- Issue created by @trrroy
This patch adds a few new features that I've been using successfully in production. The addition of Accept Hosted payment method to get to SAQ-A is a major benefit for PCI compliance.
The new features include:
Using Commerce_Cardonfile integration adds features for a customer to manage their account information and to use stored card information for future transactions. It works with Commerce_Cardonfile to store the tokens from Authorize's CIM feature. There's been a change made from the previous handling of the expiration date. The Commerce_Cardonfile used to store the date and check it to see if the card was still valid before it tried the transaction with Authorize. The Accept Hosted process does not return the expiration date so it's setting all cards to '99. Then the real card expiration gets checked during the transaction on Authorize's end with the tokenized card information.
I don't think Commerce_Cardonfile integration is required but I haven't tested it without. I think you can still do simple transactions with the iFramed form.
One thing that might seem a little strange (and might be able to be improved) is the final step of the transaction process. The iFrame returns to a success page but it's inside of the iFrame. For me, my whole site is wrapped in a script to break out of iframes so there's a flash of the user dashboard page inside the iFrame but the whole page then reloads to the user dashboard. It's not ideal but the user gets where they need to be.
I'm in the process of upgrading from D7 to D10. Hopefully, someone with more D10 experience than me sees the value in the SAQ-A compliance and can port this to D10. π π
Needs review
1.6
Code