Posted by marcus178 on August 6, 2009 at 6:27pm
| Project: | Sage Pay Go Direct Payment Gateway for Ubercart |
| Version: | 6.x-1.0 |
| Component: | User interface |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
I need to be able to create order from the admin area for example to process telephone orders. Orders placed by the customer in the frontend work fine but I get the following error for orders created in admin
Credit card 3D-Secure authorization could not be completed.
I'm sure I just probably not set something up quite right as I know this should be possible.
Comments
#1
If you can complete a transaction through the site OK there shouldn't be a problem when it comes to admin purchases. Have you checked the transaction in your SagePay admin area to see what it says?
#2
Sorry don't think I explained very well.
Well a customer buys through the frontend they are redirected to the 3D secure page where they can enter password. This part works fine.
However if we take a customer order over the phone and create the order in the admin area it does not want to redirect to 3d secure as this is information the customer should not give out.
#3
I guess there's no way round this one, the customer would have to repurchase due to security contraints. I can't see them worrying too much about repurchasing as long as you explain the security measures which most people would be happy that you have in place.
#4
I actually found a way round this by using a conditional action, so that a user with a particular role (i.e a shop manager) bypasses the 3D secure check.
#5
Sorry I thought I had resolved this but the roles in conditional actions relates to the role of the user of the order.
The reason I need to bypass 3D secure is so that will can take telephone orders (or Point of Sale).
To clarify , when a customer purchases a product through the frontend of the site they should have to go through 3d secure. If a customer phones up and we place the order for them through the admin page then 3d secure should be ignore.
I have found out from Sagepay that
'AccountType' => 'E' is for eccomerce i.e the customer and
'AccountType' => 'M', is for MOTO i.e for telephone orders
This is found the $transaction = array(
If I change it from E to M I can put through orders without going through 3D secure.
Therefore all that's needed is some if statement that determines if the order is being placed in the frontend or by the admin.
Do you have any suggestions? You should also consider adding it to the module as I'm sure there will be others who need to take telephone orders.
#6
I have re-read the protocol and I think there's something more related to that particular parameter. Below is the description from the protocol specs:
What I understand, is that this tells the system what account to use on SagePay, but I guess you need to have an actual telephone order account active to use it, which in my case, I think I don't have them.
If the requirement is to bypass 3D secure, this can be achieve by with conditional actions. I understand what you mentioned about the role condition so maybe you can create a module to expose a new condition (User role) and that would certainly help.
There are other ways I can think that this can be accomplished, but I think this should be something around CA.
#7
We have a telephone order account which is why I would like to have the option. I have tried the user role conditional action but it still doesn't seem to work but all i did was add
'account' => array('#entity' => 'user',
'#title' => t('User'),
),
to
/**
* Implementation of hook_ca_trigger().
*/
function uc_protx_vsp_direct_ca_trigger() {
$triggers['uc_protx_vsp_direct_trigger_txsend'] = array(
'#title' => t('SagePay Direct: Transaction information is about to be sent'),
'#category' => UC_PROTX_VSP_DIRECT_CATEGORY,
'#arguments' => array(
'order' => array(
'#entity' => 'uc_order',
'#title' => t('Order')
),
'uc_protx_vsp_direct_txdata' => array(
'#entity' => 'uc_protx_vsp_direct_txdata',
'#title' => t('SagePay transaction data')
),
'account' => array(
'#entity' => 'user',
'#title' => t('User'),
),
),
);
return $triggers;
}
Maybe you have to do more than that to make it work but the user role option did become available.
#8
Ok I think I've found a solution by editing uc_protx_vsp_direct.module
It's not pretty by seems to work
if (user_access('edit orders') && user_access('create orders')) {$accounttype = 'M';
} else {
$accounttype = 'E';
}
$transaction = array(
'VPSProtocol' => UC_PROTX_VSP_DIRECT_PROTOCOL_VERSION,
'TxType' => variable_get('uc_protx_vsp_direct_transaction', 'PAYMENT'),
'Vendor' => $data['Vendor'],
'VendorTxCode' => md5( time() . $user->uid . $order->order_id . rand() ), // This must be unique to the vendor.
'Amount' => round($amount, 2),
'Currency' => variable_get('uc_currency_code', 'GBP'), // This is a UK-based payment gateway, hence GBP default.
'Description' => $data['description'],
'CardHolder' => substr($order->payment_details['cc_owner'], 0, 50),
'CardNumber' => $order->payment_details['cc_number'],
'ExpiryDate' => sprintf('%02d', $order->payment_details['cc_exp_month']) . substr($order->payment_details['cc_exp_year'], -2),
'CV2' => $order->payment_details['cc_cvv'],
'CardType' => $data['CardType'],
'BillingSurname' => substr($order->billing_last_name, 0, 20),
'BillingFirstnames' => substr($order->billing_first_name, 0, 20),
'BillingAddress1' => substr($order->billing_street1, 0, 100),
'BillingAddress2' => substr($order->billing_street2, 0, 100),
'BillingCity' => substr($order->billing_city, 0, 40),
'BillingPostCode' => substr($order->billing_postal_code, 0, 10),
'BillingCountry' => $billing_country[0]['country_iso_code_2'],
'BillingPhone' => substr($order->billing_phone, 0, 20),
'GiftAidPayment' => '0',
'ApplyAVSCV2' => '0',
'Apply3DSecure' => '0', // Default, might be modified by an event of this module
'AccountType' => $accounttype,
);
#9
Patch attached for 5.x that implements a new workflow_ng condition that checks for admin URLs, action that sets the AccountType parameter and configuration that sets the AccountType to M for orders paid via the admin interface. Tested and working on a live 5.x install, but you will need to have a mail order/telephone order merchant account set up with SagePay.
This is not entirely straightforward to port to 6.x as the workflow_ng code needs to be replaced with CA hooks instead, but should be a good start if someone wants to try and tackle this.
#10
Committed to 5.x, equivalent patch for 6.x coming soon.
#11
Conditional Actions version of the above patch is now committed to 6.x.
#12
Automatically closed -- issue fixed for 2 weeks with no activity.