Synopsis
This module uses PHP veritrans payment gateway library and provide integration with Drupal Ubercart module.
This module allow site administrator to override the default success and error page.
Requirements
php_curl extension is needed. Detail information of installing curl extension can be found here
For Developer
i. Sandbox account can be created at https://my.sandbox.veritrans.co.id/login
ii. To check the response from veritrans server enable the debug mode from veritrans settings page.
Project Page
https://www.drupal.org/sandbox/chandan.chaudhary/2399385
Git Link
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/chandan.chaudhary/2399385.git ubercart_veritrans
cd ubercart_veritrans
Project Reviewed
https://www.drupal.org/node/2411651#comment-9549065
https://www.drupal.org/node/2408539#comment-9568839
https://www.drupal.org/node/2326223#comment-9568435
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
Peter MajmeskuAutomated Review
[Best practice issues identified by pareview.sh.]
FILE: /var/www/drupal-7-pareview/pareview_temp/ubercart_veritrans.install
--------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
--------------------------------------------------------------------------------
5 | ERROR | There must be no blank lines after the function comment
--------------------------------------------------------------------------------
Manual Review
The module only checks for requirements for a webservices and introduces database tables for it. Since the database tables are there, the logic can be also keps on the local site. Also this seems to be quite risky for security, since the website maintainer knows so less about the functionality behind the database table logic.
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #3
Peter Majmesku* status update *
Comment #4
Nitesh Pawar CreditAttribution: Nitesh Pawar commentedComment #5
Nitesh Pawar CreditAttribution: Nitesh Pawar commentedComment #6
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedHi jepSter,
I have removed the table and no longer saving the IPN details.
Also if site admin can enable the debug setting form this page 'admin/store/settings/payment/method/vt_web' to watchdog the IPN details.
Thanks
Chandan
Comment #7
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedComment #8
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxchandanchaudhary23993...
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #9
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedResolved the errors reported by automated review tools.
Comment #10
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedDid some review of other drupal modules, Adding '+PAReview: review bonus' tag
https://www.drupal.org/node/2411651#comment-9549065
https://www.drupal.org/node/2408539#comment-9568839
https://www.drupal.org/node/2326223#comment-9568435
Comment #11
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedCorrecting tags..
Comment #12
klausifixing tag. Please add your reviews to the issue summary.
Does not look like an actual security issue was identified here?
Comment #13
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedComment #14
Sagar Ramgade CreditAttribution: Sagar Ramgade commentedAutomated Review
Review of the 7.x-1.x branch (commit 2e70428):
No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #15
TR CreditAttribution: TR commentedNone of these issues should block approval:
Instead of checking the PHP version in your hook_requirements(), you should do it in your .info file. See
https://www.drupal.org/node/542202#php
I don't think you need to check for the json_decode() in your hook_requirements, because json_decode() is always present if PHP version is > 5.2.0, so the check on the PHP version is sufficient. Regardless, consider using drupal_json_decode() instead of the PHP function.
In your hook_uninstall(), it is much better to use variable_del() rather than db_delete(). If you insist on using db_delete(), then you must invoke cache_clear_all('variables', 'cache_bootstrap'); after the db_delete().
I suggest your debug variable should default to FALSE - right now you are turning on debugging by default when the module is installed. I think that is bad practice, because the admin might not notice that debugging is on and might be saving/displaying debug information unintentionally by default.
You still have several spelling mistakes - you should run a spell checker on your code. These are a few I found:
'Unfinsih Url'
'Finsih Url'
'Debugg'
Ubercart already provides a mapping between the 2-character and 3-character ISO 3166 country codes using the Ubercart API function uc_get_country_data(). You do not need to have your own .data.inc file for this data. Using the Countries module, as a previous reviewer suggested, is overkill. (The Countries module is not an Ubercart dependency because the Countries module doesn't supply all the country data needed by Ubercart, and didn't even provide the minimal necessary data at the time Ubercart D7 was released. It has improved dramatically in the past 4 years, but it still lacks some necessary information.)
Comment #16
TR CreditAttribution: TR commentedTo address the previous reviewer's suggestion:
Note that writing tests for web services like payment methods is extremely problematic because any reasonable tests would need to make live API calls to the web service, which requires API credentials built into the test functions and to be distributed as part of the module. Obviously that is only possible if there are generic 'test' credentials that can be made publicly visible and distributed with the module. In my experience, payment providers almost NEVER have public test credentials - all credentials, even test ones, are private and owned by each individual user. Because of this, the Veritrans API itself can't be tested with Simpletest - the only thing that can be tested is the payment process, and that is tested in core Ubercart.
Comment #17
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedThanks Sagar & TR for reviewing the project.
I have implemented all the changes as suggested.
Comment #18
klausimanual review:
Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #19
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedComment #20
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedHi klausi,
- I have updated the project page with details information about the requirement, installation and usage, hope this will give clear understanding of this project.
-I have also updated the code as suggested by you. The IPN call is now protected, i am checking the validity of the order by making a request to veritrans and cross checking the transaction_id.
Thanks
Chandan
Comment #21
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedComment #22
klausiproject page is till too short, please update https://www.drupal.org/sandbox/chandan.chaudhary/2399385
Comment #23
Nitesh Pawar CreditAttribution: Nitesh Pawar commentedHi Kalusi,
Thanks for your valueble comment.
I have updated project page.
Comment #24
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedProject Reviewed
https://www.drupal.org/node/2574025#comment-10522010
https://www.drupal.org/node/2607030#comment-10522388
https://www.drupal.org/node/2607030#comment-10522476
Comment #25
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedComment #26
klausifixing tags.
Comment #27
klausiThank you for your reviews. Please add all of them to the issue summary so that we can better track them.
Review of the 7.x-1.x branch (commit a3f69bc):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
manual review:
But otherwise looks good to me now. Assigning to patrickd as he might have time to take a final look at this.
Comment #28
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedHi klausi,
Thanks for your comment
#1 Yeah, I agree with you on sanitizing the error message to be on safer side. (I will update this change to the repo. )
#2 I have given the website owner the flexibility to add there own Success / Error page. So that's why i left it with a simple message stating its purpose.
Thanks
Chandan
Comment #29
klausino objections for a week, so ...
Thanks for your contribution, chandan.chaudhary!
I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.