From 976a343012f7b55d03de17cda57c2d30f9a81d5f Mon Sep 17 00:00:00 2001 From: Kevin Kong Date: Thu, 7 Oct 2021 15:16:48 -0700 Subject: [PATCH] add csrf (#9) --- Controller/Payment/Confirm.php | 22 +++++++++++++++++++++- Controller/Payment/Decline.php | 22 +++++++++++++++++++++- composer.json | 2 +- etc/module.xml | 2 +- 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/Controller/Payment/Confirm.php b/Controller/Payment/Confirm.php index 98f0465..3b87f72 100644 --- a/Controller/Payment/Confirm.php +++ b/Controller/Payment/Confirm.php @@ -3,6 +3,9 @@ use Magento\Framework\App\Action\Action; use Magento\Framework\App\Action\Context; +use Magento\Framework\App\CsrfAwareActionInterface; +use Magento\Framework\App\RequestInterface; +use Magento\Framework\App\Request\InvalidRequestException; use Magento\Framework\Exception\LocalizedException; use Magento\Checkout\Model\Session; use Magento\Quote\Api\CartManagementInterface; @@ -11,7 +14,7 @@ use Magento\Sales\Api\OrderManagementInterface as OrderManagement; use Affirm\Telesales\Model\Adminhtml\Checkout as AffirmCheckout; -class Confirm extends Action +class Confirm extends Action implements CsrfAwareActionInterface { const CHECKOUT_STATUS_CONFIRMED = 'confirmed'; /** @@ -39,6 +42,23 @@ public function __construct( $this->logger = $logger; } + /** + * @inheritDoc + */ + public function createCsrfValidationException( + RequestInterface $request + ): ?InvalidRequestException { + return null; + } + + /** + * @inheritDoc + */ + public function validateForCsrf(RequestInterface $request): ?bool + { + return true; + } + /** * @inheritDoc */ diff --git a/Controller/Payment/Decline.php b/Controller/Payment/Decline.php index 308aa24..9e3aab7 100644 --- a/Controller/Payment/Decline.php +++ b/Controller/Payment/Decline.php @@ -3,6 +3,9 @@ use Magento\Framework\App\Action\Action; use Magento\Framework\App\Action\Context; +use Magento\Framework\App\CsrfAwareActionInterface; +use Magento\Framework\App\RequestInterface; +use Magento\Framework\App\Request\InvalidRequestException; use Magento\Checkout\Model\Session; use Magento\Quote\Api\CartManagementInterface; use Magento\Quote\Api\CartRepositoryInterface; @@ -10,7 +13,7 @@ use Magento\Sales\Api\OrderManagementInterface as OrderManagement; use Affirm\Telesales\Model\Adminhtml\Checkout as AffirmCheckout; -class Decline extends Action +class Decline extends Action implements CsrfAwareActionInterface { const CHECKOUT_STATUS_NOT_APPROVED = 'not_approved'; /** @@ -38,6 +41,23 @@ public function __construct( $this->logger = $logger; } + /** + * @inheritDoc + */ + public function createCsrfValidationException( + RequestInterface $request + ): ?InvalidRequestException { + return null; + } + + /** + * @inheritDoc + */ + public function validateForCsrf(RequestInterface $request): ?bool + { + return true; + } + /** * @inheritDoc */ diff --git a/composer.json b/composer.json index b850a11..e45cfdd 100644 --- a/composer.json +++ b/composer.json @@ -2,7 +2,7 @@ "name": "affirm/m2-telesales", "description": "Affirm Telesales extension for the Magento 2 https://www.affirm.com/", "type": "magento2-module", - "version": "1.0.5", + "version": "1.0.6", "license": [ "BSD-3-Clause" ], diff --git a/etc/module.xml b/etc/module.xml index 7b26922..5525558 100644 --- a/etc/module.xml +++ b/etc/module.xml @@ -1,6 +1,6 @@ - +