Possible unsafe characters in hash. Please contact the merchant, or refer to your code and the Developers Documentation - global-payments-api

I want to test sandbox payment from local using 3d secure 2 https://pay.sandbox.realexpayments.com/pay . I used same hash options given in the link https://developer.globalpay.com/hpp/3d-secure-two
<form method="POST" action="https://pay.sandbox.realexpayments.com/pay" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20230210123417">
<input type="hidden" name="MERCHANT_ID" value="marchantid">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="TO100223120442">
<input type="hidden" name="AMOUNT" value="62000">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="SHA1HASH" value="customsha1">
<input type="hidden" name="CHANNEL" value="ECOM">
<input type="hidden" name="SHIPPING_CODE" value="K67E2V4">
<input type="hidden" name="CUST_NUM" value="8724">
<input type="hidden" name="VAR_REF" value="TO100223120442">
<input type="hidden" name="PROD_ID" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="HPP_CHANNEL" value="ECOM">
<input type="hidden" name="HPP_LANG" value="en">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="http://127.0.0.1:8000//success">
<!-- Begin 3D Secure 2 Mandatory and Recommended Fields -->
<input type="hidden" name="HPP_CUSTOMER_EMAIL" value="prati22#gmail.com">
<input type="hidden" name="HPP_CUSTOMER_PHONENUMBER_MOBILE" value="045533000">
<input type="hidden" name="HPP_BILLING_STREET1" value="THE KILDARE 36 SWORDS MANOR">
<input type="hidden" name="HPP_BILLING_STREET2" value="GROVE SWORDS CO. DUBLIN">
<input type="hidden" name="HPP_BILLING_CITY" value="Kildare">
<input type="hidden" name="HPP_BILLING_POSTALCODE" value="K67E2V4">
<input type="hidden" name="HPP_BILLING_COUNTRY" value="353">
<input type="hidden" name="HPP_SHIPPING_STREET1" value="THE KILDARE 36 SWORDS MANOR">
<input type="hidden" name="HPP_SHIPPING_STREET2" value="GROVE SWORDS CO. DUBLIN">
<input type="hidden" name="HPP_SHIPPING_CITY" value="Kildare">
<input type="hidden" name="HPP_SHIPPING_POSTALCODE" value="K67E2V4">
<input type="hidden" name="HPP_SHIPPING_COUNTRY" value="353">
<input type="hidden" name="HPP_ADDRESS_MATCH_INDICATOR" value="FALSE">
<input type="hidden" name="HPP_CHALLENGE_REQUEST_INDICATOR" value="NO_PREFERENCE">
<!-- End 3D Secure 2 Mandatory and Recommended Fields -->
<input type="submit" class="tougher-button" style="font-size: 19px; padding: 1em; height: 3em; line-height: 1;" value="Click To Pay">
</form>

Related

Are HPP_POST_RESPONSE AND MERCHANT_RESPONSE_URL mutually exclusive?

We are reviewing how we implement our global payment solution. Currently we are using HPP and message handlers to capture the response from global payment. This works fine apart from some edge cases which are rare. Is it possible to use both the HPP_Response_Url and the Merchant_Response_Url to capture the responses. Are they mutually exclusive.
Regards
Following is our hpp
<form action="https://pay.sandbox.realexpayments.com/pay" method="POST" target="iframe">
<input type="hidden" name="TIMESTAMP" value="20221122112307">
<input type="hidden" name="MERCHANT_ID" value="XXX">
<input type="hidden" name="ACCOUNT" value="internet">
<input type="hidden" name="ORDER_ID" value="N3qsk4kYRZihmPrTXWYS6g">
<input type="hidden" name="AMOUNT" value="4">
<input type="hidden" name="CURRENCY" value="EUR">
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1">
<input type="hidden" name="HPP_VERSION" value="2">
<input type="hidden" name="HPP_CUSTOMER_COUNTRY" value="DE">
<input type="hidden" name="HPP_CUSTOMER_FIRSTNAME" value="James">
<input type="hidden" name="HPP_CUSTOMER_LASTNAME" value="Mason">
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="https://localhost:44369/api/payment/processresponse">
<input type="hidden" name="HPP_TX_STATUS_URL" value="https://localhost:44369/api/payment/processresponse">
<input type="hidden" name="HPP_POST_RESPONSE" value="https://localhost:44369/api/payment/processresponse">
<!-- APMs Mandatory Fields -->
<input type="hidden" name="SHA1HASH" value="edfd9ff20b616e6e5c3fb195bbf51288390e50e6">
<input type="submit" value="Click To Pay">
</form>

URL response payment from globalpaymnet to Odoo

i am trying to implement a hpp full redirect to realex payment from Odoo, the transaction is successful but it does not redirect to my website neither giving any response. Here is my code:
<template id="global_form">
<input type="hidden" name="data_set" t-att-data-action-url="tx_url" data-remove-me=""/>
<input type="hidden" name="TIMESTAMP" t-att-value="timestamp"/>
<input type="hidden" name="MERCHANT_ID" t-att-value="merchant_id"/>
<input type="hidden" name="ACCOUNT" t-att-value="account_id"/>
<input type="hidden" name="shared_secret" t-att-value="shared_secret"/>
<input type="hidden" name="ORDER_ID" t-att-value="order_id"/>
<input type="hidden" name="AMOUNT" t-att-value="global_amount"/>
<input type="hidden" name="CURRENCY" value="CAD"/>
<input type="hidden" name="AUTO_SETTLE_FLAG" value="1"/>
<input type="hidden" name="COMMENT1" value="Mobile Channel"/>
<input type="hidden" name="HPP_VERSION" value="2"/>
<input type="hidden" name="HPP_CHANNEL" value="ECOM"/>
<input type="hidden" name="HPP_LANG" value="en"/>
<input type="hidden" name="SHA1HASH" t-att-value="SHA1HASH"/>
<input type="hidden" name="HPP_POST_RESPONSE" value="http://localhost:8069"/>
<input type="hidden" name="MERCHANT_RESPONSE_URL" value="http://localhost:8069/">
</template>
This how it works using Odoo, I ma not getting any response with any of HPP_POST_RESPONSE or MERCHANT_RESPONSE_URL. Note that i have full acces to the merchant site in globalpaymnet.
Thanks.

Answer query from paypal

I have a form sending data to Paypal server.
`
<form id="paypal" action="https://www.sandbox.paypal.com/cgi-bin/webscr"method="post">
<input type="hidden" id="amount" name="amount" value="5"/>
<input type="hidden" id="quantity" name="quantity" value="1"/>
<input type="hidden" name="cmd" value="_xclick"/>
<input type="hidden" name="business" value="test#testing.arm"/>
<input type="hidden" name="item_name" value="Credits"/>
<input type="hidden" name="item_number" value="numbertovar"/>
<input type="hidden" name="currency_code" value="USD"/>
<input type="hidden" name="button_subtype" value="services"/>
<input type="hidden" name="no_note" value="1"/>
<input type="hidden" name="no_shipping" value="1"/>
<input type="hidden" name="return" value="http://armbid.dev/credits/add"/>
<input type="hidden" name="notify_url" value="http://armbid.dev/credits/add"/>
<input type="hidden" name="cancel_return"value="http://armbid.dev/credits/add"/>
<input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHostedGuest"/>
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"/>
<input type="submit" value="Пополнить"/>
</form>`
After sending POST data to Paypal, user pays. And after his payment, I need in answer from paypal - transaction number, date of payment, amount payed.
At this moment I can send data to Paypal, pay, and go back

You should configure Instant payment notifications (callback URL) in paypal settings. It will be called by paypal after each transaction. And it will deliver this info to you

File upload to s3 using HTML form not working

<form action="https://bucketname-sellercentral.s3.amazonaws.com/" method="post" enctype="multipart/form-data">
<input type="hidden" name="key" value="uploads/${filename}">
<input type="hidden" name="AWSAccessKeyId" value="GGGGGGGGGG46IITQQ">
<input type="hidden" name="acl" value="private">
<input type="hidden" name="success_action_redirect" value="http://192.168.1.4:8443/test">
<input type="hidden" name="policy" value=<policy>
<input type="hidden" name="signature" value=<signature>
<input type="hidden" name="Content-Type" value="image/jpeg">
<input name="file" type="file" >
</form>
Here if in the key field i put value="uploads/tulips.jpg" it works but if i do not specify the filename it is not working ie value="uploads/${filename}" does not work
it does not throw an error or exception is simply is not visible in my s3 bucket

Consuming an LTI link from Desire2Learn

We are currently using D2L version 9.1 and have set up an external tool provider in the LMS. I believe that we have properly configured the endpoint, since it redirects me to the endpoint I expected and contains the LTI-specific payloads.
However, as per the LTI Specification, we do not see the standard OAUTH payloads of oauth_consumer_key, oauth_nonce, oauth_signature, oauth_timestamp.
How would we go about authenticating an LTI link from Desire2Learn to make sure that it is properly secured?

The LTI parameters other than security may be sent if the key or secret fields aren't set when the External Learning Tool was set up. That would result in missing oath fields, but, other fields present.
Is there a chance that either key or secret are missing from the link or the configured tool provider?
You can use the "Preview Request Details" in the External Learning Tool Setup page to see what is going to go out.
In my tests if I didn't set the key the preview showed:
<form method="post" id="LtiRequestForm" name="LtiRequestForm" action="http://test.com" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="launch_presentation_locale" value="EN-CA__">
<input type="hidden" name="lti_message_type" value="basic-lti-launch-request">
<input type="hidden" name="lti_version" value="LTI-1p0">
<input type="hidden" name="resource_link_description" value="">
<input type="hidden" name="resource_link_id" value="testserver">
<input type="hidden" name="resource_link_title" value="Test Title">
<input type="hidden" name="tool_consumer_instance_contact_email" value="">
<input type="hidden" name="tool_consumer_instance_description" value="">
<input type="hidden" name="tool_consumer_instance_guid" value="">
<input type="hidden" name="tool_consumer_instance_name" value="">
<input type="submit" name="basiclti_submit" value="Launch Endpoint with BasicLTI Data">
</form>
But when I did set the key the preview shows:
<form method="post" id="LtiRequestForm" name="LtiRequestForm" action="http://test.com" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="launch_presentation_locale" value="EN-CA__">
<input type="hidden" name="lti_message_type" value="basic-lti-launch-request">
<input type="hidden" name="lti_version" value="LTI-1p0">
<input type="hidden" name="oauth_callback" value="about:blank">
<input type="hidden" name="oauth_consumer_key" value="asdf">
<input type="hidden" name="oauth_nonce" value="383531779">
<input type="hidden" name="oauth_signature" value="8G/2Kkkt1ik3Yh6QdNvZd769mug=">
<input type="hidden" name="oauth_signature_method" value="HMAC-SHA1">
<input type="hidden" name="oauth_timestamp" value="1325880893">
<input type="hidden" name="oauth_version" value="1.0">
<input type="hidden" name="resource_link_description" value="">
<input type="hidden" name="resource_link_id" value="testserver">
<input type="hidden" name="resource_link_title" value="Test Title">
<input type="hidden" name="tool_consumer_instance_contact_email" value="">
<input type="hidden" name="tool_consumer_instance_description" value="">
<input type="hidden" name="tool_consumer_instance_guid" value="">
<input type="hidden" name="tool_consumer_instance_name" value="">
<input type="submit" name="basiclti_submit" value="Launch Endpoint with BasicLTI Data">
</form>