search

ingameltd / payu

A typesafe PayU client for NodeJS
https://ingameltd.github.io/payu/
MIT License
9 stars 5 forks source link

Verifying notification #10

Open arminhupka opened 2 years ago

arminhupka commented 2 years ago

During notification verifying getting error. Header openpayu-signature exist in incoming header data.


TypeError: Cannot read property 'split' of undefined
    at PayU.parseHeaderToJson (/Users/arminhupka/PhpstormProjects/untitled/node_modules/@ingameltd/payu/dist/PayU.js:182:28)
    at PayU.verifyNotification (/Users/arminhupka/PhpstormProjects/untitled/node_modules/@ingameltd/payu/dist/PayU.js:199:29)
    at notify (file:///Users/arminhupka/PhpstormProjects/untitled/server.js:40:26)
    at Layer.handle [as handle_request] (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/layer.js:95:5)
    at /Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/index.js:335:12)
    at next (/Users/arminhupka/PhpstormProjects/untitled/node_modules/express/lib/router/index.js:275:10)```
kasvith commented 2 years ago

Would you like to create a PR for this?

t-soltysiak commented 2 months ago

Hello, and thanks for library ;-) Maybe someone have simillar problem with verifications, for SvelteKit I discovered where there is problem (propably stringify function added some slashes that generate wrong md5 checksum:

export const POST: RequestHandler = async ({ request }): Promise<Response> => {
   const bodyText = await request.text();
   const isValid1 = payU.verifyNotification(signature, bodyText); // WORKS correctly
   const isValid2 = payU.verifyNotification(signature, JSON.stringify(bodyText)); // Does NOT WORKING

Documentation explains this in https://developers.payu.com/europe/docs/payment-flows/lifecycle/#signature-verification where there is no information that body should be strigified, so maybe it would be nice to update readme. Greetings!

kasvith commented 2 months ago

Hey @t-soltysiak would you mind opening a PR for documentation change?

kasvith commented 2 months ago

This is mainly happening because of the JSON parsers alters the original body, so using the original request body as it is with verification(like in stripe) is the way

t-soltysiak commented 2 months ago

Hey @t-soltysiak would you mind opening a PR for documentation change?

sure: https://github.com/ingameltd/payu/pull/17