Adding some new features including Accept Hosted payment method

Created on 15 January 2024, 11 months ago
Updated 23 January 2024, 11 months ago

This patch adds a few new features that I've been using successfully in production. The addition of Accept Hosted payment method to get to SAQ-A is a major benefit for PCI compliance.

The new features include:

  1. Accept Hosted payment method to get to the simplest level PCI compliance, SAQ-A. This puts the payment form into an embedded iFrame which prevents any handling of the transaction on the Drupal servers.
    • Provides an Authorize.net CIM (Customer Information Management) form to update customers' information in another embedded iFrame.
    • Adds a webhook to receive messages from Authorize.net about the results of the iFrame transactions.
  2. Adds admin form fields for Accept Hosted credentials (API keys, etc.).
  3. Handles $0 transactions.

Using Commerce_Cardonfile integration adds features for a customer to manage their account information and to use stored card information for future transactions. It works with Commerce_Cardonfile to store the tokens from Authorize's CIM feature. There's been a change made from the previous handling of the expiration date. The Commerce_Cardonfile used to store the date and check it to see if the card was still valid before it tried the transaction with Authorize. The Accept Hosted process does not return the expiration date so it's setting all cards to '99. Then the real card expiration gets checked during the transaction on Authorize's end with the tokenized card information.

I don't think Commerce_Cardonfile integration is required but I haven't tested it without. I think you can still do simple transactions with the iFramed form.

One thing that might seem a little strange (and might be able to be improved) is the final step of the transaction process. The iFrame returns to a success page but it's inside of the iFrame. For me, my whole site is wrapped in a script to break out of iframes so there's a flash of the user dashboard page inside the iFrame but the whole page then reloads to the user dashboard. It's not ideal but the user gets where they need to be.

I'm in the process of upgrading from D7 to D10. Hopefully, someone with more D10 experience than me sees the value in the SAQ-A compliance and can port this to D10. 😁 πŸ™

✨ Feature request
Status

Needs review

Version

1.6

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States trrroy

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024