Returning error response for failed HMAC validation (#77)

Adyen · Jan 10, 2025 · a0e203d · a0e203d
1 parent 9d672f3
commit a0e203d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/force-app/main/default/classes/AdyenNotificationHandler.cls b/force-app/main/default/classes/AdyenNotificationHandler.cls
@@ -11,10 +11,10 @@ public with sharing class AdyenNotificationHandler {
         try {
             validator = new HMACValidator(notificationRequestItem, adyenAdapter.HMAC_Key__c);
             if (!Test.isRunningTest() && !validator.validateHMAC()) {
-                return createAcceptedNotificationResponse('not a valid notification request');
+                return createErrorResponse(AdyenOMSConstants.INVALID_NOTIFICATION, 403);
             }
         } catch (HMACValidator.HmacValidationException hmacValidationException) {
-            return createAcceptedNotificationResponse(hmacValidationException.getMessage());
+            return createErrorResponse(hmacValidationException.getMessage(), 403);
         }
 
         if (!AdyenPaymentUtility.isValidNotification(notificationRequestItem)) {
@@ -41,6 +41,13 @@ public with sharing class AdyenNotificationHandler {
         return gatewayNotificationResponse;
     }
 
+    private static CommercePayments.GatewayNotificationResponse createErrorResponse(String message, Integer statusCode) {
+        CommercePayments.GatewayNotificationResponse gatewayNotificationResponse = new CommercePayments.GatewayNotificationResponse();
+        gatewayNotificationResponse.setResponseBody(Blob.valueOf(message));
+        gatewayNotificationResponse.setStatusCode(statusCode);
+        return gatewayNotificationResponse;
+    }
+
     /**
     * Creates and records (ie saves) the notification save result.
     *

diff --git a/force-app/main/default/classes/AdyenOMSConstants.cls b/force-app/main/default/classes/AdyenOMSConstants.cls
@@ -47,4 +47,5 @@ public with sharing class AdyenOMSConstants {
     public static final String PBL_ID_KEY = 'pblId';
     public static final String GATEWAY_RESULT_SUCCESS = 'success';
     public static final String GATEWAY_RESULT_SUCCESS_DESCRIPTION = 'Transaction Normal';
+    public static final String INVALID_NOTIFICATION = 'Not a valid notification request';
 }
diff --git a/force-app/main/default/classes/NonPaymentWebhookHandler.cls b/force-app/main/default/classes/NonPaymentWebhookHandler.cls
@@ -1,7 +1,6 @@
 @RestResource(UrlMapping='/nonPaymentWebhook/v1/*')
 global without sharing class NonPaymentWebhookHandler {
     public static final String ACCEPTED_RESPONSE = '[accepted]';
-    public static final String INVALID_NOTIFICATION = 'but not a valid notification request';
     public static final String INVALID_WEBHOOK = 'but no valid psp reference found or webhook type was ignored';
     public static final String NO_PAYMENT_FOUND = 'but no related payment record found';
     public static final String EXCEPTION_OCCURRED = 'but an exception happened: ';
@@ -13,7 +12,7 @@ global without sharing class NonPaymentWebhookHandler {
             NotificationRequestItem notificationRequestItem = WebhookUtils.parseAdyenNotificationRequest(requestBody);
             Adyen_Adapter__mdt adyenAdapter = AdyenPaymentUtility.retrieveAdapterByMerchantAcct(notificationRequestItem.merchantAccountCode);
             if (!isValidRequest(notificationRequestItem, adyenAdapter)) {
-                return responseWithReason(INVALID_NOTIFICATION);
+                return createErrorResponse(AdyenOMSConstants.INVALID_NOTIFICATION, 403);
             }
             if (!AdyenPaymentUtility.isValidNonPaymentWebhook(notificationRequestItem)) {
                 return responseWithReason(INVALID_WEBHOOK);
@@ -28,7 +27,7 @@ global without sharing class NonPaymentWebhookHandler {
             }
             return ACCEPTED_RESPONSE;
         } catch (HMACValidator.HmacValidationException ex) {
-            return responseWithReason(INVALID_NOTIFICATION);
+            return createErrorResponse(ex.getMessage(), 403);
         } catch (Exception ex) {
             return responseWithReason(EXCEPTION_OCCURRED + ex.getMessage());
         }
@@ -43,6 +42,11 @@ global without sharing class NonPaymentWebhookHandler {
     private static String responseWithReason(String reason) {
         return ACCEPTED_RESPONSE + ', ' + reason;
     }
+
+    private static String createErrorResponse(String reason, Integer statusCode) {
+        RestContext.response.statusCode = statusCode;
+        return reason;
+    }
 
     private static void createGatewayLog(PaymentAuthorization paymentAuthorization, NotificationRequestItem notificationRequestItem, String requestBody) {
         String interactionStatus = notificationRequestItem.success == 'true' ? AdyenOMSConstants.PaymentGatewayLogStatus.SUCCESS.name() : AdyenOMSConstants.PaymentGatewayLogStatus.FAILED.name();