Authorize.net Phasing Out MD5 transHash

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
6 months 3 weeks ago #303184

Hi,

Thanks !

Note that the Authorize.net payment plugin from our partner Obsidev has been released on our marketplace:
www.hikashop.com/marketplace/product/150...e-js-by-obsidev.html

The following user(s) said Thank You: jsyaruss

Please Log in or Create an account to join the conversation.

  • Posts: 89
  • Thank you received: 3
  • Hikashop Business
6 months 3 weeks ago #303239

Thanks for this information Nicolas.

Is the plug-in required in order to address this issue, or will the other file you posted work? Sorry, I'm not familiar with the differences (I read the description, but the technical aspects are beyond me, I'm afraid.)

Also, I'm wondering if others could post their experiences, either with the plug in or with the file that Nicolas posted? Did it work for you to still be able to use Authorize without difficulty? I'll be grateful for any guidance anyone can share.

Thank you!

Please Log in or Create an account to join the conversation.

  • Posts: 23610
  • Thank you received: 3666
  • MODERATOR
6 months 3 weeks ago #303243

Hello,

The plugin which is available in the first page of that thread is a modified version of the "Authorize.net" plugin available in HikaShop packages.
The patchs should be integrated in the next HikaShop release.

But that Authorize.net plugin is using old API (AIM, SIM) which has been deprecated by Authorize.
They are still working but might be remove in the future.
That is why the "Authorize.Net Accept (JS)" plugin has been created ; it uses one the new API.
CF : developer.authorize.net/api/upgrade_guide/

Regards,


Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 21
  • Thank you received: 1
  • Hikashop Business
5 months 3 weeks ago #304147

We are running Hikashop v 4.0.2 dated JAN 16 2019.
We use Authorixze.net as our cc processor and payment gateway.

PLEASE tell us EXACTLY what steps we have to do to MAKE THIS WORK.
The drop-dead date on this is in MARCH, and we don't have a lot of time to screw around here.

For the PATCH, please provide EXACT location of the proper file to download,
and EXACT instructions about where to put the files that are in the .zip archive.

For the NEW PLUGIN, please TELL US if we have to PAY for it.
We hold a HikaSHop Business subscription now, we need to know if we have to pay Euro 40 for this.

WHAT is the NEW plugin called, and HOW do you set it up ?
We need exact instructions, please, and this thread SO FAR does not provide EXACT INSTRUCTIONS.

Finally, please estimate when the next version of Hikashop Business (that incorporates the AUTH.net paymetn plugin patch) will be released and TELL US when that will be ?

Thank you !
Kent Morrison - Satisfied Hikashop customer

Last edit: 5 months 3 weeks ago by kentmorrison.

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
5 months 3 weeks ago #304150

Hi,

I already gave a link to the the proper file to download here, a month ago:
www.hikashop.com/forum/payment-methods/8...ranshash.html#303016
It is a Joomla plugin. So like any joomla plugin, you can install it via the Joomla installer to get is installed.
Please note that it will overwrite the current authorize.net payment plugin you're already using.
This plugin update is completely free. Just click on the download link there...
The plugin is called exactly like the previous one, it's an update to the previous one. Besides the signature key you need to generate in Authorize.net and add to the plugin (as explained in my message 1 month ago), the rest of the setup is the same as the previous plugin.
We are still waiting for feedbacks on that plugin. So far, one month went by, and no one provided any feedback on it.
We would recommend not to use that plugin yet on a production website and test it with the sandbox environment provided by Authorize.net. Once you test is successfully, you can use it on your production website.

Once we get feedbacks on it and fix whatever would be needed to be fixed, we'll be able to do a new release of HikaShop including the patchs in that plugin install file that I provided a month ago.

Now, that's for the plugin which is included for free in HikaShop.
Besides that plugin, which uses an old API of authorize.net, we also propose a new Authorize.net payment plugin on our marketplace here: www.hikashop.com/marketplace/product/150...e-js-by-obsidev.html
That plugin is not subject to the MD5 transHash phase out and thus is guaranteed to still work after the switch over to the SHA2 Hash method. On top of that, it integrates in the checkout in a new way allowing for a credit card form built-in your checkout while still allowing for the credit card information to not go through your server for PCI-DSS compliance. So it's a nice way to improve your checkout experience for your customers.

Please Log in or Create an account to join the conversation.

  • Posts: 84
  • Thank you received: 11
  • Hikashop Business
5 months 3 weeks ago #304199

We've setup the plugin and have been using it for about a week without any problems.

Please Log in or Create an account to join the conversation.

  • Posts: 21
  • Thank you received: 1
  • Hikashop Business
5 months 3 weeks ago #304215

Thanks for this very complete reply.
We will be testing the new plugin and will provide some feedback to you regarding our degree of success.

I intend to make my client aware of the new plugin, and we will probably purchase and us that for a complete web site re-write that we are working on.

Again, I appreciate this very complete response that lays out all of the options very plainly.
Regards,
Kent Morrison

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
5 months 3 weeks ago #304221

Hi,

@simplecms:
Thank you for your feedback ! Did you try without the "MD5 hash" and with the signature in the settings of the payment plugin or you just updated it without changing the settings ?

@kentmorrison:
Thank you. We're looking forward for your feedback !

Please Log in or Create an account to join the conversation.

  • Posts: 84
  • Thank you received: 11
  • Hikashop Business
5 months 3 weeks ago #304239

nicolas wrote: Hi,

@simplecms:
Thank you for your feedback ! Did you try without the "MD5 hash" and with the signature in the settings of the payment plugin or you just updated it without changing the settings ?


We removed the MD5 from the field and generated a new signature as advised.

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
5 months 3 weeks ago #304249

Hi,

Great, it means that the modifications I made are really working well.
We hope we can get more feedbacks from other people before the mid-march. Ideally, it would be great to make a release of HikaShop soon and activate the auto update a few days later and send a newsletter before the date Authorize.net will do the switch so that merchants not following this thread can do the necessary.
It's a shame Authorize.net didn't communicate about this sooner and only left a few weeks before removing the MD5 Hash.

Please Log in or Create an account to join the conversation.

  • Posts: 85
  • Thank you received: 3
  • Hikashop Business
5 months 3 weeks ago #304296

So, if I read the code correctly, as long as the new signature key is not entered, the new version of the plugin will use the old MD5 hash method; otherwise, it will use the new SHA 512 hash method. So, one could go ahead and install the new version of the Authorize.Net plugin and it would continue to work the same as the old plugin, until the new signature key is specified. Is that correct?

Last edit: 5 months 3 weeks ago by gpraceman.

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
5 months 2 weeks ago #304304

Hi,

If there is no bug, that's indeed the intended behavior.
Note also that other payment gateways have authorize.net SIM/AIM emulator APIs so that you can use this payment plugin with them. Normally, they should still be using the MD5 hash method, even after the MD5 phase out of Authorize.net so that's another reason we had to keep the MD5 method working in the plugin for merchants using such payment gateway with that plugin.

Please Log in or Create an account to join the conversation.

  • Posts: 21
  • Thank you received: 1
  • Hikashop Business
5 months 2 weeks ago #304429

OK, we have a SUCCESSFUL TEST and Live Implementation of the revised Authorize.net payment plugin.

I did these steps:
1. Used FTP to BACKUP the files in the /plugins/hikashoppayment/authorize directory on our JOOMLA v 3.9.3 website.
2. Made a total site backup with Akeeba Backup Pro.
3. Made screen shots of ALL the parameters in the existing Authorize.net payment plugin in Hikashop.
4. Downloaded the revised plugin from here www.hikashop.com/media/kunena/attachments/63/authorize.zip .
5. Installed the revised plugin via normal Joomla menu Extensions/Manage/Install.
6. Created a new Payment Method in Hikashop System/Payment Methods using the revised plugin.
7. Entered the parameters in the new payment method fields SAME AS THE OLD ONE EXCEPT for the
Transaction key - AUTHORIZE_SIGNATURE_KEY and MD5 Hash.
For these, I generated a NEW trans key and a NEW auth key from the Authorize.net Merchant Interface (Account/API Credentials and Keys)
and used the new keys in these fields. AND omitted the MD5 Hash entirely.
8. SAVED the new payment method.
9. Disabled the old Authorize.net payment method.
10. TESTED and got ERROR - The following errors have occurred : (14) The referrer, relay response or receipt link URL is invalid.
11. Determined that the default Authorize.net submission URL - secure.authorize.net/gateway/transact.dll
in the revised plugin MAY BE INCORRECT and changed it to the one that I had in the old method - secure2.authorize.net/gateway/transact.dll
12. Determined that the relay response URL in my Authorize.net (on the left/ Settings/ Response/Receipt URLs) was set to generic, not to specific THank You page on our site - changed that to correct URL for Thank You For Your Order page.
13. TESTED and got ERROR : The following errors have occurred. (99) Unable to accept transaction
14. After some poking around FOUND one extra space had snuck into the FRONT of the AUTHORIZE_SIGNATURE_KEY when I copied/pasted it into that field. Removed it.
15 TESTED and got a GOOD transaction entry form at secure2.authorize.net/gateway/transact.dll
16. Completed entry of info required for CC transaction in this form.
17.CONFIRMED GOOD TRANSACTION by checking the order status in Hikashop, and the Unsettled Transactions list in Authorize.net Transaction Search.

We are calling this Good to Go !
I will follow-up if any problems arise, but this does appear to be a solid fix for the MD5 Hash depracation at Auth.net

THANKS to Nicolas and everyone involved.
Regards,
Kent Morrison

The following user(s) said Thank You: nicolas

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
5 months 2 weeks ago #304431

Hi,

Thank you for your feedback. We're currently wrapping up things for the next release which will include the new version of the plugin. We hope to release before the end of the week.

Please Log in or Create an account to join the conversation.

  • Posts: 85
  • Thank you received: 3
  • Hikashop Business
2 months 3 days ago #307715

Finally got around to implementing this. I guess I was hoping that Authorize.Net would keep postponing this change.

Anyways, thanks to @kentmorrison for his detailed instructions.

I did run into a problem, however. Instead of being forwarded to the Authorize.Net payment page, only a blank page would be displayed. I traced it down to the authorize_end.php file. My site didn't like the this line:

hikaInput::get()->set('noform',1);

So, I changed it back to the original line and the payment page would now come up:
JRequest::setVar('noform',1);

There was also a problem being forwarded back to the site. This line in authorize.php:
$value = hikaInput::get()->getString($key);

needed to be changed back to the original line:
$value = JRequest::getString($key);

Maybe that issue was because I am running an older version of HikaShop? It is rather time to get the whole cart system up to date. That's one of my summer projects.

Last edit: 2 months 3 days ago by gpraceman.

Please Log in or Create an account to join the conversation.

  • Posts: 315
  • Thank you received: 6
  • Hikaserial Standard Hikaserial Subscription Hikashop Business
2 months 3 days ago #307723

Has the new plugin been released?

Please Log in or Create an account to join the conversation.

  • Posts: 315
  • Thank you received: 6
  • Hikaserial Standard Hikaserial Subscription Hikashop Business
2 months 3 days ago #307724

Has the new plugin been released?

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
2 months 2 days ago #307728

Hi,

@gpraceman :
Yes, JRequest has been deprecated and will be removed for Joomla 4. So in order to prepare for it, we've switched to hikaInput in order to be compatible with any version of Joomla. If you're using an old version of HikaShop, then you might not have hikaInput, which would explain why you got these errors. Updating HikaShop would solve the problem of course.

@LukeDouglas :
Yes, it is included in HikaShop 4.1.0

Please Log in or Create an account to join the conversation.

  • Posts: 19
  • Thank you received: 1
  • Hikashop Business
1 month 2 weeks ago #308265

Hi friends, I'm working my way through this process, but for some reason when I place the order I get this message:

Please wait while you are redirected to Authorize
If you are not redirected after 10 seconds, please click on the button below.


However, nothing happens and there is no button. Any ideas?

Please Log in or Create an account to join the conversation.

  • Posts: 66586
  • Thank you received: 9792
  • MODERATOR
1 month 2 weeks ago #308271

Hi,

I don't see why the button would be removed. Maybe some CSS on your website ?
Regarding the fact that it's not redirecting automatically, it's possible if you have a javascript error on the page (which most likely comes from something else or a conflict with something else on your website).
So it's hard to provide help without being able to look at the situation on that page and look at the javascript console and the CSS and HTML of the button.
Could you provide a link to the shop with precise instructions to reach that page ?

Please Log in or Create an account to join the conversation.

Time to create page: 0.141 seconds
Powered by Kunena Forum