Commit 775abc1e authored by mattwire's avatar mattwire
Browse files

Handle (ignore) silentpost notifications and clarify in docs

parent bc638f77
......@@ -767,7 +767,14 @@ abstract class CRM_Core_Payment_AuthorizeNetCommon extends CRM_Core_Payment {
*/
public function handlePaymentNotification() {
$payload = file_get_contents("php://input");
$ipnClass = new CRM_Core_Payment_AuthNetIPN($payload);
try {
$ipnClass = new CRM_Core_Payment_AuthNetIPN($payload);
}
catch (\JohnConde\Authnet\AuthnetInvalidJsonException $e) {
// This was probably a silentpost notification which we don't handle. Ignore it.
http_response_code(200);
  • What about something more "error"-ish (like 400) and less "okay"-ish? Seems like 200 implies all is well, even though the post is rejected.

  • We've found (the hard way) with Stripe that generally if it's not something your interested in just act as if it was handled fine. We've had a lot of issues with Stripe where the same account is being used in multiple places (an online store, CiviCRM and via dashboard). Stripe sends notifications to all configured webhooks and it looks like Authorize.net does the same. The only reason (that I'm aware of) that you'd get invalid JSON is because you got a silentpost request instead of a webhook and if you don't mark it "ok" it'll keep getting retried.

  • ok, makes sense. thanks

  • But, perhaps log an error message in CiviCRM log file? I'm just thinking it will be helpful to have somewhere a record that the webhook message was received and was actually not processed.

  • @AllenShaw I added a log message via ad0eeda4

Please register or sign in to reply
return;
}
if ($ipnClass->main()) {
http_response_code(200);
}
......
......@@ -23,18 +23,6 @@ CiviCRM Extension that provides support for Authorize.Net payments using Credit
1. Add a New Payment Processor of type `Authorize.Net (eCheck.Net)` or `Authorize.Net (Credit Card)` in the menu via *Administer->System Settings->Payment Processors*.
## Migration from legacy Authorize.Net
CiviCRM core ships with an old payment processor for Authorize.Net which uses an unsupported, insecure API.
To migrate to the new processor provided by this extension make sure you have the following credentials:
* 'user_name_label' => 'API Login ID',
* 'password_label' => 'Transaction Key',
* 'signature_label' => 'Signature Key',
Usually it is just the signature key that you need to get from your Authorize.Net dashboard.
## Webhooks
Webhooks are configured automatically when a payment processor is created.
......
## Migration from legacy Authorize.Net (SilentPost / CiviCRM Core)
CiviCRM core ships with an old payment processor for Authorize.Net which uses an unsupported, insecure API
and [SilentPost](https://support.authorize.net/s/article/Silent-Post-URL) for IPN notifications.
To migrate to the new processor provided by this extension make sure you have the following credentials:
* 'user_name_label' => 'API Login ID',
* 'password_label' => 'Transaction Key',
* 'signature_label' => 'Signature Key',
Usually it is just the signature key that you need to get and configure from your Authorize.Net dashboard.
#### Can I enable SilentPost and Webhooks simultaneously?
Yes! If you have both enabled they will both receive notifications about the same transaction in their own format.
This extension will simply ignore the "Silent Post" notifications but any existing system listening to the Silent Post URL
will still be able to receive and process the notifications.
......@@ -17,4 +17,5 @@ markdown_extensions:
nav:
- About: index.md
- Migration from legacy Authorize.Net: migration.md
- Release Notes: releasenotes.md
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment