Search code examples
formstypo3query-stringmulti-step

TYPO3: How can I allow third party query string parameters?

I have created a multistep order form extension which collects some user data and then redirect to different third party solutions for the payment step.

This third party solutions (like PayPal) require a return url to find the way back to my form. So the current workflow looks like this:

  1. My form: collect user data
  2. My form: redirect to payment provider with return url
  3. Payment provider: collect user data for payment
  4. Payment provider: redirect back to my form
  5. My form: show order details with collected data
  6. Payment provider: submit order
  7. My form: redirect to success page

I hope this is comprehensible so far. I stuck into step 4, because every redirect from a payment provider back to my form ends in a 404, because the payment provider add some query string parameters which my form don't know. I think the problem here is that this parameters are not cHash calculated and this is the reason because they fail.

In step 2 I generate the return url of my form, this looks like this:

$returnUrl = $this->uriBuilder
    ->reset()
    ->setTargetPageUid($returnPageId)
    ->setCreateAbsoluteUri(true)
    ->setSection('form-multistep')
    ->uriFor('step5', null, 'CouponItem', 'bookingmanager', 'p2');

The generated output looks like this:

https://example.com/coupon/?tx_bookingmanager_p2%5Baction%5D=step5&tx_bookingmanager_p2%5Bcontroller%5D=CouponItem&cHash=565dc2e51a8d43bf3836b43b994e98d0#form-multistep

So this is the url which will be send to different payment providers and if I copy paste this url into my browser this url is working, BUT the payment providers manipulate this url and add some custom query string parameters to it before they redirect.

For example PayPal add the following query string parameters:

 paymentId, token and PayerID

So the generated redirect url from PayPal to my form looks like:

https://example.com/coupon/?paymentId=XXXXXX&token=XXXXXX&PayerID=XXXXXX&tx_bookingmanager_p2%5Baction%5D=step5&tx_bookingmanager_p2%5Bcontroller%5D=CouponItem&cHash=565dc2e51a8d43bf3836b43b994e98d0#form-multistep

And this url ends in a 404 because I think the cHash is not valid for this manipulated url anymore or am I wrong?

Furthermore I have tried to predefine this parameters, like so:

$returnUrl = $this->uriBuilder
    ->reset()
    ->setTargetPageUid($this->settings['returnPageId'])
    ->setCreateAbsoluteUri(true)
    ->setSection('form-multistep')
    ->setArguments(['paymentId' => '', 'token' => '', 'PayerID' => ''])
    ->uriFor('step5',null,'CouponItem','bookingmanager','p2');

If I do something like that then the redirect from PayPal to my form is working, BUT unfortunately not as expected, because PayPal don't know that the parameters already exist in the given return url and still add this parameters again, so the generated url looks like:

https://example.com/coupon/?paymentId=&token=&PayerID=&tx_bookingmanager_p2%5Baction%5D=step5&tx_bookingmanager_p2%5Bcontroller%5D=CouponItem&cHash=bf642fb35a66033689b7d4ff772b3cf9#form-multistep&paymentId=XXXX&token=XXXX&PayerID=XXXX

Furthermore I can't access the query string parameters which PayPal added to the url :(. So I have tried something like this:

$returnUrl = $this->uriBuilder
    ->reset()
    ->setTargetPageUid($this->settings['returnPageId'])
    ->setCreateAbsoluteUri(true)
    ->setSection('form-multistep')
    ->uriFor('step5',null,'CouponItem','bookingmanager','p2');

$this->uriBuilder
    ->reset()
    ->setTargetPageUid($this->settings['returnPageId'])
    ->setCreateAbsoluteUri(true)
    ->setSection('form-multistep')
    ->setArguments(['paymentId' => '', 'token' => '', 'PayerID' => ''])
    ->uriFor('step5',null,'CouponItem','bookingmanager','p2');

So I have sent the "normal" return url (with only my extension parameters) to PayPal and register a second url with the uri builder to get the redirect from PayPal to my form working (this already seems to be bad).

So the redirect to PayPal through my form and the redirect from PayPal back to my form is working, BUT now I got the same problem as my last try. I got the right parameters in my URL, but I can't access them:

DebuggerUtility::var_dump(GeneralUtility::_GET());

array(3 items)
    tx_bookingmanager_p2 => array(2 items)
      action => 'step5' (5 chars)
      controller => 'CouponItem' (10 chars)
    cHash => 'cbe7c08c1a45e85404a06877c453cb63' (32 chars)
    id => '175' (3 chars)

So how can I allow custom query string parameters which are generated by a third party app for a specific controller action?

Solution

  • You need to exclude those parameters from cHash.

    In the InstallTool you will find a value for 

    $GLOBALS['TYPO3_CONF_VARS']['FE']['cHashExcludedParameters']

    where you enter the list of paramters (comma separated) you do not want to be consiered in the cHash.