From a9e4b07d94b51509cd92a567b78fc7bedc6e2cfc Mon Sep 17 00:00:00 2001 From: birddevelper Date: Tue, 4 Jun 2024 11:42:06 +0300 Subject: [PATCH 1/3] fix: make SECURE_REFERRER_POLICY mandatory to be strict-origin-when-cross-origin --- azbankgateways/banks/bmi.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/azbankgateways/banks/bmi.py b/azbankgateways/banks/bmi.py index 7ec4373..062ac1b 100644 --- a/azbankgateways/banks/bmi.py +++ b/azbankgateways/banks/bmi.py @@ -4,7 +4,7 @@ import requests from Crypto.Cipher import DES3 - +from django.conf import settings from azbankgateways.banks import BaseBank from azbankgateways.exceptions import BankGatewayConnectionError, SettingDoesNotExist from azbankgateways.exceptions.exceptions import ( @@ -20,8 +20,14 @@ class BMI(BaseBank): _terminal_code = None _secret_key = None + def _is_strict_origin_policy_enabled(self): + return settings.SECURE_REFERRER_POLICY == 'strict-origin-when-cross-origin' + def __init__(self, **kwargs): super(BMI, self).__init__(**kwargs) + if not self._is_strict_origin_policy_enabled(): + raise SettingDoesNotExist("SECURE_REFERRER_POLICY is not set to 'strict-origin-when-cross-origin' in django setting, it's mandatory for BMI gateway") + self.set_gateway_currency(CurrencyEnum.IRR) self._token_api_url = "https://sadad.shaparak.ir/vpg/api/v0/Request/PaymentRequest" self._payment_url = "https://sadad.shaparak.ir/VPG/Purchase" @@ -63,7 +69,7 @@ def pay(self): super(BMI, self).pay() data = self.get_pay_data() response_json = self._send_data(self._token_api_url, data) - if response_json["ResCode"] == "0": + if str(response_json["ResCode"]) == "0": token = response_json["Token"] self._set_reference_number(token) else: From 07b4fc0781a8cccae93045d9607cfb343aa864b6 Mon Sep 17 00:00:00 2001 From: birddevelper Date: Tue, 4 Jun 2024 11:50:19 +0300 Subject: [PATCH 2/3] Doc: add help for referrer --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index d746fc5..360013b 100644 --- a/README.md +++ b/README.md @@ -287,6 +287,17 @@ def go_to_gateway_view(request): return render(request, "redirect_to_bank.html") ``` +

تنظیم SECURE_REFERRER_POLICY برای درگاه بانک ملی

+

+برای استفاده از درگاه بانک ملی تنظیم SECURE_REFERRER_POLICY در setting جنگو به صورت زیر الزامیست +

+ +```python +SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin' +``` + +

انتخاب خودکار درگاه

+

در صورتیکه تمایل دارید به صورت خودکار به اولین درگاه در دسترس متصل شوید. ابتدا از قسمت تنظیمات در بخش `BANK_PRIORITIES ` اولویت های بانک های مد نظر را وارید کنید. سپس به جای استفاده از متد `factory.create` از متد ‍`factory.auto_create` در این بخش استفاده کنید. @@ -488,6 +499,7 @@ pre-commit install * [amirreza8002](https://github.com/amirreza8002) رفع مشکل ترجمه * [ahmadrezanavaie](https://github.com/ahmadrezanavaie) رفع مشکل ترجمه * [zamoosh](https://github.com/zamoosh) اضافه کردن وضعیت های تراکنش در بانک ملت +* [birddevelper](https://github.com/birddevelper) الزامی کردن وجود referrer برای درگاه بانک ملی ## License From 06e6521aa346abbab35d3ff0b6f48d145a2d0e14 Mon Sep 17 00:00:00 2001 From: birddevelper Date: Tue, 4 Jun 2024 12:01:21 +0300 Subject: [PATCH 3/3] fix: convert response to str --- azbankgateways/banks/bmi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azbankgateways/banks/bmi.py b/azbankgateways/banks/bmi.py index 062ac1b..18be354 100644 --- a/azbankgateways/banks/bmi.py +++ b/azbankgateways/banks/bmi.py @@ -105,7 +105,7 @@ def verify(self, transaction_code): super(BMI, self).verify(transaction_code) data = self.get_verify_data() response_json = self._send_data(self._verify_api_url, data) - if response_json["ResCode"] == "0": + if str(response_json["ResCode"]) == "0": self._set_payment_status(PaymentStatus.COMPLETE) extra_information = ( f"RetrivalRefNo={response_json['RetrivalRefNo']},SystemTraceNo={response_json['SystemTraceNo']}"