hashValue is from the redirect url's query stringinstead of the https… (

#110)

* hashValue is from the redirect url's query stringinstead of the httpservlet request string

* hashValue is from the redirect url's query stringinstead of the httpservlet request string

* revert replaceQueryParam back to queryParams while calling UriComponentsBuilder

* add logging

* update application version numbers

* update application version numbers

src/pci-gateway-test-runner/pom.xml

@@ -6,7 +6,7 @@
 
 	<groupId>ca.bc.gov.open.jag</groupId>
 	<artifactId>pci-gateway-test-runner</artifactId>
-	<version>0.2.0</version>
+	<version>0.3.0</version>
 
 	<!-- Temporary work around for broken cucumber PDF library dependency -->
 	<repositories>

src/pci-gateway/pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>ca.bc.gov.open.jag</groupId>
 	<artifactId>pci-gateway</artifactId>
-	<version>0.0.2</version>
+	<version>0.0.3</version>
 	<name>pci-gateway</name>
 	<description>PCI Gateway Api</description>
 
@@ -177,7 +177,7 @@
 			</snapshots>
 		</repository>
 		<repository>
-			<id>spring-milestones</id>
+			<id>spring-repo-milestone</id>
 			<name>Spring Milestones</name>
 			<url>https://repo.spring.io/milestone</url>
 		</repository>

src/pci-gateway/src/main/java/ca/bc/gov/open/jag/pcigateway/api/LegacyRedirectController.java

@@ -87,12 +87,22 @@ private URI processRequest(HttpServletRequest request) throws MissingServletRequ
         if(!validateHash(getSecuredQueryString(request), clientProperty.getGatewayHashKey(), request.getParameter(Keys.PARAM_HASH_VALUE)))
             throw new MissingServletRequestParameterException("Hash", "Hash is invalid");
 
-        return UriComponentsBuilder
+        URI uri = UriComponentsBuilder
                 .fromUri(URI.create(MessageFormat.format("{0}/{1}", appProperties.getRedirectUrl(), request.getRequestURI().replace(Keys.PCIGW, Keys.SCRIPTS))))
                 .queryParams(QueryStringUtils.setParam(request.getParameterMap(), Keys.PARAM_HASH_VALUE,
                         computeHash(getSecuredQueryString(request), clientProperty.getHashKey())))
                 .build().toUri();
 
+        String queryStringForHashValue = StringUtils.substringBeforeLast(uri.getRawQuery(), "&" + Keys.PARAM_HASH_VALUE);
+
+        uri = UriComponentsBuilder
+                .fromUri(URI.create(MessageFormat.format("{0}/{1}", appProperties.getRedirectUrl(), request.getRequestURI().replace(Keys.PCIGW, Keys.SCRIPTS))))
+                .queryParams(QueryStringUtils.setParam(request.getParameterMap(), Keys.PARAM_HASH_VALUE,
+                        computeHash(queryStringForHashValue, clientProperty.getHashKey())))
+                .build().toUri();
+
+        return uri;
+
     }
 
     private String getSecuredQueryString(HttpServletRequest request) {

src/pci-gateway/src/main/java/ca/bc/gov/open/jag/pcigateway/api/RedirectController.java

@@ -86,12 +86,22 @@ private URI processRequest(HttpServletRequest request) throws MissingServletRequ
         if(!validateHash(getSecuredQueryString(request), clientProperty.getGatewayHashKey(), request.getParameter(Keys.PARAM_HASH_VALUE)))
             throw new MissingServletRequestParameterException("Hash", "Hash is invalid");
 
-        return UriComponentsBuilder
+        URI uri = UriComponentsBuilder
                 .fromUri(URI.create(MessageFormat.format("{0}{1}", appProperties.getRedirectUrl(), request.getRequestURI().replace(Keys.PCIGW, ""))))
                 .queryParams(QueryStringUtils.setParam(request.getParameterMap(), Keys.PARAM_HASH_VALUE,
                         computeHash(getSecuredQueryString(request), clientProperty.getHashKey())))
                 .build().toUri();
 
+        String queryStringForHashValue = StringUtils.substringBeforeLast(uri.getRawQuery(), "&" + Keys.PARAM_HASH_VALUE);
+
+        uri = UriComponentsBuilder
+                .fromUri(URI.create(MessageFormat.format("{0}{1}", appProperties.getRedirectUrl(), request.getRequestURI().replace(Keys.PCIGW, ""))))
+                .queryParams(QueryStringUtils.setParam(request.getParameterMap(), Keys.PARAM_HASH_VALUE,
+                        computeHash(queryStringForHashValue, clientProperty.getHashKey())))
+                .build().toUri();
+
+        return uri;
+
     }
 
     private String getSecuredQueryString(HttpServletRequest request) {

src/pci-gateway/src/test/java/ca/bc/gov/open/jag/pcigateway/api/legacy/PaymentRedirectTest.java

@@ -17,6 +17,7 @@
 import java.net.URI;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
@@ -58,11 +59,11 @@ public void withValidParamsShouldReturnValidUrl() throws MissingServletRequestPa
         MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
         mockHttpServletRequest.setRequestURI(REQUEST_URI);
         mockHttpServletRequest.setParameter("merchant_id", MERCHANT_ID);
-        mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
-
+        mockHttpServletRequest.setParameter("hashValue", "C059DCA04117EB205AA32521D46AF4D0");
+        mockHttpServletRequest.setQueryString("merchant_id=merchantId&hashValue=C059DCA04117EB205AA32521D46AF4D0");
         RedirectView result = sut.requestRedirect(mockHttpServletRequest);
 
-        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413", result.getUrl());
+        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=0F69EAC97FBB07CB1537A5EDB2DA8A0F", result.getUrl());
 
     }
 
@@ -73,44 +74,49 @@ public void withValidParamsAndMoreShouldReturnValidUrl() throws MissingServletRe
         MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
         mockHttpServletRequest.setRequestURI(REQUEST_URI);
         mockHttpServletRequest.setParameter("merchant_id", MERCHANT_ID);
-        mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
+        mockHttpServletRequest.setParameter("hashValue", "C059DCA04117EB205AA32521D46AF4D0");
         mockHttpServletRequest.setParameter("otherparams", "otherparams");
-
+        mockHttpServletRequest.setQueryString(MessageFormat.format("merchant_id=merchantId&hashValue={0}&otherparams=otherparams", "C059DCA04117EB205AA32521D46AF4D0"));
         RedirectView result = sut.requestRedirect(mockHttpServletRequest);
 
-        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413&otherparams=otherparams", result.getUrl());
-
+        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=0F69EAC97FBB07CB1537A5EDB2DA8A0F&otherparams=otherparams", result.getUrl());
     }
 
     @Test
     @DisplayName("200: test variation of merchant it")
     public void testVariationOfMerchantId() throws MissingServletRequestParameterException {
 
 
-        String[] merchantIdKeys = new String[] {
-                "merchantid",
-                "Merchantid",
-                "merchantId",
-                "MerchantId",
-                "merchant_id",
-                "Merchant_id",
-                "merchant_Id",
-                "Merchant_Id" };
+        final int MERCHANTID = 0;
+        final int gwHASHVALUE = 1;  // USING gateway-hash-key TO COMPUTE HASHVALUE
+        final int HASHVALUE = 2;    // USING hash-key TO COMPUTE HASHVALUE
+
+        List<List<String>> queryParams = Arrays.asList(
+                Arrays.asList("merchantid", "991AC2E3AD74C10388787E58DC226F9A", "E4A7D14747F7B63A61C63CF2B20CDC9D"),
+                Arrays.asList("Merchantid", "D196E82AB7F54F727B77FA3991000024", "BD804E9A441DBAD657679A003B68EEA9"),
+                Arrays.asList("merchantId", "921A55A22915C97065F325812C7FD6B1", "AD510A412C712504BF21B1986C4D6987"),
+                Arrays.asList("MerchantId", "50F37DAF6B3347554F0064A8478206CE", "2378521011217A9421AD101D69B14890"),
+                Arrays.asList("merchant_id", "C059DCA04117EB205AA32521D46AF4D0", "0F69EAC97FBB07CB1537A5EDB2DA8A0F"),
+                Arrays.asList("Merchant_id", "40E4D58C423982D2DB1AAB0CC984686B", "70AFC4C0A3525CA8CDB1024F35731229"),
+                Arrays.asList("merchant_Id", "B88903F1850F851C1B7591D45ECD1832", "F0F033A0FAD427CB885F35124A14F624"),
+                Arrays.asList("Merchant_Id", "B52FA85E49253D497F743A81152DBAFA", "7D3CC65DDE57DD7E03260A9B51E26CD1"));
 
-        for (String key :
-                merchantIdKeys) {
 
+        queryParams.forEach( params -> {
             MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
             mockHttpServletRequest.setRequestURI(REQUEST_URI);
-            mockHttpServletRequest.setParameter(key, MERCHANT_ID);
-            mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
-            RedirectView actual = sut.requestRedirect(mockHttpServletRequest);
-            String expected = MessageFormat.format(
-                    "http://localhost:8080/scripts/Payment/Payment.asp?{0}=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413"
-                    , key);
+            mockHttpServletRequest.setParameter(params.get(MERCHANTID), MERCHANT_ID);
+            mockHttpServletRequest.setParameter("hashValue", params.get(gwHASHVALUE));
+            mockHttpServletRequest.setQueryString(MessageFormat.format("{0}={1}&hashValue={2}", params.get(MERCHANTID), MERCHANT_ID, params.get(gwHASHVALUE)));
+            RedirectView actual = null;
+            try {
+                actual = sut.requestRedirect(mockHttpServletRequest);
+            } catch (MissingServletRequestParameterException e) {
+                throw new RuntimeException(e);
+            }
+            String expected = MessageFormat.format("http://localhost:8080/scripts/Payment/Payment.asp?{0}={1}&hashValue={2}", params.get(MERCHANTID), MERCHANT_ID, params.get(HASHVALUE));
             Assertions.assertEquals(expected, actual.getUrl());
-
-        }
+        });
 
     }
 

src/pci-gateway/src/test/java/ca/bc/gov/open/jag/pcigateway/api/redirect/PaymentRedirectTest.java

@@ -16,6 +16,7 @@
 import java.net.URI;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
@@ -57,11 +58,12 @@ public void withValidParamsShouldReturnValidUrl() throws MissingServletRequestPa
         MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
         mockHttpServletRequest.setRequestURI(REQUEST_URI);
         mockHttpServletRequest.setParameter("merchant_id", MERCHANT_ID);
-        mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
+        mockHttpServletRequest.setQueryString("merchant_id=merchantId&hashValue=C059DCA04117EB205AA32521D46AF4D0");
+        mockHttpServletRequest.setParameter("hashValue", "C059DCA04117EB205AA32521D46AF4D0");
 
         RedirectView result = sut.requestRedirect(mockHttpServletRequest);
 
-        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413", result.getUrl());
+        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=0F69EAC97FBB07CB1537A5EDB2DA8A0F", result.getUrl());
 
     }
 
@@ -72,45 +74,49 @@ public void withValidParamsAndMoreShouldReturnValidUrl() throws MissingServletRe
         MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
         mockHttpServletRequest.setRequestURI(REQUEST_URI);
         mockHttpServletRequest.setParameter("merchant_id", MERCHANT_ID);
-        mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
+        mockHttpServletRequest.setParameter("hashValue", "C059DCA04117EB205AA32521D46AF4D0");
         mockHttpServletRequest.setParameter("otherparams", "otherparams");
+        mockHttpServletRequest.setQueryString(MessageFormat.format("merchant_id=merchantId&hashValue={0}&otherparams=otherparams", "C059DCA04117EB205AA32521D46AF4D0"));
 
         RedirectView result = sut.requestRedirect(mockHttpServletRequest);
 
-        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413&otherparams=otherparams", result.getUrl());
-
+        Assertions.assertEquals("http://localhost:8080/scripts/Payment/Payment.asp?merchant_id=merchantId&hashValue=0F69EAC97FBB07CB1537A5EDB2DA8A0F&otherparams=otherparams", result.getUrl());
     }
 
     @Test
     @DisplayName("200: test variation of merchant it")
     public void testVariationOfMerchantId() throws MissingServletRequestParameterException {
 
+        final int MERCHANTID = 0;
+        final int gwHASHVALUE = 1;  // USING gateway-hash-key TO COMPUTE HASHVALUE
+        final int HASHVALUE = 2;    // USING hash-key TO COMPUTE HASHVALUE
 
-        String[] merchantIdKeys = new String[] {
-                "merchantid",
-                "Merchantid",
-                "merchantId",
-                "MerchantId",
-                "merchant_id",
-                "Merchant_id",
-                "merchant_Id",
-                "Merchant_Id" };
+        List<List<String>> queryParams = Arrays.asList(
+                Arrays.asList("merchantid", "991AC2E3AD74C10388787E58DC226F9A", "E4A7D14747F7B63A61C63CF2B20CDC9D"),
+                Arrays.asList("Merchantid", "D196E82AB7F54F727B77FA3991000024", "BD804E9A441DBAD657679A003B68EEA9"),
+                Arrays.asList("merchantId", "921A55A22915C97065F325812C7FD6B1", "AD510A412C712504BF21B1986C4D6987"),
+                Arrays.asList("MerchantId", "50F37DAF6B3347554F0064A8478206CE", "2378521011217A9421AD101D69B14890"),
+                Arrays.asList("merchant_id", "C059DCA04117EB205AA32521D46AF4D0", "0F69EAC97FBB07CB1537A5EDB2DA8A0F"),
+                Arrays.asList("Merchant_id", "40E4D58C423982D2DB1AAB0CC984686B", "70AFC4C0A3525CA8CDB1024F35731229"),
+                Arrays.asList("merchant_Id", "B88903F1850F851C1B7591D45ECD1832", "F0F033A0FAD427CB885F35124A14F624"),
+                Arrays.asList("Merchant_Id", "B52FA85E49253D497F743A81152DBAFA", "7D3CC65DDE57DD7E03260A9B51E26CD1"));
 
-        for (String key :
-                merchantIdKeys) {
 
+        queryParams.forEach( params -> {
             MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
             mockHttpServletRequest.setRequestURI(REQUEST_URI);
-            mockHttpServletRequest.setParameter(key, MERCHANT_ID);
-            mockHttpServletRequest.setParameter("hashValue", "810AB4ECB7C361D2FCEEEABD2F7994EA");
-            RedirectView actual = sut.requestRedirect(mockHttpServletRequest);
-            String expected = MessageFormat.format(
-                    "http://localhost:8080/scripts/Payment/Payment.asp?{0}=merchantId&hashValue=E2EEA71D02D92AD968A9A63A44862413"
-                    , key);
+            mockHttpServletRequest.setParameter(params.get(MERCHANTID), MERCHANT_ID);
+            mockHttpServletRequest.setParameter("hashValue", params.get(gwHASHVALUE));
+            mockHttpServletRequest.setQueryString(MessageFormat.format("{0}={1}&hashValue={2}", params.get(MERCHANTID), MERCHANT_ID, params.get(gwHASHVALUE)));
+            RedirectView actual = null;
+            try {
+                actual = sut.requestRedirect(mockHttpServletRequest);
+            } catch (MissingServletRequestParameterException e) {
+                throw new RuntimeException(e);
+            }
+            String expected = MessageFormat.format("http://localhost:8080/scripts/Payment/Payment.asp?{0}={1}&hashValue={2}", params.get(MERCHANTID), MERCHANT_ID, params.get(HASHVALUE));
             Assertions.assertEquals(expected, actual.getUrl());
-
-        }
-
+        });
     }
 
     @Test

src/pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>ca.bc.gov.open.jag</groupId>
     <artifactId>jag-pci-gateway</artifactId>
-    <version>0.2.0</version>
+    <version>0.3.0</version>
 
     <name>jag-pci-gateway</name>
     <packaging>pom</packaging>