search

activemerchant / active_merchant

Active Merchant is a simple payment abstraction library extracted from Shopify. The aim of the project is to feel natural to Ruby users and to abstract as many parts as possible away from the user to offer a consistent interface across all supported gateways.
http://activemerchant.org
MIT License
4.55k stars 2.5k forks source link

Ability to SELECT_DATA from Vault for Sage Gateway? (Passing in store GUID) #3659

Open benparsell opened 4 years ago

benparsell commented 4 years ago

Hi!

I'm running into an issue where after running a store operation and holding onto the GUID from the sagepayments API and trying to authorize, my application passes in the GUID token as a string under the credit_card parameter for the add_credit_card method where it expects that parameter to be a full CC object.

At what point would this class run a SELECT_DATA operation from the sagepayments API to pull down CC data from the vault? Is that an expectation of the user's application and then passing a full credit_card object to this class (that seems like a potential security concern)? Would it make sense for me to decorate the add_credit_card method to run my own SELECT_DATA operation if I know that the credit_card parameter is a string?

github-actions[bot] commented 1 week ago

To provide a cleaner slate for the maintenance of the library, this PR/Issue is being labeled stale after 60 days without activity. It will be closed in 14 days unless you comment with an update regarding its applicability to the current build. Thank you!