Error on completeAuthorize after 3D Secure Auth

thephpleague / omnipay-sagepay

Sage Pay driver for the Omnipay PHP payment processing library

MIT License

55 stars 78 forks source link

Error on completeAuthorize after 3D Secure Auth #181

Open OccultScientist opened 2 years ago

OccultScientist commented 2 years ago

Hi,

After receiving response from the 3DS Notification, I am running the following code:

$gateway = $this->fetchGateway(); $completeRequest = $gateway->completeAuthorize([ 'transactionId' => $payment->transaction_id ]); $completeResponse = $completeRequest->send(); print "<pre>"; print_r($completeResponse);

and receiving the following message:

[data:protected] => Array ( [VPSProtocol] => 3.00 [Status] => ERROR [StatusDetail] => 3377 : The ACS has provided an Erro message. CReq validation failure. )

I've tried also including a CRes and CReq in the $gateway->completeAuthorize() function with no luck.

Any ideas?

OccultScientist commented 2 years ago

For completeness I have also tried:

$completeRequest = $gateway->completeAuthorize([ 'VPSTxId' => $three_ds_session_data, 'CRes' => $cres, ]);

OccultScientist commented 2 years ago

Anyone have any clue on this?

The protocol 4 documentation states:

This POST needs to contain the VPSTxId (or MD) and CRes (or PARes).

but as above, it doesn't seem to work and returns a CReq validation error

Not sure if this could be relevant? https://dijitul.uk/payment-gateway-3d-secure-timing-out-huge-issue/#comment-121740

I read somewhere that the {} around the threeDSSessionData could be causing a problem but removing them has no effect.

Bit worried that the deadline for this is the 14th March :(

OccultScientist commented 2 years ago

OK, so an update. In the redirect form from my site, I changed the threeDSSessionData to be my own transaction id and now the challenge is displaying correctly.

However,

$completeRequest = $gateway->completeAuthorize([ 'transactionId' => $payment->transaction_id, //original transaction_id e.g. TEST123 ]); $completeResponse = $completeRequest->send();

Gives me the following error:

5083 : VpsTxId provided in callback does not match transaction in CRes

OccultScientist commented 2 years ago

I managed to fix this by stripping the parentheses "{}" from the vpsTxId before returning the form.

For completeness the code I ended up using for the threeDSSessionData field on the return form was:

<input type="hidden" name="threeDSSessionData" value="' . str_replace(array("{", "}"), "", $data['threeDSSessionData']) . '" />

The really important part here is: str_replace(array("{", "}"), "", $data['threeDSSessionData'])

I really hope this helps somebody else out!

judgej commented 2 years ago

Thank you for taking us through this. Is this the master branch you are working from, or a 3DSv4 branch?

OccultScientist commented 2 years ago

Thanks @judgej The master branch

ryssbowh commented 2 years ago

Hi, Just had the same problem on v4.0.1