added paymentId validation (#276)

razorpay · Sep 15, 2021 · 0e5d079 · 0e5d079
1 parent 5117da0
commit 0e5d079
Showing 1 changed file with 26 additions and 12 deletions.
diff --git a/Model/PaymentMethod.php b/Model/PaymentMethod.php
@@ -323,35 +323,49 @@ public function authorize(InfoInterface $payment, $amount)
                 else
                 {
                     // Order processing through front-end
+                    if(empty($request['paymentMethod']['additional_data']['rzp_payment_id']) === false)
+                    {
+                        $payment_id = $request['paymentMethod']['additional_data']['rzp_payment_id'];
 
-                    $payment_id = $request['paymentMethod']['additional_data']['rzp_payment_id'];
-
-                    $rzp_order_id = $this->order->getOrderId();
+                        $rzp_order_id = $this->order->getOrderId();
 
-                    if ($orderAmount !== $this->order->getRazorpayOrderAmount())
-                    {
-                        $rzpOrderAmount = $order->getOrderCurrency()->formatTxt(number_format($this->order->getRazorpayOrderAmount() / 100, 2, ".", ""));
+                        if ($orderAmount !== $this->order->getRazorpayOrderAmount())
+                        {
+                            $rzpOrderAmount = $order->getOrderCurrency()->formatTxt(number_format($this->order->getRazorpayOrderAmount() / 100, 2, ".", ""));
 
-                        throw new LocalizedException(__("Cart order amount = %1 doesn't match with amount paid = %2", $order->getOrderCurrency()->formatTxt($order->getGrandTotal()), $rzpOrderAmount));
-                    }
+                            throw new LocalizedException(__("Cart order amount = %1 doesn't match with amount paid = %2", $order->getOrderCurrency()->formatTxt($order->getGrandTotal()), $rzpOrderAmount));
+                        }
 
-                    $this->validateSignature([
+                        $this->validateSignature([
                             'razorpay_payment_id' => $payment_id,
                             'razorpay_order_id'   => $rzp_order_id,
                             'razorpay_signature'  => $request['paymentMethod']['additional_data']['rzp_signature']
                         ]);
+                    }
                 }
             }
 
-            $payment->setStatus(self::STATUS_APPROVED)
+            if((isset($payment_id) === true) and
+               (empty($payment_id) === false))
+            {
+                $payment->setStatus(self::STATUS_APPROVED)
                     ->setAmountPaid($amount)
                     ->setLastTransId($payment_id)
                     ->setTransactionId($payment_id)
                     ->setIsTransactionClosed(true)
                     ->setShouldCloseParentTransaction(true);
 
-            //update the Razorpay payment with corresponding created order ID of this quote ID
-            $this->updatePaymentNote($payment_id, $order, $rzp_order_id, $isWebhookCall);
+                //update the Razorpay payment with corresponding created order ID of this quote ID
+                $this->updatePaymentNote($payment_id, $order, $rzp_order_id, $isWebhookCall);
+            }
+            else
+            {
+                $error = "Razorpay paymentId missing for payment verification.";
+
+                $this->_logger->critical($e);
+                throw new LocalizedException(__('Razorpay Error: %1.', $error));
+            }
+
         }
         catch (\Exception $e)
         {