Merge pull request #13474 from JMAConsulting/dev-financial-39

financial#39: Drop checkMD5 support from Authorize.net

Merge pull request #13474 from JMAConsulting/dev-financial-39
financial#39: Drop checkMD5 support from Authorize.net
9ab4cac7 · eileen · GitHub · 43076c76 · 5ad2ea4e · 9ab4cac7
Unverified Commit 9ab4cac7 authored Jan 17, 2019 by eileen 🎱 Committed by GitHub Jan 17, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 62 deletions

CRM/Core/Payment/AuthorizeNet.php CRM/Core/Payment/AuthorizeNet.php +0 -39

CRM/Core/Payment/AuthorizeNetIPN.php CRM/Core/Payment/AuthorizeNetIPN.php +0 -23

No files found.
--- a/CRM/Core/Payment/AuthorizeNet.php
+++ b/CRM/Core/Payment/AuthorizeNet.php
@@ -171,12 +171,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
    // fetch available contribution statuses
    $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');

-    // check gateway MD5 response
-    if (!$this->checkMD5($response_fields[37], $response_fields[6], $response_fields[9])) {
-      $params['payment_status_id'] = array_search('Failed', $contributionStatus);
-      return self::error(9003, 'MD5 Verification failed');
-    }
-
    // check for application errors
    // TODO:
    // AVS, CVV2, CAVV, and other verification results
@@ -437,39 +431,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
    }
  }

-  /**
-   * Check the gateway MD5 response to make sure that this is a proper
-   * gateway response
-   *
-   * @param string $responseMD5
-   *   MD5 hash generated by the gateway.
-   * @param string $transaction_id
-   *   Transaction id generated by the gateway.
-   * @param string $amount
-   *   Purchase amount.
-   *
-   * @param bool $ipn
-   *
-   * @return bool
-   */
-  public function checkMD5($responseMD5, $transaction_id, $amount, $ipn = FALSE) {
-    // cannot check if no MD5 hash
-    $md5Hash = $this->_getParam('md5Hash');
-    if (empty($md5Hash)) {
-      return TRUE;
-    }
-    $loginid = $this->_getParam('apiLogin');
-    $hashString = $ipn ? ($md5Hash . $transaction_id . $amount) : ($md5Hash . $loginid . $transaction_id . $amount);
-    $result = strtoupper(md5($hashString));
-
-    if ($result == $responseMD5) {
-      return TRUE;
-    }
-    else {
-      return FALSE;
-    }
-  }
-
  /**
   * Calculate and return the transaction fingerprint.
   *

--- a/CRM/Core/Payment/AuthorizeNetIPN.php
+++ b/CRM/Core/Payment/AuthorizeNetIPN.php
@@ -164,8 +164,6 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
    $objects['contribution']->total_amount = $input['amount'];
    $objects['contribution']->trxn_id = $input['trxn_id'];

-    $this->checkMD5($paymentProcessorObject, $input);
-
    $isFirstOrLastRecurringPayment = FALSE;
    if ($input['response_code'] == 1) {
      // Approved
@@ -359,25 +357,4 @@ INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contr
    return $value;
  }

-  /**
-   * Check and validate gateway MD5 response if present.
-   *
-   * @param CRM_Core_Payment_AuthorizeNet $paymentObject
-   * @param array $input
-   *
-   * @throws CRM_Core_Exception
-   */
-  public function checkMD5($paymentObject, $input) {
-    if (empty($input['trxn_id'])) {
-      // For decline we have nothing to check against.
-      return;
-    }
-    if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
-      $message = "Failure: Security verification failed";
-      $log = new CRM_Utils_SystemLogger();
-      $log->error('payment_notification', array('message' => $message, 'input' => $input));
-      throw new CRM_Core_Exception($message);
-    }
-  }
-
 }