Drupal Commerce 4B Payment

I don't speak Spanish, so it's difficult for me to find documentation on the 4b service. However, have you considered how requests to /commerce4b/payment_response are authenticated? If you don't have some way to verify the authenticity of the request, it's possible for someone to forge a payment. I am not saying for sure that this is a problem with your module, but it's a common oversight in payment modules.

I see a reference to $_REQUEST['MAC'] in the callback, could this be an authentication code? If so its value should be checked.

This application is postponed pending resolution of Drupal security issue #62074.
-- grendzy, on behalf of the Drupal Security team

Update - The maintainer of uc_4b has sent this reply:

In function call function uc_4b_validate_petition in line 71 validates the request. In line if ($origin != UC_PASAT4B_IP_PROD) I compare ip of service with the source ip.

toleillo, it looks like your sandbox version doesn't include this IP verification. So, back to "needs work".

subscribe

@toleillo has been contacted to ask if the application is abandoned.

After ten weeks with a status of needs work: the applicant may be contacted by a reviewer to determine whether the application was indeed abandoned. The action taken by the reviewer should be documented in the project application issue.

http://drupal.org/node/894256

It appears you are working in the "master" branch in git. You should really be working in a version specific branch. The most direct documentation on this is Moving from a master branch to a version branch. For additional resources please see the documentation about release naming conventions and creating a branch in git.
Review of the master branch:

• README.txt is missing, see the guidelines for in-project documentation.
• Run coder to check your style, some issues were found (please check the Drupal coding standards). See attachment.
• Drupal Code Sniffer has found some code style issues (please check the Drupal coding standards). See attachment.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. Get a review bonus and we will come back to your application sooner.

Source: http://ventral.org/pareview - PAReview.sh online service

Hi

Please find attached the coding standards.

Manual review :

1) you don't need the dependency commerce as commerce_payment already depend on it
2) git release branch missing, see http://drupal.org/node/1015226
3) README.txt is missing
4) only list files in the info file that contain classes or interfaces
5) module file: @file doc block is missing for commerce_payment_4b.pages.inc, see http://drupal.org/node/1354#files
6) "Implementation of hook_menu()." should be "Implements hook_menu()".

Hi,

Is there a posibility to test the module with a test Store Code?
I would like to test the payment workflow.

I found the following issue:
1. I've uninstalled the module and I get the following in rules:

Drupal Commerce 4b payment.
Machine name: commerce_payment_commerce_payment_4b, Weight: 0
Error: Unknown action commerce_payment_enable_commerce_payment_4b

2. Also, I think the values set on administration interface remains the same if I uninstall and install again.
I don't get default values on uninstall / install again.

What is blocking a release of this sandbox as a full project?

@toleillo: I am reviewing a couple of issues with the module (there are some coding convention violations, and the 4B rule is taken hard-coded by machine name). I am willing to help promote this to a full project.

The need of a manual in-depth review of the code itself is blocking this issue. If you want to help, please do it ;-)

Closing due to lack of activity. Feel free to reopen if you are still working on this application.