I'd like to add the more-secure accept.js library for processing transactions to Authorize.net. I'm envisioning this as a checkbox on the settings form (checked by default) with an explanation like this:

Use Accept.js
Minimize your PCI compliance by sending payment data directly to Authorize.Net. This option ensures that payment data will not reach your server.

CommentFileSizeAuthor
#8 authorizenetwebform-D7-add_support_for_acceptjs-2852689-8.patch12.92 KBhosef
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jenlampton created an issue. See original summary.

  • jenlampton committed 19ed324 on 7.x-1.x 
    Issue #2852689: Add a setting for using the javascript API.

  • jenlampton committed 80342bc on 7.x-1.x 
    Issue #2852689: Remember to remove the new variable on uninstall.

  • jenlampton committed 521ec12 on 7.x-1.x 
    Issue #2852689: Remember to remove the new variable on uninstall. No...

  • jenlampton committed d311edf on 7.x-1.x 
    Issue #2852689: Add a new variable for Public Client Key, clean up admin...

  • jenlampton committed 2fdf121 on 7.x-1.x 
    Issue #2852689: Move admin settings form and associated functions into a...

  • jenlampton committed 4905884 on 7.x-1.x 
    Issue #2852689: Remove #states on transaction ID, that's required even...
hosef’s picture

hosef CreditAttribution: hosef commented
Status: Active » Needs review
FileSize
authorizenetwebform-D7-add_support_for_acceptjs-2852689-8.patch12.92 KB

Here is a patch against the accept branch that:

  • Makes sure that there is a Transaction ID field and notifies the user if there is not
  • Adds basic validation for the important fields using the errors returned from the Accept object
  • Obfuscates the credit card data and fills in important transaction details to send back to the server
  • Fixes several PHP notices on newer versions of PHP
jenlampton’s picture

jenlampton
she / her
CreditAttribution: jenlampton at Jeneration Web Development for KVMR Public Radio commented
Version: 7.x-1.x-dev » 7.x-2.x-dev

Thanks for this patch @hosef.
I've got a working version of Accept.js in the 7.x-2.x branch. I have a few more things to update before it's ready for a release, but this is a great start!

jenlampton’s picture

jenlampton
she / her
CreditAttribution: jenlampton at Jeneration Web Development for KVMR Public Radio commented
Status: Needs review » Fixed

Okiedokie, I've got a working (stable?) version of the module using Accept.js ready for review if anyone wants to give it a try:
https://www.drupal.org/project/authorizenetwebform/releases/7.x-2.0-alpha1

Please report any issues as new issues in this queue :)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

tonytheferg’s picture

tonytheferg CreditAttribution: tonytheferg commented

Does this patch allow for option 2 from ?

Option 2: Embed our hosted, mobile-optimized payment information form in your page to collect the card information in a PCI-DSS SAQ A compliant way.