Can't work with live model srmklive-paypal - php

I'm working with srmk/paypal package 1.0.
Been working with this awesome package for some months in sandbox mode, yet I've been struggling to work with live mode.
I've been all over the issues others had and elsewhere and haven't been able to find a solution for this.
If I remove sandbox credentials I get an infinite loop right after dd($response) from $response = $provider->setExpressCheckout($checkoutData);
I'm using 1.0 so ExpressCheckout should not be the problem
I've tested on live server with same results.
My config
return [
'mode' => 'live', // Can only be 'sandbox' Or 'live'. If empty or invalid, 'live' will be used.
'sandbox' => [
'username' => env('PAYPAL_SANDBOX_API_USERNAME', ''),
'password' => env('PAYPAL_SANDBOX_API_PASSWORD', ''),
'secret' => env('PAYPAL_SANDBOX_API_SECRET', ''),
'certificate' => env('PAYPAL_SANDBOX_API_CERTIFICATE', ''),
'app_id' => 'APP-80W284485P519543T', // Used for testing Adaptive Payments API in sandbox mode
],
'live' => [
'username' => env('PAYPAL_LIVE_API_USERNAME', ''),
'password' => env('PAYPAL_LIVE_API_PASSWORD', ''),
'secret' => env('PAYPAL_LIVE_API_SECRET', ''),
'certificate' => env('PAYPAL_LIVE_API_CERTIFICATE', ''),
'app_id' => '', // Used for Adaptive Payments API
],
'payment_action' => 'Sale', // Can only be 'Sale', 'Authorization' or 'Order'
'currency' => env('PAYPAL_CURRENCY', 'MXN'),
'billing_type' => 'MerchantInitiatedBilling',
'notify_url' => '', // Change this accordingly for your application.
'locale' => env('PAYPAL_LOCALE', 'es_ES'), // force gateway language i.e. it_IT, es_ES, en_US ... (for express checkout only)
'validate_ssl' => false, // Validate SSL when creating api client.
];
env and env.example
#PayPal Setting & API Credentials - sandbox
PAYPAL_SANDBOX_API_USERNAME=sb-tr4z02598960_api1.business.example.com
PAYPAL_SANDBOX_API_PASSWORD=VSYUE32AU7MT7VY4
PAYPAL_SANDBOX_API_SECRET=ACdNh.ieqXXfGzIFBkj6F-fUdA49AIBmvpyOyz5MhLCsLyQVdcB74zVJ
PAYPAL_SANDBOX_API_CERTIFICATE=
#PayPal Setting & API Credentials - live
PAYPAL_LIVE_API_USERNAME=********************api1.gmail.com
PAYPAL_LIVE_API_PASSWORD=**********************K9W
PAYPAL_LIVE_API_SECRET=******************************FCBABE
PAYPAL_LIVE_API_CERTIFICATE= storage_path('cert_key_pem.txt'); // also tested empty
I use the new API credentials provided by PayPal
public function getExpressCheckout ($orderId) {
$checkoutData = $this->checkoutData($orderId);
$provider = new ExpressCheckout();
$response = $provider->setExpressCheckout($checkoutData);
dd($response);
return redirect($response['paypal_link']);
}
private function checkoutData($orderId)
{
$cart = \Cart::getContent();
$cart2 = \Cart::getTotal();
$cartItems = array_map( function($item){
return [
'name' => $item['name'],
'price' => $item['price'],
'qty' => $item['quantity']
];
}, $cart->toarray());
$checkoutData = [
'items' => $cartItems,
'return_url' => route('paypal.success', $orderId),
'cancel_url' => route('paypal.cancel'),
'invoice_id' => uniqid(),
'invoice_description' => 'order description',
'total' => $cart2
];
return $checkoutData;
}
public function getExpressCheckoutSuccess(Request $request, $orderId)
{
$token = $request->get('token');
$payerId = $request->get('PayerID');
$provider = new ExpressCheckout();
$checkoutData = $this->checkoutData($orderId);
$response = $provider->getExpressCheckoutDetails($token);
if (in_array(strtoupper($response['ACK']),['SUCCESS','SUCCESSWITHWARNING'])) {
$payment_status = $provider->doExpressCheckoutPayment($checkoutData,$token,$payerId);
$status = $payment_status['PAYMENTINFO_0_PAYMENTSTATUS'];
if (in_array($status, ['Completed','Processed'])) {
$order = Order::find($orderId);
$order->is_paid = 1;
$order->save();
Mail::to($order->buyer_email)->send(new OrderMail($order));
\Cart::clear();
return view ('newOrder.success', compact('order'));
}
The infinite loop pops when calling this function from the package
private function doPayPalRequest($method)
{
// Setup PayPal API Request Payload
$this->createRequestPayload($method);
try {
// Perform PayPal HTTP API request.
$response = $this->makeHttpRequest();
// dd($response); // I'm stuck here
return $this->retrieveData($method, $response);
} catch (Throwable $t) {
$message = collect($t->getTrace())->implode('\n');
}
return [
'type' => 'error',
'message' => $message,
];
}
Thanks all,

Related

Amazon Pay SDK InvalidSignatureError

I'm integrating Amazon Pay php SDK from documentation, but getting this error.
Here's my php implementation code:
$amazonpay_config = array(
'public_key_id' => 'XXXXXXXX',
'private_key' => 'my_private_key_path',
'region' => 'US',
'sandbox' => true
);
$payload = array(
'webCheckoutDetails' => array(
'checkoutReviewReturnUrl' => 'https://www.example.com/review',
'checkoutResultReturnUrl' => 'https://www.example.com/result'
),
'storeId' => 'amzn1.application-oa2-client.XXXXXXXXX'
);
$headers = array('x-amz-pay-Idempotency-Key' => uniqid());
$requestResult = [
'error' => 1,
'msg' => 'Error. Can not create checkout session.',
'checkoutSession' => null,
'payloadSign' => null
];
$client = new Client($amazonpay_config);
$resultCheckOut = $client->createCheckoutSession($payload, $headers);
$resultSignPayload = $client->generateButtonSignature($payload);
if($resultCheckOut['status'] !== 201) {
return json_encode($requestResult, true);
}
else {
$requestResult = [
'error' => 0,
'msg' => null,
'checkoutSession' => json_decode($resultCheckOut['response']),
'payloadSign' => $resultSignPayload
];
return $requestResult;
}
Here's JS implementation code for generating Amazon Pay button.
amazon.Pay.renderButton('#amazon-pay-btn', {
// set checkout environment
merchantId: 'XXXXXXXX',
ledgerCurrency: 'USD',
sandbox: true,
checkoutLanguage: 'en_US',
productType: 'PayOnly',
placement: 'Cart',
buttonColor: 'Gold',
createCheckoutSessionConfig: {
payloadJSON: jsonResult['checkoutSession'],
signature: jsonResult['payloadSign'],
publicKeyId: 'XXXXXXXXXXX'
}
});

Couple of problems with the code, mainly that you aren't passing the payload and signature to the front-end correctly. For the payload, you're using jsonResult['checkoutSession'], while it should be jsonResult['payloadSign']. This doesn't contain the payload though but from the PHP code it's apparently the signature that you have put in there. The full code sample should more like this (not tested).
Back-end:
$headers = array('x-amz-pay-Idempotency-Key' => uniqid());
$requestResult = [
'error' => 1,
'msg' => 'Error. Can not create checkout session.',
'signature' => null,
'payload' => null
];
$client = new Client($amazonpay_config);
$resultCheckOut = $client->createCheckoutSession($payload, $headers);
$resultSignature = $client->generateButtonSignature($payload);
if($resultCheckOut['status'] !== 201) {
return json_encode($requestResult, true);
}
else {
$requestResult = [
'error' => 0,
'msg' => null,
'signature' => $resultSignature,
'payload' => $payload
];
return json_encode($requestResult);
}
Front-end:
amazon.Pay.renderButton('#amazon-pay-btn', {
// set checkout environment
merchantId: 'XXXXXXXX',
ledgerCurrency: 'USD',
sandbox: true,
checkoutLanguage: 'en_US',
productType: 'PayOnly',
placement: 'Cart',
buttonColor: 'Gold',
createCheckoutSessionConfig: {
payloadJSON: JSON.stringify(jsonResult['payload']),
signature: jsonResult['signature'],
publicKeyId: 'XXXXXXXXXXX'
}
});
I'm not sure how you're passing $requestResult back to the front-end, potentially there's some additional JSON encoding/decoding required to get the right string. To prevent a signature mismatch error, please make sure that the payload string used for the signature generation in the backend, and the payload string assigned to the 'payloadJSON' parameter match exactly (especially pay attention to whitespaces, escape characters, line breaks, etc.).

Two comments about this issue:
I have defined the payload as an string (that's the way current AmazonPay doc states - Link).
$payload = '{
"webCheckoutDetails": {
"checkoutReviewReturnUrl": "https://www.example.com/review",
"checkoutResultReturnUrl": "https://www.example.com/result"
},
"storeId": "amzn1.application-oa2-client.XXXXXXXXX"
}';
instead of array
$payload = array(
'webCheckoutDetails' => array(
'checkoutReviewReturnUrl' => 'https://www.example.com/review',
'checkoutResultReturnUrl' => 'https://www.example.com/result'
),
'storeId' => 'amzn1.application-oa2-client.XXXXXXXXX'
);
The signature was created, but when rendering the button and clicking on it I get the following error.
Error Message: Signature Dk4qznkoiTVqjcY8Yn1l0iLbsoIj2pEAHWVtgYrphLtFXR9BKhJJPD53It4qYOswS1T/STYMHRy5jtCHGqvLntDjuy0MrhkpoHTpYEtwdOqGHA2qk+QnSGV5LoYldQ/UkAxSG7m8s2iOr11q2sWxUjrk2M3fgzAIxDeZRjJYeAr97eGANYva3jtGDfM6cJdieInBM4dEWWxKqGIh6HxOrY5K/ga26494vAwZAGvXRhZG48FOVp/XCr0mbu6V5pkEOzRJSc+hN5WKAs/c49UsfKPx75Ce7QbaBCZZT1UiczfyYx/mBuZuysUlGmnXPhLOLTPw4+SIizH/pOQyClOQyw== does not match signedString AMZN-PAY-RSASSA-PSS dfff7a87b93cfa78685a233f2dd59e18ad0451b2e3a90af11e500fcc0ceee924 for merchant XXXXXXXX
I was some time till I realized that this was the reason of the error. Actually, while writing this, the new lines in the string were the reason. If string is only in one line, it works.
The button only needs the payload and the signed payload. The $client->createCheckoutSession is not needed. More over, the checkoutSessionId of the resultCheckOut is different from the one obtained when the checkoutReviewReturnUrl is called.

How to process a refund with Omnipay - NAB Transact

I am trying to do the refund process and it is connected to the nab test mode server but not processing the refund transaction.
I did a transaction yesterday and wanted to refund the part money but it is not going through and shows the error that Credit card details not available (Error Code 133).
I am sending the request using TransactionID and TransactionReference and the amount to be deducted but not working.
My code:-
public function pay()
{
$gateway = Omnipay::create('NABTransact_SecureXML');
$gateway->setMerchantId('XYZ0010');
$gateway->setTransactionPassword('abcd1234');
$gateway->setTestMode(true);
$card = new CreditCard([
'firstName' => 'ABC',
'lastName' => 'DEF',
'number' => '4444333322221111',
'expiryMonth' => '05',
'expiryYear' => '2025',
'cvv' => '123',
]
);
$transaction = $gateway->purchase([
'amount' => '5000.00',
'currency' => 'AUD',
'transactionId' => '100321', // (My order ID)
'card' => $card,
]
);
$response = $transaction->send();
}
The transactionID i got here is: 706256
please view the screenshot for the above transaction in the NAB:
public function refund()
{
$gateway = Omnipay::create('NABTransact_SecureXML');
$gateway->setMerchantId('XYZ0010');
$gateway->setTransactionPassword('abcd1234');
$gateway->setTestMode(true);
$card = ([
'firstName' => 'ABC',
'lastName' => 'DEF',
'number' => '4444333322221111',
'expiryMonth' => '05',
'expiryYear' => '2025',
'cvv' => '123',
]
);
$refund = $gateway->refund([
'transactionReference' => "706256",
'amount' => "5.00",
'currency' => "AUD",
'transactionId' => "100321",
'messageID' => '4',
'card' => $card,
]);
$refund->send();
}
please view the screenshot for the above transaction in the NAB when
trying to refund:

yes, i had solved it.
this is the sample of my code:
$gateway = Omnipay::create('NABTransact_SecureXML');
gateway->setMerchantId('_ID_');
$gateway->setTransactionPassword('_PASSWORD_');
$gateway->setTestMode(false);
$refund = $gateway->refund([
'transactionReference' => "12345",
'amount' => "500",
'transactionId' => 765897, (hope u must have saved this number in DB)
]);
$response = $refund->send();
$message = $response->getMessage();
if ($response->isSuccessful()) {
return "I m Happy"
} else {
return back()->with('amountError', $message);
}
Let me know how did it go :)

Authentication Fail at Functional Test in Symfony 3

I am newbie for Symfony. I am trying do functional test for UserController. But I don't know how can do it. Because response 401 not equals 200. How can I skip authentication. My codes below:
public function testGetAction() {
$expected = array(
'user'=>
array(
'id' => 1,
'tcId' => "23456789415",
'email' => '*********',
'firstName' => '****',
'lastName' => '****'
)
);
$expect = json_encode($expected);
$fixtures = array('AppBundle\DataFixtures\ORM\LoadUserData');
$this->loadFixtures($fixtures);
$users = LoadUserData::$users;
$this->client->request('GET', 'ajax/users/'.$users[0]->getTcId(), array('ACCEPT' => 'application/json'));
$response = $this->client->getResponse();
$content = $response->getContent();
$this->assertJsonResponse($response, 200);
$this->assertEquals($expect , $content);
}
And my problem is here:
3) AppBundle\Tests\Controller\UserControllerTest::testGetAction
{"code":401,"message":"Authentication Required"}
Failed asserting that 401 matches expected 200.

Omnipay 3Dsecure redirect

I am using Omnipay to allow users to pay using Cardsave.
I have the following:
\Omnipay::setTestMode(true);
$transactionId = date('YmdHis').$booking->space->id.$booking->user->id;
$response = $gateway->purchase([
'amount' => $booking->price,
'currency' => 'GBP',
'card' => $card,
'transactionId' => $transactionId,
'cancelUrl' => \base_url('cardsave/cancel/'.$booking->id),
'returnUrl' => \base_url('cardsave/confirm/'.$booking->id)
])->send();
if ($response->isSuccessful()) {
$transactionReference = $response->getTransactionReference();
//save the transaction reference in case of refund
return ['status' => 'success', 'message' => 'Reservation process complete'];
} elseif ($response->isRedirect()) {
\Log::info('3DSecure redirect');
$booking->addAdditional(['3dsecure_transaction_id' => $transactionId]);
return [
'status' => 'redirect',
'form_html' => $response->getRedirectResponse()->getContent()
];
}
throw new PaymentException ($response->getMessage());
and my confirm url goes to the following method:
$transactionId = $booking->getAdditional('3dsecure_transaction_id');
$response = $gateway->completePurchase([
'amount' => $amount,
'transactionId' => $transactionId,
'currency' => 'GBP',
])->send();
if ($response->isSuccessful()) {
$transactionReference = $response->getTransactionReference();
return $this->finalise($booking, $transactionReference);
} else {
$this->cancel($booking);
}
But looking through the code for league/omnipay-cardsave, I see the following:
$md = $this->httpRequest->request->get('MD');
$paRes = $this->httpRequest->request->get('PaRes');
if (empty($md) || empty($paRes)) {
throw new InvalidResponseException;
}
So my question is (and I realise it is probably dumb, but I can't seem to grok this, for some reason), where is that request coming from, if I just instantiated the gateway?
I think I am doing this wrong.
EDIT:
I have discovered that the return call from the 3DSecure thing comes with the MD and PaRes values as POST parameters. This allows me to set them on the gateway. How do I do that? Is it done automatically when I instantiate the gateway?

I was right, the question was dumb.
After reading the code, and trying it out, I found out that the AbstractGateway uses Symfony's request class to automatically pickup POST variables, amongst which are in this case, 'MD' and 'PaRes'.
In fact, it says so in the CompletePurchase class:
$md = $this->httpRequest->request->get('MD');
$paRes = $this->httpRequest->request->get('PaRes');
httpRequest is setup in AbstractGateway.
Basically, it just works.

how to setup recurring payments in paypal

I'm trying to setup recurring payments in paypal with PHP. But the problem that I'm having is that I don't know if I'm doing the right thing. I have this class which makes the request to the Paypal API:
<?php
class Paypal {
protected $_errors = array();
protected $_credentials = array(
'USER' => 'my-user-id',
'PWD' => 'my-pass',
'SIGNATURE' => 'my-signature',
);
protected $_endPoint = 'https://api-3t.sandbox.paypal.com/nvp';
protected $_version = '74.0';
public function request($method,$params = array()) {
$this -> _errors = array();
if( empty($method) ) {
$this -> _errors = array('API method is missing');
return false;
}
$requestParams = array(
'METHOD' => $method,
'VERSION' => $this -> _version
) + $this -> _credentials;
$request = http_build_query($requestParams + $params);
$http_header = array(
'X-PAYPAL-SECURITY-USERID' => 'my-user-id',
'X-PAYPAL-SECURITY-PASSWORD' => 'my-pass',
'X-PAYPAL-SECURITY-SIGNATURE' => 'my-signature',
'X-PAYPAL-REQUEST-DATA-FORMAT' => 'JSON',
'X-PAYPAL-RESPONSE-DATA-FORMAT' => 'JSON'
);
$curlOptions = array (
CURLOPT_HTTPHEADER => $http_header,
CURLOPT_URL => $this -> _endPoint,
CURLOPT_VERBOSE => 1,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $request
);
$ch = curl_init();
curl_setopt_array($ch,$curlOptions);
$response = curl_exec($ch);
if (curl_errno($ch)) {
$this -> _errors = curl_error($ch);
curl_close($ch);
return false;
} else {
curl_close($ch);
$responseArray = array();
parse_str($response,$responseArray);
return $responseArray;
}
}
}
?>
Then I'm making the initial request like this:
session_start();
require_once('Paypal.php');
$paypal = new Paypal();
$amount = 1;
$requestParams = array(
'RETURNURL' => 'http://localhost/tester/paypal/new_test/test_done.php',
'CANCELURL' => 'http://localhost/tester/paypal/new_test/test_cancel.php',
'NOSHIPPING' => '1',
'ALLOWNOTE' => '1',
'L_BILLINGTYPE0' => 'RecurringPayments',
'L_BILLINGAGREEMENTDESCRIPTION0' => 'site donation'
);
$orderParams = array(
'PAYMENTREQUEST_0_AMT' => '1',
'PAYMENTREQUEST_0_CURRENCYCODE' => 'USD',
'PAYMENTREQUEST_0_ITEMAMT' => $amount
);
$item = array(
'L_PAYMENTREQUEST_0_NAME0' => 'site donation',
'L_PAYMENTREQUEST_0_DESC0' => 'site donation',
'L_PAYMENTREQUEST_0_AMT0' => $amount,
'L_PAYMENTREQUEST_0_QTY0' => '1'
);
$response = $paypal->request('SetExpressCheckout', $requestParams + $orderParams + $item);
$sandbox_location = 'https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=';
if(is_array($response) && $response['ACK'] == 'Success'){
$token = $response['TOKEN'];
$_SESSION['token'] = $token;
header('Location: ' . $sandbox_location . urlencode($token));
}
?>
As you can see I'm using the SetExpressCheckout API method to get the token that I need and store it in a session so that I can use it later with the request for CreateRecurringPaymentsProfile.
I'm currently redirected to a page similar to this:
Once the user is done logging in with paypal and confirming the amount it redirects to the success page that I've specified which contains this code:
session_start();
require_once('Paypal.php');
$amount = 1;
$paypal = new Paypal();
$token_param = array('TOKEN' => $_SESSION['token']);
$current_date = date('Y-m-d');
$recurring_payment_params = array(
'PROFILESTARTDATE' => gmdate('Y-m-d H:i:s', strtotime($current_date . ' + 1 months')),
'DESC' => 'site donation',
'BILLINGPERIOD' => 'Month',
'BILLINGFREQUENCY' => '1',
'TOTALBILLINGCYCLES' => '0',
'AMT' => $amount
);
$recurringpayment_response = $paypal->request('CreateRecurringPaymentsProfile', $recurring_payment_params + $token_param);
This works, I've verified in the sandbox account that the recurring payment profile was created and that the next billing due is next month. But the problem is that its not really visible in the paypal interface (the screenshot earlier) that they're paying for a subscription. Perhaps I'm getting the redirect url wrong? (https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&token=) or do I have to add additional arguments to the SetExpressCheckout method? Please help.

You're only showing the login screen. After you login you'll see information about the subscription and the button will see "Agree and Pay" or "Agree and Continue" (depending on your useraction value in the return URL) instead of just "Pay" or "Continue".

Categories