litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

ensure alphabetical sorting
continuous-integration/drone/pr Build is passing
Details

Browse Source
This commit is contained in:
Khwezi Mngoma
2026-06-13 15:49:45 +02:00
parent 99c0508f6f
commit 59fc0432b4
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs
+10 -5
View File
@@ -3,7 +3,6 @@ using LiteCharms.Features.Api.Configuration;
using LiteCharms.Features.Hasher; using LiteCharms.Features.Hasher;
using LiteCharms.Features.MidrandBooks.Payments.Models; using LiteCharms.Features.MidrandBooks.Payments.Models;
using LiteCharms.Features.MidrandBooks.Postgres; using LiteCharms.Features.MidrandBooks.Postgres;
using Microsoft.AspNetCore.Http;
namespace LiteCharms.Features.MidrandBooks.Payments; namespace LiteCharms.Features.MidrandBooks.Payments;
@@ -51,7 +50,10 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
public static bool VerifyIncomingSignature(HttpRequest request, string passphrase) public static bool VerifyIncomingSignature(HttpRequest request, string passphrase)
{ {
var formFields = request.Form.ToDictionary(x => x.Key, x => x.Value.ToString()); var formFields = new Dictionary<string, string>(StringComparer.Ordinal);
foreach (var file in request.Form)
formFields.Add(file.Key, file.Value.ToString());
if (!formFields.TryGetValue("signature", out string? incomingSignature)) if (!formFields.TryGetValue("signature", out string? incomingSignature))
return false; return false;
@@ -63,18 +65,21 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
if (key.Equals("signature", StringComparison.OrdinalIgnoreCase)) if (key.Equals("signature", StringComparison.OrdinalIgnoreCase))
continue; continue;
string encodedVal = HttpUtility.UrlEncode(formFields[key].Trim()); string rawValue = formFields[key] ?? string.Empty;
string cleanVal = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant());
string encodedVal = HttpUtility.UrlEncode(rawValue.Trim());
string cleanVal = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant());
stringBuilder.Append($"{key}={cleanVal}&"); stringBuilder.Append($"{key}={cleanVal}&");
} }
string encodedPassphrase = HttpUtility.UrlEncode(passphrase.Trim()); string encodedPassphrase = HttpUtility.UrlEncode(passphrase.Trim());
string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToUpperInvariant()); string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToUpperInvariant());
stringBuilder.Append($"passphrase={safePassphrase}"); stringBuilder.Append($"passphrase={safePassphrase}");
string generatedSignature = HashService.ToMd5Hash(stringBuilder.ToString()).Value; string generatedSignature = HashService.ToMd5Hash(stringBuilder.ToString()).Value;
return incomingSignature.Equals(generatedSignature, StringComparison.OrdinalIgnoreCase); return incomingSignature.Equals(generatedSignature, StringComparison.OrdinalIgnoreCase);
} }