Details
Improvement
Major
Description
In Blesta 4.7 we added Stripe 3DS which uses an authorize and then capture. Since authorize.net implements an authorize method, it's called first now but this can be problematic when a client does not proceed to do a capture and the authorized charge sits on the account as a pending transaction.
We might want to do an authorize before capture in the future when an order is approved. But for now we should consider removing or disabling the feature for authorize.net.
This might be best as a setting that determines whether to do authorize before capture where available. If it's a setting we would make the change to the core, and it would impact all merchant gateways that support authorize. This might be a problem for Stripe Payments though that must use the method though.
Activity
Paul Phillips
created issue -
Tyson Phillips (Inactive)
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Rank | Ranked higher |
Paul Phillips
made changes -
| Description |
In Blesta 4.7 we added Stripe 3DS which uses an authorize and then capture. Since authorize.net implements an authorize method, it's called first now but this can be problematic when a client does not proceed to do a capture and the authorized charge sits on the account as a pending transaction.
We might want to do an authorize before capture in the future when an order is approved. But for now we should consider removing or disabling the feature for authorize.net. |
In Blesta 4.7 we added Stripe 3DS which uses an authorize and then capture. Since authorize.net implements an authorize method, it's called first now but this can be problematic when a client does not proceed to do a capture and the authorized charge sits on the account as a pending transaction.
We might want to do an authorize before capture in the future when an order is approved. But for now we should consider removing or disabling the feature for authorize.net. *This might be best as a setting that determines whether to do authorize before capture where available. If it's a setting we would make the change to the core, and it would impact all merchant gateways that support authorize. This might be a problem for Stripe Payments though that must use the method though.* |
| Security | Private [ 10000 ] |
| Sprint | 4.10.0 Sprint 1 [ 105 ] |
| Rank | Ranked lower |
| Assignee | Abdy Franco [ abdy ] |
| Fix Version/s | 4.10.0-b1 [ 11305 ] | |
| Fix Version/s | Short Term [ 10800 ] |
| Rank | Ranked higher |
| Status | Open [ 1 ] | In Progress [ 3 ] |
It looks like we manually did this fix for another customer.. attaching the original file, we should merge in the fix. Info I sent the customer:
Replace /components/gateways/merchant/authorize_net/authorize_net.php
This will disable auth and do an auth capture like it did previous to 4.7.0. The gateway was not
changed as part of 4.7, it was a core change that performs an auth first for any merchant gateways
that actually support it. Turns out many implement an authorization method that we just never really
used. This was a requirement to our Stripe Payments 3DS/SCA gateway, so we started using it.
We are evaluating which other merchant gateways may be affected by this and considering how to
proceed. I'm not sure yet if we will merge this in, or add a setting.
Paul Phillips
added a comment - It looks like we manually did this fix for another customer.. attaching the original file, we should merge in the fix. Info I sent the customer:
Replace /components/gateways/merchant/authorize_net/authorize_net.php
This will disable auth and do an auth capture like it did previous to 4.7.0. The gateway was not
changed as part of 4.7, it was a core change that performs an auth first for any merchant gateways
that actually support it. Turns out many implement an authorization method that we just never really
used. This was a requirement to our Stripe Payments 3DS/SCA gateway, so we started using it.
We are evaluating which other merchant gateways may be affected by this and considering how to
proceed. I'm not sure yet if we will merge this in, or add a setting. Paul Phillips
made changes -
| Attachment | authorize_net.php [ 11909 ] |
| Remaining Estimate | 0 minutes [ 0 ] | |
| Time Spent | 1 hour, 23 minutes [ 4980 ] | |
| Worklog Id | 13403 [ 13403 ] |
Automated transition triggered when Abdy Franco created pull request #9 in Stash -
| Status | In Progress [ 3 ] | In Review [ 5 ] |
| Resolution | Fixed [ 1 ] |
| Time Spent | 1 hour, 23 minutes [ 4980 ] | 1 hour, 26 minutes [ 5160 ] |
| Worklog Id | 13412 [ 13412 ] |
Automated transition triggered when Jonathan Reissmueller merged pull request #9 in Stash -
| Status | In Review [ 5 ] | Closed [ 6 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Closed [ 6 ] | Reopened [ 4 ] |
| Assignee | Abdy Franco [ abdy ] | Jonathan Reissmueller [ jonathan ] |
| Fix Version/s | 4.9.0 [ 11306 ] | |
| Fix Version/s | 4.10.0-b1 [ 11305 ] |
| Status | Reopened [ 4 ] | Closed [ 6 ] |
| Resolution | Fixed [ 1 ] |
No setting for now, just disable for Authorize.net for now. We can revisit a setting later.