Fix zero value HMAC signature (Adyen#126)

alexandersch · Oct 14, 2019 · f69b19e · f69b19e
1 parent c0d7a1d
commit f69b19e
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/src/Adyen/Util/HmacSignature.php b/src/Adyen/Util/HmacSignature.php
@@ -66,7 +66,8 @@ private function getNotificationDataToSign($params)
         $originalReference = (!empty($params['originalReference'])) ? $params['originalReference'] : "";
         $merchantAccountCode = (!empty($params['merchantAccountCode'])) ? $params['merchantAccountCode'] : "";
         $merchantReference = (!empty($params['merchantReference'])) ? $params['merchantReference'] : "";
-        $value = (!empty($params['amount']['value'])) ? $params['amount']['value'] : "";
+        // `empty` treats too many value types as empty. `isset` should prevent some of these cases.
+        $value = (isset($params['amount']['value'])) ? $params['amount']['value'] : "";
         $currency = (!empty($params['amount']['currency'])) ? $params['amount']['currency'] : "";
         $eventCode = (!empty($params['eventCode'])) ? $params['eventCode'] : "";
         $success = (!empty($params['success'])) ? $params['success'] : "";

diff --git a/tests/Adyen/Util/HmacSignatureTest.php b/tests/Adyen/Util/HmacSignatureTest.php
@@ -56,4 +56,32 @@ public function testNotificationRequestItemHmac()
             $this->fail('Unexpected exception');
         }
     }
+    public function testHmacSignatureForRefundWithZeroValue()
+    {
+        $params = json_decode('{
+	            "pspReference": "7914073381342284",
+	            "merchantAccountCode": "TestMerchant",
+	            "merchantReference": "TestPayment-1407325143704",
+	            "amount": {
+	                "value": 0,
+	                "currency": "EUR"
+	            },
+	            "eventCode": "REFUND",
+	            "success": "true"
+	        }', true);
+        $key = "44782DEF547AAA06C910C43932B1EB0C71FC68D9D0C057550C48EC2ACF6BA056";
+        $hmac = new HmacSignature();
+        try {
+            $hmacCalculation = $hmac->calculateNotificationHMAC($key, $params);
+            $this->assertNotEmpty($hmacCalculation);
+            $this->assertEquals("J7HhsgZo5KwqdB7LFZJV6rfQgp+RqC2kuYyw/3x3w+8=", $hmacCalculation);
+            $params['additionalData'] = array(
+                'hmacSignature' => $hmacCalculation
+            );
+            $hmacValidate = $hmac->isValidNotificationHMAC($key, $params);
+            $this->assertTrue($hmacValidate);
+        } catch (AdyenException $e) {
+            $this->fail('Unexpected exception');
+        }
+    }
 }