Commit 54f0e756 authored by mattwire's avatar mattwire
Browse files

Implement optional MOTO payments for backoffice

parent f3b072e9
......@@ -433,9 +433,17 @@ class CRM_Core_Payment_Stripe extends CRM_Core_Payment {
'paymentProcessorTypeID' => $form->_paymentProcessor['payment_processor_type_id'],
'locale' => CRM_Stripe_Api::mapCiviCRMLocaleToStripeLocale(),
'apiVersion' => CRM_Stripe_Check::API_VERSION,
'csrfToken' => class_exists('\Civi\Firewall\Firewall') ? \Civi\Firewall\Firewall::getCSRFToken() : NULL,
'csrfToken' => NULL,
'country' => \Civi::settings()->get('stripe_country'),
];
if (class_exists('\Civi\Firewall\Firewall')) {
$firewall = new \Civi\Firewall\Firewall();
$jsVars['csrfToken'] = $firewall->generateCSRFToken();
// This is used for MOTO payments. We need to check if the form creating the paymentIntent is a frontend (public) or backoffice (admin) form.
// We cannot check via javascript because that would be insecure (could be changed by the user submitting the form).
// So we store the data in the session using the csrfToken as key which is unique to the rendered form and is submitted when creating the paymentIntent.
CRM_Core_Session::singleton()->set($jsVars['csrfToken'], ['isBackOffice' => $form->isBackOffice ?? FALSE], E::SHORT_NAME);
}
// Add CSS via region (it won't load on drupal webform if added via \Civi::resources()->addStyleFile)
CRM_Core_Region::instance('billing-block')->add([
......
......@@ -320,6 +320,10 @@ class CRM_Stripe_PaymentIntent {
$intentParams['confirm'] = TRUE;
$intentParams['confirmation_method'] = 'manual';
// This may contain additional payment_method_options. Currently it's used when MOTO payments are enabled to set card=>moto=>true
if (!empty($params['payment_method_options'])) {
$intentParams['payment_method_options'] = $params['payment_method_options'];
}
if (empty($params['paymentIntentID']) && empty($params['paymentMethodID'])) {
$intentParams['confirm'] = FALSE;
$intentParams['confirmation_method'] = 'automatic';
......
......@@ -162,6 +162,14 @@ function civicrm_api3_stripe_paymentintent_process($params) {
if (!$firewall->checkIsCSRFTokenValid(CRM_Utils_Type::validate($params['csrfToken'], 'String'))) {
_civicrm_api3_stripe_paymentintent_returnInvalid($firewall->getReasonDescription());
}
// Check the data saved when rendering the form to see if the form is a frontend or backoffice form.
$paymentSession = CRM_Core_Session::singleton()->get($params['csrfToken'], E::SHORT_NAME);
if ($paymentSession && !empty($paymentSession['isBackOffice'])) {
// If the form is backoffice enable MOTO payments
if (\Civi::settings()->get('stripe_moto')) {
$params['payment_method_options']['card']['moto'] = TRUE;
}
}
}
$paymentMethodID = CRM_Utils_Type::validate($params['payment_method_id'] ?? '', 'String');
$paymentIntentID = CRM_Utils_Type::validate($params['payment_intent_id'] ?? '', 'String');
......@@ -210,14 +218,15 @@ function civicrm_api3_stripe_paymentintent_process($params) {
}
}
else {
$params = [
$processPaymentIntentParams = [
'paymentIntentID' => $paymentIntentID ?? NULL,
'paymentMethodID' => $paymentMethodID ?? NULL,
'capture' => $capture,
'amount' => $amount,
'currency' => $currency,
'payment_method_options' => $params['payment_method_options'] ?? [],
];
$processIntentResult = $stripePaymentIntent->processPaymentIntent($params);
$processIntentResult = $stripePaymentIntent->processPaymentIntent($processPaymentIntentParams);
if ($processIntentResult->ok) {
return civicrm_api3_create_success($processIntentResult->data);
}
......
......@@ -205,4 +205,21 @@ Required by the paymentRequest button. 2-character code (eg. "US") that can be f
]
],
],
'stripe_moto' => [
'name' => 'stripe_moto',
'type' => 'Boolean',
'html_type' => 'checkbox',
'default' => 0,
'is_domain' => 1,
'is_contact' => 0,
'title' => E::ts('Enable Mail Order Telephone Order (MOTO) transactions for backoffice payments'),
'description' => E::ts('If enabled payments submitted via the backoffice forms will be treated as MOTO and will not require additional (SCA/3DSecure) customer challenges.
Do NOT enable unless you\'ve enabled this feature on your Stripe account - see <a href="%1">Stripe MOTO payments</a>', [1 => 'https://support.stripe.com/questions/mail-order-telephone-order-moto-transactions-when-to-categorize-transactions-as-moto']),
'html_attributes' => [],
'settings_pages' => [
'stripe' => [
'weight' => 110,
]
],
],
];
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment