The core of the e-commerce part of the overall solution. This is an ecommerce shopping cart solution built on top of the DNN (DotNetNuke) CMS. Anyone can do commerce online now!
If this request requires additional support (e.g., such as direct email/phone/meeting/development), I have the following interest in helping to sponsor the effort via GitHub Sponsors:
[ ] None, please continue to work for me for free :P
[ x] Absolutely, I get value out of this!
[ ] Maybe later
[x] I'm already a sponsor... Woot!
Describe the bug
Credit Cards numbers not tokenized (or do I mean encrypted?) using Stripe Payment Gateway
Software Versions
DNN: 09.13.01
Hotcakes: 03.08.01
To Reproduce
Steps to reproduce the behavior:
Payment Methods>Credit Cards> Gateway "Stripe"
In Sandbox using API and Public Keys
Submit any payment in any amount. Nothing appears to occur on public site.
Expected behavior
Site should send credit card payment to Stripe Gateway and return to store with approved payment
Actual behavior
Nothing appears to occur, however the Stripe Gateway sandbox records an error I presume that the credit card information is not properly encrypted or otherwise obfuscated for use.
Screenshots
NA
Error log
Note: Debug DLL's
Please replace the current extension DLL's with the debug DLL's (if these are available with the release) and reproduce the error with the debug DLL's before pasting the error log.
STRIPE ERROR LOG
ID
req_aeCbRcu1sGNf7v
Time
12/8/23, 5:01:38 PM
IP address
(my IP address here)
API version
2022-11-15
Source
Stripe/v1 .NetBindings/41.2.0
Idempotency
Key — b0024065-876a-4941-a903-b477228208f9
invalid_request_error
Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing.
If I was smarter/more experienced I would attempt to fix this. Are there any suggestions on a method/path/tutorial to encrypt credit card data? Can I use an existing processor to view this in action?
Sponsorship
If this request requires additional support (e.g., such as direct email/phone/meeting/development), I have the following interest in helping to sponsor the effort via GitHub Sponsors:
Describe the bug
Credit Cards numbers not tokenized (or do I mean encrypted?) using Stripe Payment Gateway
Software Versions
To Reproduce
Steps to reproduce the behavior:
Payment Methods>Credit Cards> Gateway "Stripe" In Sandbox using API and Public Keys
Submit any payment in any amount. Nothing appears to occur on public site.
Expected behavior
Site should send credit card payment to Stripe Gateway and return to store with approved payment
Actual behavior
Nothing appears to occur, however the Stripe Gateway sandbox records an error I presume that the credit card information is not properly encrypted or otherwise obfuscated for use.
Screenshots
NA
Error log
Note: Debug DLL's
Please replace the current extension DLL's with the debug DLL's (if these are available with the release) and reproduce the error with the debug DLL's before pasting the error log.
STRIPE ERROR LOG
ID req_aeCbRcu1sGNf7v Time 12/8/23, 5:01:38 PM IP address (my IP address here) API version 2022-11-15 Source Stripe/v1 .NetBindings/41.2.0 Idempotency Key — b0024065-876a-4941-a903-b477228208f9
invalid_request_error Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing.
REQUEST { "type": "card", "card": { "number": "****4242", "exp_month": "12", "cvc": "***", "exp_year": "2028" } }
RESPONSE
{ "error": { "message": "Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable raw card data APIs in test mode, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.", "request_log_url": "https://dashboard.stripe.com/test/logs/req_UAhzJcybLWdzR5?t=1702072924", "type": "invalid_request_error" } }
Additional context
If I was smarter/more experienced I would attempt to fix this. Are there any suggestions on a method/path/tutorial to encrypt credit card data? Can I use an existing processor to view this in action?