Details
Description
The main goal here is to create a gateway using the best security features Stripe has to offer. This includes ensuring the user is prompted with 3DS verification when necessary and that their card information never touches our server. After looking into the Stripe APIs it looks like this means using Stripe Elements, SetupIntents, PaymentIntents, and PaymentMethods. These are the various requirements:
- Implement the merchantCcForm interface in order to provide a custom Cc form
- Create a SetupIntent before displaying the form
- Create a custom form that fulfills the SetupIntent through js when storing the card for later use and submits the ID to Blesta for the PaymentMethod created by this action.
- Make sure the form presents the user with 3DS challenges for both card storing and one time payments (This should be handled by Stripe.js)
- Create storing and processing methods that utilize the submitted ID
- Create charges using PaymentIntents (ideally we would create the payment intent before showing the cc form but we don't know the payment details at that point, especially when we are storing a card)
- Support offsite card storage
- Support one time payments
- Support refunds
- Support voiding
- Create in interface on the settings page for migrating payment accounts from the old Stripe gateway to this new one
- This interface should only be shown if the old Stripe gateway is installed and accounts that need to be converted exist
- This interface should show how many accounts are yet to be converted
- This process should only convert accounts that already use offsite storage
- A note of this should be shown to the user
- This process may want to convert only a certain number of accounts at once to prevent time outs
- A note of this should be shown to the user
- Make sure we create documentation for this gateway and all it's functionality
Issue Links
- relates to
-
CORE-3246 Miscellaneous updates to Stripe Payments
- Closed