search

ambroisemaupate / omnipay-sips2

Omnipay gateway for Worldline Sips PayPage POST API (Atos Sips 2.0)
5 stars 5 forks source link

Beware: the status code '60' does not mean the payment was successful. #1

Closed filipheymans closed 6 years ago

filipheymans commented 7 years ago

src/Message/CompletePurchaseResponse.php

 /**
   * @inheritDoc
   */
  public function isSuccessful()
  {
      return $this->isValid() && in_array($this->getCode(), array('00', '60'));
  }

Code '60' should not be handled as a successful transaction.

ambroisemaupate commented 7 years ago

It’s easier to accept pending transaction as successful. Omnipay does not provide a isPending method so we can’t say that pending is refused.

http://omnipay.thephpleague.com/api/responses/

BTW the original lib use 00 and 60 response as successful.

https://github.com/worldline/Sips-International-non-FR-PHPlibrary/blob/master/lib/Sips/PaymentResponse.php#L135

filipheymans commented 7 years ago

There is a way to fake a pending transaction in Worldline (without actually making one). If this is then handled as "ok" by the application and eg. mails are being sent, places are being reserved; this can be a bad thing. Therefore I don't agree this should be seen as succesful.

$response = $gateway->purchase(['amount' => '10.00', 'card' => $card])->send();
if ($response->isSuccessful()) {
    // payment is complete
} elseif ($response->isRedirect()) {
    $response->redirect(); // this will automatically forward the customer
} else {
    // not successful
}

I'm not sure which payment methods actually respond with code '60'. We are using payment methods Bancontact/MisterCash/MasterCard/VISA which all result in code '00'.

The Worldline library you are referring to is no longer supported by them. We received the following message from their support team (in Dutch):

De library die u kan vinden op github is geen officiele library van Worldline. Deze library is wel opgesteld door mensen van wordlline die op dat moment met dit project bezig waren. Deze wordt niet actief ondersteund en of aangepast.

ambroisemaupate commented 7 years ago

@filipheymans OK then, but are we sure that the notify url will be requested once the transaction is really successful or cancelled (a second time) ?

In the other hand, if pending is not successful, you should not trigger emails or free places because the transaction is pending and not cancelled.

In better words, Omnipay should support this pending case.

ambroisemaupate commented 7 years ago

BTW feel free to create a pull request.

filipheymans commented 7 years ago

I haven't tested the pending transaction flow so I can't tell if Worldline actually sents another request to complete an pending transaction. And if not, should the application manager complete pending orders once payment is received?

It should indeed trigger another workflow eg. "temporary reserved" e-mail and places. I agree that Omnipay should support this behavior. There already seems to exists an issue about this: https://github.com/thephpleague/omnipay/issues/433.

I'll make a PR. Thank you for the quick responses & the omnipay integration! :)

ambroisemaupate commented 7 years ago

@filipheymans You’re welcome and thanks for your help and your suggestions