-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix protocol 4.00 VPSSignature check #198
Fix protocol 4.00 VPSSignature check #198
Conversation
Updated VPS Signature to check new fields introduced in protocol 4.0
Thank you for this, including the test. I'll try to get it in tonight - I have a few hours now. So I understand, this change adds additional fields sent by Opayo in the notification POST to the signature check. There is nothing additional that the application needs to do, for this change to work as a drop-in replacement? So nothing is needed in the documention? |
Okay, digging back through distant memories, I realised this class you are changing has been deprecated for some time. That doesn't mean people are not using it, so this fix is still fine to go. To receive the notification from Opayo, use this on the server gateway object:
This will give you an instance of Using that object - after giving it the original security key, looked up in your database from the
Now you can check if the signature is valid:
And you can response to Opayo:
There are more details about capturing the data sent in the README, along with notes on what to do if yout get the same notification more than once (and you will). There is also an option to switch off the This has had the V4 elements on for about five years, so has been working for some time. But people still using the older classes that work up to V3 will appreciate your fix. |
Hi All. Our client got an email a few days ago. See below. Unfortnuately, no links in the email pointing to a page anywhere on Elavon web-site confirming this.
|
Thank you so much @judgej. I appreciate the quick merge. Moved to production and payments are being taken fine now. @dathwa thank you for that update. None of our clients have had that email (or told us). |
Hi,
A bit of an urgent request as Elavon/Opayo are forcing their URL updates in a few days on the 31st of March.
Upgrading this omnipay sagepay package from version 3 to version 4 has resulted in errors on both sandbox and production environments. Which results is unable to take payments at all.
Only version 4 of this package has the new URLs which will break version 3 of this package once Opayo disables the old SagePay URLs.
Expect a lot of people on version 3 with broken installs!
I've found and fixed the protocol 4.00 errors in this merge request.
The issue I was having was, after creating a new transaction and being redirected to Opayo hosted forms, completing the payment Opayo will send data back to us. The data is verified in the package via the VPSSignature. However the current package does not check for the new protocol version 4.00 fields and is always returning an InvalidResponseException.
The cause is Opayo protocol version 4.00 has added new fields to check in the VPSSignature when using the Server Gateway.
(I'm unsure if other integrations such as their Form Integration is affected).
The Opayo documentation is here:
https://developer.elavon.com/products/opayo-server/v1/notification-of-transaction-result
Their docs might error, they require you to https://developer.elavon.com select your country and then click the link.
Please can you check this urgently and merge in before 31st of March otherwise many integrations will break.