All of my ARB silent posts are coming through as invalid. Looking at the dblog I see a silent post come through, and it appears to be formatted correctly.

Example below, some values sanitized. The order is the correct number, and the customer info matches up.

ARB Silent POST received for order 2648:
Array
(
    [x_response_code] => 1
    [x_response_reason_code] => 1
    [x_response_reason_text] => This transaction has been approved.
    [x_avs_code] => Y
    [x_auth_code] => 02013P
    [x_trans_id] => XXXXXXX
    [x_method] => CC
    [x_card_type] => MasterCard
    [x_account_number] => XXXXXX
    [x_first_name] => FNAME
    [x_last_name] => LNAME
    [x_company] => 
    [x_address] => XXX Some Lane
    [x_city] => CITY
    [x_state] => ST
    [x_zip] => 00000
    [x_country] => US
    [x_phone] => 
    [x_fax] => 
    [x_email] => name@email.com
    [x_invoice_num] => 2648
    [x_description] => Order 2648 -
    [x_type] => auth_capture
    [x_cust_id] => 346
    [x_ship_to_first_name] => 
    [x_ship_to_last_name] => 
    [x_ship_to_company] => 
    [x_ship_to_address] => 
    [x_ship_to_city] => 
    [x_ship_to_state] => 
    [x_ship_to_zip] => 
    [x_ship_to_country] => 
    [x_amount] => 29.99
    [x_tax] => 0.00
    [x_duty] => 0.00
    [x_freight] => 0.00
    [x_tax_exempt] => FALSE
    [x_po_num] => 
    [x_MD5_Hash] => THISWASALEGITHASH
    [x_cvv2_resp_code] => 
    [x_cavv_response] => 
    [x_test_request] => false
    [x_subscription_id] => 33939392
    [x_subscription_paynum] => 1
)

But every time the next message in the log is "Invalid ARB payment notification received."

If I look at the "admin/store/orders/recurring" page, I see orders that have the next billing date in the past.
The card does get charged, but something is preventing the module from updating the order. Since the order doesn't get updated, the purchased roles don't get reapplied.

Any advice you can give me would be greatly appreciated.

Ubercart 7.x-3.0

Comments

univate’s picture

univate CreditAttribution: univate commented
Project: UC Recurring Payments and Subscriptions » Ubercart
Version: 7.x-2.0-alpha2 » 7.x-3.x-dev
Component: Gateway Integration » Code

This code is in ubercart, that error appears to be the check if the MD5 hash is correct

    // Compare our expected MD5 Hash against what was received.
    $md5 = strtoupper(md5($login_data['md5_hash'] . $_POST['x_trans_id'] . $_POST['x_amount']));

    // Post an error message if the MD5 hash does not validate.
    if ($_POST['x_MD5_Hash'] != $md5) {
      watchdog('uc_authorizenet', 'Invalid ARB payment notification received.', array(), WATCHDOG_ERROR);
    }
longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented
Status: Active » Postponed (maintainer needs more info)

The code quoted above correctly implements the MD5 Hash feature as described at http://support.authorize.net/authkb/index?page=content&id=A588&actp=LIST...

Are you sure you have your MD5 Hash values entered identically in the Ubercart settings and the Authorize.Net merchant interface?

thechanceg’s picture

thechanceg CreditAttribution: thechanceg commented

Yes. The MD5's are the same.

I even reset the Auth.net ones and I am still seeing the same error.

thechanceg’s picture

thechanceg CreditAttribution: thechanceg commented
Version: 7.x-3.x-dev » 7.x-3.0

I just noticed univate updated this to the wrong version of UC.

I am actually running 7.x-3.0.

longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented

So are you using this with recurring payments? Does this happen on all orders, or only the recurring ones? Has Authorize.net ever worked successfully for you?

thechanceg’s picture

thechanceg CreditAttribution: thechanceg commented

This only happens on ARB recurring payments.

Authorize.net works fine for one-off payments. ARB is mostly working, the cards get charged successfully, UC just never hears about it to update the order because the silent posts are coming across as invalid.

thechanceg’s picture

thechanceg CreditAttribution: thechanceg commented
Status: Postponed (maintainer needs more info) » Active
longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented
Status: Active » Postponed (maintainer needs more info)

I don't use this feature, but the documentation I found says you simply hash the secret MD5 Hash Value, along with x_trans_id and x_amount from the POST data, which is exactly what the code already does; it doesn't mention anything special about recurring payments. The code does have a note "TODO: Modify the MD5 hash to accommodate differences from AIM to ARB" but it's not obvious what this modification needs to be.

http://www.authorize.net/support/ARB_guide.pdf
http://support.authorize.net/authkb/index?page=content&id=A588&pmv=print...

If you or anyone can shed any more light on this, please do!

ucf713’s picture

ucf713 CreditAttribution: ucf713 commented

Any update on this?

longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented

To fix this, someone from the community who uses recurring transactions and this ARB feature to either dig into the code and figure out why the hash is incorrect, or contact Authorize.Net support and discover the correct hash calculation to use in this situation.

longwave’s picture

longwave
he/him
Primary language English
Location UK
CreditAttribution: longwave commented
Category: support » task

This isn't a bug or a support request, but we can fix this in Ubercart core if someone provides the correct information.

TR’s picture

TR CreditAttribution: TR commented
Version: 7.x-3.0 » 8.x-4.x-dev
Issue summary: View changes

Bumping forward. Still need community input here.