Invalid fingerprint exception when processing through securepay using omnipay

Question

I am trying to understand the flow for a payment using Omnipay/SecurePay but always get an error when trying to complete the purchase.

From what I can see from the online docs the completePurchase function should be called with the same params as the purchase function but when I call completePurchase I receive an "Invalid fingerprint" exception.

Also these errors are being thrown :

Undefined index: merchant in /var/www/vendor/omnipay/securepay/src/Message/DirectPostCompletePurchaseRequest.php on line 28
Undefined index: refid in /var/www/vendor/omnipay/securepay/src/Message/DirectPostCompletePurchaseRequest.php on line 30
Undefined index: timestamp in /var/www/vendor/omnipay/securepay/src/Message/DirectPostCompletePurchaseRequest.php on line 32
Undefined index: summarycode in /var/www/vendor/omnipay/securepay/src/Message/DirectPostCompletePurchaseRequest.php on line 33

Am I missing a step somewhere that adds this missing data? or should this data be coming back in the response?

Code:

$params = array(
    'amount' =>  $data->payment['amount'] . '.00',
    'currency' => $this->getOptions()->getCurrency(),
    'description' => 'test purchase',
    'transactionId' => '12345',
    'transactionReference' => $data->course['course_code'],
    'returnUrl' => 'http://test.localhost/register/55622/confirmation',
    'cancelUrl' => 'http://test.localhost/register/55622/summary',
    'card'=>$card
 );

$gateway = new DirectPostGateway();
$gateway->setMerchantId( $this->getOptions()->getGateway( $type )['merchant_id'] );
$gateway->setTransactionPassword( $this->getOptions()->getGateway( $type )['password'] );

$gateway->setTestMode( $this->getOptions()->getTestMode() );

$response = $gateway->purchase($params)->send();
var_dump($response->getRedirectData());

$response = $gateway->completePurchase($params)->send();
var_dump($response);
//"Invalid fingerprint" exception thrown

if ($response->isSuccessful()) {
    // payment was successful: update database
    return $response;
} elseif ($response->isRedirect()) {
    // redirect to offsite payment gateway
    if($response->getRedirectData()){
        var_dump($response->getRedirectData());
    } else {
        return $response->redirect();    
    }
    exit;
    return $response->redirect();
} else {
    // payment failed: display message to customer
    // echo $response->getMessage();
    throw new Exception("Error Processing Request", 1);
}

score 1 · Answer 1 · answered May 27 '14 at 02:49

You are doing things correctly. When SecurePay returns to your website, there should be POST data containing those parameters, as well as the fingerprint parameter which confirms the authenticity of the request.

I would watch the Network tab of your browser while making a payment with SecurePay, and check the HTTP POST data after payment is complete (and redirecting to your site). My guess is that some htaccess or other script is making a second redirect, and stripping the important POST data at the same time.

Omnipay will automatically check the POST data, so there is no need to explicitly send it through. As long as you call completePurchase() from the same request it should process the payment correctly.

See: https://github.com/omnipay/securepay/blob/master/src/Message/DirectPostCompletePurchaseRequest.php

I originally thought the issue was solved but realised I was still getting the error. The data coming back from securepay is via GET and the POST is empty. I put some debug out in the class you listed and $this->httpRequest->request->all() is empty whereas $this->httpRequest->query->all() has the data from the gateway. By changing the class to use the query I am able to complete the transaction. Do you think this this is a bug in the class or the data is expected back in the POST? — Stephen, May 29 '14 at 02:31

score 1 · Answer 2 · answered Feb 21 '17 at 10:57

1

Securepay was using endpoint https://test.securepay.com.au and then switchign to https://test.api.securepay.com.au

answered Feb 21 '17 at 10:57

exiang

559
2
14

This was my issue. Thanks! Would have been great if they updated their documentation with this new endpoint. By the way the full url would be [https://test.api.securepay.com.au/live/directpost/authorise](https://test.api.securepay.com.au/live/directpost/authorise) – trajedy Mar 07 '17 at 00:29

Invalid fingerprint exception when processing through securepay using omnipay

2 Answers2