PT-1866: Refactor the webhook processing flow (#25)

Author: ivan-pugach-mondu

Controller/Admin/OrderMain.php

@@ -24,6 +24,12 @@ public function __construct()
 
     public function sendOrder()
     {
+        $oOrder = $this->getOrder();
+        
+        if (stripos($oOrder->oxorder__oxtransstatus->value, 'pending') !== false) {
+            return MonduHelper::showErrorMessage('MONDU_SENDING_PENDING_ORDER_ERROR');
+        }
+
         if ($this->isMonduPayment() && !$this->_monduShippingProcessor->shipMonduOrder()) {
             return MonduHelper::showErrorMessage('MONDU_CREATE_INVOICE_ERROR');
         }

Controller/Admin/OrderOverview.php

@@ -31,6 +31,16 @@ public function render()
 
     public function sendorder()
     {
+        $oOrder = $this->getOrder();
+        
+        if (stripos($oOrder->oxorder__oxtransstatus->value, 'pending') !== false) {
+            return MonduHelper::showErrorMessage('MONDU_SENDING_PENDING_ORDER_ERROR');
+        }
+
+        if ($this->isMonduPayment() && !$this->_monduShippingProcessor->shipMonduOrder()) {
+            return MonduHelper::showErrorMessage('MONDU_CREATE_INVOICE_ERROR');
+        }
+
         if ($this->isMonduPayment() && !$this->_monduShippingProcessor->shipMonduOrder()) {
             return MonduHelper::showErrorMessage('MONDU_CREATE_INVOICE_ERROR');
         }

Controller/MonduWebhooksController.php

@@ -7,6 +7,9 @@
 use Symfony\Component\HttpFoundation\Response;
 use OxidEsales\MonduPayment\Core\WebhookHandler\WebhookHandler;
 use OxidEsales\MonduPayment\Core\Config;
+use OxidEsales\MonduPayment\Model\MonduOrder;
+use OxidEsales\Eshop\Application\Model\Order;
+use OxidEsales\MonduPayment\Core\Utils\MonduHelper;
 
 class MonduWebhooksController extends \OxidEsales\Eshop\Application\Controller\FrontendController
 {
@@ -37,15 +40,23 @@ private function handleRequest(Request $request): Response
     {
         $content = $request->getContent();
         $headers = $request->headers;
+        $params = json_decode($content, true);
+        $signatureIsValid = false;
+        $shopId = $this->_webhookHandler->getShopId($params);
+        $shopIds = $shopId ? [['OXID' => $shopId]] : MonduHelper::getAllShopIds();
 
-        $signature = hash_hmac('sha256', $content, $this->_config->getWebhooksSecret());
-        if ($signature !== $headers->get('X-Mondu-Signature')) {
-            $this->_logger->debug('MonduWebhooksController [WebhooksSecret]: ' . print_r($this->_config->getWebhooksSecret(), true));
-            $this->_logger->debug('MonduWebhooksController [Content]: ' . print_r($content, true));
-            $this->_logger->debug('MonduWebhooksController [X-Mondu-Signature]: ' . print_r($headers->get('X-Mondu-Signature'), true));
-            $this->_logger->debug('MonduWebhooksController [Signature]: ' . print_r($signature, true));
+        foreach ($shopIds as $shopId) {
+            if (isset($shopId['OXID'])) {
+                $signature = hash_hmac('sha256', $content, $this->_webhookHandler->getWebhookSecretByShopId($shopId['OXID']));
+                if ($signature === $headers->get('X-Mondu-Signature')) {
+                    $signatureIsValid = true;
+                    break;
+                }
+            }
+        }
 
-            return new Response('Invalid signature', 401);
+        if (!$signatureIsValid) {
+            return new Response($logData, 401);
         }
 
         $params = json_decode($content, true);
@@ -57,4 +68,4 @@ private function handleRequest(Request $request): Response
             ['content-type' => 'application/json']
         );
     }
-}
+}

Controller/OrderController.php

@@ -16,8 +16,6 @@
 
 class OrderController extends OrderController_parent
 {
-    const EE_EDITION_CODE = 'EE';
-
     private MonduClient $_client;
     private User|null|false $_oUser;
     private LoggerInterface $_logger;
@@ -64,16 +62,14 @@ public function execute()
             }
             $response = $this->_client->confirmOrder($orderUuid, $data);
             $this->_logger->debug('MonduOrderController [execute $response]: ' . print_r($response, true));
-            if (isset($response['state']) && $response['state'] == 'confirmed') {
-                try {
-                    $iSuccess = $this->monduExecute($oBasket);
-                    $edition = oxRegistry::getConfig()->getEdition();
 
-                    if ($edition === self::EE_EDITION_CODE && $iSuccess == 1) {
-                        return oxRegistry::getUtils()->redirect(oxRegistry::getConfig()->getShopHomeURL() . 'index.php?cl=success', false);
-                    }
+            if (isset($response['state']) && ($response['state'] == 'confirmed' || $response['state'] == 'pending')) {
+                $isPending = $response['state'] == 'pending';
 
-                    return $this->_getNextStep($iSuccess);
+                try {
+                    $iSuccess = $this->monduExecute($oBasket, $isPending);
+
+                    return $this->getNextStep($iSuccess);
                 } catch (Exception $e) {
                     throw new \Exception('Mondu: Error during the order process');
                 }
@@ -92,10 +88,10 @@ public function execute()
      * Save order to database, delete order_id from session and redirect to thank you page
      *
      * @param Basket $oBasket
-     *
+     * @param bool   $isPending
      * @return bool|int|mixed
      */
-    protected function monduExecute(Basket $oBasket)
+    protected function monduExecute(Basket $oBasket, bool $isPending)
     {
         if (!Registry::getSession()->getVariable('sess_challenge')) {
             Registry::getSession()->setVariable('sess_challenge', Registry::getUtilsObject()->generateUID());
@@ -106,7 +102,7 @@ protected function monduExecute(Basket $oBasket)
         $oOrder = oxNew(Order::class);
 
         try {
-            $iSuccess = $oOrder->finalizeOrder($oBasket, $oBasket->getUser());
+            $iSuccess = $oOrder->finalizeOrder($oBasket, $oBasket->getUser(), false, $isPending);
         } catch (StandardException $e) {
             Registry::get(UtilsView::class)->addErrorToDisplay($e);
         }
@@ -118,4 +114,4 @@ protected function monduExecute(Basket $oBasket)
 
         return $iSuccess;
     }
-}
+}

Core/Config.php

@@ -61,14 +61,15 @@ public function getShopVersion()
         return oxNew(\OxidEsales\EshopCommunity\Core\ShopVersion::class)->getVersion();
     }
 
-    public function getWebhooksSecret()
+    public function getWebhooksSecret($shopId = null)
     {
-        return $this->getParameter('oemonduWebhookSecret');
+        return \OxidEsales\Eshop\Core\Registry::getConfig()->getShopConfVar('oemonduWebhookSecret', $shopId, 'module:oemondu');
+        //return $this->getParameter('oemonduWebhookSecret');
     }
 
-    public function setWebhooksSecret($webhookSecret)
+    public function setWebhooksSecret($webhookSecret, $shopId)
     {
-        $this->setParameter('oemonduWebhookSecret', $webhookSecret);
+        $this->setParameter('oemonduWebhookSecret', $webhookSecret, $shopId);
     }
 
     public function getIsMerchantIdentified()
@@ -107,13 +108,14 @@ protected function getParameter($paramName)
         return $this->getConfig()->getConfigParam($paramName);
     }
 
-    protected function setParameter($paramName, $paramValue)
+    protected function setParameter($paramName, $paramValue, $shopId = null)
     {
         $moduleSettingBridge = ContainerFactory::getInstance()
             ->getContainer()
             ->get(ModuleSettingBridgeInterface::class);
 
         $moduleSettingBridge->save($paramName, $paramValue, 'oemondu');
+        \OxidEsales\Eshop\Core\Registry::getConfig()->saveShopConfVar('str', $paramName, $paramValue, $shopId, 'module:oemondu');
     }
 
     protected function getConfig()

Core/Http/MonduClient.php

@@ -91,7 +91,7 @@ public function adjustOrder($orderUuid, $data = [])
     public function getWebhooksSecret()
     {
         $response = $this->sendRequest('GET', 'webhooks/keys');
-        $this->_config->setWebhooksSecret($response['webhook_secret'] ?? '');
+        $this->_config->setWebhooksSecret($response['webhook_secret'] ?? '', \OxidEsales\Eshop\Core\Registry::getConfig()->getShopId());
         return $response['webhook_secret'];
     }
 
@@ -101,6 +101,12 @@ public function registerWebhook($webhookParams)
         return $response;
     }
 
+    public function deleteWebhook($webhookParams)
+    {
+        $response = $this->sendRequest('DELETE', 'webhooks/uuid');
+        return $response;
+    }
+
     public function logEvent($eventData)
     {
         try {

Core/Utils/MonduHelper.php

@@ -5,6 +5,7 @@
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\EshopCommunity\Internal\Framework\Module\Setup\Bridge\ModuleActivationBridgeInterface;
 use OxidEsales\EshopCommunity\Internal\Container\ContainerFactory;
+use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;
 
 class MonduHelper
 {
@@ -77,4 +78,16 @@ public static function isOrderAdjusted($oldOrder, $newOrder)
             $oldOrder->getFieldData('oxorder__oxdiscount') != $newOrder->getFieldData('oxorder__oxdiscount') ||
             !self::ordersHaveSameArticles($oldOrder, $newOrder);
     }
+
+    public static function getAllShopIds()
+    {
+        $container = ContainerFactory::getInstance()->getContainer();
+        $queryBuilderFactory = $container->get(QueryBuilderFactoryInterface::class);
+
+        $queryBuilder = $queryBuilderFactory->create();
+        $queryBuilder->select('OXID')
+                     ->from('oxshops');
+
+        return $queryBuilder->execute()->fetchAllAssociative();
+    }
 }

Core/WebhookHandler/WebhookHandler.php

@@ -2,11 +2,13 @@
 
 namespace OxidEsales\MonduPayment\Core\WebhookHandler;
 
+use OxidEsales\Eshop\Application\Model\Order;
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\MonduPayment\Model\MonduInvoice;
 use OxidEsales\MonduPayment\Model\MonduOrder;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpFoundation\Response;
+use OxidEsales\Eshop\Core\DatabaseProvider;
 
 class WebhookHandler
 {
@@ -19,7 +21,9 @@ public function __construct()
 
     public function handleWebhook($params)
     {
-        $this->_logger->debug('MonduWebhookHandler [handleWebhook]: ' . print_r($params, true));
+        $logger = \OxidEsales\Eshop\Core\Registry::getLogger();
+        $logger->debug('MonduWebhooksController [WebhooksSecret]: ' . print_r($params, true));
+
         switch ($params['topic']) {
             case 'order/confirmed':
             case 'order/authorized':
@@ -42,13 +46,63 @@ public function handleOrderStateChanged($params)
         $monduOrder = $this->getOrder($params['order_uuid']);
 
         if ($monduOrder) {
+            if (
+                stripos($params['topic'], 'confirmed') !== false ||
+                stripos($params['topic'], 'authorized') !== false
+            ) {
+                $order = oxNew(Order::class);
+                $order->load($monduOrder->getFieldData('oemondu_orders__oxid_order_id'));
+
+                $sQuery = "
+                    UPDATE 
+                        oxorder 
+                    SET 
+                        oxfolder = 'ORDERFOLDER_NEW', 
+                        oxtransstatus = 'OK'
+                    WHERE 
+                        OXORDERNR = '{$order->getFieldData('oxorder__oxordernr')}'
+                ";
+                DatabaseProvider::getDb()->execute($sQuery);
+            } else if (stripos($params['topic'], 'declined') !== false) {
+                $order = oxNew(Order::class);
+                $order->load($monduOrder->getFieldData('oemondu_orders__oxid_order_id'));
+
+                $sQuery = "
+                    UPDATE 
+                        oxorder 
+                    SET 
+                        oxfolder = 'ORDERFOLDER_PROBLEMS', 
+                        oxtransstatus = 'CANCELLED'
+                    WHERE 
+                        OXORDERNR = '{$order->getFieldData('oxorder__oxordernr')}'
+                ";
+                DatabaseProvider::getDb()->execute($sQuery);
+            }
             $monduOrder->updateOrderState($params['order_state']);
             return [['order' => $monduOrder], Response::HTTP_OK];
         }
 
         return [['error' => 'Order not found'], Response::HTTP_BAD_REQUEST];
     }
 
+    public function getWebhookSecretByShopId($shopId)
+    {
+        return Registry::getConfig()->getShopConfVar(
+            'oemonduWebhookSecret',
+            $shopId,
+            'module:oemondu'
+        );
+    }
+
+    public function getShopId($params)
+    {
+        $monduOrder = $this->getOrder($params['order_uuid']);
+        $order = oxNew(Order::class);
+        $order->load($monduOrder->getFieldData('oemondu_orders__oxid_order_id'));
+
+        return $order->oxorder__oxshopid->value;
+    }
+
     public function handleInvoiceStateChanged($params, $state)
     {
         $this->_logger->debug('MonduWebhookHandler [handleInvoiceStateChanged]: ' . print_r($params, true));
@@ -75,4 +129,4 @@ private function getInvoice($invoiceUuid)
         $monduInvoice->loadByInvoiceUuid($invoiceUuid);
         return $monduInvoice;
     }
-}
+}

Event/SettingChangedSubscriber.php

@@ -58,9 +58,9 @@ protected function registerWebhooks()
             if ($response['status'] === 409) return;
 
             if (!$response['webhook']) {
-                $errorMessage = $response['status'] === 403 ? 'INVALID_API_KEY' : 'MONDU_REGISTER_WEBHOOK_ERROR';
-
-                return MonduHelper::showErrorMessage($errorMessage);
+                if ($response['status'] === 403) {
+                    return MonduHelper::showErrorMessage('INVALID_API_KEY');
+                }
             }
         }
     }

Model/Order.php

@@ -20,7 +20,6 @@ class Order extends Order_parent
      */
     private LoggerInterface $_logger;
 
-
     public function __construct()
     {
         parent::__construct();
@@ -99,8 +98,12 @@ public function deleteAllArticles()
      *
      * @return integer
      */
-    public function finalizeOrder(\OxidEsales\Eshop\Application\Model\Basket $oBasket, $oUser, $blRecalculatingOrder = false)
-    {
+    public function finalizeOrder(
+        \OxidEsales\Eshop\Application\Model\Basket $oBasket,
+        $oUser,
+        $blRecalculatingOrder = false,
+        $isPending = false
+    ) {
         $result = parent::finalizeOrder($oBasket, $oUser, $blRecalculatingOrder);
 
         $this->_logger->debug('MonduOrder [finalizeOrder $result]: ' . print_r($result, true));
@@ -119,6 +122,19 @@ public function finalizeOrder(\OxidEsales\Eshop\Application\Model\Basket $oBaske
                 $monduOrderUuid,
                 ['external_reference_id' => (string) $this->getFieldData('oxorder__oxordernr')]
             );
+
+            if ($isPending) {
+
+                $this->oxorder__oxfolder = new \OxidEsales\Eshop\Core\Field('ORDERFOLDER_PROBLEMS');
+                $this->oxorder__oxtransstatus = new \OxidEsales\Eshop\Core\Field('PENDING');
+
+                $monduOrder = $this->getOrder($monduOrderUuid);
+
+                if ($monduOrder) {
+                    $monduOrder->updateOrderState($params['order_state']);
+                }
+                $this->save();
+            }
         }
 
         if ($this->isMonduPayment() && !$this->getMonduOrders()) {
@@ -127,4 +143,11 @@ public function finalizeOrder(\OxidEsales\Eshop\Application\Model\Basket $oBaske
 
         return $result;
     }
+
+    private function getOrder($orderUuid)
+    {
+        $monduOrder = oxNew(MonduOrder::class);
+        $monduOrder->loadByOrderUuid($orderUuid);
+        return $monduOrder;
+    }
 }

composer.json

@@ -2,7 +2,7 @@
     "name": "mondu/bnpl-checkout-oxid",
     "description": "Mondu payment method for the OXID eShop.",
     "type": "oxideshop-module",
-    "version": "1.1.8",
+    "version": "1.1.6",
     "license": [
         "OSL-3.0",
         "AFL-3.0"