Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Deprecated transHash Field #136

Open
cpburnz opened this issue Jan 25, 2019 · 5 comments
Open

Question: Deprecated transHash Field #136

cpburnz opened this issue Jan 25, 2019 · 5 comments
Labels
awaiting reply

Comments

@cpburnz
Copy link

cpburnz commented Jan 25, 2019

According to MD5 Hash End of Life & Signature Key Replacement, the MD5 hash in the transHash field is being phased out and will be removed from responses soon.

I see that transHash and transHashSHA2 are referenced a few places in the apicontractsv1.py module:

./authorizenet/apicontractsv1.py:8009:    # Element {AnetApi/xml/v1/schema/AnetApiSchema.xsd}transHash uses Python identifier transHash
./authorizenet/apicontractsv1.py:8010:    __transHash = pyxb.binding.content.ElementDeclaration(pyxb.namespace.ExpandedName(Namespace, 'transHash'), 'transHash', '__AnetApixmlv1schemaAnetApiSchema_xsd_transactionResponse_AnetApixmlv1schemaAnetApiSchema_xsdtransHash', False, pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2542, 6), )                    
./authorizenet/apicontractsv1.py:8013:    transHash = property(__transHash.value, __transHash.set, None, None)
./authorizenet/apicontractsv1.py:8107:    # Element {AnetApi/xml/v1/schema/AnetApiSchema.xsd}transHashSha2 uses Python identifier transHashSha2
./authorizenet/apicontractsv1.py:8108:    __transHashSha2 = pyxb.binding.content.ElementDeclaration(pyxb.namespace.ExpandedName(Namespace, 'transHashSha2'), 'transHashSha2', '__AnetApixmlv1schemaAnetApiSchema_xsd_transactionResponse_AnetApixmlv1schemaAnetApiSchema_xsdtransHashSha2', False, pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2648, 6), )
./authorizenet/apicontractsv1.py:8111:    transHashSha2 = property(__transHashSha2.value, __transHashSha2.set, None, None)
./authorizenet/apicontractsv1.py:8137:        __transHash.name() : __transHash,
./authorizenet/apicontractsv1.py:8151:        __transHashSha2.name() : __transHashSha2,
./authorizenet/apicontractsv1.py:26703:transactionResponse._AddElement(pyxb.binding.basis.element(pyxb.namespace.ExpandedName(Namespace, 'transHash'), pyxb.binding.datatypes.string, scope=transactionResponse, location=pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2542, 6)))                                                                              
./authorizenet/apicontractsv1.py:26731:transactionResponse._AddElement(pyxb.binding.basis.element(pyxb.namespace.ExpandedName(Namespace, 'transHashSha2'), pyxb.binding.datatypes.string, scope=transactionResponse, location=pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2648, 6)))                                                                          
./authorizenet/apicontractsv1.py:26839:    symbol = pyxb.binding.content.ElementUse(transactionResponse._UseForTag(pyxb.namespace.ExpandedName(Namespace, 'transHash')), pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2542, 6))                                                                                                                                
./authorizenet/apicontractsv1.py:26909:    symbol = pyxb.binding.content.ElementUse(transactionResponse._UseForTag(pyxb.namespace.ExpandedName(Namespace, 'transHashSha2')), pyxb.utils.utility.Location('https://apitest.authorize.net/xml/v1/schema/AnetApiSchema.xsd', 2648, 6))

Will the imminent removal of the transHash field from responses cause response parsing to break in the SDK as it stands today? Or will it handle the absence of the transHash gracefully?
@zaratan
Copy link

zaratan commented Feb 7, 2019

From the announcement the field won't be removed:

Stop sending the value for the MD5 Hash data element in the API response. The field will still be present but it will not have a value to it.

BUT

Will it still respondTo __transHash.name() ?

@zaratan
Copy link

zaratan commented Feb 7, 2019

I think it will. But I'm not that good with python. Anyone ? ❤️

@cpburnz
Copy link
Author

cpburnz commented Feb 8, 2019

@denispasin Ah, I overlooked the part:

The field will still be present but it will not have a value to it.

@jmordkoff
Copy link

Help me out here. Doesn't the library use the hash to validate the transaction response is legitimate? Or this considered an application level concern?

@gnongsie
Copy link
Contributor

gnongsie commented Mar 6, 2019
edited

Hi,

As per the official announcements, transHash (which uses MD5 based hashing) will be deprecated and a new field transHashSHA2 (based on SHA-512 based hash utilizing a Signature Key) has been made available.

To perform verification on this field, we have provided a sample code for convenience.

Do let us know if you have any further questions on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting reply
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cpburnz @jmordkoff @zaratan @gnongsie