Skip to content

Commit

Permalink
[utility] Sorts values before hashing
Browse files Browse the repository at this point in the history
  • Loading branch information
@harman28
harman28 committed Apr 9, 2019
1 parent 6765d55 commit 1a92dc8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 8 deletions.
9 changes: 5 additions & 4 deletions lib/razorpay/utility.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@ module Razorpay
# Helper functions are defined here
class Utility
def self.verify_payment_signature(attributes)
signature = attributes[:razorpay_signature]
order_id = attributes[:razorpay_order_id] || attributes[:razorpay_subscription_id]
payment_id = attributes[:razorpay_payment_id]
signature = attributes.delete(:razorpay_signature)

data = [order_id, payment_id].join '|'
# Data requires the values to be in sorted order of their keys.
# attributes.sort returns a nested array, and the last
# element of each is the value. These are joined.
data = attributes.sort.map(&:last).join('|')

secret = Razorpay.auth[:password]

Expand Down
10 changes: 6 additions & 4 deletions test/razorpay/test_utility.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ def setup

def test_payment_signature_verification
payment_response = {
razorpay_order_id: 'fake_order_id',
razorpay_order_id: 'fake_other_id',
razorpay_payment_id: 'fake_payment_id',
razorpay_signature: 'b2335e3b0801106b84a7faff035df56ecffde06918c9ddd1f0fafbb37a51cc89'
razorpay_signature: '965ee2de4c5c4e6f006fb0a5a1736d992e5d4d52f9fe10b98c9b97ee169ebe18'
}
Razorpay::Utility.verify_payment_signature(payment_response)

Expand All @@ -23,10 +23,12 @@ def test_payment_signature_verification

def test_subscription_signature_verification
payment_response = {
razorpay_subscription_id: 'fake_order_id',
razorpay_payment_id: 'fake_payment_id',
razorpay_signature: 'b2335e3b0801106b84a7faff035df56ecffde06918c9ddd1f0fafbb37a51cc89'
razorpay_subscription_id: 'fake_other_id',
razorpay_signature: '3dabcab8ca113e7994cf78c80f8d50974ddfb2d380029743f30a6d67934cd845'
}
# A different signature is expected here compared to the previous test,
# since the sorted order of the keys is different in this case
Razorpay::Utility.verify_payment_signature(payment_response)

payment_response[:razorpay_signature] = '_dummy_signature' * 4
Expand Down

0 comments on commit 1a92dc8

Please sign in to comment.