Merge pull request 'payments' (#22) from payments into master

Reviewed-on: #22

MidrandBooksApi/Payments/Payfast/PayfastConfirmationEndpoint.cs

@@ -16,7 +16,8 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
     public void Map(IEndpointRouteBuilder builder)
     {
         builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
-            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment, CancellationToken cancellationToken) =>
+            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment,
+            ILogger<PayfastConfirmationEndpoint> logger, CancellationToken cancellationToken) =>
         {
             using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);
 
@@ -25,10 +26,6 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
 
             string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();
 
-            var ipValidation = await payfastService.ValidateReferrerIpAsync(remoteIp!, !hostEnvironment.IsProduction(), cancellationToken);
-
-            if (ipValidation.IsFailed || !ipValidation.Value) return Results.Unauthorized();
-
             var formCollection = await request.ReadFormAsync(cancellationToken);
 
             if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
@@ -43,7 +40,11 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
             var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);
 
             if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
+            {
+                logger.LogCritical("Incoming sugnature failed validation: {signature}, {errors}", incomingSignature, signatureCheck.Errors.Select(e => e.Message).ToList());
+
                 return Results.Unauthorized();
+            }
 
             var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");
 
@@ -54,7 +55,11 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
             var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
 
             if (serverConfirmation.IsFailed || !serverConfirmation.Value)
+            {
+                logger.LogCritical("Server confirmation failed: {rawstring}, {errors}", rawQueryParamString, serverConfirmation.Errors.Select(e => e.Message).ToList());
+
                 return Results.Unauthorized();
+            }
 
             var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
                 allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);

midrandbooksapi-uat.yml

@@ -22,11 +22,9 @@ data:
   PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process"
   PayfastSettings__ValidHosts__0: "www.payfast.co.za"
   PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za"
-  PayfastSettings__ValidHosts__2: "w1w.payfast.co.za"
-  PayfastSettings__ValidHosts__3: "w2w.payfast.co.za"
-  PayfastSettings__ValidHosts__4: "ips.payfast.co.za"
-  PayfastSettings__ValidHosts__5: "api.payfast.co.za"
-  PayfastSettings__ValidHosts__6: "payment.payfast.io"
+  PayfastSettings__ValidHosts__2: "ips.payfast.co.za"
+  PayfastSettings__ValidHosts__3: "api.payfast.co.za"
+  PayfastSettings__ValidHosts__4: "payment.payfast.io"
   LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
   LiteCharmsSettings__Audience: "midrandbooks-api"
 ---
@@ -128,17 +126,17 @@ spec:
             - name: PayfastSettings__Passphrase
               valueFrom:
                 secretKeyRef:
-                  name: scheduler-secrets
+                  name: midrandbooksapi-secrets
                   key: payfast-passphrase
             - name: PayfastSettings__MerchantId
               valueFrom:
                 secretKeyRef:
-                  name: scheduler-secrets
+                  name: midrandbooksapi-secrets
                   key: payfast-merchantid
             - name: PayfastSettings__MerchantKey
               valueFrom:
                 secretKeyRef:
-                  name: scheduler-secrets
+                  name: midrandbooksapi-secrets
                   key: payfast-merchantkey
             - name: ConnectionStrings__PostgresScheduler
               valueFrom:
@@ -163,8 +161,8 @@ spec:
             httpGet:
               path: /health
               port: 8080
-            initialDelaySeconds: 5
-            periodSeconds: 10
+            initialDelaySeconds: 10
+            periodSeconds: 15
           readinessProbe:
             httpGet:
               path: /health