Comments (8)
If I use the calculator fileds I got
"6692dac6b5deab91b1aaa8e70e728f0c0da221029a280911e6d02cc7635da50c" which match
from hosted-payment-sim.
@julianbueno all the code the calculator uses is in this repo. The signature is generate here. I believe all values starting with x_
are used.
from hosted-payment-sim.
when you guys send the POST to the POST url
you are missing
x_transaction_type
x_timestamp
if I want to verify in my side the signature I have a mismatch in the signature because I don't have all the fields
can you please add all the 'x_' fields in your POST
from hosted-payment-sim.
@julianbueno it does appear these fields are missing. They shouldn't be required however as all transactions will be sales. Can you generate signature similar to how it being done here: https://github.com/Shopify/offsite-gateway-sim/blob/master/app.rb#L40 ?
from hosted-payment-sim.
From the code here http://repl.it/uRL/1 it is clear that you can't get the same signature from the fields that Shopify sent in the payload
from hosted-payment-sim.
@julianbueno can you try with the same values in our calculator? https://offsite-gateway-sim.herokuapp.com/calculator
I get 3b9b2addf4c7ac299013db07c01dfb163261b3a7e7d1c073ee82065a8909d6df
with your code
from hosted-payment-sim.
The Shopify store is sending us the exact same message that is in the code example i supplied and they are sending a x_signature="5fb18d05e24d08b1c94037dd4ce3474912f53568e5b6a7898b94a76980d02d3f"
You are correct that when we do the calculation using the code i have supplied we are getting "3b9b2addf4c7ac299013db07c01dfb163261b3a7e7d1c073ee82065a8909d6df"
So it looks like the Shop integration is taking additional fields into account in its calculation of the signature that are not being included in the POST message e.g. x_timestamp or x_transaction_type. Could this be the case?
It doesn't look like an issue with the calculation logic or the offsite gateway but with missing variables in the POST message, compared to what is used when they calculate their signature.
from hosted-payment-sim.
There were a few mistakes when transcribing the parameters from the request to the fields map in his code.
- Numbers were not in single quotes, resulting in them getting truncated when converted to strings (32.20 becomes 32.2, 0.00 becomes 0)
- There is a trailing whitespace at the end of his shipping address (Should be '2 / 15 Esplanade ‘ instead of '2 / 15 Esplanade’)
Once these changes are made the signature is calculated correctly.
This code works: https://gist.github.com/AnotherJoSmith/8245dbebeb99460b6a0e
Thank you @AnotherJoSmith for looking into this
from hosted-payment-sim.
Related Issues (12)
- Help regarding hosted payment sim HOT 5
- Hosted payment for rails
- Signature Signing For Special Characters
- HP SDK Rejected order being accepted HOT 3
- rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses
- Rest-Client Gem for Ruby logs password information in plaintext
- Directory traversal vulnerability in rubyzip
- Passing language or locale information to a hosted payment gateway?
- Path traversal is possible via backslash characters on Windows. HOT 1
- Manual gem update/maintenance required
- Action required: CircleCI v1.0 is EOL, this repo is impacted
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hosted-payment-sim.