class Adyen::HPP::Response

Attributes

params[R]
shared_secret[R]

Public Class Methods

new(params, shared_secret: nil) click to toggle source

Initialize the HPP response

@param [Hash] params params A hash of HTTP GET parameters for the redirect request. This

should include the +:merchantSig+ parameter, which contains the signature.

@param [String] shared_secret Optional shared secret; if not provided, the shared secret

of the skin determined by params['skinCode'] will be used
   # File lib/adyen/hpp/response.rb
13 def initialize(params, shared_secret: nil)
14   raise ArgumentError, "params should be a Hash" unless params.is_a?(Hash)
15   raise ArgumentError, "params should contain :merchantSig" unless params.key?('merchantSig')
16 
17   @params = params
18   skin = Adyen.configuration.form_skin_by_code(params['skinCode']) || {}
19   @shared_secret = shared_secret || skin[:shared_secret]
20 end

Public Instance Methods

has_valid_signature?() click to toggle source

Checks the redirect signature for this request by calculating the signature from the provided parameters, and comparing it to the signature provided in the merchantSig parameter.

If this method returns false, the request could be a forgery and should not be handled. Therefore, you should include this check in a before_filter, and raise an error of the signature check fails.

@example

class PaymentsController < ApplicationController
  before_filter :check_signature, :only => [:return_from_adyen]

  def return_from_adyen
    @invoice = Invoice.find(params[:merchantReference])
    @invoice.set_paid! if params[:authResult] == 'AUTHORISED'
  end

  private

  def check_signature
    raise "Forgery!" unless Adyen::HPP::Response.new(params).has_valid_signature?
  end
end

@return [true, false] Returns true only if the signature in the parameters is correct.

   # File lib/adyen/hpp/response.rb
47 def has_valid_signature?
48   Adyen::HPP::Signature.verify(params, shared_secret)
49 end