[ECP-9247] Move the merchant reference check to `handlePaymentDetails…

…Response` so that the validation of merchant reference on current order is always applied
Adyen · Jun 18, 2024 · 5c2be93 · 5c2be93
1 parent 4b0298e
commit 5c2be93
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 19 deletions.
diff --git a/Controller/Return/Index.php b/Controller/Return/Index.php
@@ -156,25 +156,15 @@ protected function validateRedirectResponse(array $redirectResponse): bool
             $paymentsDetailsResponse['error'] = $e->getMessage();
         }
 
-        $result = false;
-
-        // Compare the merchant references
-        $merchantReference = $paymentsDetailsResponse['merchantReference'] ?? null;
-        if ($merchantReference) {
-            if ($order->getIncrementId() === $merchantReference) {
-                $this->order = $order;
-                $this->payment = $order->getPayment();
-                $this->cleanUpRedirectAction();
-
-                $result = $this->paymentResponseHandler->handlePaymentsDetailsResponse(
-                    $paymentsDetailsResponse,
-                    $order
-                );
-            } else {
-                $this->adyenLogger->error("Wrong merchantReference was set in the query or in the session");
-            }
-        } else {
-            $this->adyenLogger->error("No merchantReference in the response");
+        $result = $this->paymentResponseHandler->handlePaymentsDetailsResponse(
+            $paymentsDetailsResponse,
+            $order
+        );
+
+        if ($result) {
+            $this->order = $order;
+            $this->payment = $order->getPayment();
+            $this->cleanUpRedirectAction();
         }
 
         return $result;

diff --git a/Helper/PaymentResponseHandler.php b/Helper/PaymentResponseHandler.php
@@ -139,6 +139,10 @@ public function handlePaymentsDetailsResponse(
             return false;
         }
 
+        if(!$this->isValidMerchantReference($paymentsDetailsResponse, $order)){
+            return false;
+        }
+
         $this->adyenLogger->addAdyenResult('Updating the order');
         $payment = $order->getPayment();
 
@@ -312,4 +316,27 @@ public function handlePaymentsDetailsResponse(
 
         return $result;
     }
+
+    /**
+     * Validate whether the merchant reference is present in the response and belongs to the current order.
+     *
+     * @param array $paymentsDetailsResponse
+     * @param OrderInterface $order
+     * @return bool
+     */
+    private function isValidMerchantReference(array $paymentsDetailsResponse, OrderInterface $order): bool
+    {
+        $merchantReference = $paymentsDetailsResponse['merchantReference'] ?? null;
+        if (!$merchantReference) {
+            $this->adyenLogger->error("No merchantReference in the response");
+            return false;
+        }
+
+        if ($order->getIncrementId() !== $merchantReference) {
+            $this->adyenLogger->error("Wrong merchantReference was set in the query or in the session");
+            return false;
+        }
+
+        return true;
+    }
 }