transferuj.pl integration with Payment API. After installing you will be able to add new transferuj.pl payment method. You can use it with any module that is using Payment API for its payments, for example:
- Ubercart with Payment for Ubercart
- Drupal Commerce with Payment for Drupal Commerce
- Webform with Payment for Webform
And more. See Payment for more information.
The module should be releaseable, there is a little more work to do on special "chargeback" functionality of transferuj.pl API, but this functionality has to be specifically requested and is not a default part of transferuj.pl API. I took a lot of inspiration from ogone module, and wanted to learn a Payment API on the way, so I think I will make a few more integrations of this kind in future.
Sandbox path: https://www.drupal.org/sandbox/luken/2319145
Git Clone Url:
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/luken/2319145.git
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxluken2319145git
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
Luke_Nuke CreditAttribution: Luke_Nuke commentedCleaned up code a bit, reducing pareview.sh errors to 1, that I cannot fix as I need to use a variable without camelCase as it is a part of Payment API.
Comment #3
Luke_Nuke CreditAttribution: Luke_Nuke commentedI'm also providing links that should make review easier:
Comment #4
Luke_Nuke CreditAttribution: Luke_Nuke commentedComment #5
er.pushpinderrana CreditAttribution: er.pushpinderrana commentedCorrected Git Clone URL.
Comment #6
er.pushpinderrana CreditAttribution: er.pushpinderrana commented@Luke_Nuke, thank you for your work.
Automated Review
Best practice issues identified by pareview.sh / drupalcs / coder. Few minor issue.
Manual Review
transferuj_pl_form_redirect
function you are directly using<script>
tag.This is not a recommended approach to use
<script>
tag directly in your code, do it in another way, make sure to read https://www.drupal.org/node/756722 again.transferuj_pl_verify_access
function again using $_POST directly and also using md5() that should not be used for anything security related. You should use drupal_hmac_base64() instead. Can you just use drupal_get_token() instead?class TransferujPlPaymentMethodController
contains some constant values like IP and redirect URL, can you add some comment on these. Can;t we manage this information through admin?public function validate(Payment $payment, PaymentMethod $payment_method, $strict) {
don't contains any body, if it require mention this in To Do list or remove it.TransferujPlPaymentMethodController.inc
file, as mentions above, better to avoid md5() and use other function.transferuj_pl.pages.inc
code need to be improved. Like you can use #attached to add your js code. Sanitize $_POST array before using in your code, make sure to read https://www.drupal.org/node/28984 again.The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
Please don't remove the security tag, we keep that for statistics and to show examples of security problems.
As I am not a git administrator, so I would recommend you, please help to review other project applications to get a review bonus. This will put you on the high priority list, then git administrators will take a look at your project right away :-)
Thanks Again!
Comment #7
Luke_Nuke CreditAttribution: Luke_Nuke commentedThank you very much for your review! All good points.
Commerce Transferuj.pl is a payment method made specifically for Drupal Commerce, and is using Drupal Commerce API. My module, as stated in the description, is made on top of Payment API, which make it usable with Drupal Commerce, but also with anything else that is using Payment API. Because we are aiming at different APIs, I'm not considering my module a duplicate.
Thank you for this template. I updated README.txt accordingly.
Secure code
Fixed. Fixed. This md5 sum is a part of transferuj.pl API, so I cannot do anything about this unfortunately. Coding style & Drupal API usage Documented those variables. The link where we redirecting payers is unchangable by the terms of transferuj.pl API, the array with IP is an array of IPs from which we are accepting transactions verification requests. To be honest, I'm not yet sure where to expose this, I guess it is a TODO. Removed. I don't know how should I sanitize it. It is trusted data from transferuj.pl, verified by the md5sum, on heavy guarded page. I could use regexes to ensure that data have always the same pattern but on the otherhand - some of those parameters are not quaranteed to have the same pattern always (like transaction ids), so I think we shouldn't be too picky about this, because we cannot do too much.Comment #8
Luke_Nuke CreditAttribution: Luke_Nuke commentedRaising status because two months have passed.
Comment #9
Luke_Nuke CreditAttribution: Luke_Nuke commentedI'm closing this and will try with simpler - non third party module, that would be easier to review.
Comment #10
apaderno