Payment validation (push version)

Question

Payment validation (push version)

Closed this issue 2 years ago · 5 comments

I am missing a way to validate payments. So the client made it's purchase, is redirected to the payment page, the payment receives a status (succes, failure etc) and the user is redirected back to the store. You then call some url once or a couple of times to inform us about the payment status. I then need to be able to verify that it is really you that confirms the payment, the payment was completely done etc. I think this is quite essential.

I found this explaination, which is usefull in order to implement this by my self but this is tedious and error prone. (case sensitivity etc)
https://support.buckaroo.nl/categorieen/integratie/beveiliging

Answer 1 · 2022-08-30T11:28:34.000Z

There is a way to validate the payment please check example

https://github.com/buckaroo-it/BuckarooSDK_PHP/blob/master/example/responses/return.php

Answer 2 · 2022-09-01T11:01:24.000Z

@ShuCh3n I ran into the same problem, the handleReply function is currently not implemented. But there is a ReplyHandler class that is used in another example: https://github.com/buckaroo-it/BuckarooSDK_PHP/blob/master/example/responses/push.php

But there are some issues with that implementation:

it assumes lowercase keys for the http post (brq_*) but for the validation to work you'll need them in uppercase (as buckaroo sends them in uppercase) (*)
the reply handler only provides validation; you have no way of accessing the data on the replyHandler class
as far as I know to order of the post data is not well defined, so the validation should sort the data array by key before doing the validation, otherwise you risk not being able to validate some requests.

Note: you can workaround issue 1 by using this (ugly) workaournd:

        $buckaroo = app(BuckarooClient::class);
        $data = $request->except(['path', 'BRQ_SIGNATURE']);
        $data['brq_signature'] = $request->get('BRQ_SIGNATURE');

        $replyHandler = new ReplyHandler($buckaroo->client()->config(), $data);
        $replyHandler->validate();

Answer 3 · 2022-09-01T11:30:54.000Z

Thanks for your feedback @ederuiter !

Yes, you are right, there is a setting in the plaza where you can set the response either in upper or lower cases. I will add the support of uppercase aswel.
Which data do you want to retrieve out of this object?
I'm afraid if I change the order of the array the validation will stop working. I have to do more research on it.

Answer 4 · 2022-09-01T12:40:51.000Z

ah that explains why most of the examples are in lowercase .. I was wondering why that was the case
at the very least it would be nice to have the payment status available, but ideally all data (related to the payment) should be available (perhaps as a model)
The algorithm outlined in https://support.buckaroo.nl/categorieen/integratie/beveiliging does state you have to sort the list by key

While we are at it: it would be nice to have the handleReply implemented directly on the BuckarooClient (like the example suggested) and instead of taking multiple parameters for data + auth header + url + method, it would be nice if it could take a PSR-7 compatible http request.

Answer 5 · 2022-09-15T07:19:20.000Z

Everything is fixed/included in the next update.