Merge branch 'master' into v2

ssheduardo · Nov 6, 2023 · 2b5df0e · 2b5df0e
2 parents 4a7f105 + 538e8a5
commit 2b5df0e
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,29 @@
 
 All Notable changes to `Redsys` will be documented in this file
 
+## Version 1.4.6 (2023-10-28)
+
+### Added
+- Test for method getPathJs
+
+- I just added a second optional parameter, $version, was added to the getJsPath() method to allow users to specify the version of the Redsys JavaScript file they want to use. The default version is 2 for compatibility reasons, but users can specify 3 to get the latest Redsys JavaScript file.
+
+### Changed
+- None
+### Fixed
+- None
+
+## Version 1.4.5 (2023-09-26)
+
+### Added
+- Tag 1.4.5
+
+### Changed
+- Method `check` updated in `Tpv.php` to enhance security and improve validation of signatures. The change involved replacing strict comparison (`===`) with `hash_equals()` for signature validation.
+
+### Fixed
+- None
+
 ## Version 1.4.4 (2023-08-07)
 
 ### Added
@@ -11,7 +34,7 @@ All Notable changes to `Redsys` will be documented in this file
 - Added new test for setMethod
 ### Fixed
 - Nothing
--
+
 ## Version 1.4.3 (2023-02-16)
 
 ### Added

diff --git a/src/Sermepa/Tpv/Tpv.php b/src/Sermepa/Tpv/Tpv.php
@@ -511,20 +511,33 @@ public function getEnvironment()
     }
 
     /**
-     * Return path Javascript to Insite
-     *
-     * @param string $env test or live
-     * @return string string path javascript
-     */
-    public static function getJsPath($environment = 'test')
-    {
-        if($environment == 'test') {
-            return 'https://sis-t.redsys.es:25443/sis/NC/sandbox/redsysV2.js';
-        } elseif($environment == 'live') {
-            return 'https://sis.redsys.es/sis/NC/redsysV2.js';
-        } else {
-            throw new TpvException('Add test or live');
+     * Returns the path to the Redsys JavaScript file for the specified environment and version.
+     *
+     * @param string $environment Environment: test or live.
+     * @param string $version JavaScript file version: 2 or 3.
+     * @return string JavaScript file path.
+     */
+    public static function getJsPath($environment = 'test', $version = '2'){
+
+        // Stores the array of JavaScript file paths.
+        static $jsPaths = [
+            'test' => [
+                '2' => 'https://sis-t.redsys.es:25443/sis/NC/sandbox/redsysV2.js',
+                '3' => 'https://sis-t.redsys.es:25443/sis/NC/sandbox/redsysV3.js',
+            ],
+            'live' => [
+                '2' => 'https://sis.redsys.es/sis/NC/redsysV2.js',
+                '3' => 'https://sis.redsys.es/sis/NC/redsysV3.js',
+            ],
+        ];
+
+        // Checks if the environment and version are valid.
+        if (!isset($jsPaths[$environment][$version])) {
+            throw new TpvException('Invalid environment or version');
         }
+
+        // Returns the JavaScript file path.
+        return $jsPaths[$environment][$version];
     }
 
     /**
@@ -874,7 +887,7 @@ public function check($key, $postData)
         $signatureReceived = $postData["Ds_Signature"];
         $signature = $this->generateMerchantSignatureNotification($key, $parameters);
 
-        return ($signature === $signatureReceived);
+        return hash_equals($signature, $signatureReceived);
     }
 
     /**

diff --git a/tests/TpvTest.php b/tests/TpvTest.php
@@ -591,4 +591,54 @@ public function should_validate_a_method($method): void
         $this->assertArrayHasKey('DS_MERCHANT_PAYMETHODS', $parameters);
     }
 
+    public function jsPathProvider()
+    {
+        return [
+            ['test', '2', 'https://sis-t.redsys.es:25443/sis/NC/sandbox/redsysV2.js'],
+            ['test', '3', 'https://sis-t.redsys.es:25443/sis/NC/sandbox/redsysV3.js'],
+            ['live', '2', 'https://sis.redsys.es/sis/NC/redsysV2.js'],
+            ['live', '3', 'https://sis.redsys.es/sis/NC/redsysV3.js'],
+        ];
+    }
+
+    /**
+     * @test
+     * @dataProvider jsPathProvider
+     */
+    public function should_return_the_correct_js_path($environment, $version, $expectedPath)
+    {
+        $redsys = new Tpv();
+        $actualPath = $redsys->getJsPath($environment, $version);
+
+        $this->assertEquals($expectedPath, $actualPath);
+    }
+
+    public function invalidEnvironmentVersionPathJs()
+    {
+        return [
+            ['test', '1'],
+            ['test', 'N'],
+            ['live', '12'],
+            ['live', '4'],
+            ['real', '2'],
+            ['testeo', '3'],
+            ['life', '2'],
+            ['', '1'],
+            ['real', '5'],
+            ['testing', '1'],
+        ];
+    }
+
+    /**
+     * @test
+     * @dataProvider invalidEnvironmentVersionPathJs
+     */
+    public function throw_when_set_environment_or_version_is_invalid($environment, $version)
+    {
+        $this->expectExceptionMessage("Invalid environment or version");
+        $this->expectException(\Sermepa\Tpv\TpvException::class);
+        $redsys = new Tpv();
+        $redsys->getJsPath($environment, $version);
+    }
+
 }