My organization has a Payflow Pro account that I want to use with Commerce. Is there currently a way to use Payflow Pro with Commerce PayPal, and if not, how hard would it be to modify the module to do so? I'm a beginner with PHP, but I did notice that you reference Payflow Pro in commerce_payflow.module:

/**
* Returns the URL to a Payflow Pro API server.
*
* @param $mode
* Either 'test' or 'live' indicating which server's URL to return.
*
* @return
* The request URL with a trailing slash.
*/
function commerce_payflow_pro_server_url($mode) {
switch ($mode) {
case 'test':
return 'https://pilot-payflowpro.paypal.com/';
case 'live':
return 'https://payflowpro.paypal.com/';
}
}

I have tried the Commerce Payflow Pro module (https://drupal.org/project/commerce_payflow_pro) and it does work, but it doesn't use Transparent Redirect, which is a requirement for our PCI compliance. I've considered rewriting the module to use Transparent Redirect, but like I said, I'm not very good with PHP yet.

If you have any advice on how to proceed I would really appreciate it. Thanks.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

bgilhome’s picture

I've made a quick & dirty implementation of PayflowPro using Transparent Redirect. It's implemented as one of the redirect modes ('pro') for current Payflow Link payment method. A credit card details form is served on the 'Off-site payment redirect' checkout pane (which is prevented from automatic redirect in this case). The form is altered so the #action is the appropriate Payflow Link server, contains hidden fields for SECURETOKEN, SECURETOKENID, and credit card fields are renamed to match the Payflow expected name/value pairs.

On successful redirection back from Payflow, a hook_commerce_checkout_complete was used to manually fire commerce_payflow_link_redirect_form_validate and commerce_payflow_link_redirect_form_submit functions (which log payment and invoke relevant commerce events) since the form was never submitted through Drupal.

Tested successfully with a test Payflow account.

bgilhome’s picture

merzikain’s picture

Did you copy the commerce_paypal module or the commerce_payflow_pro module for your patch?

bgilhome’s picture

I'm pretty sure I got the idea of embedding commerce_payment_credit_card_form in the off-site redirect pane from commerce_payflow_pro but I think the rest is custom code, based on PayPal's docs about Payflow key/values.

EDIT: Oh I see what you mean, the patch applies to the commerce_payflow module within commerce_paypal (7.x-2.x-dev)

bgilhome’s picture

I've noticed that 'test' mode transactions using test credit card details (4xxx-xxxx-xxxx-xxxx) return status 126 = 'Pending fraud investigation' from Payflow. Currently the code sets the order to COMMERCE_PAYMENT_STATUS_PENDING. I've added a check for transaction mode so test mode status 126 transactions get marked complete. Updated patch attached.

bgilhome’s picture

FileSize
6 KB

Oops, should keep status successful if status == 126 and mode != 'test'.

bgilhome’s picture

Need to add a order status = success inside the txn status = 126 conditional. Updated patch attached.

bgilhome’s picture

Also, commerce_checkout_router is not called for the redirect page (which we're dirtily using to house a credit card form for payflow) - so if a user completes payment and click back, they get the credit card form again. Although they shouldn't get double billed if we use the patch in https://www.drupal.org/node/2403691, it's a UX problem. I've made a quick and dirty fix for now by copying the URL/order check code from commerce_checkout_router. Perhaps it'd be better to put the Payflow cc form in a different (perhaps new) pane.

EDIT: the problem is not a router issue, looks to be a browser caching issue. I've disabled browser caching for the payment page by adding headers via hook_commerce_checkout_router, but it might be more appropriate somewhere else - maybe as part of commerce module?

function mymodule_commerce_checkout_router($order, $checkout_page) {
	if ($checkout_page['page_id'] == 'payment') {
		// Add no-store in Cache-Control.
		drupal_add_http_header(
		  'Cache-Control', 
		  'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 
		  FALSE
		);
		// Hack for Safari
		drupal_add_js('jQuery(window).unload(function(){});', array('type' => 'inline'));
	}
}
bgilhome’s picture

bgilhome’s picture

Another small patch to check 'redirect_mode' key exists in $payment_method['settings'] to avoid php notices.

bgilhome’s picture

Status: Active » Needs review
Deciphered’s picture

Status: Needs review » Needs work

Please don't break an issue into multiple patches, the last patch in the issue should be standalone, not reliant on earlier patches in the same issue.

Needs re-roll.

Exploratus’s picture

Whats the status of this?

bgilhome’s picture

I'll re-roll the patch on Monday.

bgilhome’s picture

Here's a patch that accumulates all the above patches, from 7.x-2.x-dev. Adds support for payflow pro with transparent redirect by embedding a credit card form in the checkout payment redirect page - perhaps a better method would be to add a new checkout page, or ajax replace the payment method form on selecting credit card. Also includes some curl options intended for better reliability of transactions, and duplicate transaction checking using paypal's DUPLICATE key (see https://www.drupal.org/node/2403691).

Exploratus’s picture

Has anybody got this running successfully?