globalpayments / globalpayments-3ds-js Goto Github PK

This causes an issue in my application as my cookies are not sent in the request to check3dsVersion or initiateAuthentication

As per https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials, this should be changed to 'same-origin':

omit: Never send or receive cookies.
same-origin: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.

There is no compiled minified or not included.

I ideally would like a AMD module.

When an initiate authentication response (IInitiateAuthenticationResponseData) is received with the following data, the user is not prompted for a challenge response and the 3ds2 process fails, which blocks payments from moving forward:

challenge_mandated: false
status: "CHALLENGE_REQUIRED"

thanks,
Andrew

const versionCheckData = await checkVersion('/3ds2/check3dsVersion', {
        methodNotificationUrl: 'http://example.com/3ds2/methodNotification',
        card: {
          number: document.getElementById('card-number').value,
        },
      });

Can the checkVersion work with REST APIs?

I studied the source code and it seems that when a close button is pressed in the "lightbox" displayMode it just closes the corresponding iFrame and nothing more. How can I get the notification that the challenge iframe was closed via close button and update my payment UI accordingly?

checkVersion times out with iframe error.

Network

(minor change in stock js for better error message

)

Playground on an AWS ec2 here - https://34.255.10.36//vendor/globalpayments/php-sdk/examples/3ds/

Hi guys,

I hope you don't mind me asking a question here. I have set up a very simple system using all examples and looking at the REST API issue to try and get this working. but I'm having no joy.

At its simplest let's say I have 2 PHP files, one which is my index and the other is my check3DsVersion

using the example code if I fire this from the Try/Catch block I keep getting the error

const versionCheckData = await checkVersion('/3ds2/check3dsVersion', {
methodNotificationUrl: 'http://localhost/3ds2/methodNotification',
card: {
number: document.getElementById('card-number').value,
},
});

I am then going into the other PHP file and simply returning a hardcoded JSON object
{"enrolled":true,"serverTransactionId":"af65c369-59b9-4f8d-b2f6-7d7d5f5c69d5","methodUrl":"https://www.acsurl.com/method","methodData":"ewogICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiNmRhN2VjYWItNjY2ZC00YTNiLWI5NTItY2MxZDU4MzA4NWI2IiwKICAidGhyZWVEU01ldGhvZE5vdGlmaWNhdGlvblVSTCIgOiAiaHR0cDovL2xvY2FsaG9zdDo2MDUxNy9UaHJlZURTZWN1cmUyL01ldGhvZFVybFJlc3BvbnNlIgp9"}

The Catch block is catching the error:

(2) [{…}, {…}]
0: {code: "Error", message: "Error: see reasons property"}
1: {code: "SyntaxError", message: "Unexpected end of JSON input"}
length: 2

I am sending a valid JSON object (via JSLint) but I can't seem to get past this.

Any thoughts?

Thanks

@slogsdon We are facing yet another issue in IE browser. For the challenge flow, the challenge iframe is displaying blank page for the first call to the initiateAuthentication method. Subsequent calling of the initiateAuthentication method brings up the iframe with the forms and overlay inside it properly.

I figured - IE could not append forms and overlays because the body has not been loaded for the first time.
Ref: https://stackoverflow.com/a/28465896

Looks like we have to check if the document is loaded before appending the form and overlay to the body in postToIframe method.

When I change the handle3dsVersionCheck to following the iframe displays the inner forms fine.

function handle3dsVersionCheck(data, options) {
        return __awaiter(this, void 0, void 0, function () {
            return __generator(this, function (_a) {
                switch (_a.label) {
                    case 0:
                        if (!data.enrolled) {
                            throw new Error("Card not enrolled");
                        }
                        options = options || {};
                        options.hide = typeof options.hide === "undefined" ? true : options.hide;
                        options.timeout =
                            typeof options.timeout === "undefined" ? 30 * 1000 : options.timeout;
                        if (!data.methodUrl) return [3 /*break*/, 2];
                        return [4 /*yield*/, window.onload = function(){postToIframe(data.methodUrl, [{ name: "threeDSMethodData", value: data.methodData }], options)}];
                    case 1:
                        _a.sent();
                        _a.label = 2;
                    case 2: return [2 /*return*/, data];
                }
            });
        });
    }

Is this the best place to make this change?

Hello all,

Im using global payments sdk to make payments with 3d secure version2. I did some POC using their SDK and its ok.

But, i do have very less knowledge about design payment gateway page with global payments

any one of you, please help me how to collect card details, pass it to global payments with 3d secure v2, incase if the card is not enabled for 3ds v2 then it has work by normal payment methodology.

experts please help me

thanks
jey

I'm testing setting up 3D secure V2 locally, but when the method notification URL is called, the js is doing a GET request instead of a POST. Is there something I'm doing wrong in the current set up that would cause this?

My application outputs variables like:

data.server_transaction_id

But the JS is expecting:

data.serverTransactionId

Is there anyway for the JS to handle this without me rewriting those parts?

Hi guys

I have the entire 3D Secure V2 payment process end-to-end working fine on our live payment gateway for VISA cards.

But for some reason when I am trying 2 separate cards (with the only similarity being Mastercards) they are failing on the checkVersion step ie:

import { checkVersion } from 'globalpayments-3ds';

const versionCheckData = await checkVersion('/MyCheckVersionEndpoint', { card });

In my backend I can see the serverTransactionId, methodUrl and methodData being successfully returned back to the client as a JSON response.

On the frontend I can see the globalpayments-3ds-js create the hidden iframe to submit the method data (using these values from the backend)

Then, on the frontend, in the browser network tab I can see it attempt to call the methodUrl (in this case, https://www.securesuite.co.uk/lloyds/threeDSMethod/3ds2) but that returns a 719 Status Code and the body states General error occurred..

The globalpayments-3ds-js then hits the default timeout and thus versionCheckData returns null and my Method Notification endpoint never gets hit.

Not sure if it helps, but my personal VISA cards methodUrl is https://www.securesuite.co.uk/barclays/threeDSMethod/3ds2 and that returns a 200 response and everything continues on like normal (including my Method Notification endpoint getting hit).

Any advice would be greatly appreciated.

Thanks

What am I missing here?

Request URL: http://some.domain.com.local/gp-test/method-notification
Request Method: POST
Status Code: 403 The origin "null" is not authorized

**General
Request URL: http://some.domain.com.local/gp-test/method-notification
Request Method: POST
Status Code: 403 The origin "null" is not authorized
Remote Address: 127.0.0.1:80
Referrer Policy: strict-origin-when-cross-origin

**Response headers
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Allow-Origin: https://test.portal.gpwebpay.com
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 20 May 2021 10:42:07 GMT
Keep-Alive: timeout=5, max=97

**Request headers
Server: Apache/2.4.41 (Ubuntu)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,es;q=0.8,ro;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 110
Content-Type: application/x-www-form-urlencoded
Host: some.domain.com.local
Origin: null
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

** Form data
threeDSMethodData: ewogICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiNGRkODMxYmItYjI1My00Mzk1LThkNmItZGY5YmNlN2VlMzk0Igp9

hello there

more than 4 days i did followup with [email protected] but, not even single response so, posting here.
I'm using asp.net 4.6 and your SDK 1.6.9
in our project I'm using your sandbox environment to popup HPP there I'm passing all necessary fields in json format, while receiving the response all the values are encrypted like below. Now tell me

1. why im receiving a response in all encrypted format?
2. how do I receive a response in a readable format or how do i decrypt the response?

{"CAVV":"","SHIPPING_CODE":"NTAwMDE=","SRD":"VGN0YlpqdnlQcFBINGxkZw==","CVNRESULT":"TQ==","HPP_CUSTOMER_PHONENUMBER_MOBILE":"NDR8MDcxMjM0NTY3ODk=","HPP_SHIPPING_STREET3":"SG91c2UgOTYz","HPP_SHIPPING_STREET1":"QXBhcnRtZW50IDgyNQ==","PASREF":"MTYwNjQzMDUzMDY0NTYwNDI=","HPP_SHIPPING_STREET2":"Q29tcGxleCA3NDE=","MESSAGE":"WyB0ZXN0IHN5c3RlbSBdIEFVVEhPUklTRUQ=","BILLING_CODE":"VzUgOUhS","DS_TRANS_ID":"MDA0ODM5OWYtMGQ5My00YTc1LTlhMGYtZGQ5Zjk1OWZhNzNl","ACCOUNT":"aW50ZXJuZXQ=","AVSPOSTCODERESULT":"TQ==","AMOUNT":"MTk5OQ==","TIMESTAMP":"MjAyMDExMjYyMjQxNTQ=","pas_uuid":"MTYyNTFkNGEtYjlkYi00YjdlLTgxOWUtODk4MzIyOTI1MjJj","HPP_BILLING_STREET3":"VW5pdCA0","HPP_ADDRESS_MATCH_INDICATOR":"RkFMU0U=","HPP_BILLING_STREET2":"SG91c2UgNDU2","AUTHCODE":"MTIzNDU=","HPP_BILLING_STREET1":"RmxhdCAxMjM=","HPP_BILLING_CITY":"SGFsaWZheA==","HPP_SHIPPING_COUNTRY":"ODQw","AVSADDRESSRESULT":"TQ==","HPP_SHIPPING_POSTALCODE":"NTAwMDE=","AUTHENTICATION_VALUE":"QUprQkFXaDJOUUFBQUFmUGw0TXhkQUFBQUFBPQ==","HPP_BILLING_POSTALCODE":"VzUgOUhS","ECI":"MDU=","HPP_BILLING_COUNTRY":"ODI2","MESSAGE_VERSION":"Mi4xLjA=","BATCHID":"ODY2OTA5","XID":"","SHA1HASH":"Yjc4NzdjMDEzYTAyY2I4YzRkYjBhOTFjY2I3NmU5ZDlmOWM2ZDM1YQ==","HPP_SHIPPING_CITY":"Q2hpY2Fnbw==","ORDER_ID":"NHFSR19zWHBWMEtXUkFWUGRTdzhOQQ==","BILLING_CO":"ODI2","HPP_SHIPPING_STATE":"SUw=","HPP_CUSTOMER_EMAIL":"amFtZXMubWFzb25AZXhhbXBsZS5jb20=","RESULT":"MDA=","SHIPPING_CO":"ODQw","MERCHANT_ID":"IRemovedIT"}

I am testing 3d secure payments with the bank (Russian Alfabank) who calls Javascript "confirm" function on their challenge page when a customer clicks "Cancel payment". But because the challenge page is shown in iframe (lightbox or embedded display mode) the "confirm" function called from within the iframe always returns false and does nothing. As the result a customer can't click "Cancel payment" link.

It seems that the only way to make it working is to redirect to the bank's challenge page. Are there any plans to implement this display mode? Or may be there some workarounds?