Use Accept.js to ease PCI requirements.

Based on my understanding, this is a critical issue for Authorize.net standard, where only communication is to be from the Customer to them:

As Authorize.net does not in any way their service to Ever be used where communication goes Anywhere else but from the customer to Authorize.net and then back to the server;

As standard exists to have the credit card data not to go through any in between server, and should be the standard option of an Auth.net module.

I'm also interested in switching to accept.js on a Drupal 7 commerce site. Is there another issue where that's being worked on already, or should I create one?

Having a look at this in a sprint...

Started some work on this at https://github.com/drupalcommerce/commerce_authnet/pull/2 still need to refactor the js and update the tests. Any feedback are welcome.

Fixed the issues raised in the PR review. Changed the SDK lib version in ludwig.json to beta2.

Could you have a look, @nikathone?

+++ b/src/Plugin/Commerce/PaymentGateway/AuthorizeNet.php
@@ -193,26 +223,37 @@ class AuthorizeNet extends OnsitePaymentGatewayBase implements AuthorizeNetInter
+    $transaction_request->addOrder(new OrderDataType([
       'invoiceNumber' => $order->getOrderNumber(),
     ]));

Maybe shouldn't be fixed here, but this is likely to be NULL. See #2918851: invoiceNumber is null

Just removing the already commented 'state' => $address->getAdministrativeArea(), line.

@czigor I applied the patch #17 but it is giving an error

Notice: Undefined index: customer_email in Drupal\commerce_authnet\Plugin\Commerce\PaymentGateway\AuthorizeNet->doCreatePaymentMethod() (line 489 of modules/contrib/commerce_authnet/src/Plugin/Commerce/PaymentGateway/AuthorizeNet.php)

I am also getting a warning Unsupported credit card type "XXXX1111". I am using a sandbox authorize.net account. I don't know whether I am missing some setting, or the patch is not working.

Okay. So I figured the error in #18. I am using a custom payment pane and that is why it is unable to get the provided email id.

Re: #19 I noticed that $owner is the current order's user. I am trying to do anonymous checkout, and in that case it is empty.

There might be a better way to get the email provided during checkout, that would be independent of the payment pane.

Re: #20

I am getting confirmation mails from ADN that the payment has been approved. So it looks like the patch is partially working. Is able to trigger the payment, but somehow the patch is unable to catch the correct reponse and throwing the warning? Maybe.. due the custom payment pane that I am using this is happening.

Sorry 2.x version of what? I checked that there is only 1.x of commerce_authnet available.

Vanilla seems fine. It worked fine with the default checkout panes.

Subhojit, the issue appears to be from overriding the payment_information and contact_information panes. Drupal\commerce_authnet\PluginForm\AuthorizeNet\PaymentMethodAddForm::submitCreditCardForm() uses the IDs of the original panes.

The accept.js feature has been recently updated by Authorize.net to include using the javascript with the hosted form. I am wondering if we shouldn't update our js to use this approach instead since the hosted form sample response object:

{
  "opaqueData": {
    "dataDescriptor": "COMMON.ACCEPT.INAPP.PAYMENT",
    "dataValue": "eyJjb2RlIjoiNTBfMl8wNjAwMDUzNUE1OTkzREQ1NEM1NzY0OTgwNTZDQzY5MEVBRjY5MTU3RjBEQThEMjU2N0EyQkUwMUNBNzQ5QkY0ODRDMTgyMjRGN0IzMEE4REI2MUJDQUI1NDMxMTZCNzkwOUM3OUMwIiwidG9rZW4iOiI5NTA3OTE3MzE1NTg5OTYzOTA0NjA0IiwidiI6IjEuMSJ9"
  },
  "messages": {
    "resultCode": "Ok",
    "message": [{
      "code": "I_WC_01",
      "text": "Successful."
    }]
  },
  "encryptedCardData": {
    "cardNumber": "XXXXXXXXXXXX1111",
    "expDate": "12/22",
    "bin": "411111"
  },
  "customerInformation": {
    "Ellen": "",
    "Johnson": ""
  }
}

include some of the fields I was struggling to get when doing the initial patch.

As per the patch in #17 if there is any error in the payment, then instead of showing the error it throws more errors like this:

Notice: Undefined index: #parents in Drupal\Core\Form\FormState->getError() (line 1112 of core/lib/Drupal/Core/Form/FormState.php).

I tried adding a #parents to the credit card elements but it does not seem to work.

This patch prevents error

Notice: Undefined index: #parents in Drupal\Core\Form\FormState->getError() (line 1112 of core/lib/Drupal/Core/Form/FormState.php).

showing up if any error occurs during payment.

High five to Shawn McCabe https://www.drupal.org/u/smccabe for helping me.

Added code to clear values on submit, as well as a little documentation explaining why.

Looks good from here.

Thank you, everyone!

Our site is running on Drupal 8.5.4 and the Commerce version of 8.2.6.

The JS library from the authorized.net is loaded into the site. (For sandbox account).
<script src="//jstest.authorize.net/v1/Accept.js" charset="utf-8"></script>

But we are seeing the error in the console.
"E_WC_01: Please include Accept.js library from cdn".

Any assist in this will be really appreciated.

Same here: "Please include Accept.js library from cdn." Is it necessary to upload the Accept.js file to my libraries? If so, what is the proper directory structure? This module has no readme file, so this is a bit confusing.

Not sure if this is a helpful answer, but here goes: I'm still running rc1, required via my project's composer.json. Here is a path to some accept code: /modules/contrib/commerce_authnet/js/commerce_authnet.accept.form.js. I may be wrong, but seems to me this is the only Accept.js code needed?