add csrf (#9)

Affirm · Oct 7, 2021 · 976a343 · 976a343
1 parent e7c73eb
commit 976a343
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 4 deletions.
diff --git a/Controller/Payment/Confirm.php b/Controller/Payment/Confirm.php
@@ -3,6 +3,9 @@
 
 use Magento\Framework\App\Action\Action;
 use Magento\Framework\App\Action\Context;
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Checkout\Model\Session;
 use Magento\Quote\Api\CartManagementInterface;
@@ -11,7 +14,7 @@
 use Magento\Sales\Api\OrderManagementInterface as OrderManagement;
 use Affirm\Telesales\Model\Adminhtml\Checkout as AffirmCheckout;
 
-class Confirm extends Action
+class Confirm extends Action implements CsrfAwareActionInterface
 {
     const CHECKOUT_STATUS_CONFIRMED = 'confirmed';
     /**
@@ -39,6 +42,23 @@ public function __construct(
         $this->logger = $logger;
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
      /**
      * @inheritDoc
      */

diff --git a/Controller/Payment/Decline.php b/Controller/Payment/Decline.php
@@ -3,14 +3,17 @@
 
 use Magento\Framework\App\Action\Action;
 use Magento\Framework\App\Action\Context;
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
 use Magento\Checkout\Model\Session;
 use Magento\Quote\Api\CartManagementInterface;
 use Magento\Quote\Api\CartRepositoryInterface;
 use Magento\Sales\Model\OrderFactory;
 use Magento\Sales\Api\OrderManagementInterface as OrderManagement;
 use Affirm\Telesales\Model\Adminhtml\Checkout as AffirmCheckout;
 
-class Decline extends Action
+class Decline extends Action implements CsrfAwareActionInterface
 {
     const CHECKOUT_STATUS_NOT_APPROVED = 'not_approved';
     /**
@@ -38,6 +41,23 @@ public function __construct(
         $this->logger = $logger;
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function createCsrfValidationException(
+        RequestInterface $request
+    ): ?InvalidRequestException {
+        return null;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validateForCsrf(RequestInterface $request): ?bool
+    {
+        return true;
+    }
+
      /**
      * @inheritDoc
      */

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "affirm/m2-telesales",
     "description": "Affirm Telesales extension for the Magento 2 https://www.affirm.com/",
     "type": "magento2-module",
-    "version": "1.0.5",
+    "version": "1.0.6",
     "license": [
         "BSD-3-Clause"
     ],

diff --git a/etc/module.xml b/etc/module.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Affirm_Telesales" setup_version="1.0.5">
+    <module name="Affirm_Telesales" setup_version="1.0.6">
         <sequence>
             <module name="Astound_Affirm"/>
             <module name="Magento_Store"/>