Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally dizactivate payment URL upon order fulfillment #2568

Open
TanaseTeofil opened this issue Feb 27, 2024 · 7 comments
Open

Optionally dizactivate payment URL upon order fulfillment #2568

TanaseTeofil opened this issue Feb 27, 2024 · 7 comments

Comments

@TanaseTeofil
Copy link
Contributor

Q A
Bug report? no
Feature request? yes
BC Break report? no
RFC? no

Hello @dpfaffenbauer!

We have a proposal for a new feature that could be added to CoreShop and would probably improve security for many projects.
In CoreShop by Design you can access both the pay and thank-you pages for an unlimited period of time with a valid token.
This isn't particularly great because you can probably steal personal data by guessing the token. The more tokens there are in circulation, the easier it is to guess any of them. In practical terms, this isn't necessarily a problem with a long token.
Nevertheless, there is no reason why you should still see a Thank You page from an order after a year.
Would it be possible for you to solve this through time-limited or disposable tokens. This doesn't have to be the default but you could make it an option avaiable in CoreShop if you also believe it to be a good idea.

What are your thoughts on this?
@dpfaffenbauer
Copy link
Member

@TanaseTeofil Yes, I am down for that. Can you maybe describe it in more detail how you would achieve this?

@TanaseTeofil
Copy link
Contributor Author

@dpfaffenbauer I have talked a bit about this issue with @yariksheptykin and we reached the conclusion that we could maybe use JWT token generation since it provides a lot of features that we would need such as expiration date for the access tokens (configurable, but i think 15 minutes should be enough. Remains to be discussed). Initially we would just need the expiration date aspect of this but we could also use their encryption to further increase security for tokens on orders.

We can create a new token generator such as the UniqueTokenGenerator CoreShop already provides and add it as an alternative to the OrderFactory so that we can chose between the two through a config.

Give us a couple of days to whip up a Pull Request with a possible solution for this feature.
We will be collaborating with Iaroslav on this in the next days and we'll try to implement a solution for this.

@dpfaffenbauer
Copy link
Member

@TanaseTeofil lovely. Can't wait for your PR idea.

@solverat
Copy link
Contributor

solverat commented Mar 1, 2024

-1 for JWT.

@yariksheptykin
Copy link
Contributor

yariksheptykin commented Mar 1, 2024
edited

@solverat could you write a couple of words why you don't think JWT is not a good idea?

@TanaseTeofil TanaseTeofil mentioned this issue Mar 5, 2024
Draft
@solverat
Copy link
Contributor

solverat commented Mar 5, 2024

@yariksheptykin I think JWT is completely inflated for this task.

  • TTL: Why not simply check within the action points (pay, thank-you) if the order_date is < configurable_ttl and throw an exception, if so?
  • Token-Length: Changing the token length to a decent length could fix the "guessing" situation

@TanaseTeofil
Copy link
Contributor Author

@dpfaffenbauer I have created a PR for this. Feel free to take a look at our current plan and give your thoughts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yariksheptykin @solverat @dpfaffenbauer @TanaseTeofil