dev/financial#39: Drop checkMD5 support from Authorize.net

Signed-off-by: Kevin Cristiano <kcristiano@kcristiano.com>

dev/financial#39: Drop checkMD5 support from Authorize.net
2eb7623a · Monish Deb · Kevin Cristiano · 8baabcfa · 2eb7623a · 2eb7623a
Verified Commit 2eb7623a authored 6 years ago by Monish Deb Committed by Kevin Cristiano 6 years ago
--- a/civicrm/CRM/Core/Payment/AuthorizeNet.php
+++ b/civicrm/CRM/Core/Payment/AuthorizeNet.php
@@ -171,12 +171,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
    // fetch available contribution statuses
    $contributionStatus = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');

-    // check gateway MD5 response
-    if (!$this->checkMD5($response_fields[37], $response_fields[6], $response_fields[9])) {
-      $params['payment_status_id'] = array_search('Failed', $contributionStatus);
-      return self::error(9003, 'MD5 Verification failed');
-    }
-
    // check for application errors
    // TODO:
    // AVS, CVV2, CAVV, and other verification results
@@ -437,39 +431,6 @@ class CRM_Core_Payment_AuthorizeNet extends CRM_Core_Payment {
    }
  }

-  /**
-   * Check the gateway MD5 response to make sure that this is a proper
-   * gateway response
-   *
-   * @param string $responseMD5
-   *   MD5 hash generated by the gateway.
-   * @param string $transaction_id
-   *   Transaction id generated by the gateway.
-   * @param string $amount
-   *   Purchase amount.
-   *
-   * @param bool $ipn
-   *
-   * @return bool
-   */
-  public function checkMD5($responseMD5, $transaction_id, $amount, $ipn = FALSE) {
-    // cannot check if no MD5 hash
-    $md5Hash = $this->_getParam('md5Hash');
-    if (empty($md5Hash)) {
-      return TRUE;
-    }
-    $loginid = $this->_getParam('apiLogin');
-    $hashString = $ipn ? ($md5Hash . $transaction_id . $amount) : ($md5Hash . $loginid . $transaction_id . $amount);
-    $result = strtoupper(md5($hashString));
-
-    if ($result == $responseMD5) {
-      return TRUE;
-    }
-    else {
-      return FALSE;
-    }
-  }
-
  /**
   * Calculate and return the transaction fingerprint.
   *

--- a/civicrm/CRM/Core/Payment/AuthorizeNetIPN.php
+++ b/civicrm/CRM/Core/Payment/AuthorizeNetIPN.php
@@ -164,8 +164,6 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
    $objects['contribution']->total_amount = $input['amount'];
    $objects['contribution']->trxn_id = $input['trxn_id'];

-    $this->checkMD5($paymentProcessorObject, $input);
-
    $isFirstOrLastRecurringPayment = FALSE;
    if ($input['response_code'] == 1) {
      // Approved
@@ -359,25 +357,4 @@ INNER JOIN civicrm_membership_payment mp ON m.id = mp.membership_id AND mp.contr
    return $value;
  }

-  /**
-   * Check and validate gateway MD5 response if present.
-   *
-   * @param CRM_Core_Payment_AuthorizeNet $paymentObject
-   * @param array $input
-   *
-   * @throws CRM_Core_Exception
-   */
-  public function checkMD5($paymentObject, $input) {
-    if (empty($input['trxn_id'])) {
-      // For decline we have nothing to check against.
-      return;
-    }
-    if (!$paymentObject->checkMD5($input['MD5_Hash'], $input['trxn_id'], $input['amount'], TRUE)) {
-      $message = "Failure: Security verification failed";
-      $log = new CRM_Utils_SystemLogger();
-      $log->error('payment_notification', array('message' => $message, 'input' => $input));
-      throw new CRM_Core_Exception($message);
-    }
-  }
-
 }