commit 9e9a26e869a1e50c2e4233890a02068029645966
parent 0979c3600954530ecb26c6aff9db3873e94db17b
Author: NicholasFarrow <nicholas.w.farrow@gmail.com>
Date: Fri, 22 Jan 2021 22:46:25 +1100
need to round floats before hashing..
Diffstat:
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/gateways/woo_btcpyment.php b/gateways/woo_btcpyment.php
@@ -198,7 +198,8 @@ function btcpyment_init_gateway_class() {
// this is confirmed upon calling payment webhook after payment
// Ideally this seed would be unique between orders.
// This probably isn't unique... But will do for now.
- $order_secret_seed = $args['amount'] * $args['id'];
+ write_log($args);
+ $order_secret_seed = round($args['amount'], 2) * $args['id'];
// Calculate expected secret
$this->secret = hash_hmac('sha256', $order_secret_seed, $this->BTCPyment_API_Key);
diff --git a/gateways/woo_webhook.py b/gateways/woo_webhook.py
@@ -8,7 +8,7 @@ import requests
def hook(btcpyment_secret, payload, payment):
# Calculate a secret that is required to send back to the
# woocommerce gateway, proving we did not modify id nor amount.
- secret_seed = bytes(payload['amount'] * int(payload['id']))
+ secret_seed = bytes(round(float(payload['amount']), 2) * int(payload['id']))
secret = hmac.new(btcpyment_secret, secret_seed, hashlib.sha256).hexdigest()
# The main signature which proves we have paid, and very recently!
