Skip to content

Commit

Permalink
Merge pull request #172 from razorpay/fixed_csrfValidation_version_bu…
Browse files Browse the repository at this point in the history
…mp_2.9.1

Fixed issue related with csrf controller not available in Maze < 2.3 for webhook
  • Loading branch information
ramth05 authored Feb 3, 2020
2 parents 00b8f3b + b57f893 commit 08054f5
Showing 5 changed files with 38 additions and 20 deletions.
19 changes: 1 addition & 18 deletions Controller/Payment/Webhook.php
Original file line number Diff line number Diff line change
@@ -10,7 +10,7 @@
use Magento\Framework\App\Request\InvalidRequestException;
use Magento\Framework\App\RequestInterface;

class Webhook extends \Razorpay\Magento\Controller\BaseController implements CsrfAwareActionInterface
class Webhook extends \Razorpay\Magento\Controller\BaseController
{
/**
* @var \Magento\Checkout\Model\Session
@@ -89,23 +89,6 @@ public function __construct(
$this->customerRepository = $customerRepository;
}

/**
* @inheritDoc
*/
public function createCsrfValidationException(
RequestInterface $request
): ?InvalidRequestException {
return true;
}

/**
* @inheritDoc
*/
public function validateForCsrf(RequestInterface $request): ?bool
{
return true;
}

/**
* Processes the incoming webhook
*/
22 changes: 22 additions & 0 deletions Plugin/CsrfValidatorSkip.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?php
namespace Razorpay\Magento\Plugin;
class CsrfValidatorSkip
{
/**
* @param \Magento\Framework\App\Request\CsrfValidator $subject
* @param \Closure $proceed
* @param \Magento\Framework\App\RequestInterface $request
* @param \Magento\Framework\App\ActionInterface $action
*/
public function aroundValidate(
$subject,
\Closure $proceed,
$request,
$action
) {
if ($request->getModuleName() == 'razorpay') {
//return; // Skip CSRF check
}
$proceed($request, $action); // Proceed Magento 2 core functionalities
}
}
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "razorpay/magento",
"description": "Razorpay Magento 2.0 plugin for accepting payments.",
"version": "2.9.0",
"version": "2.9.1",
"require": {
"php": "~5.5.0|~5.6.0|^7.0",
"razorpay/razorpay": "2.*"
13 changes: 13 additions & 0 deletions etc/di.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0"?>
<!--
/**
* Copyright © 2016 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
-->

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Framework\App\Request\CsrfValidator">
<plugin name="csrf_validator_skip" type="Razorpay\Magento\Plugin\CsrfValidatorSkip" />
</type>
</config>
2 changes: 1 addition & 1 deletion etc/module.xml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Razorpay_Magento" setup_version="2.9.0">
<module name="Razorpay_Magento" setup_version="2.9.1">
<sequence>
<module name="Magento_Sales" />
<module name="Magento_Payment" />

0 comments on commit 08054f5

Please sign in to comment.