working on tpv issues

sails/src/api/controllers/TPVController.js

@@ -80,12 +80,12 @@ module.exports = {
         DS_MERCHANT_CURRENCY: '978',      // Terminal currency
         DS_MERCHANT_TRANSACTIONTYPE: "0",            // Type of the transaction (0: authorized)
         DS_MERCHANT_AMOUNT: amount + "00",               // Amount
-        DS_MERCHANT_ORDER: moment().format('YYMMDD') + params.id_stu.toString().slice(-6), // hast to be from 4 to 12 characters long
-        DS_MERCHANT_MERCHANTURL: 'https://' + req.headers.host + "/tpv/notify/" + params.id_stu, // notification to activate
+        DS_MERCHANT_ORDER: moment().format('YYMMmm') + params.id_stu.toString().slice(-6), // hast to be from 4 to 12 characters long
+        DS_MERCHANT_MERCHANTURL: 'https://' + req.headers.host + "/tpv/notify", // notification to activate
         DS_MERCHANT_URLOK: 'https://' + req.headers.host + '/app/#/student/' + params.id_stu + "/setup/renewed/1", // Returning URL (success)
         DS_MERCHANT_URLKO: 'https://' + req.headers.host + '/app/#/student/' + params.id_stu + "/setup/renewed/0", // Returning URL (error)
         DS_MERCHANT_PRODUCTDESCRIPTION: product_desc,
-        DS_MERCHANT_MERCHANTDATA: JSON.stringify({
+        DS_MERCHANT_MERCHANTDATA: encodeMerchantParams({
           type: params.type,
           creator: req.token.email,
           id_stu: params.id_stu
@@ -118,19 +118,34 @@ module.exports = {
   notify: function(res, req) {
     var params = res.allParams();
 
-    if (!params.DS_SIGNATURE || !params.DS_MERCHANTPARAMETERS)
+      console.log("params: " + JSON.stringify(params));
+      
+    if (!params.Ds_Signature || !params.Ds_MerchantParameters)
       return res.badRequest();
 
-    var postSignature = params.DS_SIGNATURE;
-    var postParams = params.DS_MERCHANTPARAMETERS;
+    var postSignature = params.Ds_Signature;
+      var postParams = params.Ds_MerchantParameters;
 
-    var params = decodeMerchantParams(postParams);
-    var ownParams = JSON.parse(params.DS_MERCHANT_MERCHANTDATA);
-    var key = cipherMerchantKey(params.DS_MERCHANT_ORDER, sails.config.pictogram.tpv.key);
+      var decodedParams = decodeMerchantParams(postParams);
+      console.log("Posted merchant params:" + JSON.stringify(decodedParams));
+      var ownParams = decodeMerchantParams(decodedParams.Ds_MerchantData);
+            console.log("Posted own merchant params:" + JSON.stringify(ownParams));
+    var key = cipherMerchantKey(decodedParams.Ds_Order, sails.config.pictogram.tpv.key);
     var signatureBase64 = signMerchantParams(postParams, key);
+      console.log("postSignature: " + postSignature + "\nsignatureBase64: " + signatureBase64);
+
+      
+      if (postSignature != signatureBase64) {
+
+	  // Try again if some URLSafe replacement has been done
+	  signatureBase64 = signatureBase64.replace(/\+/gi, "-");  // Change any plus (+) characters to dashes (-)
+	  signatureBase64 = signatureBase64.replace(/\//gi, "_");  // Change any slashes (/) characters to underscores (_)
+	  if (postSignature != signatureBase64) {
+	      console.log("tpv/notify: Signature verification on TPV operation failed");
+	      return res.badRequest("Invalid signature");
+	  }
+      }
 
-    if (postSignature != signatureBase64)
-      return res.badRequest("Invalid signature");
 
     // Everything is correct: generate serial number and activate it
 
@@ -157,7 +172,7 @@ module.exports = {
       if (!license)
         throw new Error("Unable to create license");
 
-      License.activate(license.number, ownParams.id_stu, function(err, license) {
+	License.activate(license.number, parseInt(ownParams.id_stu), function(err, license) {
         if (err)
           return res.badRequest(err);
         return res.ok(license);