search

thephpleague / omnipay-eway

eWay driver for the Omnipay PHP payment processing library
MIT License
13 stars 17 forks source link

Add eWAY Rapid Direct Connection #8

Closed incarnate closed 9 years ago

incarnate commented 9 years ago

This pull request adds the final eWAY Rapid API, Direct Connection. It includes purchase, authorise, capture and create/update card. Full unit test coverage and documentation is also present.

eWAY's Rapid Direct replaces the older Direct XML API which is implemented in the "Eway_Direct" gateway (at this stage I've just left a note in that class).

alexw23 commented 9 years ago

Looking good - does this support client side encryption on the card number/CVN - so that we can meet PCI compliance. The issue I had with this was that if you set 'card_number' to the encrypted string it fails omnipays validation.

https://eway.io/api-v3/#client-side-encryption

incarnate commented 9 years ago

Hi Alex, thanks! Your eWAY Direct integration is great, but obviously we'd love everyone to get all the features of Rapid.

Yes this does work with client side encryption, although I had to add some extra fields to the request for it since the CreditCard object won't accept the encrypted card number.

A brief example with the encrypted card data is as follows:

// Do a purchase transaction on the gateway
$request = $gateway->purchase(array(
    'amount'            => '10.00',
    'currency'          => 'AUD',
    'transactionType'   => 'Purchase',
    'card'              => $card,
    'encryptedCardNumber' => 'eCrypted:YVe4GMLMSxF5m1nixtBvVlmaLDgjI+ZYM5GHuX1XjlbRTnhe==',
    'encryptedCardCvv' => 'eCrypted:ZvEfRd1DHwJ7dYV59DZqoaCFujvK+26VKS9Tp3uGp5kVki8CH=='
));

Name & expiry still get passed the usual way.

alexw23 commented 9 years ago

Looks good, How does $card work without the card number however as AFAIK you are not meant to be handling the card number in your app. It's not even meant to be submitted in your forms.

incarnate commented 9 years ago

CreditCard is fine as long as you don't call validate() - which shouldn't be called from outside Omnipay anyway

alexw23 commented 9 years ago

Does the client side encryption work for Create and Update Card methods?

Also do you need to send transactionType (see your code above) it seems like could be in the PurchaseRequest code?

incarnate commented 9 years ago

Create and update should support the client side encryption fields, yes.

transactionType is handled in the AbstractRequest class (along with various other Rapid fields such as CustomerIP and Items), and does indeed default to purchase :-)

incarnate commented 9 years ago

Hi @kayladnls - have you had some time to review this PR?

incarnate commented 9 years ago

Thanks @kayladnls !