jazzband / django-payments

Universal payment handling for Django.
https://django-payments.readthedocs.io
Other
1.07k stars 282 forks source link

Braintree tokens #112

Open litchfield opened 8 years ago

litchfield commented 8 years ago

The braintree backend should be using the client side javascript tokens approach- so we can stay fully PCI compliant. Any thoughts on this?

dappiu commented 8 years ago

Braintree no longer offers Transparent Redirect. Supported methods that helps with PCI compliance now are called "Drop-in" and "Hosted Fields" An example of using the Drop-in interface with a Python backend server can be found on braintree's GitHub here.

At this time Braintree support is completely broken, but it seems to me that supporting the new methods should be much simpler than it was before (but I do not have the expertise needed to figure out how to update the existing code, sorry).

litchfield commented 8 years ago

Hi @dappiu, I'm not talking about any type of redirect. Tokens are the standard way of implementing modern payment gateways (Braintree, Stripe, etc).

Hosted Fields were a response to the introduction of SAQ-A standard, but are no longer necessary since SAQ-A-EP which was released shortly after. Drop-in is obviously not for everybody.

dappiu commented 8 years ago

@litchfield what I was saying is that the method currently in use in latest django-payments release, that was called Transparent Redirect, do not work anymore so I was just agreeing with you that the .js library with Tokens is the way to go

patrys commented 8 years ago

@bogdal, @mociepka: I think we should plan to solve this soon. We don't want to block people from accepting payments and I understand that this is the case currently.

dappiu commented 8 years ago

I managed to get it working, apparently was not that Braintree stopped supporting the current used method, but an incompatibility with <class 'django_countries.fields.Country'> that was passed to xml_from_dict() in braintree/util/xml_util.py raising this exception: RuntimeError: Unexpected XML node type: <class 'django_countries.fields.Country'>

What I did as a temporary workaround was to edit payments/braintree/forms.py at line 51, replacing 'country_code_alpha2': self.payment.billing_country_code} with 'country_code_alpha2': str(self.payment.billing_country_code)}

But I don't have any idea if this can be used as a definitive fix or may cause other troubles in other scenarios, so I'm leaving further review to you guys. I'm using django-payments==0.9.4 with Python 3.5

EDIT: Sorry, I realize that I brought this thread off-topic, let me know if I should open another issue or a pull request with the fix I suggested.