Commit 5ad2ea4e authored by Monish Deb's avatar Monish Deb

financial#39: Drop checkMD5 support from Authorize.net

parent 1ce4df21
......@@ -171,12 +171,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
// fetch available contribution statuses
$contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');
// check gateway MD5 response
if (!$this->checkMD5($response_fields[37], $response_fields[6], $response_fields[9])) {
$params['payment_status_id'] = array_search('Failed', $contributionStatus);
return self::error(9003, 'MD5 Verification failed');
}
// check for application errors
// TODO:
// AVS, CVV2, CAVV, and other verification results
......@@ -437,39 +431,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
}
}
/**
* Check the gateway MD5 response to make sure that this is a proper
* gateway response
*
* @param string $responseMD5
* MD5 hash generated by the gateway.
* @param string $transaction_id
* Transaction id generated by the gateway.
* @param string $amount
* Purchase amount.
*
* @param bool $ipn
*
* @return bool
*/
public function checkMD5($responseMD5, $transaction_id, $amount, $ipn = FALSE) {
// cannot check if no MD5 hash
$md5Hash = $this->_getParam('md5Hash');
if (empty($md5Hash)) {
return TRUE;
}
$loginid = $this->_getParam('apiLogin');
$hashString = $ipn ? ($md5Hash . $transaction_id . $amount) : ($md5Hash . $loginid . $transaction_id . $amount);
$result = strtoupper(md5($hashString));
if ($result == $responseMD5) {
return TRUE;
}
else {
return FALSE;
}
}
/**
* Calculate and return the transaction fingerprint.
*
......
......@@ -164,8 +164,6 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
$objects['contribution']->total_amount = $input['amount'];
$objects['contribution']->trxn_id = $input['trxn_id'];
$this->checkMD5($paymentProcessorObject, $input);
$isFirstOrLastRecurringPayment = FALSE;
if ($input['response_code'] == 1) {
// Approved
......@@ -359,25 +357,4 @@ INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contr
return $value;
}
/**
* Check and validate gateway MD5 response if present.
*
* @param CRM_Core_Payment_AuthorizeNet $paymentObject
* @param array $input
*
* @throws CRM_Core_Exception
*/
public function checkMD5($paymentObject, $input) {
if (empty($input['trxn_id'])) {
// For decline we have nothing to check against.
return;
}
if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
$message = "Failure: Security verification failed";
$log = new CRM_Utils_SystemLogger();
$log->error('payment_notification', array('message' => $message, 'input' => $input));
throw new CRM_Core_Exception($message);
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment