Gagal unlock transfer - Githubissues

plonknimbuzz commented 2 years ago

Ijin mau tanya mengenai unlock transfer di PR https://github.com/lintangtimur/ovoid/pull/38#issuecomment-822019877 Karena ada beberapa error di latest repository, jadi saya mencoba menjelaskan menggunakan raw data.

Akun Baru bikin, kondisi akun sudah premium, belum pernah mengirim keluar baik antar ovo maupun bank. saya juga sudah coba menggunakan akun lain yang sudah mentransfer berkali-kali

Check isOvo

https://api.ovo.id/v1.1/api/auth/customer/isOVO
Array
(
    [totalAmount] => 24000
    [mobile] => 081xxxxxx
)

result:
{"fullName":"O****N","nickName":"xxxxxxx","mobile":"081xxxxxx","profileImage":null,"fullNameMasking":"O****N","nickNameMasking":"O****N"}

TransferOvo

https://api.ovo.id/v1.0/api/auth/customer/genTrxId
Array
(
    [actionMark] => trf_ovo
    [amount] => 24000
)
{"trxId":"03bd4c26ca40044d7193df8ba39fd5aad4cxxxxx"}

https://api.ovo.id/v1.0/api/customers/transfer
Array
(
    [amount] => 11000
    [message] => test kirim
    [to] => 081xxxxxxxx
    [trxId] => 03bd4c26ca40044d7193df8ba39fd5aad4cxxxxx
)
{"code":10010001,"content":{"present":false},"message":"sorry unable to handle your request"}

Unlock

https://api.ovo.id/v1.0/api/auth/customer/genTrxId
Array
(
    [actionMark] => trf_ovo
    [amount] => 24000
)
{"trxId":"03bd4c26ca40044d7193df8ba39fd5aad4cxxxxx"}

https://api.ovo.id/v1.0/api/auth/customer/unlockAndValidateTrxId
Array
(
    [trxId] => 03bd4c26ca40044d7193df8ba39fd5aad4cxxxxx
    [signature] => 7dc90d8cfcb4561a0041d6228b88592e4a71xxx
    [appVersion] => 3.45.0
    [securityCode] => 3242xx
)
{"message":"trxId not found"}

hasilnya selalu trxId not found. Padahal sudah menggunakan hasil dari genTrxId sebelum mengirim request transferOvo, Terimakasih atas bantuannya

lintangtimur commented 2 years ago

alurnya gini, pastikan sama trxId sama pas pertama kali generate

ENDPOINT UnlockAndValidate

{"signature":"00463a2xxxx","trxId":"db3352dxxxxxxxxx","appVersion":"3.48.0","securityCode":"xxxxxx"}

unlock response

{"isAuthorized":"true"}

Endpoint customer transfer Request

POST /v1.0/api/customers/transfer HTTP/2
Host: api.ovo.id
Authorization: AUTH TOKEN
Os: Android
Os-Version: 7.1.1
App-Version: 3.48.0
Client-Id: ovo_android
Device-Id: DEVICEID SELALU SAMA DI HEADER
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Accept-Encoding: gzip, deflate
User-Agent: okhttp/4.9.0

{"amount":"1XXXX","message":"XXXXX","to":"08XXXXXX","trxId":"db3352dXXXXXX"}

Response

HTTP/2 200 OK
Date: Tue, 23 Nov 2021 01:37:09 GMT
Content-Type: application/json
Via: 1.1 google, 1.1 google
Cf-Cache-Status: DYNAMIC
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
Cf-Ray: 6b26abaefd0d4a6b-SIN

{"code":5,"message":"Transfer Success","isOvo":0,"fullName":"Cxxxxxx"}

plonknimbuzz commented 2 years ago

Trxid selalu sama (hasil dari generate pertama)

hasil dari generate agan {"isAuthorized":"true"} sedangkan saya dapatnya {"message":"trxId not found"}

dari contoh diatas hanya ada 1 kemungkinan yang berbeda yaitu signature generator nya. apakah signature nya tetep menggunakan ini?

return sha1(
            $trxId . '||' . $amount . '||' . $this->headers['device-id']
        );

terima kasih

lintangtimur commented 2 years ago

kalau signature generatornya beda seharusnya responnya seperti "signature not found" atau "signature .." lupa errornya.

plonknimbuzz commented 2 years ago

iya saya juga pakai method i8b.k0()

klo kita rubah trxid nya => trxId not found klo kita rubah amount nya => trxId not found klo kita salahkan pin nya => pin failed

Kesimpulannya kita memakai method yang sama.

Namun ketika saya coba request memakai akun lain hasilnya tetap gagal yaitu {"message":"trxId not found"}

berikut saya coba bikin snippet biar bisa di coba dengan mudah.

<?php

class Ovo{
    private $refresh_token;
    private $deviceId;
    private $pin;

    public function __construct($refresh_token, $deviceId, $pin){
        $this->refresh_token=$refresh_token;
        $this->deviceId=$deviceId;
        $this->pin=$pin;
        if(!$this->refresh_token || !$this->deviceId || !$this->pin) die('plz fill all input');
    }

    public function generateTrxId($amount, $actionMark='trf_ovo'){
        $data = [
            'actionMark' => $actionMark,
            'amount'     => $amount
        ];
        $res = $this->post('https://api.ovo.id/v1.0/api/auth/customer/genTrxId', $data, $this->headers());
        return isset($res->trxId)?$res->trxId:null;
    }

    public function transferOVO($amount, $phone_number, $trx_id, $message = "")
    {
        $data = [
            'amount' => $amount,
            'to' => $phone_number,
            'trxId' => $trx_id,
            'message' => $message
        ];

        $res = $this->post('https://api.ovo.id/v1.0/api/customers/transfer', $data, $this->headers());
        if(isset($res->code) && $res->code=='10010001'){
            $unlock = $this->unlockAndValidateTrxId($amount, $trx_id);
            if(isset($unlock->isAuthorized) && $unlock->isAuthorized){
                $res =  json_decode($ovo->transferOVO($amount, $target, $trx_id, $message));
            }else{
                return ['ok'=>0, 'msg'=>'unlock failed', 'raw'=>$unlock];
            }
        }

        if(isset($res->code) && $res->code=='200'){
            return ['ok'=>1, 'msg'=>'trf succes', 'raw'=>$res];
        }else{
            return ['ok'=>0, 'msg'=>'trf failed','raw'=>$res];
        }
    }

    public function unlockAndValidateTrxId($amount, $trx_id){
        $data = [
            'trxId' => $trx_id,
            'securityCode' => $this->pin,
            'signature' => sha1(implode('||', [$trx_id, $amount, $this->deviceId]))
        ];

        return $this->post('https://api.ovo.id/v1.0/api/auth/customer/unlockAndValidateTrxId', $data, $this->headers());
    }

    protected function headers($bearer=false){
        $headers = [
            'content-type: application/json',
            'accept: */*',
            'OS: Android',
            'OS-Version: 9.0',
            'client-id: ovo_android',
            'device-id: '.$this->deviceId,
            'App-Version: 3.45.0',
            'User-Agent: okhttp/4.9.0',
        ];
        if ($this->refresh_token) {
            array_push($headers, 'authorization: ' . ($bearer?'Bearer':'') . ' ' . $this->refresh_token);
        }
        return $headers;
    }

    private function post($url, $data=[], $headers = [])
    {
        $ch = curl_init();

        curl_setopt_array($ch, array(
            CURLOPT_URL => $url,
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_SSL_VERIFYHOST => 0,
            CURLOPT_SSL_VERIFYPEER => 0,
            CURLOPT_SSL_VERIFYPEER => 0,
            CURLOPT_CUSTOMREQUEST=>'POST',
        ));

        if ($data) {
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
            curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
        }

        if ($headers) {
            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        }

        $result = curl_exec($ch);
        curl_close($ch);
        return json_decode($result);
    }
}
$refresh_token='';
$deviceId='';
$phone_to='081xxxx';
$amount = 11000;
$pin = '';
$message = 'test kirim';

$ovo = new Ovo($refresh_token, $deviceId, $pin);
$trx_id = $ovo->generateTrxId($amount, 'trf_ovo');
if(!$trx_id) die('trxid empty');
$transfer = $ovo->transferOVO($amount, $phone_to, $trx_id, $message);
print_r($transfer);

klo saya, hasil yang saya dapatkan adalah

Array
(
    [ok] => 0
    [msg] => unlock failed
    [raw] => stdClass Object
        (
            [message] => trxId not found
        )

)

terima kasih atas bantuannya

lintangtimur commented 2 years ago

oke, nanti saya cek lagi

aamfahrur commented 2 years ago

Sudah ada solusi kah? saya mengalami hal yang sama gan.

lintangtimur / ovoid

Gagal unlock transfer #71

alurnya gini, pastikan sama trxId sama pas pertama kali generate

ENDPOINT UnlockAndValidate

unlock response

Endpoint customer transfer Request

Response