Merge pull request #5 from wirecard/improveSecurity

#4 Add consumerMerchantCrmId
qenta-cee · Dec 1, 2016 · 75cd82c · 75cd82c
2 parents ef69748 + 1436aec
commit 75cd82c
Show file tree

Hide file tree

Showing 97 changed files with 6,699 additions and 3,238 deletions.
diff --git a/modules/wirecard/checkoutseamless/metadata.php b/modules/wirecard/checkoutseamless/metadata.php
@@ -46,7 +46,7 @@
         'en' => 'Module for payment using Wirecard Checkout Seamless.<br /><br /><div id="helpPanel"><div class="bd"><strong>Support and sales information</strong><br /><a href="https://guides.wirecard.at/support" target="_blank">support</a><br /><a href="https://guides.wirecard.at/sales" target="_blank">sales</a></div></div>',
     ),
     'thumbnail'   => 'picture.jpg',
-    'version'     => '2.1.5',
+    'version'     => '2.2.0',
     'author'      => 'Wirecard CEE',
     'url'         => 'http://www.wirecard.at',
     'email'       => '[email protected]',

diff --git a/modules/wirecard/checkoutseamless/models/wirecardcheckoutseamlessfrontend.php b/modules/wirecard/checkoutseamless/models/wirecardcheckoutseamlessfrontend.php
@@ -62,17 +62,17 @@ public function __construct()
 
         $this->_client->setPluginVersion($pluginVersion);
 
+        $oOrder = $this->_getOrder();
+
         $sHomeUrl = oxRegistry::getSession()->processUrl($config->getOxConfig()->getShopSecureHomeUrl());
 
-//        $sStoken = oxRegistry::getSession()->getSessionChallengeToken();
         $sRtoken = oxRegistry::getSession()->getRemoteAccessToken(true);
 
         /** @var oxUtilsUrl $util */
         $util = oxRegistry::get("oxUtilsUrl");
 
         $this->_client->setConfirmUrl($util->cleanUrlParams($sHomeUrl . 'cl=order&fnc=wirecardConfirm&stoken=' . '&' . oxRegistry::getSession()->sid(true) . '&rtoken=' . $sRtoken,
             '&'));
-        //$this->_client->setConfirmUrl($util->cleanUrlParams($sHomeUrl . 'cl=order&fnc=wirecardConfirm', '&'));
         $this->_client->setSuccessUrl($util->cleanUrlParams($sHomeUrl . 'cl=order&fnc=wirecardSuccess', '&'));
         $this->_client->setPendingUrl($util->cleanUrlParams($sHomeUrl . 'cl=order&fnc=wirecardPending', '&'));
         $this->_client->setCancelUrl($util->cleanUrlParams($sHomeUrl . 'cl=order&fnc=wirecardCancel', '&'));
@@ -85,6 +85,7 @@ public function __construct()
         $this->_client->setDuplicateRequestCheck($config->getDuplicateRequestCheck());
         $this->_client->setAutoDeposit($config->getAutoDeposit());
         $this->_client->setConfirmMail($config->getConfirmMail());
+        $this->_client->createConsumerMerchantCrmId($oOrder->getFieldData('oxbillemail'));
     }
 
     public function initiate()

diff --git a/modules/wirecard/checkoutseamless/vendor/WirecardCEE/QMore/BackendClient.php b/modules/wirecard/checkoutseamless/vendor/WirecardCEE/QMore/BackendClient.php
@@ -1,19 +1,39 @@
 <?php
-/*
-* Die vorliegende Software ist Eigentum von Wirecard CEE und daher vertraulich
-* zu behandeln. Jegliche Weitergabe an dritte, in welcher Form auch immer, ist
-* unzulaessig.
-*
-* Software & Service Copyright (C) by
-* Wirecard Central Eastern Europe GmbH,
-* FB-Nr: FN 195599 x, http://www.wirecard.at
-*/
+/**
+ * Shop System Plugins - Terms of Use
+ *
+ * The plugins offered are provided free of charge by Wirecard Central Eastern Europe GmbH
+ * (abbreviated to Wirecard CEE) and are explicitly not part of the Wirecard CEE range of
+ * products and services.
+ *
+ * They have been tested and approved for full functionality in the standard configuration
+ * (status on delivery) of the corresponding shop system. They are under General Public
+ * License Version 2 (GPLv2) and can be used, developed and passed on to third parties under
+ * the same terms.
+ *
+ * However, Wirecard CEE does not provide any guarantee or accept any liability for any errors
+ * occurring when used in an enhanced, customized shop system configuration.
+ *
+ * Operation in an enhanced, customized configuration is at your own risk and requires a
+ * comprehensive test phase by the user of the plugin.
+ *
+ * Customers use the plugins at their own risk. Wirecard CEE does not guarantee their full
+ * functionality neither does Wirecard CEE assume liability for any disadvantages related to
+ * the use of the plugins. Additionally, Wirecard CEE does not guarantee the full functionality
+ * for customized shop systems or installed plugins of other vendors of plugins within the same
+ * shop system.
+ *
+ * Customers are responsible for testing the plugin's functionality before starting productive
+ * operation.
+ *
+ * By installing the plugin into the shop system the customer agrees to these terms of use.
+ * Please do not use the plugin if you do not agree to these terms of use!
+ */
 
 /**
  * @name WirecardCEE_QMore_BackendClient
  * @category WirecardCEE
  * @package WirecardCEE_QMore
- * @version 3.2.0
  */
 class WirecardCEE_QMore_BackendClient extends WirecardCEE_Stdlib_Client_ClientAbstract
 {
@@ -229,20 +249,18 @@ class WirecardCEE_QMore_BackendClient extends WirecardCEE_Stdlib_Client_ClientAb
     /**
      * Creates an instance of an WirecardCEE_QMore_BackendClient object.
      *
-     * @param array|WirecardCEE_Stdlib_Config $aConfig
+     * @param array|WirecardCEE_Stdlib_Config $config
      */
-    public function __construct(array $config = null)
+    public function __construct($config = null)
     {
         $this->_fingerprintOrder = new WirecardCEE_Stdlib_FingerprintOrder();
 
         //if no config was sent fallback to default config file
-        if (is_null($config))
-        {
+        if (is_null($config)) {
             $config = WirecardCEE_QMore_Module::getConfig();
         }
 
-        if (is_array($config) && isset($aConfig['WirecardCEEQMoreConfig']))
-        {
+        if (is_array($config) && isset( $config['WirecardCEEQMoreConfig'] )) {
             // we only need the WirecardCEEQMoreConfig here
             $config = $config['WirecardCEEQMoreConfig'];
         }
@@ -253,31 +271,31 @@ public function __construct(array $config = null)
 
         // now let's check if the CUSTOMER_ID, SHOP_ID, LANGUAGE and SECRET
         // exist in $this->oUserConfig object that we created from config array
-        $sCustomerId = isset($this->oUserConfig->CUSTOMER_ID) ? trim($this->oUserConfig->CUSTOMER_ID) : null;
-        $sShopId = isset($this->oUserConfig->SHOP_ID) ? trim($this->oUserConfig->SHOP_ID) : null;
-        $sLanguage = isset($this->oUserConfig->LANGUAGE) ? trim($this->oUserConfig->LANGUAGE) : null;
-        $sSecret = isset($this->oUserConfig->SECRET) ? trim($this->oUserConfig->SECRET) : null;
-        $sPassword = isset($this->oUserConfig->PASSWORD) ? trim($this->oUserConfig->PASSWORD) : null;
+        $sCustomerId = isset( $this->oUserConfig->CUSTOMER_ID ) ? trim($this->oUserConfig->CUSTOMER_ID) : null;
+        $sShopId     = isset( $this->oUserConfig->SHOP_ID ) ? trim($this->oUserConfig->SHOP_ID) : null;
+        $sLanguage   = isset( $this->oUserConfig->LANGUAGE ) ? trim($this->oUserConfig->LANGUAGE) : null;
+        $sSecret     = isset( $this->oUserConfig->SECRET ) ? trim($this->oUserConfig->SECRET) : null;
+        $sPassword   = isset( $this->oUserConfig->PASSWORD ) ? trim($this->oUserConfig->PASSWORD) : null;
 
         // If not throw the InvalidArgumentException exception!
-        if (empty($sCustomerId) || is_null($sCustomerId))
-        {
-            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('CUSTOMER_ID passed to %s is invalid.', __METHOD__));
+        if (empty( $sCustomerId ) || is_null($sCustomerId)) {
+            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('CUSTOMER_ID passed to %s is invalid.',
+                __METHOD__));
         }
 
-        if (empty($sLanguage) || is_null($sLanguage))
-        {
-            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('LANGUAGE passed to %s is invalid.', __METHOD__));
+        if (empty( $sLanguage ) || is_null($sLanguage)) {
+            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('LANGUAGE passed to %s is invalid.',
+                __METHOD__));
         }
 
-        if (empty($sSecret) || is_null($sSecret))
-        {
-            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('SECRET passed to %s is invalid.', __METHOD__));
+        if (empty( $sSecret ) || is_null($sSecret)) {
+            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('SECRET passed to %s is invalid.',
+                __METHOD__));
         }
 
-        if (empty($sPassword) || is_null($sPassword))
-        {
-            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('PASSWORD passed to %s is invalid.', __METHOD__));
+        if (empty( $sPassword ) || is_null($sPassword)) {
+            throw new WirecardCEE_QMore_Exception_InvalidArgumentException(sprintf('PASSWORD passed to %s is invalid.',
+                __METHOD__));
         }
 
         // everything ok! let's set the fields
@@ -303,14 +321,12 @@ public function getFinancialInstitutions($paymentType, $bankCountry = null, $tra
             self::PAYMENTTYPE,
         );
 
-        if (strlen($transactionType))
-        {
+        if (strlen($transactionType)) {
             $this->_setField(self::TRANSACTIONTYPE, $transactionType);
             $order[] = self::TRANSACTIONTYPE;
         }
 
-        if (strlen($bankCountry))
-        {
+        if (strlen($bankCountry)) {
             $this->_setField(self::BANKCOUNTRY, $bankCountry);
             $order[] = self::BANKCOUNTRY;
         }
@@ -326,13 +342,14 @@ public function getFinancialInstitutions($paymentType, $bankCountry = null, $tra
      * @throws WirecardCEE_Stdlib_Client_Exception_InvalidResponseException
      * @return WirecardCEE_QMore_Response_Backend_Refund
      */
-    public function refund($iOrderNumber, $iAmount, $sCurrency)
+    public function refund($iOrderNumber, $iAmount, $sCurrency, $basket=null)
     {
         $this->_requestData[self::COMMAND] = self::$COMMAND_REFUND;
 
         $this->_setField(self::ORDER_NUMBER, $iOrderNumber);
         $this->_setField(self::AMOUNT, $iAmount);
         $this->_setField(self::CURRENCY, strtoupper($sCurrency));
+        $this->_setBasket($basket);
 
         $this->_fingerprintOrder->setOrder(Array(
             self::CUSTOMER_ID,
@@ -344,6 +361,7 @@ public function refund($iOrderNumber, $iAmount, $sCurrency)
             self::AMOUNT,
             self::CURRENCY
         ));
+        $this->_appendBasketFingerprintOrder($basket);
 
         return new WirecardCEE_QMore_Response_Backend_Refund($this->_send());
     }
@@ -380,21 +398,25 @@ public function refundReversal($iOrderNumber, $iCreditNumber)
      * @throws WirecardCEE_Stdlib_Client_Exception_InvalidResponseException
      * @return WirecardCEE_QMore_Response_Backend_RecurPayment
      */
-    public function recurPayment($iSourceOrderNumber, $iAmount, $sCurrency, $sOrderDescription, $iOrderNumber = null, $bDepositFlag = null)
-    {
+    public function recurPayment(
+        $iSourceOrderNumber,
+        $iAmount,
+        $sCurrency,
+        $sOrderDescription,
+        $iOrderNumber = null,
+        $bDepositFlag = null
+    ) {
         $this->_requestData[self::COMMAND] = self::$COMMAND_RECUR_PAYMENT;
 
-        if (!is_null($iOrderNumber))
-        {
+        if (!is_null($iOrderNumber)) {
             $this->_setField(self::ORDER_NUMBER, $iOrderNumber);
         }
 
         $this->_setField(self::SOURCE_ORDER_NUMBER, $iSourceOrderNumber);
         $this->_setField(self::AMOUNT, $iAmount);
         $this->_setField(self::CURRENCY, strtoupper($sCurrency));
 
-        if (!is_null($bDepositFlag))
-        {
+        if (!is_null($bDepositFlag)) {
             $this->_setField(self::AUTO_DEPOSIT, $bDepositFlag ? self::$BOOL_TRUE : self::$BOOL_FALSE);
         }
 
@@ -461,6 +483,7 @@ public function approveReversal($iOrderNumber)
             self::LANGUAGE,
             self::ORDER_NUMBER
         ));
+
         return new WirecardCEE_QMore_Response_Backend_ApproveReversal($this->_send());
     }
 
@@ -470,13 +493,14 @@ public function approveReversal($iOrderNumber)
      * @throws WirecardCEE_Stdlib_Client_Exception_InvalidResponseException
      * @return WirecardCEE_QMore_Response_Backend_Deposit
      */
-    public function deposit($iOrderNumber, $iAmount, $sCurrency)
+    public function deposit($iOrderNumber, $iAmount, $sCurrency, $basket=null)
     {
         $this->_requestData[self::COMMAND] = self::$COMMAND_DEPOSIT;
 
         $this->_setField(self::ORDER_NUMBER, $iOrderNumber);
         $this->_setField(self::AMOUNT, $iAmount);
         $this->_setField(self::CURRENCY, strtoupper($sCurrency));
+        $this->_setBasket($basket);
 
         $this->_fingerprintOrder->setOrder(Array(
             self::CUSTOMER_ID,
@@ -488,6 +512,8 @@ public function deposit($iOrderNumber, $iAmount, $sCurrency)
             self::AMOUNT,
             self::CURRENCY
         ));
+        $this->_appendBasketFingerprintOrder($basket);
+
         return new WirecardCEE_QMore_Response_Backend_Deposit($this->_send());
     }
 
@@ -513,6 +539,7 @@ public function depositReversal($iOrderNumber, $iPaymentNumber)
             self::ORDER_NUMBER,
             self::PAYMENT_NUMBER
         ));
+
         return new WirecardCEE_QMore_Response_Backend_DepositReversal($this->_send());
     }
 
@@ -525,8 +552,7 @@ public function depositReversal($iOrderNumber, $iPaymentNumber)
     public function transferFund($fundTransferType)
     {
 
-        switch ($fundTransferType)
-        {
+        switch ($fundTransferType) {
             case self::$TRANSFER_FUND_TYPE_EXISTING:
                 $client = new WirecardCEE_QMore_Request_Backend_TransferFund_Existing($this->oUserConfig);
                 break;
@@ -548,6 +574,7 @@ public function transferFund($fundTransferType)
         }
 
         $client->setType($fundTransferType);
+
         return $client;
     }
 

diff --git a/modules/wirecard/checkoutseamless/vendor/WirecardCEE/QMore/Config/client.config.php b/modules/wirecard/checkoutseamless/vendor/WirecardCEE/QMore/Config/client.config.php
@@ -1,23 +1,47 @@
 <?php
-/*
- * Die vorliegende Software ist Eigentum von Wirecard CEE und daher vertraulich
- * zu behandeln. Jegliche Weitergabe an dritte, in welcher Form auch immer, ist
- * unzulaessig. Software & Service Copyright (C) by Wirecard Central Eastern
- * Europe GmbH, FB-Nr: FN 195599 x, http://www.wirecard.at
+/**
+ * Shop System Plugins - Terms of Use
+ *
+ * The plugins offered are provided free of charge by Wirecard Central Eastern Europe GmbH
+ * (abbreviated to Wirecard CEE) and are explicitly not part of the Wirecard CEE range of
+ * products and services.
+ *
+ * They have been tested and approved for full functionality in the standard configuration
+ * (status on delivery) of the corresponding shop system. They are under General Public
+ * License Version 2 (GPLv2) and can be used, developed and passed on to third parties under
+ * the same terms.
+ *
+ * However, Wirecard CEE does not provide any guarantee or accept any liability for any errors
+ * occurring when used in an enhanced, customized shop system configuration.
+ *
+ * Operation in an enhanced, customized configuration is at your own risk and requires a
+ * comprehensive test phase by the user of the plugin.
+ *
+ * Customers use the plugins at their own risk. Wirecard CEE does not guarantee their full
+ * functionality neither does Wirecard CEE assume liability for any disadvantages related to
+ * the use of the plugins. Additionally, Wirecard CEE does not guarantee the full functionality
+ * for customized shop systems or installed plugins of other vendors of plugins within the same
+ * shop system.
+ *
+ * Customers are responsible for testing the plugin's functionality before starting productive
+ * operation.
+ *
+ * By installing the plugin into the shop system the customer agrees to these terms of use.
+ * Please do not use the plugin if you do not agree to these terms of use!
  */
 
 return Array(
-        'DATA_STORAGE_URL' => 'https://checkout.wirecard.com/seamless/dataStorage',
-        'FRONTEND_URL' => 'https://checkout.wirecard.com/seamless/frontend',
-        'BACKEND_URL' => 'https://checkout.wirecard.com/seamless/backend',
-        'MODULE_NAME' => 'WirecardCEE_QMore',
-        'MODULE_VERSION' => '3.1.0',
-        'DEPENDENCIES' => array(
-                'FRAMEWORK_NAME' => 'Zend Framework',
-                'FRAMEWORK_VERSION' => Array(
-                        'MINIMUM' => '1.11.10',
-                        'CURRENT' => Zend_Version::VERSION
-                ),
+    'DATA_STORAGE_URL' => 'https://checkout.wirecard.com/seamless/dataStorage',
+    'FRONTEND_URL'     => 'https://checkout.wirecard.com/seamless/frontend',
+    'BACKEND_URL'      => 'https://checkout.wirecard.com/seamless/backend',
+    'MODULE_NAME'      => 'WirecardCEE_QMore',
+    'MODULE_VERSION'   => '3.3.0',
+    'DEPENDENCIES' => Array(
+        'FRAMEWORK_NAME' => 'Zend_Framework',
+        'FRAMEWORK_VERSION' => Array(
+            'MINIMUM' => '1.11.10',
+            'CURRENT' => Zend_Version::VERSION
         ),
-        'USE_DEBUG' => FALSE
+    ),
+    'USE_DEBUG'        => false
 );