ogone: check signature using both iso-8859-1 and utf-8 encodings (#51304)

2021-02-19 17:49:12 +01:00 · 2021-02-19 17:49:12 +01:00 · 2acbdd4095
parent 1f3c6826ee
commit 2acbdd4095
2 changed files with 23 additions and 8 deletions
--- a/eopayment/ogone.py
+++ b/eopayment/ogone.py
@ -485,7 +485,7 @@ class Payment(PaymentCommon):
        ]
    }

-    def sha_sign(self, algo, key, params, keep):
+    def sha_sign(self, algo, key, params, keep, encoding='iso-8859-1'):
        '''Ogone signature algorithm of query string'''
        values = params.items()
        values = [(a.upper(), b) for a, b in values]
@ -493,15 +493,15 @@ class Payment(PaymentCommon):
        values = [u'%s=%s' % (a, b) for a, b in values if a in keep and b]
        tosign = key.join(values)
        tosign += key
-        tosign = force_byte(tosign, encoding='iso-8859-1')
+        tosign = force_byte(tosign, encoding=encoding)
        hashing = getattr(hashlib, algo)
        return hashing(tosign).hexdigest().upper()

-    def sha_sign_in(self, params):
-        return self.sha_sign(self.hash_algorithm, self.sha_in, params, SHA_IN_PARAMS)
+    def sha_sign_in(self, params, encoding='iso-8859-1'):
+        return self.sha_sign(self.hash_algorithm, self.sha_in, params, SHA_IN_PARAMS, encoding=encoding)

-    def sha_sign_out(self, params):
-        return self.sha_sign(self.hash_algorithm, self.sha_out, params, SHA_OUT_PARAMS)
+    def sha_sign_out(self, params, encoding='iso-8859-1'):
+        return self.sha_sign(self.hash_algorithm, self.sha_out, params, SHA_OUT_PARAMS, encoding=encoding)

    def get_request_url(self):
        if self.environment == ENVIRONMENT_TEST:
@ -582,8 +582,12 @@ class Payment(PaymentCommon):
        signed = False
        if self.sha_in:
            signature = params.get('SHASIGN')
-            expected_signature = self.sha_sign_out(params)
-            signed = signature == expected_signature
+            # check signature against both encoding
+            for encoding in ('iso-8859-1', 'utf-8'):
+                expected_signature = self.sha_sign_out(params, encoding=encoding)
+                signed = signature == expected_signature
+                if signed:
+                    break
        if status == '1':
            result = CANCELLED
        elif status == '2':
--- a/tests/test_ogone.py
+++ b/tests/test_ogone.py
@ -129,3 +129,14 @@ class OgoneTests(TestCase):
        response = ogone_backend.response(urllib.urlencode(data))
        assert response.signed
        assert response.result == eopayment.WAITING
+
+        # check utf-8 based signature is also ok
+        data['shasign'] = b'0E35F687ACBEAA6CA769E0ADDBD0863EB6C1678A'
+        response = ogone_backend.response(urllib.urlencode(data))
+        assert response.signed
+        assert response.result == eopayment.WAITING
+
+        # check invalid signature is not marked ok
+        data['shasign'] = b'0000000000000000000000000000000000000000'
+        response = ogone_backend.response(urllib.urlencode(data))
+        assert not response.signed