From e4c3779092de00d8235e886d3ff0cf8dba146c17 Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Sat, 13 Jun 2026 16:03:31 +0200 Subject: [PATCH] Using IFormCollection for VerifyIncomingSignatureFromForm --- .../Payments/PayfastService.cs | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs b/LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs index bb797da..06bdbca 100644 --- a/LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs +++ b/LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs @@ -48,21 +48,24 @@ public sealed partial class PayfastService(IDbContextFactory formFields, string passphrase) + public static bool VerifyIncomingSignatureFromForm(IFormCollection formCollection, string passphrase) { - if (!formFields.TryGetValue("signature", out string? incomingSignature)) - return false; + var sortedFields = new Dictionary(StringComparer.Ordinal); + + foreach (var field in formCollection) + { + sortedFields.Add(field.Key, field.Value.ToString()); + } + + if (!sortedFields.TryGetValue("signature", out var incomingSignature)) return false; var stringBuilder = new StringBuilder(); - foreach (var key in formFields.Keys) + foreach (var key in sortedFields.Keys) { - if (key.Equals("signature", StringComparison.OrdinalIgnoreCase)) - continue; + if (key.Equals("signature", StringComparison.OrdinalIgnoreCase)) continue; - string rawValue = formFields[key] ?? string.Empty; - - string encodedVal = HttpUtility.UrlEncode(rawValue.Trim()); + string encodedVal = HttpUtility.UrlEncode(sortedFields[key].Trim()); string cleanVal = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant()); stringBuilder.Append($"{key}={cleanVal}&");