From 51b26f9027d6bd64d73469344e2173b59f92ab71 Mon Sep 17 00:00:00 2001 From: Djery-Tom Date: Thu, 15 Dec 2022 05:36:34 +0100 Subject: [PATCH] Fix csrf token while get payment status --- app/Http/Controllers/YoomeeV2Controller.php | 20 ++++++++++---------- app/Http/Middleware/VerifyCsrfToken.php | 4 ++++ resources/views/verify-payment.blade.php | 3 ++- routes/web.php | 2 +- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/app/Http/Controllers/YoomeeV2Controller.php b/app/Http/Controllers/YoomeeV2Controller.php index 0125925..0093e3b 100644 --- a/app/Http/Controllers/YoomeeV2Controller.php +++ b/app/Http/Controllers/YoomeeV2Controller.php @@ -355,16 +355,16 @@ class YoomeeV2Controller extends Controller } - if ($transaction->state == PaymentTransactionState::ACCEPTED) { - return [ - 'message' => "Payment accepted", - 'status' => 1, - 'refresh' => 1, - ]; - } else { - if($verify_btn){ - return redirect()->route('checkout',['payment_token' => $transaction->payment_token]); - }else{ + if($verify_btn){ + return redirect()->route('checkout',['payment_token' => $transaction->payment_token]); + }else { + if ($transaction->state == PaymentTransactionState::ACCEPTED) { + return [ + 'message' => "Payment accepted", + 'status' => 1, + 'refresh' => 1, + ]; + } else { return [ 'message' => "Payment failed", 'status' => 0 diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php index 22fa557..54cff37 100644 --- a/app/Http/Middleware/VerifyCsrfToken.php +++ b/app/Http/Middleware/VerifyCsrfToken.php @@ -3,6 +3,7 @@ namespace App\Http\Middleware; use Closure; +use Illuminate\Support\Facades\Log; use Symfony\Component\HttpFoundation\Cookie; use Illuminate\Contracts\Encryption\Encrypter; use Illuminate\Session\TokenMismatchException; @@ -53,6 +54,9 @@ class VerifyCsrfToken { protected function tokensMatch($request) { $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN'); + Log::info($token); + Log::error($request->session()->token()); + if (!$token && $header = $request->header('X-XSRF-TOKEN')) { $token = $this->encrypter->decrypt($header); } diff --git a/resources/views/verify-payment.blade.php b/resources/views/verify-payment.blade.php index c9916e3..fbaaba9 100644 --- a/resources/views/verify-payment.blade.php +++ b/resources/views/verify-payment.blade.php @@ -53,7 +53,7 @@ @keyframes ldio-5owbnf6l9j7-r { 0% { - transform: translate(148px, 80px) scale(1): + transform: translate(148px, 80px) scale(1); } 100% { transform: translate(148px, 80px) scale(0); @@ -269,6 +269,7 @@ var myHeaders = new Headers(); var url = "{{route('yoomee.v2.verify')}}"; var raw = JSON.stringify({ + "_token" : "{{ app('request')->session()->get('_token') }}", "transaction_id": "{{$transaction_id}}" }); diff --git a/routes/web.php b/routes/web.php index 5b8b603..97ceabb 100644 --- a/routes/web.php +++ b/routes/web.php @@ -21,7 +21,7 @@ $router->group(['middleware' => 'session'], function () use ($router) { // }); $router->get('checkout/{payment_token}', ['as' => 'checkout', 'uses' => 'PaymentController@checkout']); $router->post('checkoutPay', ['as' => 'yoomee.v2.checkoutPay', 'uses' => 'YoomeeV2Controller@checkoutPay','middleware' => 'csrf']); - $router->post('status', ['as' => 'yoomee.v2.verify', 'uses' => 'YoomeeV2Controller@getPaymentStatus', 'middleware' => 'csrf']); + $router->post('status', ['as' => 'yoomee.v2.verify', 'uses' => 'YoomeeV2Controller@getPaymentStatus']); $router->get('merchantRedirect', ['as' => 'yoomee.v2.merchantRedirect', 'uses' => 'YoomeeV2Controller@merchantRedirect']); });