From b57f8933110038e02fc3719a2f421a6899357c58 Mon Sep 17 00:00:00 2001
From: Ram Prakash Singh <ram.techchef@razorpay.com>
Date: Wed, 29 Jan 2020 12:51:03 +0530
Subject: [PATCH] Fixed issue related with csrf controller not available in
 Maze < 2.3

---
 Controller/Payment/Webhook.php | 19 +------------------
 Plugin/CsrfValidatorSkip.php   | 22 ++++++++++++++++++++++
 composer.json                  |  2 +-
 etc/di.xml                     | 13 +++++++++++++
 etc/module.xml                 |  2 +-
 5 files changed, 38 insertions(+), 20 deletions(-)
 create mode 100644 Plugin/CsrfValidatorSkip.php
 create mode 100644 etc/di.xml

diff --git a/Controller/Payment/Webhook.php b/Controller/Payment/Webhook.php
index 749d8d5f..72cce1fc 100644
--- a/Controller/Payment/Webhook.php
+++ b/Controller/Payment/Webhook.php
@@ -10,7 +10,7 @@
 use Magento\Framework\App\Request\InvalidRequestException;
 use Magento\Framework\App\RequestInterface;
 
-class Webhook extends \Razorpay\Magento\Controller\BaseController implements CsrfAwareActionInterface
+class Webhook extends \Razorpay\Magento\Controller\BaseController
 {
     /**
      * @var \Magento\Checkout\Model\Session
@@ -89,23 +89,6 @@ public function __construct(
         $this->customerRepository = $customerRepository;
     }
 
-    /**
-     * @inheritDoc
-     */
-    public function createCsrfValidationException(
-        RequestInterface $request
-    ): ?InvalidRequestException {
-        return true;
-    }
-
-    /**
-     * @inheritDoc
-     */
-    public function validateForCsrf(RequestInterface $request): ?bool
-    {
-        return true;
-    }
-
     /**
      * Processes the incoming webhook
      */
diff --git a/Plugin/CsrfValidatorSkip.php b/Plugin/CsrfValidatorSkip.php
new file mode 100644
index 00000000..80a69f49
--- /dev/null
+++ b/Plugin/CsrfValidatorSkip.php
@@ -0,0 +1,22 @@
+<?php
+namespace Razorpay\Magento\Plugin;
+class CsrfValidatorSkip
+{
+    /**
+     * @param \Magento\Framework\App\Request\CsrfValidator $subject
+     * @param \Closure $proceed
+     * @param \Magento\Framework\App\RequestInterface $request
+     * @param \Magento\Framework\App\ActionInterface $action
+     */
+    public function aroundValidate(
+        $subject,
+        \Closure $proceed,
+        $request,
+        $action
+    ) { 
+        if ($request->getModuleName() == 'razorpay') {
+            //return; // Skip CSRF check
+        }
+        $proceed($request, $action); // Proceed Magento 2 core functionalities
+    }
+}
\ No newline at end of file
diff --git a/composer.json b/composer.json
index ce375af9..00299290 100644
--- a/composer.json
+++ b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "razorpay/magento",
     "description": "Razorpay Magento 2.0 plugin for accepting payments.",
-    "version": "2.9.0",
+    "version": "2.9.1",
     "require": {
         "php": "~5.5.0|~5.6.0|^7.0",
         "razorpay/razorpay": "2.*"
diff --git a/etc/di.xml b/etc/di.xml
new file mode 100644
index 00000000..292bc53b
--- /dev/null
+++ b/etc/di.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\Framework\App\Request\CsrfValidator">
+        <plugin name="csrf_validator_skip" type="Razorpay\Magento\Plugin\CsrfValidatorSkip" />
+    </type>
+</config>
diff --git a/etc/module.xml b/etc/module.xml
index 0e161517..600dab72 100644
--- a/etc/module.xml
+++ b/etc/module.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Razorpay_Magento" setup_version="2.9.0">
+    <module name="Razorpay_Magento" setup_version="2.9.1">
 	    <sequence>
 	        <module name="Magento_Sales" />
 	        <module name="Magento_Payment" />