I need help with Laravel Cashier.
I'm using laravel cashier on backend and vue on client side.
On client I setup stripe object, elements and card.
In the meanwhile I request to serve a client_secret making a PaymentIntent
$payment_intent = PaymentIntent::create(
['amount' => $request["price"],
'currency' => "eur",
'payment_method_types' => ['card'],
'customer' => $stripe_customer->id,
], [
'api_key' => config('services.stripe.secret'),
]);
When user input credit card data and confirm using the client_secret
I call this function in client side
this.stripe.confirmCardPayment(this.stripe_payment_intent.client_secret, {
payment_method: {
card: this.stripe_card,
billing_details: {
name: 'Test Name'
}
},
setup_future_usage: 'off_session'
})
...
On then I call the server passing the result.
On the server side
$stripeCharge = $request->user()->charge(
$request["paymentIntent"]["amount"], $request["paymentIntent"]["payment_method"]
);
It works fine, withouth sca (3d secure)
But when the test card require 3d secure (4000002500003155 or 4000002760003184) on the client all goes fine, displaying the 3d secure
dialog, the confirmCardPayment succeed, but in last step when calling charge I got
The payment attempt failed because additional action is required before it can be completed.
Why? All the actions is performed on the client side.. why the server not agree?
p.s. I need only single charge without store any payment method
The problem was that confirmCardPayment already charge the user.
So calling again in the server side make the error because double charge on 3d secure card is not possible.
I had to remove charge on the server side and using PaymentIntent::retrieve in order to verify the status and check if already processed in my business logic.
Related
I'm using Stripe's PHP SDK in a Laravel project, and I'm having a weird issue with 3d secure payments.
PHP Version : 7.4
Stripe-PHP : 7.75.0
When creating a PaymentIntent on behlaf of a connected stripe account using the stripe_account parameter, and the confirmation_method: 'manual' parameter, there's alway an error stating:
This PaymentIntent pi_XXXXXX cannot be confirmed using your publishable key because its confirmation_method is set to manual. Please use your secret key instead, or create a PaymentIntent with confirmation_method set to automatic.
This is how I created my intent:
$paymentIntentParameters = array(
'amount' => $priceAsCents,
'currency' => 'eur',
'payment_method' => $paymentMethodId,
'confirmation_method' => 'manual',
'confirm' => true,
);
$paymentIntent = StripePaymentIntent::create(
$paymentIntentParameters,
['stripe_account' => $store->stripe_token]
);
I followed everything said here: https://github.com/stripe-samples/accept-a-card-payment/tree/master/without-webhooks
I'm in a case where the webhook doesn't work for me, and where the confirmation_method: 'automatic' doesn't do the job too, because the confirmation is done on the frontend, and we only want cofirmations on the backend.
Is there any quick fix for this?
In order to perform server-side (manual) confirmation, you want to follow this doc. Specifically, instead of using handleCardPayment on the frontend, you use createPaymentMethod on the frontend, use the resulting PaymentMethod with a PaymentIntent on the backend, and then confirm on the backend. The linked doc shows the exact steps.
And for the 3d secure, you need to add handleCardPayment.
I'm using Stripe checkout and I have it all working as follows:
Create Session, redirect to Checkout, handle order fulfillment on redirect with passed through session_id.
I'm trying to write a test for this but I can't figure out how to fake a Stripe Checkout charge onto the Stripe Session & PaymentIntent.
I'm using the PHP Library and I've tried this:
$paymentIntent = PaymentIntent::retrieve($session->payment_intent);
dd($paymentIntent->charges->create([
'source' => 'tok_visa_debit',
'currency' => 'gbp',
'amount' => 100,
]));
But I am getting an error: Stripe\Error\InvalidRequest : Received unknown parameter: payment_intent
What is the correct way to test this works?
I am integrating Orange Money Payment gateway with my Yii2 basic Application to be able to receive local payments on this application.
In this API, when the user initiates a transaction, I receive some data after sending a curl request to the Orange money API. I store this data in my Database with a key call notif_token. The user is then redirected to orange payment portal where the payment is done. when the User completes a payment process on their portal, they send me json response to a particular url call Notifcation URL. I am suppose to receive this data, update my Database and grant access to this user to some resources.
Everything works well till the level of receiving the feedback in from them through the notification URL.
I have tried all I know to receive this information but to no avail since this action is not an api url. I have written my action as shown below but I do not know what I am missing.( might be a configuration for this action or something).
public function actionOnotification(){
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
$request = \yii::$app->request->post();
$transaction =OrangeFeedback::findOne(['notif_token'=>$request['notif_token']]);
$transaction->status = $request['status'];
$transaction->txnid = $request['txnid'];
$transaction->save();
//do some processing here
}
I do not know how to solve this problem as I feel I am missing a fundamental concept here( might be on how to configure a Yii2 basic application action to receive json data, might be how to convert that action into an API call URL or something which I can not yet figure out). Any help on this will be greatly appreciated as I can't find any resources online to help me.
To receive JSON data you need to configure your request component in the config:
'components' => [
...
'request' => [
'parsers' => [
'application/json' => 'yii\web\JsonParser',
]
],
...
]
See the docs for more information
For my shopping site I have a fairy simple stripe implementation on the frontend where user hits "pay through stripe" button fills in CC details in a popup and hits proceed. If all goes well I get a token as $_POST['stripeToken'] which I process like below (for web payments)
try
{
$stripe = new Stripe();
$stripe = Stripe::make();
$customer = $stripe->customers()->create([
'email' => $_POST['email_id'],
'source' => $_POST['stripeToken']
]);
$charge = $stripe->charges()->create([
'customer' => $customer['id'],
'amount' => $total_amount, // note this is calculated again on server to prevent fraud
'currency' => 'sgd'
]);
}
catch (\Cartalyst\Stripe\Exception\CardErrorException $e)
{
return view('front.payment_error')->with('message', $e->getMessage());
}
Thing is we cannot rely on $total_amount coming from frontend form submission as user can easily spoof this amount and pay just $1 in stripe and get a token and spoof $total_amount to 1 thus getting products at whatever price he wants ,that's why I need to calculate his `$total_amount again on the server (from his cart) and use that to process stripe on the server.If that amount doesn't match what the token stands for , stripe would automatically raise an exception and prevent fraud.
So far good.. but the problem comes when dealing with API , mobile app will process stripe using their own libs. on the client side they would just send the final (for recording in db) but obviously I cannot use it to charge since that is already done on the mobile.Since these days it's very easy to change app behaviour (by patching apks) or craft custom HTTP request (postman) , server check is a must in case of payments.
So my question is how can I verify from the token the actual amount user paid
ie. reverse convert stripeToken => actual paid amount
Update:
This is what I am looking in case of Stripe
https://developer.paypal.com/docs/integration/mobile/verify-mobile-payment/
I am trying to integrate Pin.net.au CC processing into my site. I am using Omnipay library to make the calls.
To not store CC details in my server, I am using the Pin.js token method.
On form submit page (after user fills in personal and CC details) javascript does a 'prevent default' and sends the data from forms (browser) straight to pin.net.au servers. Server sends a card_token in response and resubmits the form to my server.
This token is recieved successfully and I can output it in my tests.
I get into trouble when I take that token and send a purchase request to pin.net.au. According to the API docs, I need not send user and card details when I send the token (the entire point of the token, really). I send this token along with other compulsory bits like email, amount, description etc.
This works when I cURL on my terminal and I get a charge success.
However, sending this purchase/charge request using the Omnipay library, each time I get a 422 (invalid resource) that asks for the user details and CC information. It should have populated this stuff from the token I sent.
I have scoured the API docs of both Omnipay and Pin.net.au. I don't seem to be doing anything wrong. What am I missing?
Here's my charge request:
$gateway = GatewayFactory::create('Pin');
$gateway->setSecretKey('MY_SECRET_KEY');
$response = $gateway->purchase([
'email' => 'user#email.com',
'description' => 'Package',
'amount' => '99',
'currency' => 'AUD',
'card_token' => Input::get('card_token'),
'ip_address' => Input::get('ip_address')
])->send();
Finally, it shouldn't really matter but if you'd like to know, I'm using Laravel 4.
Your example request has an amount of 99, the minimum amount for a Pin Payments charge is $1 (amount = 100).
I don't think this is the problem you are referring to though, it looks like Omnipay does not support using the card_token gear. If you go look over here - https://github.com/adrianmacneil/omnipay/blob/master/src/Omnipay/Pin/Message/PurchaseRequest.php#L34 - you can see Omnipay isn't sending the card_token field with it's request, it only tries to send card details, which obviously aren't present from your example!
Perhaps you could get in touch with the Omnipay developers or write a pull request yourself!
This is fixed in Omnipay v1.0.4 - you should be able to use the token like this:
$gateway = GatewayFactory::create('Pin');
$gateway->setSecretKey('MY_SECRET_KEY');
$response = $gateway->purchase([
'description' => 'Package',
'amount' => '99.00',
'currency' => 'AUD',
'token' => Input::get('token'),
'ip_address' => Input::get('ip_address'),
'card' => ['email' => 'user#email.com'],
])->send();