Merge pull request #3067 from catchpoint/security_token

added security token

Author: claud-io

www/src/CPSignupClient.php

@@ -288,4 +288,51 @@ private function makeRequest(string $method, string $url, array $headers, array
             throw $e;
         }
     }
+
+    private function httpGetCjsToken($endpoint, $identifier)
+    {
+        $result = null;
+        if (!isset($identifier) || strlen($identifier) === 0) {
+            return $result;
+        }
+        $params = array('identifier' => $identifier);
+        $url = $endpoint . '?' . http_build_query($params);
+        if (function_exists('curl_init')) {
+            $ch = curl_init($url);
+            $headers = array();
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($ch, CURLOPT_FAILONERROR, true);
+            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);
+            curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
+            curl_setopt($ch, CURLOPT_TIMEOUT, 60);
+            curl_setopt($ch, CURLOPT_HEADERFUNCTION, function ($curl, $header) use (&$headers) {
+                $len = strlen($header);
+                $header = explode(':', $header, 2);
+                if (count($header) < 2) { // ignore invalid headers
+                    return $len;
+                }
+                $headers[strtolower(trim($header[0]))] = trim($header[1]);
+                return $len;
+            });
+            $response = curl_exec($ch);
+            curl_close($ch);
+            if ($response !== false) {
+                $result = $response;
+            }
+        }
+        return $result;
+    }
+
+
+    public function getChargifySecurityToken($identifier)
+    {
+        $url = Util::getSetting('cp_security_token_url');
+        $result = $this->httpGetCjsToken($url, $identifier);
+        $ret = null;
+        if (isset($result)) {
+            $ret = $result;
+        }
+        return $ret;
+    }
 }

www/src/Handlers/Account.php

@@ -550,7 +550,12 @@ public static function updatePaymentMethodConfirmBilling(RequestContext $request
             $results['renewaldate'] = $body->renewaldate;
         }
 
-        $results['ch_client_token'] = Util::getSetting('ch_key_public');
+        $contact_id = strval($request_context->getUser()->getContactId());
+        $ch_client_token = Util::getSetting('ch_key_public');
+        $ch_security_token = $request_context->getSignupClient()->getChargifySecurityToken($contact_id);
+
+        $results['ch_security_token'] = $ch_security_token;
+        $results['ch_client_token'] = $ch_client_token;
         $results['ch_site'] = Util::getSetting('ch_site');
         $results['support_link'] = Util::getSetting('support_link', 'https://support.catchpoint.com');
         return $tpl->render('billing/update-payment', $results);
@@ -1051,6 +1056,10 @@ public static function getAccountPage(RequestContext $request_context, string $p
                         $oldPlan = $all_plans->getPlanById($customer->getWptPlanId());
                         $results['is_pending'] = $is_pending;
 
+                        $contact_id = strval($request_context->getUser()->getContactId());
+                        $ch_security_token = $request_context->getSignupClient()->getChargifySecurityToken($contact_id);
+                        $results['ch_security_token'] = $ch_security_token;
+
                         $results['ch_client_token'] = Util::getSetting('ch_key_public');
                         $results['ch_site'] = Util::getSetting('ch_site');
                         $results['is_upgrade'] = $plan->isUpgrade($oldPlan);
@@ -1059,6 +1068,10 @@ public static function getAccountPage(RequestContext $request_context, string $p
                         $content = $tpl->render('plans/plan-summary', $results);
                         return new Response($content, Response::HTTP_OK);
                     } else {
+                        $contact_id = strval($request_context->getUser()->getContactId());
+                        $ch_security_token = $request_context->getSignupClient()->getChargifySecurityToken($contact_id);
+                        $results['ch_security_token'] = $ch_security_token;
+
                         $results['ch_client_token'] = Util::getSetting('ch_key_public');
                         $results['ch_site'] = Util::getSetting('ch_site');
 

www/src/Handlers/Signup.php

@@ -97,13 +97,18 @@ public static function getStepThree(RequestContext $request_context, array $vars
             $vars['billing_frequency'] = $plan->getBillingFrequency();
         }
 
-        $vars['ch_client_token'] = Util::getSetting('ch_key_public');
+        $email = htmlentities($_SESSION['signup-email']);
+        $ch_client_token = Util::getSetting('ch_key_public');
+        $ch_security_token = $request_context->getSignupClient()->getChargifySecurityToken($email);
+
+        $vars['ch_client_token'] = $ch_client_token;
+        $vars['ch_security_token'] = $ch_security_token;
         $vars['ch_site'] = Util::getSetting('ch_site');
 
         $vars['first_name'] = isset($_SESSION['signup-first-name']) ? htmlentities($_SESSION['signup-first-name']) : "";
         $vars['last_name'] = isset($_SESSION['signup-last-name']) ? htmlentities($_SESSION['signup-last-name']) : "";
         $vars['company_name'] = htmlentities($_SESSION['signup-company-name']);
-        $vars['email'] = htmlentities($_SESSION['signup-email']);
+        $vars['email'] = $email;
         $vars['password'] = htmlentities($_SESSION['signup-password']);
 
         $vars['street_address'] = htmlentities($_SESSION['signup-street-address']);

www/templates/account/includes/chargify-payment-form.php

@@ -38,6 +38,7 @@
         var textColor = document.querySelectorAll('.my-account-page').length > 0 ? '#111111' : '#ffffff';
         chargify.load({
             publicKey: "<?= $ch_client_token ?>",
+            securityToken: "<?= $ch_security_token ?>",
             type: 'card',
             serverHost: "<?= $ch_site ?>", //'https://acme.chargify.com'
             hideCardImage: false,