SatSale

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE
commit fd0ff193e4d599f84f24832a4c45b77e55be7144
parent c51acb9ccb74749c313740e81026bc2411ee9887
Author: NicholasFarrow <nicholas.w.farrow@gmail.com>
Date:   Sat, 23 Jan 2021 01:45:13 +1100

Fixed whitespace in api loading

Diffstat:

Mgateways/woo_btcpyment.php | 27++++++++++++++++++---------


Mserver.py | 2+-


2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/gateways/woo_btcpyment.php b/gateways/woo_btcpyment.php
@@ -235,6 +235,11 @@ function btcpyment_init_gateway_class() {
 			$json = json_encode($_GET, JSON_FORCE_OBJECT);
             $key = hex2bin($this->BTCPyment_API_Key);
 
+            write_log("Key");
+            write_log($this->BTCPyment_API_Key);
+            write_log("JSON");
+            write_log($json);
+
             // Calculate expected signature
 			$valid_signature = hash_hmac('sha256', $_GET['time'] .'.'.$json, $key);
 
@@ -246,19 +251,23 @@ function btcpyment_init_gateway_class() {
             // had not been tampered when leaving the gateway
             // $secret = self::$secret;
             $order_secret_seed = (int)$order->get_total() * 100.0 * $order->get_id();
+            $order_secret_seed_str = (string)$order_secret_seed;
             $secret = hash_hmac('sha256', $order_secret_seed, $key);
 
-            write_log("Secret seed");
-            write_log($order_secret_seed);
-            write_log("Secret within webhook:");
-            write_log(bin2hex($secret));
-            write_log(bin2hex($headers['X-Secret']));
-            if (hex2bin($headers['X-Secret']) != $secret) {
-                header( 'HTTP/1.1 403 Forbidden' );
-				return 1;
-            }
+            // write_log("Secret seed");
+            // write_log($order_secret_seed);
+            // write_log("Secret within webhook:");
+            // write_log($secret);
+            // write_log($headers['X-Secret']);
+            // if (hex2bin($headers['X-Secret']) != $secret) {
+            //     header( 'HTTP/1.1 403 Forbidden' );
+			// 	return 1;
+            // }
 
             // Compare signature and timestamps
+            write_log("main sigs:");
+            write_log($signature);
+            write_log($valid_signature);
 			if (hash_equals($signature, $valid_signature) and (abs($now - $_GET['time']) < 5)) {
 	            header( 'HTTP/1.1 200 OK' );
                 // Complete order
diff --git a/server.py b/server.py
@@ -18,7 +18,7 @@ app = Flask(__name__)
 # Load API key
 if os.path.exists("BTCPyment_API_key"):
     with open("BTCPyment_API_key", 'r') as f:
-        app.config['SECRET_KEY'] = f.read()
+        app.config['SECRET_KEY'] = f.read().strip()
 else:
     with open("BTCPyment_API_key", 'w') as f:
         app.config['SECRET_KEY'] = os.urandom(64).hex()