Authorize.Net Direct Post impending end-of-life

[rhoerr]

Moved from https://github.com/magento/magento2/issues/20230

Summary (*)

Magento 2.0-2.3.0 implements the Authorize.net Direct Post payment method, using Authorize.Net's AIM NVP (name-value pair) and DPM (direct post method) APIs.

Per Authorize.Net's published API Upgrade Guide, both AIM and DPM are deprecated, and DPM will be discontinued entirely on production as of 2019-07-01. At that point, anyone using the Authorize.net Direct Post payment method will presumably be unable to accept further payments.

https://developer.authorize.net/api/upgrade_guide/#dpm

Direct Post Method (DPM) STATUS: Deprecated. To be disabled in Sandbox 7/1/2018. Production End of Life 7/1/2019. ALTERNATIVE SOLUTION: Use Accept.js. DESCRIPTION: With the release of Accept.js, we have begun to deprecate and sunset our legacy DPM product. Going forward, we will correct bugs with DPM, but will not add any new functionality. We will end support for DPM in Sandbox on July 1, 2018, and will discontinue DPM entirely on July 1, 2019. We encourage you to upgrade your DPM solutions to use Accept.js.

Further, Authorize.Net will be disabling the MD5 hash configuration setting by 2019-02-01, at which point it won't be possible for new merchants to configure and enable the Direct Post payment method. https://developer.authorize.net/support/hash_upgrade/

Examples (*)

N/A

Proposed solution

Implement a modern Authorize.Net API.

[nathanjosiah]

@adriancr Thanks for your input on this issue. It is not advised to change core files, this prevents patches from applying, break the upgrade process, cause unexpected behavior that can't be supported, and cause confusing errors for other developers that may work with the codebase. Changing core files is your decision to make but please do not recommend others to do so as it creates a burden for other customers as well as our support team. Thank you!

[adriancr]

@nathanjosiah thanks for letting me know. I'm aware of that, I should have suggested to add the file to code/local/Mage/[rest of path]. I was in a relatively emergency mode so I just made that quick change over there. I'll change my comment to reflect that.

However the situation still remains, there's still an error with Auth.net in Magento 1. Is there some other place that I should be asking this? I notice this thread is mainly form Magento 2. Any help or guidance on this is well appreciated.

[pmathbliss]

On magento 2.2.6, is anyone else getting failed validating the sha after patching?

main.CRITICAL: The transaction was declined because the response hash validation failed. {"exception":"[object] (Magento\Framework\Exception\LocalizedException(code: 0): The transaction was declined because the response hash validation failed. at /html/vendor/magento/module-authorizenet/Model/Directpost.php:552)"

I'm seeing a few difference between request and response for case in the data.

For instance, the request sent 'x_test_request' => 'FALSE',

but the response was

'x_test_request' => 'false',

The Response::generateSha2Hash is using x_test_request.

Does case matter in the sha512 algorithm?

[Joker2099]

Just upgraded from 2.1.4 to 2.2.7 and installed the patch. Have the same exact issue as @pmathbliss

-Order is placed in Magento -Authorize charges money to the card but the Checkout page gives the message "Something went wrong..". -Authrorize's transact.dll says it couldn't send the response to the merchant but the transaction was approved etc. -Exception.log has [2019-03-08 20:29:40] main.CRITICAL: The transaction was declined because the response hash validation failed. {"exception":"[object] (Magento\\Framework\\Exception\\LocalizedException(code: 0): The transaction was declined because the response hash validation failed. at html/vendor/magento/module-authorizenet/Model/Directpost.php:552)"} []

After digging for hours...still haven't gotten anywhere with this.

Edit: I just got rid of the Signature Key and the code went back to MD5 hash validation, still not working same thing happens except there is no exception thrown in the log.

[pmathbliss]

@Joker2099 You have to revert the patch to go back to having Md5 working. the magento module doesnt appear to support both.

[Joker2099]

@pmathbliss I guess I will have to try that. I was hoping I didn't have to...but I have no clue what's happening with it. I'm guessing you didn't have any luck with yours either?

[pmathbliss]

@joker2099 no luck. I tried to manually fix the case issue but I still get false negatives. If anyone has a working copy of the magento-authorizenet module for 2.2.6 it would be greatly appreciated.

[Joker2099]

@pmathbliss You can probably get the 2.2.7 module and replace the files that were patched by the patch. I'm pretty sure nothing changed from 2.2.6 to 2.2.7, but even if it did it's worth a try. I will be undoing the patch tomorrow as well, but I will play with it a little more before that. Will post if anything changes.

[skilar]

I was able to install the patch in our testing environment, but now all transactions end up with this error.

I.e., they order is placed successfully on the backend, and the payment goes through to Auth.net, but the user sees an error.

Has anyone else encountered this?

[Joker2099]

@skilar does your app/etc/env.php have 'x-frame-options' => 'SAMEORIGIN' I've seen this error on some other thread and I believe that was one of the solutions.

[Joker2099]

@pmathbliss scratch all of my previous stupidity. My issue was as simple as...maintenance mode enabled. So Authorize.net wasn't able to access the x_relay_url from outside while my IP was allowed to go through maintenance mode.

Final result everything is working as supposed to.

[skilar]

@Joker2099 It does. I removed it but the error persists.

[pmathbliss]

This site is in maintenance mode.

Status: maintenance mode is not active

I am getting communication back from auth.net. Its getting the false negative comparing the response.

[Joker2099]

@pmathbliss what does Auth.net return to you? Specifically the transact.dll. Any other errors in server logs or magento logs?

[pmathbliss]

No errors other than the exception previously noted. I tracked the module back to where it tests the hashes.

I'm going to test on another server and hopefully get the same php version. This is on Nexcess Cloud if anyone is interested.

[Joker2099]

@pmathbliss we are on regular Nexcess mage but I don't think that makes a big of a difference. Well, let me know if you get any other info or if you find a fix.

Another thing, did you remove MD5 hash from the admin field? I kept mine as it was before the patch so now both hashes are there but per patch, only the SHA one gets checked first.

Double check the hash value that you got from Auth as well...all little things may become an issue like in my case with maintenance mode and my stupidity.

[nathanjosiah]

@gisjohn @adriancr Are both of you running a version of PHP greater than 5.4?

[donovandb]

Installed the composer patch for Magento 2.2.1 / PHP 7.0.33.

I think everything went smoothly.. other than broken credit card logos on checkout. I did a test order and no errors.. but I did not disable Md5 yet... so I'm not 100% sure.

By the way, I think AuthNet has extended the deadline from cutting off MD5: "MD5 Hash End of Life Moved to June 28, 2019"

[pmathbliss]

If anyone is using the copy button in Authorize.net to copy the signature key, make sure to remove the return from the front of the key. Why put in a copy button if it is going to copy the wrong value. 👎

Magento 2.2.6/PHP 7.1.26

[skilar]

Now hearing from Authorize.net that the revised date for MD5 end of life is June 28, 2019.

[pmathbliss]

Revised. I got it working on a magento 2.2.6/PHP 7.1.26 with regular Nexcess, but the cloud hosting is not working.

[mcspronko]

Pronko Consulting has built new Authorize.NET payment method extension to support all Magento 2.x versions. The extension follows Magento 2 standards, services isolation approach and uses Payment Gateway API.

[Shimon2]

I was planning on using the Authorize.net payment extension that is "sold" (for $0) on the magento marketplace. Authorize.net contracted with a third party to write it. It only works with the default checkout page. I use Mageplaza OSC and the Authorize.net extension does not work with it. Now I need to find a different solution. Has anyone gotten the patch to work on Magento 2.2.2 ?

[nathanjosiah]

Has anybody here filed a bug report regarding their issues with the patch?

[donovandb]

I've noticed some people having trouble with the patch. For what it's worth, here is what I did on PHP 7 / Mage 2.2.1, composer version:

1.) put the patch in /store/vendor/ 2.) as appropriate user, 'git apply "patchname"' 2.a.) 'cd ../' 3.) 'php bin/magento setup:upgrade' 4.) 'php bin/magento setup:di:compile' 5.) 'php bin/magento cache:flush' 6.) 'php bin/magento setup:static-content:deploy' 7.) Create Signature Key at Authorize Net portal, and fill it in in Magento Admin.. may have to flush cache again.

Donovan

[nathanjosiah]

Magento 2.3.1 Has been released which contains the new official module

2.2.8 has also been released which contains the official patch.

[sivaschenko]

Authorize.net was removed from Magento core. Please use the official extension from Magento Marketplace.

https://devdocs.magento.com/guides/v2.4/release-notes/release-notes-2-4-0-commerce.html

[nohart]

I am on Magento v1

Regards, Neal Hart

A Class Act Apparel

On Fri, Oct 23, 2020, 8:12 AM Sergii Ivashchenko notifications@github.com wrote:

Authorize.net was removed from Magento core. Please use the official extension from Magento Marketplace.

https://devdocs.magento.com/guides/v2.4/release-notes/release-notes-2-4-0-commerce.html

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/magento/community-features/issues/127#issuecomment-715402911, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAYPV5RXFRQUAYNV6JNPFMLSMGMNDANCNFSM4GPY2ESA .

[nathanjosiah]

@nohart Unfortunately Magento 1 has reached end of life as of June 30, 2020 (https://magento.com/blog/magento-news/support-magento-1-software-ends-june-30-2020) You can try to open an issue with the unofficial community-maintained version of magento 1 here https://github.com/OpenMage/magento-lts

[robolmos]

FYI the official marketplace extension doesn't state support for 2.4, and according to Authorize.Net forums, doesn't support PHP 7.3 either: https://community.developer.authorize.net/t5/Integration-and-Testing/Magento-2-4-and-Authorize-net/m-p/72784

I'm sure this is Authorize.Net's issue to resolve though.

[JosephMaxwell]

I know this isn't "Authorize.net Direct Post", but we use the ParadoxLabs module (free) and it works great: https://marketplace.magento.com/paradoxlabs-authnetcim.html

The module is updated regularly, see their Release notes tab.

Sounds like there is a problem, though, with the MagePlaza OSC. I'm not a fan of those checkouts for this reason.