Merge pull request #103 from pagantis/order_fix

increase security
pagantis · Oct 8, 2020 · 196b929 · 196b929
2 parents 59ab2a3 + 7b70427
commit 196b929
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 36 deletions.
diff --git a/config.xml b/config.xml
@@ -2,7 +2,7 @@
 <module>
 	<name>pagantis</name>
 	<displayName><![CDATA[Pagantis]]></displayName>
-	<version><![CDATA[8.6.11]]></version>
+	<version><![CDATA[8.6.12]]></version>
 	<description><![CDATA[Instant, easy and effective financial tool for your customers]]></description>
 	<author><![CDATA[Pagantis]]></author>
 	<tab><![CDATA[payments_gateways]]></tab>

diff --git a/controllers/front/notify.php b/controllers/front/notify.php
@@ -11,6 +11,7 @@
 
 use Pagantis\OrdersApiClient\Client as PagantisClient;
 use Pagantis\OrdersApiClient\Model\Order as PagantisModelOrder;
+use Pagantis\ModuleUtils\Exception\AmountMismatchException;
 use Pagantis\ModuleUtils\Exception\ConcurrencyException;
 use Pagantis\ModuleUtils\Exception\MerchantOrderNotFoundException;
 use Pagantis\ModuleUtils\Exception\NoIdentificationException;
@@ -387,42 +388,31 @@ public function validateAmount()
         $merchantAmount = (string) (100 * $this->merchantCart->getOrderTotal(true));
         $merchantAmount = explode('.', explode(',', $merchantAmount)[0])[0];
         if ($totalAmount != $merchantAmount) {
-            try {
-                $psTotalAmount = substr_replace(
-                    $merchantAmount,
-                    '.',
-                    (Tools::strlen($merchantAmount) -2),
-                    0
-                );
+            $psTotalAmount = substr_replace(
+                $merchantAmount,
+                '.',
+                (Tools::strlen($merchantAmount) -2),
+                0
+            );
 
-                $pgTotalAmountInCents = (string) $this->pagantisOrder->getShoppingCart()->getTotalAmount();
-                $pgTotalAmount = substr_replace(
-                    $pgTotalAmountInCents,
-                    '.',
-                    (Tools::strlen($pgTotalAmountInCents) -2),
-                    0
-                );
+            $pgTotalAmountInCents = (string) $this->pagantisOrder->getShoppingCart()->getTotalAmount();
+            $pgTotalAmount = substr_replace(
+                $pgTotalAmountInCents,
+                '.',
+                (Tools::strlen($pgTotalAmountInCents) -2),
+                0
+            );
 
-                $this->amountMismatchError = '. Amount mismatch in PrestaShop Cart #'. $this->merchantCartId .
-                    ' compared with Pagantis Order: ' . $this->pagantisOrderId .
-                    '. The Cart in PrestaShop has an amount of ' . $psTotalAmount . ' and in Pagantis ' .
-                    $pgTotalAmount . ' PLEASE REVIEW THE ORDER';
+            $this->amountMismatchError = '. Amount mismatch in PrestaShop Cart #'. $this->merchantCartId .
+                ' compared with Pagantis Order: ' . $this->pagantisOrderId .
+                '. The Cart in PrestaShop has an amount of ' . $psTotalAmount . ' and in Pagantis ' .
+                $pgTotalAmount . ' PLEASE REVIEW THE ORDER';
 
-                $this->saveLog(array(
-                    'requestId' => $this->requestId,
-                    'message' => $this->amountMismatchError
-                ));
-            } catch (\Exception $exception) {
-                $exceptionMessage = sprintf(
-                    "validateAmount exception[origin=%s][cartId=%s][merchantOrderId=%s][pagantisOrderId=%s][%s]",
-                    $this->getOrigin(),
-                    $this->merchantCartId,
-                    $this->merchantOrderId,
-                    $this->pagantisOrderId,
-                    $exception->getMessage()
-                );
-                $this->saveLog(array('requestId' => $this->requestId, 'message' => $exceptionMessage));
-            }
+            $this->saveLog(array(
+                'requestId' => $this->requestId,
+                'message' => $this->amountMismatchError
+            ));
+            throw new AmountMismatchException($totalAmount, $merchantAmount);
         }
     }
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pagantis",
-  "version": "8.6.11",
+  "version": "8.6.12",
   "description": "Pagantis integration in prestashop",
   "main": "Gruntfile.js",
   "dependencies": {},

diff --git a/pagantis.php b/pagantis.php
@@ -114,7 +114,7 @@ public function __construct()
     {
         $this->name = 'pagantis';
         $this->tab = 'payments_gateways';
-        $this->version = '8.6.11';
+        $this->version = '8.6.12';
         $this->author = 'Pagantis';
         $this->currencies = true;
         $this->currencies_mode = 'checkbox';