search

braintree / braintree_node

Braintree Node.js library
https://developer.paypal.com/braintree/docs/start/overview
MIT License
335 stars 104 forks source link

sdk ignoring environment parameter when using accessToken #117

Closed jamesdixon closed 6 years ago

jamesdixon commented 7 years ago

General information

Issue description

For background, we use Braintree Auth to bill our client's customers on their behalf.

When doing final testing for a new release, we will typically bring down a copy of our production database and load it into our staging environment. I typically overwrite any production braintree credentials stored with ones that were created in the braintree sandbox. However, I accidentally forgot to do this and was surprised when a number of charges were created on live accounts. I would have thought that production credentials wouldn't work in the sandbox. When I contacted braintree support, they told me just that.

Looking at my code, I can see that I'm setting the environment param when connecting to braintree gateway on behalf of my customer. However, if I use credentials that were created on production, the transaction still goes through on production rather than the sandbox specified.

Here's my code:

// Braintree credentials
const credentials = {
    accessToken: businessPaymentCredentials.accessToken, // these are the creds returned through the Braintree Auth flow
    environment: Braintree.Environment[process.env.BT_ENVIRONMENT] // process.env.BT_ENVIRONMENT is set to 'Sandbox'
};

// Connect to the Braintree gateway using the Business' credentials
const gateway = Braintree.connect(credentials);

// Process the transaction
return gateway.transaction.sale({
    amount: Money.floatToAmount(amount),
    paymentMethodToken: customerPaymentToken,
    orderId: invoiceId,
    taxAmount: Money.floatToAmount(taxAmount),
    channel: process.env.BT_CHANNEL_CODE,
    options: {
        submitForSettlement: true
    }
});

Note that if I log Braintree.Environment[process.env.BT_ENVIRONMENT] it resolves to {"server":"api.sandbox.braintreegateway.com","port":"443","authUrl":"https://auth.sandbox.venmo.com","ssl":true}

Am I missing something here?

Thanks!

bluk commented 7 years ago

For access tokens, when you pass in your access token, the environment is parsed from the access token value itself . The environment in your credentials JSON object is not necessary and ignored in this case. Hope that helps explain what is happening. We will look into adding a check to make this more obvious.

jamesdixon commented 7 years ago

Thanks for the reply. I think it would be good to make this known in the documentation and well as adding a check. I realize it may not be a common scenario to test against a copy of the production database, but we figured environment would be respected.

crookedneighbor commented 6 years ago

We've elected to add a warning message when you start up with an invalid environment for the access token. The next major version will error.

We'll update this issue when the warning has been added and released.

crookedneighbor commented 6 years ago

This is fixed (finally) in version 2.11.0 https://github.com/braintree/braintree_node/blob/master/CHANGELOG.md#2110