Request signature does not match the Signing Mechanism vs Request values about hosted-payment-sim HOT 8 CLOSED

If I use the calculator fileds I got
"6692dac6b5deab91b1aaa8e70e728f0c0da221029a280911e6d02cc7635da50c" which match

from hosted-payment-sim.

@julianbueno all the code the calculator uses is in this repo. The signature is generate here. I believe all values starting with x_ are used.

from hosted-payment-sim.

@andrewpaliga

when you guys send the POST to the POST url

you are missing

x_transaction_type
x_timestamp

if I want to verify in my side the signature I have a mismatch in the signature because I don't have all the fields

can you please add all the 'x_' fields in your POST

from hosted-payment-sim.

@julianbueno it does appear these fields are missing. They shouldn't be required however as all transactions will be sales. Can you generate signature similar to how it being done here: https://github.com/Shopify/offsite-gateway-sim/blob/master/app.rb#L40 ?

from hosted-payment-sim.

@andrewpaliga

From the code here http://repl.it/uRL/1 it is clear that you can't get the same signature from the fields that Shopify sent in the payload

from hosted-payment-sim.

@julianbueno can you try with the same values in our calculator? https://offsite-gateway-sim.herokuapp.com/calculator

I get 3b9b2addf4c7ac299013db07c01dfb163261b3a7e7d1c073ee82065a8909d6df with your code

from hosted-payment-sim.

@andrewpaliga

The Shopify store is sending us the exact same message that is in the code example i supplied and they are sending a x_signature="5fb18d05e24d08b1c94037dd4ce3474912f53568e5b6a7898b94a76980d02d3f"

You are correct that when we do the calculation using the code i have supplied we are getting "3b9b2addf4c7ac299013db07c01dfb163261b3a7e7d1c073ee82065a8909d6df"

So it looks like the Shop integration is taking additional fields into account in its calculation of the signature that are not being included in the POST message e.g. x_timestamp or x_transaction_type. Could this be the case?

It doesn't look like an issue with the calculation logic or the offsite gateway but with missing variables in the POST message, compared to what is used when they calculate their signature.

from hosted-payment-sim.

There were a few mistakes when transcribing the parameters from the request to the fields map in his code.

1. Numbers were not in single quotes, resulting in them getting truncated when converted to strings (32.20 becomes 32.2, 0.00 becomes 0)
2. There is a trailing whitespace at the end of his shipping address (Should be '2 / 15 Esplanade ‘ instead of '2 / 15 Esplanade’)

Once these changes are made the signature is calculated correctly.

This code works: https://gist.github.com/AnotherJoSmith/8245dbebeb99460b6a0e

Thank you @AnotherJoSmith for looking into this

from hosted-payment-sim.