http://www.mediawiki.org/wiki/Special:Code/MediaWiki/72001
Revision: 72001
Author: awjrichards
Date: 2010-08-31 01:00:36 +0000 (Tue, 31 Aug 2010)
Log Message:
-----------
Added 'custom filters' mechanism for adding pluggable filters for transactions
Modified Paths:
--------------
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/CreditCardFraudDetection.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/LocationVerification.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/TelephoneVerification.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php
trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
Added Paths:
-----------
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.body.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.body.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.php
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/referrer/
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/source/
Added:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.body.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.body.php
(rev 0)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.body.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -0,0 +1,88 @@
+<?php
+
+class PayflowProGateway_Extras_CustomFilters extends PayflowProGateway_Extras {
+ /**
+ * A value for tracking the 'riskiness' of a transaction
+ *
+ * The action to take based on a transaction's riskScore is determined
by
+ * $action_ranges. This is built assuming a range of possible risk
scores
+ * as 0-100, although you can probably bend this as needed.
+ * @var public int
+ */
+ public $risk_score;
+
+ /**
+ * Define the action to take for a given $risk_score
+ * @var public array
+ */
+ public $action_ranges;
+
+ /**
+ * A container for the gateway object
+ *
+ * This gets populated on construction.
+ * @var object
+ */
+ public $gateway_object;
+
+ /**
+ * A container for data from the gateway
+ *
+ * This gets populated on construction.
+ */
+ public $gateway_data;
+
+ /**
+ * A container for an instance of self
+ */
+ static $instance;
+
+ public function __construct( &$pfp_gateway_object, &$data ) {
+ parent::__construct();
+
+ $this->gateway_object =& $pfp_gateway_object;
+ $this->gateway_data =& $data;
+
+ // load user action ranges and risk score
+ global $wgPayflowGatewayCustomFiltersActionRanges,
$wgPayflowGatewayCustomFiltersRiskScore;
+ if ( isset( $wgPayflowGatewayCustomFiltersActionRanges ))
$this->action_ranges = $wgPayflowGatewayCustomFiltersActionRanges;
+ if ( isset( $wgPayflowGatewayCustomFiltersRiskScore ))
$this->risk_score = $wgPayflowGatewayCustomFiltersRiskScore;
+ }
+
+ /**
+ * Determine the action to take for a transaction based on its
$risk_score
+ *
+ * @return string The action to take
+ */
+ public function determineAction() {
+ foreach ( $this->action_ranges as $action => $range ) {
+ if ( $this->risk_score >= $range[0] && $this->risk_score <=
$range[1] ) {
+ return $action;
+ }
+ }
+ }
+
+ /**
+ * Run the transaction through the custom filters
+ */
+ public function validate() {
+ // expose a hook for custom filters
+ wfRunHooks( 'PayflowGatewayCustomFilter', array( $this ));
+ $this->gateway_object->action = $this->determineAction();
+
+ $log_msg = '"' . $this->gateway_object->action . "\"\t\"" .
$this->risk_score . "\"";
+ $this->log( $this->gateway_data['contribution_tracking_id'],
'Filtered', $log_msg );
+ return TRUE;
+ }
+
+ static function onValidate( &$pfp_gateway_object, &$data ) {
+ return self::singleton( $pfp_gateway_object, $data
)->validate();
+ }
+
+ static function singleton( &$pfp_gateway_object, &$data ) {
+ if ( !self::$instance ) {
+ self::$instance = new self( $pfp_gateway_object, $data
);
+ }
+ return self::$instance;
+ }
+}
Added:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.php
(rev 0)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/custom_filters.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -0,0 +1,48 @@
+<?php
+/**
+ * Provides a unified way to define and run custom filters for incoming
transactions
+ *
+ * Running filters through 'custom filters' rather than directly through the
validate hook in the gateway
+ * offers the advantage of simplifying the passage of relvent data between
filters/validators that's
+ * needed to perform more complex validation/filtering of transactions.
+ *
+ * The actual filters themselves are regular MW extensions and can optional be
organized in filters/
+ * They should be invoked by using the 'PayflowGatewayCustomFilter' hook,
which will pass the entire
+ * CustomFilter object to the filter. The gateway object and its data are
included in the CustomFilter
+ * object.
+ */
+
+if ( !defined( 'MEDIAWIKI' ) ) {
+ die( "This file is part of the MinFraud for PayflowPro Gateway extension.
It is not a valid entry point.\n" );
+}
+
+$wgExtensionCredits['payflowprogateway_custom_filters'][] = array(
+ 'name' => 'custom filters',
+ 'author' =>'Arthur Richards',
+ 'url' => '',
+ 'description' => 'This extension provides a way to define custom filters
for incoming transactions for the Payflow Pro gateway.'
+);
+
+/**
+ * Define the action to take for a given $risk_score
+ */
+$wgPayflowGatewayCustomFiltersActionRanges = array(
+ 'process' => array( 0, 100 ),
+ 'review' => array( -1, -1 ),
+ 'challenge' => array( -1, -1 ),
+ 'reject' => array( -1, -1 ),
+);
+
+/**
+ * A value for tracking the 'riskiness' of a transaction
+ *
+ * The action to take based on a transaction's riskScore is determined by
+ * $action_ranges. This is built assuming a range of possible risk scores
+ * as 0-100, although you can probably bend this as needed.
+ */
+$wgPayflowGatewayCustomFiltersRiskScore = 0;
+
+$dir = dirname( __FILE__ ) . "/";
+$wgAutoloadClasses['PayflowProGateway_Extras_CustomFilters'] = $dir .
"custom_filters.body.php";
+
+$wgHooks["PayflowGatewayValidate"][] = array(
'PayflowProGateway_Extras_CustomFilters::onValidate' );
Added:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.body.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.body.php
(rev 0)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.body.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Wrapper for using minFraud extra as a custom filter
+ *
+ * Essentially runs minfraud query as the regular minFraud extra extension does
+ * with slight modifications. So all we do here is overload validate()
+ * and add in some extra customFilters specific stuff.
+ */
+
+class PayflowProGateway_Extras_CustomFilters_MinFraud extends
PayflowProGateway_Extras_MinFraud {
+ static $instance;
+
+ public function validate( &$custom_filter_object ) {
+ $pfp_gateway_object =& $custom_filter_object->gateway_object;
+ $data =& $custom_filter_object->gateway_data;
+
+ // see if we can bypass minfraud
+ if ( $this->can_bypass_minfraud( $pfp_gateway_object, $data )) return
TRUE;
+
+ $minfraud_query = $this->build_query( $data );
+ $this->query_minfraud( $minfraud_query );
+ $pfp_gateway_object->action = 'Filter';//$this->determine_action(
$this->minfraud_response[ 'riskScore' ] );
+
+ $custom_filter_object->risk_score =
$custom_filter_object->risk_score + $this->minfraud_response['riskScore'];
+
+ // Write the query/response to the log
+ // @fixme this will cause the 'action' to be logged even though
it's premature here
+ $this->log_query( $pfp_gateway_object, $data );
+ return TRUE;
+
+ }
+
+ static function onValidate( &$custom_filter_object ) {
+ return self::singleton()->validate( $custom_filter_object );
+ }
+
+ static function singleton() {
+ if ( !self::$instance ) {
+ self::$instance = new self;
+ }
+ return self::$instance;
+ }
+
+}
Added:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.php
(rev 0)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud/minfraud.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -0,0 +1,46 @@
+<?php
+/**
+ * Custom filter using minFraud
+ *
+ * Essentially acts as a wrapper for the minFraud extra and runs minFraud
+ * queries via custom filter paradigm. This allows us to capture the
+ * riskScore from minfraud and adjust it with our own custom filters and
+ * risk score modifications.
+ *
+ * This inherits minFraud settings form the main minFraud extension. To make
+ * transactions run through minFraud outside of custom filters, set
+ * $wgMinFraudStandalone = TRUE
+ *
+ * To install:
+ * require_once(
"$IP/extensions/DonationInterface/payflowpro_gateway/extras/custom_filters/filters/minfraud.php"
);
+ */
+
+ $wgExtensionCredits['payflowprogateway_extras_customfilters_minfraud'][] =
array(
+ 'name' => 'minfraud custom filter',
+ 'author' =>'Arthur Richards',
+ 'url' => '',
+ 'description' => 'This extension uses the MaxMind minFraud service as a
validator for the Payflow Pro gateway via custom filters.'
+);
+
+/**
+ * Set minFraud to NOT run in standalone mode.
+ *
+ * If minFraud is set to run in standalone mode, it will not be run
+ * through custom filters. If you do not know what you're doing
+ * or otherwise have this set up incorrectly, you may have unexpected
+ * results. If you want minFraud to run OUTSIDE of custom filters,
+ * you will want to make sure you know whether minFraud queries are
+ * happening before or after custom filters, defined by the order of
+ * your require statements in LocalSettings.
+ */
+$wgMinFraudStandalone = FALSE;
+
+$dir = dirname( __FILE__ ) . "/";
+$wgAutoloadClasses['PayflowProGateway_Extras_MinFraud'] = $dir .
"../../../minfraud/minfraud.body.php";
+$wgAutoloadClasses['PayflowProGateway_Extras_CustomFilters_MinFraud'] = $dir .
"minfraud.body.php";
+$wgExtensionFunctions[] = 'efCustomFiltersMinFraudSetup';
+
+function efCustomFiltersMinFraudSetup() {
+ global $wgMinFraudStandalone, $wgHooks;
+ if ( !$wgMinFraudStandalone ) $wgHooks[ 'PayflowGatewayCustomFilter'
][] = array( "PayflowProGateway_Extras_CustomFilters_MinFraud::onValidate" );
+}
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/CreditCardFraudDetection.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/CreditCardFraudDetection.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/CreditCardFraudDetection.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -26,8 +26,8 @@
var $API_VERSION;
function __construct() {
- $this->HTTPBase();
- $this->isSecure = 1; // use HTTPS by default
+ parent::__construct();
+ $this->isSecure = 1; // use HTTPS by default
//set the allowed_fields hash
$this->allowed_fields["i"] = 1;
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/LocationVerification.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/LocationVerification.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/LocationVerification.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -26,8 +26,8 @@
var $API_VERSION;
function __construct() {
- $this->HTTPBase();
- $this->isSecure = 1; // use HTTPS by default
+ parent::__construct();
+ $this->isSecure = 1; // use HTTPS by default
//set the allowed_fields hash
$this->allowed_fields["i"] = 1;
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/TelephoneVerification.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/TelephoneVerification.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/ccfd/TelephoneVerification.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -5,8 +5,8 @@
var $numservers;
var $API_VERSION;
function __construct(){
- $this->HTTPBase();
- $this->isSecure = 1; // use HTTPS by default
+ parent::__construct();
+ $this->isSecure = 1; // use HTTPS by default
//set the allowed_fields hash
$this->allowed_fields["l"] = 1;
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.body.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -35,6 +35,7 @@
parent::__construct();
$dir = dirname( __FILE__ ) .'/';
require_once( $dir . "ccfd/CreditCardFraudDetection.php" );
+ require_once( $dir . "../../includes/countryCodes.inc" );
global $wgMinFraudLicenseKey, $wgMinFraudActionRanges;
// set the minfraud license key, go no further if we don't have
it
@@ -65,8 +66,16 @@
if ( isset( $data[ 'data_hash' ] )) unset( $data[ 'data_hash' ]
);
$data[ 'action' ] = $this->generate_hash(
$pfp_gateway_object->action );
$data[ 'data_hash' ] = $this->generate_hash( serialize( $data
));
-
- // log the message if the user has specified a log file
+
+ // Write the query/response to the log
+ $this->log_query( $pfp_gateway_object, $data );
+ return TRUE;
+ }
+
+ /**
+ * Logs a minFraud query and its response
+ */
+ public function log_query( $pfp_gateway_object, $data ) {
if ( $this->log_fh ) {
$log_message = '"' . addslashes( $data[ 'comment' ] ) .
'"';
$log_message .= "\t" . '"' . addslashes( $data[
'amount' ] . ' ' . $data[ 'currency' ] ) . '"';
@@ -76,7 +85,6 @@
$log_message .= "\t" . '"' . addslashes( $data[
'referrer' ] ) . '"';
$this->log( $data[ 'contribution_tracking_id' ],
'minFraud query', $log_message );
}
- return TRUE;
}
/**
@@ -159,7 +167,7 @@
$minfraud_array[ "license_key" ] = $this->minfraud_license_key;
// user's IP address
- $minfraud_array[ "i" ] ='12.12.12.12';// wfGetIP();
+ $minfraud_array[ "i" ] = wfGetIP();
// user's user agent
global $wgRequest;
@@ -244,7 +252,6 @@
* @return array of actions to be taken
*/
public function determine_action( $risk_score ) {
- $actions = array();
foreach ( $this->action_ranges as $action => $range ) {
if ( $risk_score >= $range[0] && $risk_score <=
$range[1] ) {
return $action;
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/extras/minfraud/minfraud.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -48,11 +48,24 @@
'reject' => array( -1, -1 )
);
+/**
+ * Define whether or not to run minFraud in stand alone mode
+ *
+ * If this is set to run in standalone, these scripts will be
+ * accessed directly via the "PayflowGatewayValidate" hook.
+ * You may not want to run this in standalone mode if you prefer
+ * to use this in conjunction with Custom Filters. This has the
+ * advantage of sharing minFraud info with other filters.
+ */
+$wgMinFraudStandalone = TRUE;
+
$dir = dirname( __FILE__ ) . "/";
-require_once( $dir . "../../includes/countryCodes.inc" );
$wgAutoloadClasses['PayflowProGateway_Extras_MinFraud'] = $dir .
"minfraud.body.php";
-/**
- * Sets minFraud as a validator for transactions
- */
-$wgHooks["PayflowGatewayValidate"][] = array(
'PayflowProGateway_Extras_MinFraud::onValidate' );
+$wgExtensionFunctions[] = 'efMinFraudSetup';
+
+function efMinFraudSetup() {
+ // if we're in standalone mode, use the PayflowGatewayValidate hook
+ global $wgMinFraudStandalone, $wgHooks;
+ if ( $wgMinFraudStandalone ) $wgHooks["PayflowGatewayValidate"][] =
array( 'PayflowProGateway_Extras_MinFraud::onValidate' );
+}
Modified:
trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
===================================================================
---
trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
2010-08-31 00:56:15 UTC (rev 72000)
+++
trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
2010-08-31 01:00:36 UTC (rev 72001)
@@ -68,6 +68,7 @@
$wgOut->addScript( Skin::makeVariablesScript( $scriptVars ) );
+
// establish the edit token to prevent csrf
global $wgPayflowGatewaySalt;
$token = $this->fnPayflowEditToken( $wgPayflowGatewaySalt );
//$wgUser->editToken( 'mrxc877668DwQQ' );
@@ -259,9 +260,9 @@
$stateMenu = '';
foreach( $states as $value => $fullName ) {
- if ( $value == $data['state'] ) {
- $stateMenu .= Xml::option( $fullName, $value, true );
- } else $stateMenu .= Xml::option( $fullName, $value, false );
+ if ( $value == $data['state'] ) {
+ $stateMenu .= Xml::option( $fullName, $value,
true );
+ } else $stateMenu .= Xml::option( $fullName, $value,
false );
}
//currencies
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
