From 3fb1fb63b471b3f6a639a4dab7d6ce74ef68d7ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 4 Jun 2021 22:16:25 +0200 Subject: [PATCH 1/5] test zapier --- dev/examples/zapier/creates/thirdparty.js | 4 ++-- dev/examples/zapier/package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/examples/zapier/creates/thirdparty.js b/dev/examples/zapier/creates/thirdparty.js index 3e20fd10e41..2abeef6ae4c 100644 --- a/dev/examples/zapier/creates/thirdparty.js +++ b/dev/examples/zapier/creates/thirdparty.js @@ -6,7 +6,7 @@ const createThirdparty = async (z, bundle) => { const response = await z.request({ method: 'POST', url: apiurl, - body: JSON.stringify({ + body: { name: bundle.inputData.name, name_alias: bundle.inputData.name_alias, ref_ext: bundle.inputData.ref_ext, @@ -24,7 +24,7 @@ const createThirdparty = async (z, bundle) => { code_client: bundle.inputData.code_client, code_fournisseur: bundle.inputData.code_fournisseur, sens: 'fromzapier' - }) + } }); const result = z.JSON.parse(response.content); // api returns an integer when ok, a json when ko diff --git a/dev/examples/zapier/package.json b/dev/examples/zapier/package.json index cc0768a27ef..4d5c5daa867 100644 --- a/dev/examples/zapier/package.json +++ b/dev/examples/zapier/package.json @@ -15,7 +15,7 @@ "npm": ">=5.6.0" }, "dependencies": { - "zapier-platform-core": "11.0.0" + "zapier-platform-core": "11.0.1" }, "devDependencies": { "mocha": "^5.2.0", From 3440024efebf877b219d66c55917d7ad4e0201f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20FRANCE?= Date: Fri, 4 Jun 2021 22:35:05 +0200 Subject: [PATCH 2/5] test zapier --- dev/examples/zapier/triggers/thirdparty.js | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/dev/examples/zapier/triggers/thirdparty.js b/dev/examples/zapier/triggers/thirdparty.js index 4656f836e74..0fecd4434ce 100644 --- a/dev/examples/zapier/triggers/thirdparty.js +++ b/dev/examples/zapier/triggers/thirdparty.js @@ -56,6 +56,12 @@ const getThirdparty = (z, bundle) => { fournisseur: bundle.cleanedRequest.fournisseur, code_client: bundle.cleanedRequest.code_client, code_fournisseur: bundle.cleanedRequest.code_fournisseur, + idprof1: bundle.cleanedRequest.idprof1, + idprof2: bundle.cleanedRequest.idprof2, + idprof3: bundle.cleanedRequest.idprof3, + idprof4: bundle.cleanedRequest.idprof4, + idprof5: bundle.cleanedRequest.idprof5, + idprof6: bundle.cleanedRequest.idprof6, authorId: bundle.cleanedRequest.authorId, createdAt: bundle.cleanedRequest.createdAt, action: bundle.cleanedRequest.action @@ -170,7 +176,13 @@ module.exports = { {key: 'client', label: 'Customer/Prospect 0/1/2/3'}, {key: 'fournisseur', label: 'Supplier 0/1'}, {key: 'code_client', label: 'Customer code'}, - {key: 'code_fournisseur', label: 'Supplier code'} + {key: 'code_fournisseur', label: 'Supplier code'}, + {key: 'idprof1', label: 'Id Prof 1'}, + {key: 'idprof2', label: 'Id Prof 2'}, + {key: 'idprof3', label: 'Id Prof 3'}, + {key: 'idprof4', label: 'Id Prof 4'}, + {key: 'idprof5', label: 'Id Prof 5'}, + {key: 'idprof6', label: 'Id Prof 6'} ] } }; From c94946b934758236a82f3668ffcf969912b823a8 Mon Sep 17 00:00:00 2001 From: daraelmin Date: Fri, 4 Jun 2021 23:14:31 +0200 Subject: [PATCH 3/5] Fix #17743 - token was hashed with membersubscription #Fix #17743 - token was hashed with membersubscription for retro-compatibility we must try to hash token wth both "membre" ans "membersubscription" to verify unique secure key d'or member --- htdocs/public/payment/newpayment.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index 377077531ae..f19aef7f79c 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -281,6 +281,9 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical + if ($SECUREKEY != $token) { + $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); } From 420bf440ef32c98f08a9b6c6f50284336edf93a3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:53:07 +0200 Subject: [PATCH 4/5] Update newpayment.php --- htdocs/public/payment/newpayment.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index f19aef7f79c..a0e6a1854fd 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -278,11 +278,13 @@ if ($tmpsource == 'membersubscription') { } $valid = true; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { + $token = ''; + $tokenoldcompat = ''; if (!empty($conf->global->PAYMENT_SECURITY_TOKEN_UNIQUE)) { if ($tmpsource && $REF) { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$tmpsource.$REF, 2); // Use the source in the hash to avoid duplicates if the references are identical - if ($SECUREKEY != $token) { - $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) + if ($tmpsource != $source) { + $tokenoldcompat = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN.$source.$REF, 2); // for retro-compatibility (token may have been hashed with membersubscription in external module) } } else { $token = dol_hash($conf->global->PAYMENT_SECURITY_TOKEN, 2); @@ -290,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token) { + if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else { From 246cb09ba58a02b8479d21a48f9a5916c256fa29 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 5 Jun 2021 00:56:28 +0200 Subject: [PATCH 5/5] Update newpayment.php --- htdocs/public/payment/newpayment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php index a0e6a1854fd..b71dd2df499 100644 --- a/htdocs/public/payment/newpayment.php +++ b/htdocs/public/payment/newpayment.php @@ -292,7 +292,7 @@ if (!empty($conf->global->PAYMENT_SECURITY_TOKEN)) { } else { $token = $conf->global->PAYMENT_SECURITY_TOKEN; } - if ($SECUREKEY != $token && $SECUREKEY != $tokenoldcompat) { + if ($SECUREKEY != $token && (empty($tokenoldcompat) || $SECUREKEY != $tokenoldcompat)) { if (empty($conf->global->PAYMENT_SECURITY_ACCEPT_ANY_TOKEN)) { $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility } else {