lexik · nykopol · Mar 26, 2014 · Mar 26, 2014 · Mar 26, 2014 · Mar 26, 2014
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -85,6 +85,15 @@ public function getConfigTreeBuilder()
                                 ->scalarNode('key')->isRequired()->end()
                             ->end()
                         ->end()
+                        ->enumNode('validation_by')
+                            ->values(array('url_ipn', 'pbx_retour'))
+                            ->cannotBeEmpty()
+                            ->defaultValue('url_ipn')
+                            ->info("Define the method for IPN validation. Select 'pbx_retour' only if you use 'PBX_REPONSE_A' option.")
+                        ->end()
+                        ->scalarNode('pbx_retour')
+                            ->info("PBX_RETOUR option for validation by 'pbx_retour'")
+                        ->end()
                     ->end()
                 ->end()
 

diff --git a/DependencyInjection/LexikPayboxExtension.php b/DependencyInjection/LexikPayboxExtension.php
@@ -6,6 +6,7 @@
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 use Symfony\Component\DependencyInjection\Loader;
+use Lexik\Bundle\PayboxBundle\Paybox\Paybox;
 
 /**
  * This is the class that loads and manages your bundle configuration
@@ -33,6 +34,28 @@ public function load(array $configs, ContainerBuilder $container)
             $config['parameters']['public_key'] = __DIR__ . '/../Resources/config/paybox_public_key.pem';
         }
 
+        if('pbx_retour' == $config['parameters']['validation_by']){
+            if(!isset($config['parameters']['pbx_retour']) || !$config['parameters']['pbx_retour']){
+                throw new \InvalidArgumentException(
+                    'The "pbx_retour" option must be set for validation_by "pbx_retour"'
+                );
+            }else{
+                // if PXB_REPONDRE_A is used the signature only sign parameter from PBX_RETOUR without 'Sign' parameter
+                $param_signed = explode(';', $config['parameters']['pbx_retour']);
+                $param_signed = array_map(function($param){
+                    return substr($param, 0, strpos($param, ':'));
+                }, $param_signed);
+                $param_signed = array_diff($param_signed, array(Paybox::SIGNATURE_PARAMETER));
+
+                $container->setParameter('lexik_paybox.pbx_retour', $param_signed);
+            }
+        }else{
+            $container->setParameter('lexik_paybox.pbx_retour', null);
+        }
+
         $container->setParameter('lexik_paybox.public_key', $config['parameters']['public_key']);
+        $container->setParameter('lexik_paybox.validation_by', $config['parameters']['validation_by']);
+
+
     }
 }
diff --git a/Paybox/System/Base/Response.php b/Paybox/System/Base/Response.php
@@ -47,20 +47,34 @@ class Response
      */
     private $publicKey;
 
+    /**
+     * @var string
+     */
+    private $validationBy;
+
+    /**
+     * @var array
+     */
+    private $pbxRetour;
+
     /**
      * Contructor.
      *
      * @param HttpRequest              $request
      * @param LoggerInterface          $logger
      * @param EventDispatcherInterface $dispatcher
      * @param string                   $publicKey
+     * @param string                   $validationBy
+     * @param array                    $pbxRetour
      */
-    public function __construct(HttpRequest $request, LoggerInterface $logger, EventDispatcherInterface $dispatcher, $publicKey)
+    public function __construct(HttpRequest $request, LoggerInterface $logger, EventDispatcherInterface $dispatcher, $publicKey, $validationBy, array $pbxRetour)
     {
         $this->request    = $request;
         $this->logger     = $logger;
         $this->dispatcher = $dispatcher;
         $this->publicKey  = $publicKey;
+        $this->validationBy = $validationBy;
+        $this->pbxRetour  = $pbxRetour;
     }
 
     /**
@@ -113,7 +127,7 @@ protected function initData()
         foreach ($this->getRequestParameters() as $key => $value) {
             $this->logger->info(sprintf('%s=%s', $key, $value));
 
-            if (Paybox::SIGNATURE_PARAMETER !== $key) {
+            if (in_array($key, $this->pbxRetour)) {
                 $this->data[$key] = urlencode($value);
             }
         }
@@ -131,10 +145,7 @@ public function verifySignature()
         $this->initData();
         $this->initSignature();
 
-        $file = fopen($this->publicKey, 'r');
-        $cert = fread($file, 8192);
-        fclose($file);
-
+        $cert = file_get_contents($this->publicKey);
         $publicKey = openssl_get_publickey($cert);
 
         $result = openssl_verify(
@@ -163,4 +174,5 @@ public function verifySignature()
 
         return $result;
     }
+
 }
diff --git a/README.md b/README.md
@@ -74,6 +74,7 @@ lexik_paybox:
             - '826' # GBP
             - '840' # USD
             - '978' # EUR
+        validation_by: url_ipn
 ```
 
 The routing collection must be set in your routing.yml
@@ -215,6 +216,31 @@ Production
 By default, getUrl() returns the preproduction url.
 To toggle in production, you just need to specify 'prod' in parameter of the getUrl('prod') method.
 
+Validation IPN response
+-----------------------
+
+For security, the status returned by PBX_EFFECTUE, PBX_REFUSE, PBX_ANNULE and PBX_ATTENTE, should
+not be trusted as it can by altered by malicous user. You must instead use IPN notification.
+IPN notification is send directly from Paybox server to the URL you specified either in PBX_REPONDRE_A
+option or in Paybox interface.
+
+If you use PBX_REPONDRE_A option you must specify in your `config.yml` file the following parameters :
+
+```yml
+lexik_paybox:
+    parameters:
+        validation_by: pbx_retour
+        pbx_retour: Mt:M;Ref:R;Auto:A;Erreur:E  # report the PBX_RETOUR option you defined in your code
+```
+
+If you use the Paybox interface, you can let the default parameters :
+
+```yml
+lexik_paybox:
+    parameters:
+        validation_by: url_ipn
+```
+
 Resources
 ---------
 

diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -14,7 +14,7 @@ services:
 
     lexik_paybox.response_handler:
         class:     '%lexik_paybox.response_handler.class%'
-        arguments: ['@request=', '@logger', '@event_dispatcher', %lexik_paybox.public_key%]
+        arguments: ['@request=', '@logger', '@event_dispatcher', %lexik_paybox.public_key%, %lexik_paybox.validation_by%, %lexik_paybox.pbx_retour%]
         tags:
             - { name: monolog.logger, channel: payment }
 

diff --git a/Tests/Paybox/System/ResponseTest.php b/Tests/Paybox/System/ResponseTest.php
@@ -47,8 +47,10 @@ protected function initMock(array $parameters, array $messages)
         ;
 
         $publicKey = __DIR__ . '/../../../Resources/config/paybox_public_key.pem';
+        $validationBy = 'url_ipn';
+        $pbxRetour = array_diff(array_keys($parameters), array('Sign'));
 
-        $this->_response = new Response($request, $logger, $dispatcher, $publicKey);
+        $this->_response = new Response($request, $logger, $dispatcher, $publicKey, $validationBy, $pbxRetour);
     }
 
     protected function tearDown()