Check if quote increment id has same value that Ds_Order in Redsys ca…

…llback
oriolauge · May 25, 2022 · 0102bdb · 0102bdb
1 parent 148b6d5
commit 0102bdb
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/Controller/Callback/Processpayment.php b/Controller/Callback/Processpayment.php
@@ -123,6 +123,15 @@ public function execute()
                 return $this->returnJsonError('Quote not found');
             }
 
+            /**
+             * We don't know if quote was loaded by increment id or quote_id, so we
+             * will check if current increment id is the same that Redsys
+             * send to our system
+             */
+            if ($quote->getReservedOrderId() != $merchantParameters['Ds_Order']) {
+                return $this->returnJsonError('Quote Increment Id is not the same');
+            }
+
             if (empty($merchantParameters['Ds_Amount']) ||
                 $this->totalAmount->execute($quote) != $merchantParameters['Ds_Amount']) {
                 return $this->returnJsonError('Quote amount is not the same');