maxmind / minfraud-api-php Goto Github PK

The current MinFraud implementation is very hard to test (in our test suites with PHPUnit). We are forced to create a class that inherits from MaxMind\MinFraud but disables the constructor.

It would be very helpful if some MinFraudClientInterface could be created thus making MaxMind\MinFraud implement it. We could then use this in our tests to easily create a mock object.

Now report transaction api in master
https://github.com/maxmind/minfraud-api-php#report-transaction-example

Would you add to the stable version?

It seems that on certain international locale settings (german)
the riskscore is returned as xx,yy instead of xx.yy and is so creating problems.

in the same script just one line later (so same language/locale settings) I echoed 5/2 and got 2.5 (!! with the decimal dot)

php 7.4.15
centos 7
installed with composer latest update

Hi,

Maxmind servers were down for a while tonight, pointing to us that the connection timeout of the underlying http request is quite long, hence generating delays to our users in this particular downtime case.

I had to dig into the code of the webservice-common repository to find about connectTimeout. Would be great to have that documented somewhere here :-)

Error message:
Argument 2 passed to MaxMind\WebService\Client::handleResponse() must be of the type string or null, boolean given, called

Installed latest minfraud (v1.16), web-service-commin (v0.8.0)

Hi,

MinFraud class is stateful as information is not reset/cleaned between requests, which will cause an unexpected behavior if you do batch calling.
For example constructing request conditionally: omitting or adding data to the request populates the internal $content field. Once insights() or score() is called the internal content of the field is not cleared, but the data is not needed anymore.
So data persists between calls and can bleed from one request to the other if not overriden by appropriate with*() call before next call to score().

would be good to have a method to reset state between calls

I must be thick headed this morning but for the life of me I cannot figure out how to add multiple items for withShoppingCartItem on an immutable object. So I have an order with 3 products. Based on what I am finding I must call withShoppingCartItem 3 times within the same object request (not separate) in order for all the data to be in 1 object. However, I have to do a loop from the database for the products to get all the info and cannot figure out how to loop through the multiple products while at the same time adding it to the same request to create the minFraud object.

Any help would be appreciated.

Hi guys,

I was just wondering if Kosovo's country code (XK) is supported by Minfraud. We have some shipping / billing addresses we would like to pass.

Hi,

When MaxMind has plan to provide stable Insight minFraud service as it is still beta?

After switching to PHP 8.2 from PHP 7.4 in a log file appeared follow notices:

PHP Deprecated: Creation of dynamic property MaxMind\MinFraud\Model\Disposition::$rawResponse is deprecated in /var/www/vhosts/httpdocs/vendor/maxmind/minfraud/src/MinFraud/Model/AbstractModel.php on line 24
PHP Deprecated: Creation of dynamic property MaxMind\MinFraud\Model\ScoreIpAddress::$rawResponse is deprecated in /var/www/vhost/httpdocs/vendor/maxmind/minfraud/src/MinFraud/Model/AbstractModel.php on line 24

I could be doing this incorrectly so I apologize if I am in error...
I am trying to turn off the validation and just return a default score if nothing is returned so that it does not stop my process.

$mf = new MinFraud(1,'xxx',['validateInput' => false]);

above is how i tried to set the options... I still get a private ip address error in dev ...

OpenSSL 1.0.2h 3 May 2016
OS X 10.11.5
PHP 5.6.16
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5

The ca.pem included in the Client is generating an SSL verification error. Disabling the cacert curl opt works but there is no way of doing this without forking the project. Any ideas?

The Minfraud class uses a fluent interface in which an object is returned from most methods, so you could chain method calls one after the other as is shown in the usage example.

Normally, an implementation of this in PHP would return the calling object ($this), but in this implementation a new object is cloned from the original and returned instead.

This causes unexpected behavior to happen if you do happen to have breaks in method calls, which is very common when working with real data that needs to be massaged into what Minfraud expects. For example, when I do this:

           $mf = new MinFraud($this -> _userID, $this -> _key);
           $request = $mf->withDevice([
		'ip_address' => $ip,
		'user_agent' => $_SERVER['HTTP_USER_AGENT'],
		'accept_language' => $_SERVER['HTTP_ACCEPT_LANGUAGE']
	]);
	

	$parts = explode(' ',$data['name']);
	$addressFields = [
		'first_name'         => $parts[0],
		'last_name'          => $parts[1],
		'address'            => $data['address_street'],
		'address_2'          => $data['address_street2'],
		'city'               => $data['address_city'],
		'country'            => $data['address_country'],
		'postal'             => $data['address_zip'],
		'phone_number'       => $data['phone'],
	];
	if(isset($data['address_state'])) {
		$addressFields['region'] = $data['address_state'];
	}
	$request ->withBilling($addressFields);

The withBilling() call doesn't actually modify the original $request object I created initially. I would have to reassign it every time I call a method that adds data to the minfraud request object.

I fixed this by removing the cloning of the request object in the validateAndAdd() and withShoppingCartItem() and instead operating on the $this scope and returning it, but it would be best if that's how the official library behaved as well.

Is there an easy way to get a JSON representation of all the data that comes back from the server? I'd like to store it in a database for reference and manipulation at a later date.

I feel like the raw post response could just be allowed for export or implementing something like this: http://php.net/manual/en/jsonserializable.jsonserialize.php

Good morning,

We are using a daemon to execute API calls to to MinFraud. To reduce overhead, we would like the TCP connection to be re-used between API calls.

Would you accept a pull request that will change the \MaxMind\WebService\Http\CurlRequest class to add a private static to keep the cURL resource between requests.

The PR would also bump the minimum PHP version to 5.5 because it will require the curl_reset function to be used.

We encountered this behavior after upgrading from MinFraud 1.x to 3.x

IMO the user_agent value should be extracted/removed from the $values array regardless of whether a session_id exists.

see

According to the minFraud API documentation the Order and Shopping Cart endpoints both state "The value must be at least 0 and at most 1e14 – 1."

However it appears this library validates for at least 1 due to the following line:

v::key('amount', v::floatVal()->min(0, false), false),

Which validates from a minimum of 0 non-inclusive.

Just to clarify, is the documentation correct in stating that a 0 amount is acceptable to send through to the API?

I'm using the demo published in https://packagist.org/packages/maxmind/minfraud in order to test minfraud service and I have the follow exception:

[Fri Dec 02 22:43:51.073898 2016] [:error] [pid 25934] [client 186.154.86.68:50646] PHP Fatal error: Uncaught MaxMind\Exception\PermissionRequiredException: You do not have permission to use this service interface in /var/www/public/demoetb/webtv/vendor/maxmind/web-service-common/src/WebService/Client.php:339\nStack trace:\n#0 /var/www/public/demoetb/webtv/vendor/maxmind/web-service-common/src/WebService/Client.php(290): MaxMind\WebService\Client->handleWebServiceError('You do not have...', 'PERMISSION_REQU...', 403, '/minfraud/v2.0/...')\n#1 /var/www/public/demoetb/webtv/vendor/maxmind/web-service-common/src/WebService/Client.php(194): MaxMind\WebService\Client->handle4xx(403, 'application/vnd...', '{"code":"PERMIS...', 'Factors', '/minfraud/v2.0/...')\n#2 /var/www/public/demoetb/webtv/vendor/maxmind/web-service-common/src/WebService/Client.php(116): MaxMind\WebService\Client->handleResponse(403, 'application/vnd...', '{"code":"PERMIS...', 'Factors', '/minfraud/v2.0/...')\n#3 /var/www/public/demoetb/webtv/vendor/maxmind/minfraud/src/MinFraud.php(345): MaxMind\WebService\Client->post('Factors', '/minfraud/v2.0/.. in /var/www/public/demoetb/webtv/vendor/maxmind/web-service-common/src/WebService/Client.php on line 339

User and license are corrects. I have already tested the service with java and the firewall is open. I'm using PHP 7.

I'm just getting started with this new API, and created a minFraud request that passes billing info with the withBilling() method.

When adding the region info (as entered in the payment form, valid for Stripe), it throws an exception: Uncaught MaxMind\Exception\InvalidInputException: region must be an ISO 3166-2 subdivision code.

This doesn't make much sense, as having customers from all countries makes impossible to map an entered region/state to an ISO 3166-2 code. That could be easy for US/CA and other well known countries, but for others, like mine (Uruguay) I have no database to match the entered region to an ISO 3166-2 valid code.

That matching should be done by MaxMind server side... throwing the exception only leaves me with one option, not passing region data to the request...

Is there any solution for this?

It seems I can sign up for https://sandbox.maxmind.com.
I am getting this error. What if the sandbox site prefixes the keys with test or sandbox just like Stripe does?
Error: Your account ID or license key could not be authenticated.
.. or maybe introduce withSandbox() method or something

We are hitting a memory exhausted exception every time we queue up a request. The server has 128MB available to PHP.

//Laravel

use GeoIp2\WebService\Client;
use MaxMind\MinFraud;

function makeMinFraudCall($ip, $order) {
        
         try {
            
            $mf = new MinFraud(env('MAX_MIND_ACCOUNT_ID'), env('MAX_MIND_LICENSE_KEY'));
            
            $request = $mf->withDevice([
                'ip_address'  => $ip,
                'user_agent'  => $order->client_details->user_agent,
            ])->withEvent([
                'transaction_id' => $order->order_number,
                'shop_id'        => $order->app_id,
                'type'           => 'purchase',
            ])->withEmail([
                'address' => $order->email,
            ])->withBilling([
                'first_name'         => $order->billing_address->first_name,
                'last_name'          => $order->billing_address->last_name,
                'address'            => $order->billing_address->address1,
                'address_2'          => $order->billing_address->address2,
                'city'               => $order->billing_address->city,
                'region'             => $order->billing_address->province_code,
                'country'            => $order->billing_address->country_code,
                'postal'             => $order->billing_address->zip,
            ])->withShipping([
                'first_name'         => $order->shipping_address->first_name,
                'last_name'          => $order->shipping_address->last_name,
                'address'            => $order->shipping_address->address1,
                'address_2'          => $order->shipping_address->address2,
                'city'               => $order->shipping_address->city,
                'region'             => $order->shipping_address->province_code,
                'country'            => $order->shipping_address->country_code,
                'postal'             => $order->shipping_address->zip,
            ])->withOrder([
                'amount'           => $order->total_price,
                'currency'         => $order->currency,
            ]);
                                 
            return $request;    
        }
        
        catch(\Exception $exx)
        {
            Log::debug(print_r($exx,true));
            return array();
        
        }
        
    }

//Called Elsewhere As:

$maxMind = new MaxMind;
 
$record = $maxMind->makeMinFraudCall($ip, $order);
       
return response()->json($record);

Error:

production.ERROR: Allowed memory size of 134217728 bytes exhausted (tried to allocate 98570240 bytes) {"exception":"[object] (Symfony\\Component\\Debug\\Exception\\FatalErrorException(code: 1): Allowed memory size of 134217728 bytes exhausted (tried to allocate 98570240 bytes) at /app/app/Http/Controllers/MaxMind.php:282)

The line in question is the catch on the exception handling.

Hello

This is not really an issue per say, more of a plea for further documentation examples and some help.

I'm currently trying to understand how I can access all of the data that I am getting back from a response

With,

$mf = new MinFraud($this->id, $this->key);

$request = $mf->withDevice([
    'ip_address' => $data->ip_address,
    'user_agent' => $data->user_agent,
])->withEmail([
    'address' => $data->address,
    'domain'  => $data->address_domain,
])->withBilling([
    'first_name' => $data->first_name,
    'last_name'  => $data->last_name,
]);

$response = $request->insights();

I do not understand why I cannot simply access, say, the latitude of the IP Address with:

$response->ipAddress->location->latitude or $response->ipAddress->location['latitude']

For a simpleton like myself I just need that extra bit of assistance / documentation on how to access and store this information.

Is there a method to get data by key? Is this a free trial account limitation, or.. ?

Cheers!

As PHP 7 was released I tried launching a project that includes maxmind/minfraud, however the thrown expection is as it follows:

Fatal error: Cannot use 'String' as class name as it is reserved in vendor/respect/validation/library/Rules/String.php on line 4

minfraud depends on respect/validation which already fix this. Maybe some update?