Commit 42f75d7d authored by Vincent Mrose's avatar Vincent Mrose 💬
Browse files

Fixed an exploit that could result in different amounts


Signed-off-by: Vincent Mrose's avatarVincent Mrose <v.mrose@crefopay.de>
parent 3bb86a2f
......@@ -132,7 +132,7 @@ class CreateTransactionRequestFactory extends AbstractRequestFactory
$createTransactionRequest->setBillingAddress($this->addressBuilder->build($billingAddress));
$createTransactionRequest->setShippingAddress($this->addressBuilder->build($shippingAddress));
$createTransactionRequest->setAmount($this->amountBuilder->build($quote));
$createTransactionRequest->setAmount($this->amountBuilder->buildFromQuote($quote));
$this->basketBuilder->build($quote, $createTransactionRequest);
......
......@@ -4,10 +4,31 @@ namespace Trilix\CrefoPay\Client\Request;
use Magento\Payment\Gateway\Data\PaymentDataObjectInterface;
use Upg\Library\Request\Reserve as ReserveRequest;
use Trilix\CrefoPay\Client\ConfigFactory;
use Trilix\CrefoPay\Gateway\Request\AmountBuilder;
use Trilix\CrefoPay\Client\Request\Structure\AdditionalInfo as AdditionalInfoStructure;
class ReserveRequestFactory extends AbstractRequestFactory
{
/** @var AmountBuilder */
private $amountBuilder;
/**
* ReserveRequestFactory constructor.
* @param ConfigFactory $configFactory
* @param AmountBuilder $amountBuilder
*/
public function __construct(
ConfigFactory $configFactory,
AmountBuilder $amountBuilder
) {
parent::__construct($configFactory);
$this->amountBuilder = $amountBuilder;
}
public function create(string $paymentMethod, PaymentDataObjectInterface $paymentDO): ReserveRequest
{
$reserveRequest = new ReserveRequest($this->getConfig());
......@@ -26,6 +47,8 @@ class ReserveRequestFactory extends AbstractRequestFactory
$reserveRequest->setAdditionalInformation((string)$additionalInfoStruc);
}
$reserveRequest->setAmount($this->amountBuilder->buildFromOrder($paymentDO->getOrder()));
$this->setMac($reserveRequest);
return $reserveRequest;
......
......@@ -3,6 +3,7 @@
namespace Trilix\CrefoPay\Gateway\Request;
use Magento\Quote\Model\Quote;
use Magento\Payment\Gateway\Data\OrderAdapterInterface;
use Upg\Library\Request\Objects\Amount;
class AmountBuilder
......@@ -11,11 +12,23 @@ class AmountBuilder
* @param Quote $quote
* @return Amount
*/
public function build(Quote $quote): Amount
public function buildFromQuote(Quote $quote): Amount
{
$amount = new Amount();
$amount->setAmount(ceil($quote->getGrandTotal() * 100));
return $amount;
}
/**
* @param OrderAdapterInterface $order
* @return Amount
*/
public function buildFromOrder(OrderAdapterInterface $order): Amount
{
$amount = new Amount();
$amount->setAmount(ceil($order->getGrandTotalAmount() * 100));
return $amount;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment