Symfony2 Authorize.net SIM error

Question

I want to use Authorize.net SIM payment method in Symfony using payum.org. There is no official gateway for it but there is one in omnipay: omnipay-authorizenet. There is also omnipay-bridge in payum so it is possible to use omnipay gateways in payum.

So I use this setup and after submitting the authorize.net form I get the error:

[date] request.CRITICAL: Uncaught PHP Exception Omnipay\Common\Exception\InvalidRequestException: "Incorrect hash" at .../authorize/vendor/omnipay/authorizenet/src/Message/SIMCompleteAuthorizeRequest.php line 42 {"exception":"[object] (Omnipay\\Common\\Exception\\InvalidRequestException(code: 0): Incorrect hash at .../authorize/vendor/omnipay/authorizenet/src/Message/SIMCompleteAuthorizeRequest.php:42)"} []

BUT this is NOT because of the generated hashes being incorrect - it is because capture url is called second time without the POST data.

On a clean installation of Symfony2 with 3 packages:

composer.json:

"payum/payum-bundle": "0.15.*",
"omnipay/authorizenet": "~2.0",
"payum/omnipay-bridge": "*@stable"

config.yml:

payum:
    security:
        token_storage:
            AppBundle\Entity\PaymentToken: { doctrine: orm }

    storages:
        AppBundle\Entity\Payment: { doctrine: orm }

    gateways:
        authorizeGateway:
            omnipay_offsite:
                type: AuthorizeNet_SIM
                options:
                    hashSecret: 'Simon'
                    ApiLoginId: 'xxx'
                    transactionkey: 'xxx'
                    testMode: false
                    developerMode: true

Controller:

/**
 * @Route("/prepare", name="prepare")
 */
public function prepareAction()
{
    $gatewayName = 'authorizeGateway';

    $storage = $this->get('payum')->getStorage('AppBundle\Entity\Payment');

    $payment = $storage->create();
    $payment->setNumber(uniqid());
    $payment->setCurrencyCode('USD');
    $payment->setTotalAmount(1);
    $payment->setDescription('A description');
    $payment->setClientId('anId');
    $payment->setClientEmail('foo@example.com');
    $storage->update($payment);

    $captureToken = $this->get('payum.security.token_factory')->createCaptureToken(
        $gatewayName,
        $payment,
        'done' // the route to redirect after capture
    );

    return $this->redirect($captureToken->getTargetUrl());
}

/**
 * @Route("/done", name="done")
 */
public function doneAction(Request $request)
{
    ...
}

Going to /prepare shows a redirecting to authorize.net page for a second and I'm redirected to external test.authorize.net/gateway/transact.dll (on https) page where I specify card number (test card number) and expiration date in the future. Submitting this form gives:

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

This transaction has been approved.

It is advisable for you to contact the merchant to verify that you will receive the product or service.

I'm getting the email about Merchant Email Receipt and the one about the error:

Authorize.Net Developer Center Merchant,

Your script timed out while we were trying to post transaction results to it.
Transaction ID: XXX

Transaction Result: This transaction has been approved.

The transaction is processed correctly, the capture script is called, hashes match and then the capture is called again without post data - then hashes don't match and authorize displays error.

Requests that are made from symfony profiler:

Token   IP                  Method  URL                                                                 Time                                Status
fe39ec  198.241.162.104     GET     .../payment/capture/vVgoUCPtgCOglv6rLwhIbUp64RZ_oIql1_KDpWjdrdk     Tue, 17 Nov 2015 09:47:36 +0100     500
bba47c  198.241.162.104     GET     .../payment/capture/vVgoUCPtgCOglv6rLwhIbUp64RZ_oIql1_KDpWjdrdk     Tue, 17 Nov 2015 09:47:36 +0100     200
c95b83  198.241.162.104     POST    .../payment/capture/vVgoUCPtgCOglv6rLwhIbUp64RZ_oIql1_KDpWjdrdk     Tue, 17 Nov 2015 09:47:36 +0100     302
a87347  myip                GET     .../payment/capture/vVgoUCPtgCOglv6rLwhIbUp64RZ_oIql1_KDpWjdrdk     Tue, 17 Nov 2015 09:47:30 +0100     200
c95d57  myip                GET     .../prepare                                                         Tue, 17 Nov 2015 09:47:29 +0100     302 

From what i see when we call /prepare we get redirected to capture right away this goes to authorize's form. Then after a few seconds (when credit card data is filled in and submitted) authorize (different ip) makes post request to capture. This is 302 redirect (and probably should be a SIM response with javascript code to go back to our page?). Capture is called secod time with GET and calculated hashes don't match - this is 500 response - authorize stays on their url and shows the error message. Done script is never called.

What can be the issue? It's difficult to debug this further because there is payum, omnipay-bridge, omnipay, authorize combined.

Im testing this on the environment accessible from the internet with account on http://developer.authorize.net/ with test mode off.

UPDATE:

If I add notify token to the controller, like this:

/**
 * @Route("/prepare", name="prepare")
 */
public function prepareAction()
{
    $gatewayName = 'authorizeGateway';

    $storage = $this->get('payum')->getStorage('AppBundle\Entity\Payment');

    $payment = $storage->create();
    $payment->setNumber(uniqid());
    $payment->setCurrencyCode('USD');
    $payment->setTotalAmount(1); // 1.23 EUR
    $payment->setDescription('A description');
    $payment->setClientId('anId');
    $payment->setClientEmail('foo@example.com');
    $storage->update($payment);
    $captureToken = $this->get('payum.security.token_factory')->createCaptureToken(
        $gatewayName,
        $payment,
        'done' // the route to redirect after capture
    );

    $tokenFactory = $this->get('payum.security.token_factory');
    $notifyToken = $tokenFactory->createNotifyToken($gatewayName, $payment);
    $payment->setDetails(['notifyUrl' => $notifyToken->getTargetUrl()]);
    $storage->update($payment);

    return $this->redirect($captureToken->getTargetUrl());
}

I get error "Request Notify{model: ArrayObject} is not supported.":

[2015-11-17 17:46:50] request.INFO: Matched route "payum_notify_do". {"route_parameters":{"_controller":"Payum\\Bundle\\PayumBundle\\Controller\\NotifyController::doAction","payum_token":"Lv5ovrC-8vikIB9ItDVLcNfuRzjjaD_pPiE3-6VIV8Y","_route":"payum_notify_do"},"request_uri":".../payment/notify/Lv5ovrC-8vikIB9ItDVLcNfuRzjjaD_pPiE3-6VIV8Y"} []
[2015-11-17 17:46:50] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2015-11-17 17:46:50] request.CRITICAL: Uncaught PHP Exception Payum\Core\Exception\RequestNotSupportedException: "Request Notify{model: ArrayObject} is not supported." at .../authorize/vendor/payum/core/Payum/Core/Exception/RequestNotSupportedException.php line 29 {"exception":"[object] (Payum\\Core\\Exception\\RequestNotSupportedException(code: 0): Request Notify{model: ArrayObject} is not supported. at .../authorize/vendor/payum/core/Payum/Core/Exception/RequestNotSupportedException.php:29)"} []

Answer 1

Omnipay bridge 0.15.x does not set a notifyUrl, and the omnipay gateway uses return url as notify one. When notification comes (before you are redirected) the capture token is invalidated and no longer available.

There are two solutions:

1. Upgrade to 1.0 where notifyUrl is generated. Btw you can use omnipay gateway factory instead of omnipay_offsite.

2. or you have to generate notify url yourself, and set it to notifyUrl

   $tokenFactory = $this->get('payum.security.token_factory'); $notifyToken = $tokenFactory->createNotifyToken($gatewayName, $payment);

   $payment->setDetails(['notifyUrl' => $notifyToken->getTargetUrl()]); $storage->update($payment);