I have set up a web shop using Magento (v. 1.5) and one of my payment options is PayPal standard payments. Everything works fine so far but now I would like to trigger a script on another server by using the IPN URL from PayPal when a payment is received.
The PayPal account is also used for other web platforms and it has the correct IPN URL for the script already set up in the account configuration. However, the Magento module seems to overwrite this URL and always sets it to "http://myshop.com/paypal/ipn/" when someone buys something in the Magento shop.
My problem is that I can not find any possibilities to change this behaviour in Magento itself. The backend module configuration offers nothing in that direction and I also looked into the IPN model and controller files in the core directories (Mage/Paypal/controllers/IpnController.php and Mage/Paypal/Model/Ipn.php).
It has to be possible to change the IPN URL but I'm out of ideas at this point... so I'd be very thankful for any helpful hints!
The IPN notification URL is set in Mage_Paypal_Model_Standard::getStandardCheckoutFormFields:
$api->setNotifyUrl(Mage::getUrl('paypal/ipn/'))
The function is called by Mage_Paypal_Block_Standard_Redirect, so you can override either the model or the block to change/remove the URL. But keep in mind that Magento needs the IPN notification to update order status etc.
Related
Has anyone had success using Stripe connect with an iOS app. I have a few questions:
I'm following the guidelines here: https://stripe.com/docs/connect/getting-started
Registering an Application: easy, no problem here
Then a little further down:
Send your users to Stripe: again, easy no problem here, I just have a button that opens up the link in a UIWebView. I assume having the client_id in the URL is fine? A lot of my uncertainty is what IDs/keys I should hard-code into the app
Then a little further down:
After the user connects or creates a Stripe account, we'll redirect them back to the redirect_uri you set in yourapplication settings with a code parameter or an error.
What I'm doing here is using the UIWebview's webView:shouldStartLoadWithReqest:navigationType delegate method to check for the string "code=" in the URL. If it finds that, then I'm able to grab the "code" parameter. So in reality, the redirect_uri is completely unnecessary for me. Is this the right way to handle this? Should I be doing this within my app or on my server?
After receiving the code, we are supposed to make a POST call to receive an access_token. Again, should this be done within the app or on the Server? It requires the use of a secret_key, so I'm guessing server? And how do I send credit card information along with this token if the token needs to be sent to the server? I know how to obtain the card number, exp date, and CVV. But in terms of passing it to the server (with or without the token) is something I'm not sure of.
Then when it comes to actually writing PHP, Ruby, or Python code on the server, I'm at a total loss.
Any help would be greatly appreciated.
You should setup a small web app to create stripe charges and storing you customers Authorization Code. Configure two routes in your web app for redirect_uri and webhook_uri and add the url in your Stripe Apps settings. The charges should be created from a server side app because it requires the secret_key / authorization_code which should not be stored in an iPad app. Otherwise they may lead to a security leak. I'm trying to describe the concept below:
Provide the stripe connect button in your app and set the link to open in Safari (not in an web view). You should add a state parameter to the url with an id which is unique to your users.
On tapping the button your user will be redirected to Stripe where s/he will be asked to authorize your application. Upon authorization stripe will hit your redirect_uri with a authorization_code and the state you previously provided. Do a post call according to Stripe Documentation with the authorization_code to get an access_token. Store the access_token mapped with the state in a database.
Define a custom url scheme in your app. Invoke the custom url from your web app. The user supposed to open the url in mobile safari. So invoking the custom url will reopen your application. You can pass an additional parameter to indicate failure / success. In your app update the view based on this parameter.
Now you are all set to create a charge on your server on behalf of the iPad user. Use stripe iOS sdk to generate a card_token from the card information. It'll require your stripe publishable_key. Then define an api in your web app which takes 3 parameters: card_token, user_id and amount. Call this api from your iPad app whenever you want to create a charge. You can also encrypt this information with a key if you're worried about security using any standard encryption method. You can easily decrypt the info in your web app as you know the key.
When this api is called from the iPad app you'll receive the user_id (which you saved as state previously), card_token and amount. Retrieve the access_token mapped to the user_id (or state). You can then made a charge on behalf of the user using the access_token, card_token and amount.
You can use ruby / php / python / node in the server as Stripe provides sdk for them. I assume other languages can be used as well as there is a REST interface.
Please note that this is just a concept. It should work like it but I haven't implemented it yet. I'll update this answer with sample code when I'm done.
You can use UIWebView. You will still need to use redirect urls and monitor the redirect using the delegate "webView:shouldStartLoadWithRequest:navigationType:"
I've seen posts that you should use ActiveMerchant for PayPal integration, but I also found this on the PayPal website.I'm struggling with placing what in which file, since I'm totally new to RoR. So I was trying to integrate the PayPal, but am not sure where to place which code.
Should I use active merchant for PayPal integration, or is the Rest-API the best choice. I want people to fill out their username, pay and when successful they receive digital content. So there should be a call with a result and the username.
Do you have a link, step by step, at least including which code I should place in which file, so I get the basics of RoR better.
Standard PayPal Integration with Rails app Active Merchant gem :
step 1:
-> add 'gem activemerchant' in gem file
-> bundle install
step 2:
-> Go to "www.developer.paypal.com" and create an account(also known as Merchant Account) with US address details.
-> It will create two dummy test account for buyer and seller(alias facilitator) in "sandbox.paypal.com".
Ex:
Seller account ---> naveengoud-facilitator#gmail.com
Buyer account ---> naveengoud-buyer#gmail.com
-> To see test accounts details Click on "Dashboard -> Accounts"
-> Now set the password for both test accounts by clicking on profile link
step 3:
-> Go to seller account(i.e, facilitator) profile details and copy the API Credentials i.e, Username, password and signature
Ex:
Username: naveengoud-facilitator_api1.gamil.com
Password: VSPALJ5ALA5YY9YJ
Signature: AVLslxW5UGzEpaDPEK4Oril7Xo4IAYjdWHD25HhS8a8kqPYO4FjFhd6A
-> Set these API Credentials in "config/environments/development.rb" as follows, add the below code with API credentials
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
::GATEWAY = ActiveMerchant::Billing::PaypalGateway.new(
login: "merchant_api1.gotealeaf.com",
password: "2PWPEUKZXAYE7ZHR",
signature: "AFcWxV21C7fd0v3bYYYRCpSSRl31A-dRI5VpyF4A9emruhNYzlM8poc0"
)
end
step 4:
-> From here onward follow the Rails cast 145 episode(http://railscasts.com/episodes/145-integrating-active-merchant)
I found the PayPal API documentation to be quite confusing. Also, my application requirements were not satisfied through the API, so I ended up with a rather simple solution.
The solution mainly consists of two components:
PayPal buttons, which I generate on PayPal website and copy the HTML to my website
PayPal IPN notifications, for which I have a simple handler on my website
This is how the whole solution works in detail
For the user to make payments, I use the PayPal Buttons. For this, you just login to your PayPal business account and generate HTML code for buttons which you can copy and paste into your website.
The user can click on these buttons, they will be redirected to PayPal website, they make payments and have a button to come back to your website.
When the transaction is done (either success or failure), PayPal will inform you via PayPal IPN Notifications. I have implemented an IPN handler on my website, which was quite easy to do.
By the time the user returns to my website, in most cases, I would have already got the IPN notification, hence I can show them a success message.
In case the IPN got delayed, I tell the users that it will take a couple more minutes to update their balance and use AJAX to keep querying the server for updates.
Here are some useful references:
PayPal Buttons
Rail Casts on PayPal IPN
If you need, you can also dynamically generate the buttons via the Button Manager API gem
This link will help you to get better understanding on integration of Basic Checkout, Charge Credit Cards and Recurring Payments with paypal in Ruby On Rails application
http://www.gotealeaf.com/blog/basic-paypal-checkout-processing-in-rails
You can find solutions for following concepts,
1) Basic Checkout
2) Charge Credit Cards
3) Recurring Payments
Look at this for rails integration:
https://github.com/nov/paypal-express see the example and wiki
but also here, more in general (less related to Rails):
https://github.com/tc/paypal_adaptive
https://github.com/fnando/paypal-recurring
-
I'm developing a Shopify App with Rails and have been using the query-string to detect which shop is accessing it. This seems vulnerable as users could alter the url to access someone else's settings.
Here's an example:
I click on the preferences link on my app and get redirect to http://example-app.com/preferences?shop=example.myshopify.com and get a page of settings related to the the store: example.myshopify.com
So what's to stop the user from changing the querystring to http://example-app.com/preferences?shop=notmystore.myshopify.com and logging in to a store that they don't own?
Should I use an authentication gem (https://www.ruby-toolbox.com/categories/rails_authentication) and make each user create a username and password to prevent spoofing attacks?
Interesting. There were live production Shopify App store Apps that did what you did Paul. When I found an App like that, I informed Shopify and they promptly knuckle wrapped the App developer. He learned his lesson pretty quick and was hopefully very embarrassed.
Shopify Partner accounts (free to get) provide you with a nice API token and a corresponding secret for your App that you can use to ensure when you get a merchant trying to access your App that the incoming shop
is actually a shop that installed your App and,
they have the right to use your App
You should really check that out.
I found the solution is to always retrieve the shop url from your session variables and not from the query string:
session[:shopify].url
also make sure this is at the top of each of your controllers to ensure the shopify session exists:
around_filter :shopify_session
as shown in this: https://github.com/Shopify/shopify_app/blob/f9aca7dfc9c29350f7f2c01bb72f77a54ece2b77/lib/generators/shopify_app/templates/app/controllers/home_controller.rb
This question may be too localized, but I'll try to give you a direction.
If you are using the query string as the only authentication method, then yes, you will get hacked/spoofed, etc. You need to do some form of authentication. - Shopify provides an API that can probably handle some/most of this for you.
https://github.com/shopify/shopify_api
I am not getting any response by Google Checkout:
I have the sample code from http://code.google.com/p/google-checkout-php-sample-code/downloads/list .
I am using this code in cartdemo.php:
// Specify <edit-cart-url>
$cart->SetEditCartUrl("https://mydomain.com/checkout/demo/responsehandlerdemo.php");
// Specify "Return to xyz" link
$cart->SetContinueShoppingUrl("https://mydomain.com/checkout/demo/responsehandlerdemo.php");
And I am using following settings:
API callback URL (Level 2 integrations only) [?]
Specify a URL for Google to notify you of new orders and changes in order state. [?]
API callback URL:
Callback contents: http://mydomain.com/checkout/demo/responsehandlerdemo.php
**Notification Serial Number**
but not getting any response,after completation of payment.
I have also changed the settings with "Notification as XML" by using https.
actually the application require to integrate simple google checkout functionality.Which will have an checkout button and after successful payment the order history with payment detail will save in my database.
I don't know what is missing.
is there any way do implement it simply using 1-2 files not so bulky code?
thanks
The code you have above doesn't have anything to do with getting data from Google after completion of payment (Notification API).
The code you have above is for the Checkout API which is the flow that involves sending your shopping cart data to Google.
edit-cart-url is the url that is displayed to the customer on checkout if they want to go back to your site instead of placing the order/continuing with the checkout process.
continue-shopping-url is the link presented to the customer to go back to your web site after successful checkout.
You have to implement the Notification API (of which one option is serial number notification) to obtain data from Google. The url to your handler is set in your account (same place where you see the options you mention above).
If you want to see sample PHP code (I'm not a Php dev, am .Net) for a handler that implements serial number notification, see basicapiresponshandlerdemo.php
I am new to both paypal and substruct. I trying to integrate paypal with 'Substruct'. The problem I am facing is that the payment status codes are not being updated in the admin panel.
All of them are on Hold even when paypal sandbox successfully confirmed the orders. From the web somebody suggested that the 'notify_url' needs to be set in the confirm order form
Paypal documention says the same as well.
https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables
What value should I provide to the notify_url so that the webserver on my machine is notified. BTW my webserver is behind a LAN.
check the substruct documentation # http://code.google.com/p/substruct/wiki/PayPal