Ensure that only accepted callbacks pass through

Controller/Payment/Callback.php

@@ -80,45 +80,49 @@ public function execute()
             $submittedChecksum = $this->getRequest()->getServer('HTTP_QUICKPAY_CHECKSUM_SHA256');
 
             if ($checksum === $submittedChecksum) {
-                /**
-                 * Load order by incrementId
-                 * @var Order $order
-                 */
-                $order = $this->order->loadByIncrementId($response->order_id);
-
-                if (! $order->getId()) {
-                    $this->logger->debug('Failed to load order with id: '. $response->order_id);
-                    return;
-                }
+                //Make sure that payment is accepted
+                if ($response->accepted === true) {
+                    /**
+                     * Load order by incrementId
+                     * @var Order $order
+                     */
+                    $order = $this->order->loadByIncrementId($response->order_id);
+
+                    if (!$order->getId()) {
+                        $this->logger->debug('Failed to load order with id: ' . $response->order_id);
+                        return;
+                    }
 
-                //Cancel order if testmode is disabled and this is a test payment
-                $testMode = $this->scopeConfig->isSetFlag(self::TESTMODE_XML_PATH, \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
+                    //Cancel order if testmode is disabled and this is a test payment
+                    $testMode = $this->scopeConfig->isSetFlag(self::TESTMODE_XML_PATH,
+                        \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
 
-                if (! $testMode && $response->test_mode === true) {
-                    $this->logger->debug('Order attempted paid with a test card but testmode is disabled.');
-                    if (! $order->isCanceled()) {
-                        $order->registerCancellation("Order attempted paid with test card")->save();
+                    if (!$testMode && $response->test_mode === true) {
+                        $this->logger->debug('Order attempted paid with a test card but testmode is disabled.');
+                        if (!$order->isCanceled()) {
+                            $order->registerCancellation("Order attempted paid with test card")->save();
+                        }
+                        return;
                     }
-                    return;
-                }
 
-                //Add transaction fee if set
-                if ($response->fee > 0) {
-                    $this->addTransactionFee($order, $response->fee);
-                }
+                    //Add transaction fee if set
+                    if ($response->fee > 0) {
+                        $this->addTransactionFee($order, $response->fee);
+                    }
 
-                //Set order to processing
-                $stateProcessing = \Magento\Sales\Model\Order::STATE_PROCESSING;
+                    //Set order to processing
+                    $stateProcessing = \Magento\Sales\Model\Order::STATE_PROCESSING;
 
-                if ($order->getState() !== $stateProcessing) {
-                    $order->setState($stateProcessing)
-                        ->setStatus($order->getConfig()->getStateDefaultStatus($stateProcessing))
-                        ->save();
-                }
+                    if ($order->getState() !== $stateProcessing) {
+                        $order->setState($stateProcessing)
+                            ->setStatus($order->getConfig()->getStateDefaultStatus($stateProcessing))
+                            ->save();
+                    }
 
-                //Send order email
-                if (!$order->getEmailSent()) {
-                    $this->sendOrderConfirmation($order);
+                    //Send order email
+                    if (!$order->getEmailSent()) {
+                        $this->sendOrderConfirmation($order);
+                    }
                 }
             } else {
                 $this->logger->debug('Checksum mismatch');

Plugin/Model/Order/Payment/State/CommandInterface.php

@@ -30,7 +30,7 @@ public function aroundExecute(BaseCommandInterface $subject, \Closure $proceed,
             $orderStatus = Order::STATE_NEW;
             if ($orderStatus && $order->getState() == Order::STATE_PROCESSING) {
                 $order->setState($orderStatus)
-                      ->setStatus($order->getConfig()->getStateDefaultStatus(\Magento\Sales\Model\Order::STATE_NEW));
+                      ->setStatus($order->getConfig()->getStateDefaultStatus(Order::STATE_NEW));
             }
         }
 

composer.json

@@ -24,14 +24,14 @@
     "quickpay/quickpay-php-client": "1.0.*"
   },
   "type": "magento2-module",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "license": [
     "OSL-3.0",
     "AFL-3.0"
   ],
   "autoload": {
     "files": [
-      "registration.php"
+      "registration.php"0
     ],
     "psr-4": {
       "QuickPay\\Payment\\": ""

etc/module.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="QuickPay_Payment" setup_version="0.5.0">
+    <module name="QuickPay_Payment" setup_version="0.5.1">
         <sequence>
             <module name="Magento_Payment"/>
             <module name="Magento_Checkout"/>