Ejegg has uploaded a new change for review.
https://gerrit.wikimedia.org/r/163034
Change subject: Clear out session data when changing adapters
......................................................................
Clear out session data when changing adapters
Ensure order ids and other data from the first adapter you hit
aren't leaking into any subsequent ones.
Change-Id: I90240e5717c741d93b145eddbd484531f4299286
---
M gateway_common/gateway.adapter.php
M tests/Adapter/GatewayAdapterTestCase.php
2 files changed, 43 insertions(+), 0 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface
refs/changes/34/163034/1
diff --git a/gateway_common/gateway.adapter.php
b/gateway_common/gateway.adapter.php
index 2b6a38e..f417ecb 100644
--- a/gateway_common/gateway.adapter.php
+++ b/gateway_common/gateway.adapter.php
@@ -338,6 +338,7 @@
$this->defineOrderIDMeta(); //must happen before we go to
DonationData.
$this->defineDataConstraints(); //must also happen before we go
to DonationData.
+ $this->session_resetOnGatewaySwitch(); //clear out the old
stuff before DD snarfs it.
$this->dataObj = new DonationData( $this,
$options['external_data'] );
$this->setValidationErrors(
$this->getOriginalValidationErrors() );
@@ -3039,6 +3040,20 @@
}
/**
+ * Check to see if we've changed gateways, and throw out the garbage
+ * from the old gateway if so. Prevents order_id leakage!
+ */
+ protected function session_resetOnGatewaySwitch() {
+ if ( !$this->session_exists() ) {
+ return;
+ }
+ $old_gateway = $this->session_getData( 'Donor', 'gateway' );
+ if ( $old_gateway !== null && $old_gateway !==
$this::IDENTIFIER ) {
+ $this->session_resetForNewAttempt( true );
+ }
+ }
+
+ /**
* Add a RapidHTML Form (ffname) to this abridged history of where we've
* been in this session. This lets us do things like construct useful
* "back" links that won't crush all session everything.
diff --git a/tests/Adapter/GatewayAdapterTestCase.php
b/tests/Adapter/GatewayAdapterTestCase.php
index 0c6e5d9..ea945fb 100644
--- a/tests/Adapter/GatewayAdapterTestCase.php
+++ b/tests/Adapter/GatewayAdapterTestCase.php
@@ -113,5 +113,33 @@
$this->assertEquals( $gateway->_getData_Staged( 'language' ),
'no', "'NO' donor's language was inproperly set. Should be 'no'" );
}
+ /**
+ * Make sure data is cleared out when changing gateways.
+ * In particular, ensure order IDs aren't leaking.
+ */
+ public function testResetOnGatewaySwitch() {
+ //Fill the session with some Amazon stuff
+ $init = $this->getDonorTestData( 'FR' );
+ $init['contribution_tracking_id'] = mt_rand();
+ $amazon_gateway = new TestingAmazonAdapter( array (
+ 'external_data' => $init,
+ ) );
+ $amazon_gateway->do_transaction( 'Donate' );
+
+ $this->assertEquals( 'amazon', $_SESSION['Donor']['gateway'],
'Test setup failed.' );
+
+ //Then simpulate switching to Worldpay
+ $_SESSION['numAttempt'] = 2;
+ unset( $_POST['order_id'] );
+
+ $worldpay_gateway = new TestingWorldPayAdapter( array (
+ 'external_data' => $init,
+ ) );
+ $worldpay_gateway->batch_mode = TRUE;
+
+ $expected_order_id =
"{$init['contribution_tracking_id']}.{$_SESSION['numAttempt']}";
+ $this->assertEquals( $expected_order_id,
$worldpay_gateway->getData_Unstaged_Escaped( 'order_id' ),
+ 'Order ID was not regenerated on gateway switch!' );
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/163034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I90240e5717c741d93b145eddbd484531f4299286
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: master
Gerrit-Owner: Ejegg <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
