[spplus] fix signature checking for callback requests

2012-02-20 21:01:44 +01:00 · 2012-02-20 21:01:44 +01:00 · c1369bdab3
parent 9490f71d01
commit c1369bdab3
2 changed files with 12 additions and 2 deletions
--- a/eopayment/spplus.py
+++ b/eopayment/spplus.py
@ -58,9 +58,18 @@ def decrypt_key(key):
    CIPHER = Crypto.Cipher.DES.new(KEY_DES_KEY, Crypto.Cipher.DES.MODE_CBC, IV)
    return CIPHER.decrypt(key)

+def extract_values(query_string):
+    kvs = query_string.split('&')
+    result = []
+    for kv in kvs:
+        k, v = kv.split('=', 1)
+        if k != 'hmac':
+            result.append(v)
+    return ''.join(result)
+
 def sign_ntkey_query(ntkey, query):
    key = decrypt_ntkey(ntkey)
-    data_to_sign = ''.join(y for x,y in urlparse.parse_qsl(query, True))
+    data_to_sign = extract_values(query)
    return hmac.new(key[:20], data_to_sign, hashlib.sha1).hexdigest().upper()

 PAIEMENT_FIELDS = [ 'siret', REFERENCE, 'langue', 'devise', 'montant',
--- a/tests/spplus.py
+++ b/tests/spplus.py
@ -6,7 +6,8 @@ class SPPlustTest(TestCase):
        'fd 64 63 c9 13 4a 26 ba 29 74 1e c7 e9 80 79'

    tests = [('x=coin', 'c04f8266d6ae3ce37551cce996c751be4a95d10a'),
-             ('x=coin&y=toto', 'ef008e02f8dbf5e70e83da416b0b3a345db203de')]
+             ('x=coin&y=toto', 'ef008e02f8dbf5e70e83da416b0b3a345db203de'),
+             ('x=wdwd%20%3Fdfgfdgd&z=343&hmac=04233b78bb5aff332d920d4e89394f505ec58a2a', '04233b78bb5aff332d920d4e89394f505ec58a2a')]

    def test_spplus(self):
        payment = spplus.Payment({'cle': self.ntkey, 'siret': '00000000000001-01'})