While troubleshooting an issue with cards being declined, I realized there's currently no function for logging the API request or response with PayFlow (makes sense, since I created the original plugin and don't recall adding that feature). It'd be helpful if API requests and responses could be logged to a logger channel.

Not sure what makes the most sense between having a logger already available from a base class or injecting a new logger directly in the PayFlow class.

Does Payments Pro offer any kind of API logging options? If not, should it have the same modifications made?

I can probably submit a patch once I determine the best way forward.

CommentFileSizeAuthor
#11 commerce_paypal-api_logging-2873129-11.patch9.14 KBthemic8
#5 commerce_paypal-api_logging-2873129-5.patch8.25 KBbmcclure
#4 commerce_paypal-payflow_logging_support-2873129-4.patch4.55 KBbmcclure
#2 Add-API-logging-options-to-PayFlow-Gateway-2873129-2.patch5.28 KBkamkejj
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

bmcclure created an issue. See original summary.

kamkejj’s picture

kamkejj CreditAttribution: kamkejj as a volunteer commented
FileSize
Add-API-logging-options-to-PayFlow-Gateway-2873129-2.patch5.28 KB

Here's a patch to add some logging to Payflow with options to enable or disable the logging from the Payflow edit config page. Injects the logging in Payflow since it didn't look the payment module has any logging either.

bmcclure’s picture

bmcclure CreditAttribution: bmcclure as a volunteer and at Top Floor commented
Status: Active » Needs work

The patch works for me.

I noticed one issue while using this so far, the API response always seems to be "200 OK" no matter what PayPal's actual response is, so it might just be using the HTTP result code instead of the actual API response at the moment.

I'm looking a bit more into what would be best to print out from the response now.

bmcclure’s picture

bmcclure CreditAttribution: bmcclure as a volunteer and at Top Floor commented
FileSize
commerce_paypal-payflow_logging_support-2873129-4.patch4.55 KB

Here's an updated patch that logs the actual request parameter array before it's converted to a string, and then logs the response after it's converted to an array, both using print_r. It's not pretty, but provides some additional detail for those who are troubleshooting.

Perhaps a warning should be provided however in the settings, that logging the request could potentially be logging plain text credit card information.

bmcclure’s picture

bmcclure CreditAttribution: bmcclure as a volunteer and at Top Floor commented
Status: Needs work » Needs review
Related issues: +#2932194: Add API logging support for Payflow gateway
FileSize
commerce_paypal-api_logging-2873129-5.patch8.25 KB

Here's an update to this functionality, pulled from a related issue's patch (and originally posted as a duplicate issue to this one by accident).

Note that this is the exact same patch as the one here: https://www.drupal.org/project/commerce_paypal/issues/2932194#comment-12...

George Bills’s picture

George Bills CreditAttribution: George Bills commented

> Perhaps a warning should be provided however in the settings, that logging the request could potentially be logging plain text credit card information.

I think using something like xdebug would prob be "safer" but at the least you'd want clicking "live" in that payment gateway config to hard disable this logging right?

bmcclure’s picture

bmcclure CreditAttribution: bmcclure as a volunteer and at Top Floor commented

I agree about xdebug, but I also think it is sometimes necessary to debug a payment issue on a non-development server which may not have xdebug available. Alternately, someone without PHP/xdebug knowledge might need to look into what the API response is if something is going wrong with payments, so I think logging options are still useful even though xdebug is a preferable debugging option when available.

I would be totally fine with force-disabling the logging options in Live mode or at least disabling the request logging. The request log is mainly useful during development because a malformed request probably means a bug in the code, and that's the one that contains sensitive CC information. But the response logging might still be useful in production in my opinion, as even with a proper-working site, PayPal's API response might contain something useful to troubleshoot a payment issue.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
CreditAttribution: mglaman at Centarro commented

I don't think we need verbosity. It should just be logging, which is intended only for dev. We can even review how the Authorize.net module handled this.

mglaman’s picture

mglaman
Primary language English
Location WI, USA
CreditAttribution: mglaman at Centarro commented

Oh, the verbosity setting is for Payflow itself?

bmcclure’s picture

bmcclure CreditAttribution: bmcclure as a volunteer and at Top Floor commented

Yes, I believe the verbosity setting is for PayFlow itself to determine what type of response to send back. There's a minimum required verbosity in certain cases, and I'm not 100% sure if changing it from that is going to do anything useful or not.

themic8’s picture

themic8 CreditAttribution: themic8 commented
FileSize
commerce_paypal-api_logging-2873129-11.patch9.14 KB

Updated patch and tested against Commerce Paypal version 8.x-1.0-beta9