mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
FIX fatal error on Stripe setup page and security when terminal not used
This commit is contained in:
Laurent Destailleur
parent
617d89c183
commit
db15f04ab0
|
|
@ -394,35 +394,44 @@ if ($conf->global->MAIN_FEATURES_LEVEL >= 2) { // TODO Not used by current code
|
|||
$service = 'StripeLive';
|
||||
$servicestatus = 1;
|
||||
}
|
||||
global $stripearrayofkeysbyenv;
|
||||
$site_account = $stripearrayofkeysbyenv[$servicestatus]['secret_key'];
|
||||
if (!empty($site_account)) {
|
||||
\Stripe\Stripe::setApiKey($site_account);
|
||||
}
|
||||
if (isModEnabled('stripe') && (empty($conf->global->STRIPE_LIVE) || GETPOST('forcesandbox', 'alpha'))) {
|
||||
$service = 'StripeTest';
|
||||
$servicestatus = '0';
|
||||
dol_htmloutput_mesg($langs->trans('YouAreCurrentlyInSandboxMode', 'Stripe'), '', 'warning');
|
||||
} else {
|
||||
$service = 'StripeLive';
|
||||
$servicestatus = '1';
|
||||
}
|
||||
$stripe = new Stripe($db);
|
||||
if (!empty($site_account)) {
|
||||
// If $site_account not defined, then key not set and no way to call API Location
|
||||
$stripeacc = $stripe->getStripeAccount($service);
|
||||
if ($stripeacc) {
|
||||
$locations = \Stripe\Terminal\Location::all('', array("stripe_account" => $stripeacc));
|
||||
|
||||
try {
|
||||
global $stripearrayofkeysbyenv;
|
||||
$site_account = $stripearrayofkeysbyenv[$servicestatus]['secret_key'];
|
||||
if (!empty($site_account)) {
|
||||
\Stripe\Stripe::setApiKey($site_account);
|
||||
}
|
||||
if (isModEnabled('stripe') && (empty($conf->global->STRIPE_LIVE) || GETPOST('forcesandbox', 'alpha'))) {
|
||||
$service = 'StripeTest';
|
||||
$servicestatus = '0';
|
||||
dol_htmloutput_mesg($langs->trans('YouAreCurrentlyInSandboxMode', 'Stripe'), '', 'warning');
|
||||
} else {
|
||||
$locations = \Stripe\Terminal\Location::all();
|
||||
$service = 'StripeLive';
|
||||
$servicestatus = '1';
|
||||
}
|
||||
$stripe = new Stripe($db);
|
||||
if (!empty($site_account)) {
|
||||
// If $site_account not defined, then key not set and no way to call API Location
|
||||
$stripeacc = $stripe->getStripeAccount($service);
|
||||
if ($stripeacc) {
|
||||
$locations = \Stripe\Terminal\Location::all('', array("stripe_account" => $stripeacc));
|
||||
} else {
|
||||
$locations = \Stripe\Terminal\Location::all();
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
print $e->getMessage().'<br>';
|
||||
}
|
||||
|
||||
// Define the array $location
|
||||
$location = array();
|
||||
$location[""] = $langs->trans("NotDefined");
|
||||
if (!empty($locations)) {
|
||||
foreach ($locations as $tmplocation) {
|
||||
$location[$tmplocation->id] = $tmplocation->display_name;
|
||||
}
|
||||
}
|
||||
|
||||
$location = array();
|
||||
$location[""] = $langs->trans("NotDefined");
|
||||
foreach ($locations as $tmplocation) {
|
||||
$location[$tmplocation->id] = $tmplocation->display_name;
|
||||
}
|
||||
print $form->selectarray("STRIPE_LOCATION", $location, getDolGlobalString('STRIPE_LOCATION'));
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,11 @@
|
|||
/**
|
||||
* \file htdocs/stripe/ajax/ajax.php
|
||||
* \brief Ajax action for Stipe ie: Terminal
|
||||
*
|
||||
* Calling with
|
||||
* action=getConnexionToken return a token of Stripe terminal
|
||||
* action=createPaymentIntent generates a payment intent
|
||||
* action=capturePaymentIntent generates a payment
|
||||
*/
|
||||
|
||||
if (!defined('NOTOKENRENEWAL')) {
|
||||
|
|
@ -49,7 +54,12 @@ $servicestatus = GETPOST('servicestatus', 'int');
|
|||
$amount = GETPOST('amount', 'int');
|
||||
|
||||
if (empty($user->rights->takepos->run)) {
|
||||
accessforbidden();
|
||||
accessforbidden('Not allowed to use TakePOS');
|
||||
}
|
||||
|
||||
$usestripeterminals = getDolGlobalString('STRIPE_LOCATION');
|
||||
if (! $usestripeterminals) {
|
||||
accessforbidden('Feature to use Stripe terminals not enabled');
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -68,7 +78,9 @@ if ($action == 'getConnexionToken') {
|
|||
// The ConnectionToken's secret lets you connect to any Stripe Terminal reader
|
||||
// and take payments with your Stripe account.
|
||||
$array = array();
|
||||
if (isset($location) && !empty($location)) $array['location'] = $location;
|
||||
if (isset($location) && !empty($location)) {
|
||||
$array['location'] = $location;
|
||||
}
|
||||
if (empty($stripeacc)) { // If the Stripe connect account not set, we use common API usage
|
||||
$connectionToken = \Stripe\Terminal\ConnectionToken::create($array);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -96,28 +96,34 @@ if (isModEnabled('stripe')) {
|
|||
$stripeacc = $stripe->getStripeAccount($service); // Get Stripe OAuth connect account (no remote access to Stripe here)
|
||||
$stripecu = $stripe->getStripeCustomerAccount($object->id, $servicestatus, $site_account); // Get remote Stripe customer 'cus_...' (no remote access to Stripe here)
|
||||
$keyforstripeterminalbank = "CASHDESK_ID_BANKACCOUNT_STRIPETERMINAL".$_SESSION["takeposterminal"];
|
||||
?>
|
||||
|
||||
$usestripeterminals = getDolGlobalString('STRIPE_LOCATION');
|
||||
|
||||
if ($usestripeterminals) {
|
||||
?>
|
||||
<script src="https://js.stripe.com/terminal/v1/"></script>
|
||||
<script>
|
||||
var terminal = StripeTerminal.create({
|
||||
onFetchConnectionToken: fetchConnectionToken,
|
||||
onUnexpectedReaderDisconnect: unexpectedDisconnect,
|
||||
});
|
||||
|
||||
function unexpectedDisconnect() {
|
||||
// In this function, your app should notify the user that the reader disconnected.
|
||||
// You can also include a way to attempt to reconnect to a reader.
|
||||
console.log("Disconnected from reader")
|
||||
}
|
||||
|
||||
function fetchConnectionToken() {
|
||||
<?php
|
||||
$urlconnexiontoken = DOL_URL_ROOT.'/stripe/ajax/ajax.php?action=getConnexionToken&token='.newToken().'&servicestatus='.urlencode($servicestatus);
|
||||
if (!empty($conf->global->STRIPE_LOCATION)) {
|
||||
$urlconnexiontoken .= '&location='.urlencode($conf->global->STRIPE_LOCATION);
|
||||
}
|
||||
if (!empty($stripeacc)) {
|
||||
$urlconnexiontoken .= '&stripeacc='.urlencode($stripeacc);
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
$urlconnexiontoken = DOL_URL_ROOT.'/stripe/ajax/ajax.php?action=getConnexionToken&token='.newToken().'&servicestatus='.urlencode($servicestatus);
|
||||
if (!empty($conf->global->STRIPE_LOCATION)) {
|
||||
$urlconnexiontoken .= '&location='.urlencode($conf->global->STRIPE_LOCATION);
|
||||
}
|
||||
if (!empty($stripeacc)) {
|
||||
$urlconnexiontoken .= '&stripeacc='.urlencode($stripeacc);
|
||||
}
|
||||
?>
|
||||
// Do not cache or hardcode the ConnectionToken. The SDK manages the ConnectionToken's lifecycle.
|
||||
return fetch('<?php echo $urlconnexiontoken; ?>', { method: "POST" })
|
||||
.then(function(response) {
|
||||
|
|
@ -127,8 +133,11 @@ function fetchConnectionToken() {
|
|||
return data.secret;
|
||||
});
|
||||
}
|
||||
|
||||
</script>
|
||||
<?php }
|
||||
<?php
|
||||
}
|
||||
}
|
||||
|
||||
if (isModEnabled('stripe') && isset($keyforstripeterminalbank) && (empty($conf->global->STRIPE_LIVE) || GETPOST('forcesandbox', 'alpha'))) {
|
||||
dol_htmloutput_mesg($langs->trans('YouAreCurrentlyInSandboxMode', 'Stripe'), '', 'warning', 1);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user