip' => 'xxx', + 'x_ship_to_country' => 'xxx', + 'x_invoice_num' => 'xxx', + ) + ); + + $this->assertSame( + 'F9A0DE7A9AC83E0B8043CD7CBD804ED41FE6BFDDB2C10C486DB4E3C4F3E7163237837A5CD6AEE1FAFF03BAD076DF287F7E81E17ED38752999D1AA6249ECC1613', + $this->request->getHash() + ); + } + + public function testSend() + { + $posted_trans_id = '12345'; // transactionReference in POST. + $posted_amount = '10.00'; // amount authothorised in POST. + + $this->getHttpRequest()->request->replace( + array( + 'x_response_code' => '1', + 'x_trans_id' => $posted_trans_id, + 'x_amount' => $posted_amount, + 'x_MD5_Hash' => md5('shhh' . 'user' . $posted_trans_id . $posted_amount), + 'omnipay_transaction_id' => '99', + ) + ); + $this->request->setApiLoginId('user'); + $this->request->setHashSecret('shhh'); + $this->request->setAmount('10.00'); + $this->request->setReturnUrl('http://example.com/'); + + // Issue #22 Transaction ID in request is picked up from custom field. + $this->assertSame('99', $this->request->getTransactionId()); + + $response = $this->request->send(); + + $this->assertTrue($response->isSuccessful()); + $this->assertSame($posted_trans_id, $response->getTransactionReference()); + $this->assertSame(true, $response->isRedirect()); + // CHECKME: does it matter what letter case the method is? + $this->assertSame('GET', $response->getRedirectMethod()); + $this->assertSame('http://example.com/', $response->getRedirectUrl()); + $this->assertNull($response->getMessage()); + } +} diff --git a/tests/Message/SIMCompleteAuthorizeResponseTest.php b/tests/Message/SIMCompleteResponseTest.php similarity index 58% rename from tests/Message/SIMCompleteAuthorizeResponseTest.php rename to tests/Message/SIMCompleteResponseTest.php index 35732ec5..152047a0 100644 --- a/tests/Message/SIMCompleteAuthorizeResponseTest.php +++ b/tests/Message/SIMCompleteResponseTest.php @@ -4,11 +4,14 @@ use Omnipay\Tests\TestCase; -class SIMCompleteAuthorizeResponseTest extends TestCase +class SIMCompleteResponseTest extends TestCase { public function testSuccess() { - $response = new SIMCompleteAuthorizeResponse($this->getMockRequest(), array('x_response_code' => '1', 'x_trans_id' => '12345')); + $response = new SIMCompleteResponse( + $this->getMockRequest(), + array('x_response_code' => '1', 'x_trans_id' => '12345') + ); $this->assertTrue($response->isSuccessful()); $this->assertSame('12345', $response->getTransactionReference()); @@ -17,7 +20,10 @@ public function testSuccess() public function testFailure() { - $response = new SIMCompleteAuthorizeResponse($this->getMockRequest(), array('x_response_code' => '0', 'x_response_reason_text' => 'Declined')); + $response = new SIMCompleteResponse( + $this->getMockRequest(), + array('x_response_code' => '0', 'x_response_reason_text' => 'Declined') + ); $this->assertFalse($response->isSuccessful()); $this->assertNull($response->getTransactionReference());