Jump to content
bellini13

[Prestashop Stripe Module] Issues with the Stripe module

Recommended Posts

Hi all,

 

I wanted to share my experiences with the latest version of the Stripe module (v0.9.4) and point out some flaws in the module design. I have tested this with Prestashop v1.4.9, so there may be different experiences with v1.5+

  1. When a credit card is charged, and the billing address fails verification (zipcode or street address), Stripe will still proceed with charging the card. This could present an issue if you do not use "Payment Accepted" order status for the "Pending Status" setting. In this scenario, the merchant needs to decide if they should accept the payment, or refund the transaction if they are afraid of fraudulent activity. What happens if you do not want to accept payment, and instead refund the charge? The Stripe module ends up creating an order, in the 'pending status', and tells the customer that there was a problem creating the order and that they should try again. This leads to the customer creating multiple orders, and Stripe charging the customer multiple times.
  2. The Stripe module will use the Billing address provided by the customer during checkout. However on the payment selection page, where the customer would enter the credit card details, there is no confirmation of the billing address associated to the credit card. This leads to the customer submitting the credit card details, without confirming that the billing address previously provided, is associated to this card.
  3. CVC check failure. By default Stripe will still proceed to charge the credit card, even if the CVC check fails. This is a pretty bad decision on their part, and they have recognized it by providing a setting that would instead decline the charge. However the setting is hidden by default, and you have to email Stripe support to enable the setting. On top of that, the prestashop module does not detect CVC failures, and creates the order as "payment accepted". There is also no warning to the merchant that the CVC check failed.
  4. If Stripe fails to charge the card, the Prestashop module has 2 issues. The first is that the module determines if the error was due to a "decline". If so, the module creates an order, places it in "payment error" status, and the customer is redirected to order history. This is not ideal, instead the customer should be redirected to the payment selection page so they can try again. The second issue is if the error was something other than "decline", then the module has a bug that redirects to a 404 page not found. The module is trying to redirect the customer back to the payment selection page, so that a 'failure' message can be displayed, and the customer can try again or select a different payment method. However the redirect is coded wrong and leads to a 404 page error.

To accommodate the issues above, I have made/recommended several changes to the module

  1. I have revised the order confirmation page to detect if the charge succeeded but the address validation failed, and display a separate confirmation message. The message informs the customer that the payment was successful, but a problem was detected. It instructs them not to try again and that "we are looking into the issue". That allows the merchant to review the order and payment details, and determine if they want to accept the payment or refund the order. This will help to prevent multiple orders and charges.
  2. The payment selection section should add some validation of the billing address. Either by showing the billing address with an "update" link, or by providing additional input fields allowing the customer to change them on the fly when submitting the credit card details.
  3. I have revised the module to detect the CVC check failure and include a warning in the order message area, just as the billing verification does. This gives the merchant the opportunity to determine if a refund is necessary. This is not necessary if the merchant updates their Stripe account to decline charges that fail CVC checks.
  4. I have revised the module to treat all stripe errors the same way. First, the error details are logged. Second, the customer is always redirected back to the payment selection page with a generic failure message. Third, the redirect bug is fixed.

I'm looking to share this information and obtain feedback from both Prestashop and the community. Ideally I'd like Prestashop to incorporate/address these items in the next version of the module.

Share this post


Link to post
Share on other sites

additional issue found in the payment.tpl file. The payment_error anchor is not properly hidden, so a square box appear. I fixed the issue locally by adding style="display:none" directly to the anchor element.

Share this post


Link to post
Share on other sites

Hi bellini13,

 

Wow, I'm facing the same problems as you did. You said " you revised those problems? Can you share with us your revised version?

 

Thank You.

Share this post


Link to post
Share on other sites

Attached are 3 files that I have patched to correct the issues noted above. It is truly sad that Prestashop has still not addressed these issues.

 

This should only be used for Stripe Module version 0.9.4. Install the Stripe module as normal, and then upload these 3 files.

stripejs_patch.zip

Share this post


Link to post
Share on other sites

bellini13,

 

Thank You so much!!! I invested a lot of money in my website and I wasn't thinking the payment system was going to stop me!

 

You saved my website... www.foodstampscovers.com

 

Thank You

Share this post


Link to post
Share on other sites

Hi,

The Stripe Module was updated today to 0.9.5, but I can't find a change log anywhere. Anyone know if these issues were addressed?

Chetan

Share this post


Link to post
Share on other sites

v0.9.5 was originally released on 6/5. So apparently they have re-released this same version. I'll check to see if they updated anything and re-patch if not

 

Update: v0.9.5 still does not address any of these issues. The only issue it does address is on the order confirmation page, which corrects a problem only if more then 1 payment method is used.

Edited by bellini13 (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

Fast reply, thanks!

 

Well dang, that's too bad :/ have you attempted to see if your patch still works on the 0.9.5 version? I wasn't aware that the 0.9.5 actually launched in early June, I just coincidentally started using Stripe today on it's rerelease day.

 

Thanks again!

Chetan

Share this post


Link to post
Share on other sites

Yea its odd. The release date did change to 7/24 in the addons store, but it is the same exact file as the previously released module.

 

If you apply my previous patch, it will work, but then you will lose the single change they included in v0.9.5 regarding the confirmation page.

 

Attached is a new patch for v0.9.5. This is not tested so let me know if it works

stripejs_v0.9.5_patch.zip

Share this post


Link to post
Share on other sites

Hi Bellini,

 

We are using the Stripe Add-on Module 1.4 and Prestashop 1.5.2. ...and having a bit of a nightmare.

 

I have tried the the onepagecheckout and standard check out process also. If I disable the module and test the checkout with CashOnDeliverymodule the payment system pass through and I am getting order confirmation, but if I enable the stripe module then both onepagecheckpout and standard checkout show the same javascript error " Uncaught ReferenceError: Stripe is not defined ".

 

Onepagecheckout will continuously show the faded ajax loader and will never come up with payment option due the stripe reference error. I think the javascript is not calling properly at some point. I have also tried alerting the Card Number that I entered while in standard checkout and the ready function is not alerting that value when it gets the trigger in the below -

 

$(document).ready(function() {

 

$("#stripe_form").submit.................

 

Any ideas, any patches?

 

Thanks so much!

Share this post


Link to post
Share on other sites

Please confirm what version of Stripe module you are using. v1.4 is not valid

Share this post


Link to post
Share on other sites

Its the latest one available for sale. I'm looking into one of the files. It says release 1.3? Does that make sense?

Share this post


Link to post
Share on other sites

Its a version by Leighton Whitely. We've been in touch but he is not taking us seriously. Are there other better authors?

Share this post


Link to post
Share on other sites

Ah - the penny drops - we did not realize you are referring to Prestashop's own module for Stripe not the one by Leighton. We also had problems with that one but now we will try your patch..

Share this post


Link to post
Share on other sites

I would not suggest to try the patch for the PrestaShop Stripe Module on the community module you currently have. What did the developer say about your issue?

Share this post


Link to post
Share on other sites

We were thinking of switching onto the Prestashop Add-on and taking out the community add on. These patches are only for the Prestashop version.

Share this post


Link to post
Share on other sites

Ah ok. Correct, these patches are only for the Prestashop provided module, not the community module.

Share this post


Link to post
Share on other sites

Is there a way to not send the address 1 since I don't believe this is required by Stripe. I've noticed a few cards declined because of this address verification and just talked to 1 who says they are entering the address line 1 exactly how they have it on their credit card statement but it is still rejecting. For me, the zip and cvc checks are good enough.

 

Any help is appreciated! Thanks!

Share this post


Link to post
Share on other sites

There does not seem to be a way to disable the address 1 validation within Stripe. You can alter the CVC and Zip Code within Stripe website settings so it does not force a decline, but the checks have to occur.

 

If you stop sending address 1, it would still fail. Keep in mind that Stripe is not the financial institution that owns the credit card. They still have to send the information to the credit card company who may or may not decline the card. Stripe is just a gateway to the various card companies, and they simply pass back the information to you.

 

You are probably better off contacting Stripe about the problem, and see if they have a solution for you

Share this post


Link to post
Share on other sites

I've done that before and they stated that they can't tell why it was declined.

 

I thought that the address_line1 wasn't a required field for them? If you look at their documentation, under "The Card Object", it says "If address_line1 was provided, results of the check: pass, fail, or unchecked.". Am I reading that wrong?

 

https://stripe.com/docs/api#card_object

Share this post


Link to post
Share on other sites

What information was the user inputing into the address line 1? maybe he's entering characters that aren't allowed, such as "#" or "&" and the stripe module isn't smart enough to return that error so it just gives a general error?

Share this post


Link to post
Share on other sites

Nope, no bad characters. Address 1 was just a regular street # and street name followed by RD.

 

Address 2 is APT D2.

Share this post


Link to post
Share on other sites

is there always an address 2 when you encounter these issues? Again each card company is responsible for doing the validation. That means Bank 1 may consider address 1 and address 2, and Bank 2 does not

 

For example:

 

Prestashop has

address 1=123 somewhere lane

address 2=APT D2

 

Card Company has

address 1=123 somewhere lane APT D2

 

In human terms those are the same address, but in programming terms, they are not.

 

You can edit the javascript file stripe-prestashop.js. Search for billing and you will find this code. You can comment the address line 1 and address line 2 code and see what happens.

 

I suspect you will still see failures. Stripe may not require it, that does not mean the card companies do not.

/* Check if the billing address element are set and add them to the Token */
if (typeof stripe_billing_address != 'undefined')
{
stripe_token_params.name = stripe_billing_address.firstname + ' ' + stripe_billing_address.lastname;
stripe_token_params.address_line1 = stripe_billing_address.address1;
stripe_token_params.address_zip = stripe_billing_address.postcode;
stripe_token_params.address_country = stripe_billing_address.country;
}

if (typeof stripe_billing_address.address2 != 'undefined')
stripe_token_params.address_line2 = stripe_billing_address.address2;
if (typeof stripe_billing_address.state != 'undefined')
stripe_token_params.address_state = stripe_billing_address.state;

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for that info Mike and that definitely could be the culprit. However I do remember it rejecting my card before for "address line 1 invalid" I do not have a 2nd address line. I tried a few days later and my card went through. So not sure what this error exactly means.

 

I just commented out those lines of code like you said and it worked fine! My card went through and was charged successfully. Thanks for that help. I guess I'll see if I notice any more Stripe errors than usual. Gonna try it on a few more of my credit cards when I get home from work today.

 

Here's how Stripe checked my info:

 

  • cvc_check: "pass"
  • address_line1_check: null
  • address_zip_check: "pass"

Share this post


Link to post
Share on other sites

HI Guys.

 

6 months later and i guess everyone is still fixing the stripe module (currently 0.96)

 

AS of Feb 11 '14 Stripe gave us a pre-valentine gift and now accept payments in over 100 currencies, although settlement must still be in USD,EUR,GBP and a few others.

 

This is great becuase anyone with a US/UK bank account and sells overseas can use stripe. However the problem us prestashop users have is that 0.96 does not allow payments in other currencies apart from USD/EUR/GBP, whereas stripe does.

 

What we need is a update fix for this?

 

Also did anyone solve the webhook error Test webhook error: 501 ?

 

Thanks

RICKY

Share this post


Link to post
Share on other sites

Anyone going to make the STRIPE module work for PS 1.6??

 

Thanks

Share this post


Link to post
Share on other sites

Thanks for picking up the torch, bellini.

 

Question about your module... Does it support authorization and then capture at a later time? Only charging a card once shipped is a great practice that customers appreciate, and it also helps the merchant weed out fraud before the capture occurs. Stripe's API supports this: https://stripe.com/blog/auth-capture

 

I wouldn't mind if I had to use Stripe's dashboard to capture payments -- doesn't need to all be in PrestaShop's UI.

 

Also, does your module in anyway relate to Ollie McFarlane's module? http://omcfarlane.co.uk/prestashop-stripe-module-free/

Or do they both just fork from the original official PrestaShop module before it was pulled?

Share this post


Link to post
Share on other sites

Also, does your module in anyway relate to Ollie McFarlane's module? http://omcfarlane.co.uk/prestashop-stripe-module-free/

Or do they both just fork from the original official PrestaShop module before it was pulled?

Our modules are not related.  They were forked at v0.9.7 and most likely have very similar base functionality.  But I am sure we have both deviated at this point.

 

 

Question about your module... Does it support authorization and then capture at a later time? Only charging a card once shipped is a great practice that customers appreciate, and it also helps the merchant weed out fraud before the capture occurs. Stripe's API supports this: https://stripe.com/blog/auth-capture

 

I wouldn't mind if I had to use Stripe's dashboard to capture payments -- doesn't need to all be in PrestaShop's UI.

By default the module does an "auth and capture" in a single step.  However it is a simple 1 line code change so it would only authorize the payment, and you could capture within 7 days within the Stripe dashboard.

 

I will enhance the module in the future so that this is configurable.  This way you can configure all transactions to be "auth-only" or "auth and capture", and then use the order detail page to capture the funds.

 

Let me know if you have any additional questions

Share this post


Link to post
Share on other sites

Hello Bellini,

 

I have recently setup the stripe module in my shop, however I recieved an email from Stripe saying that my webhook is returning  HTTP status codes of 501 which causes the webhook to be treated as uncusseful in the stripe webhook system. I see that other people have encountered this problem. Have you experienced and if so does your module solve this problem?

Share this post


Link to post
Share on other sites

Hello Bellini,

 

I have recently setup the stripe module in my shop, however I recieved an email from Stripe saying that my webhook is returning  HTTP status codes of 501 which causes the webhook to be treated as uncusseful in the stripe webhook system. I see that other people have encountered this problem. Have you experienced and if so does your module solve this problem?

 

Hi, yes in v2.3 of Stripe Reloaded I have addressed issues with receiving webhooks.  The original module had a defect because it was not using the event id properly.  What version of the Stripe module are you using?  Is it the old free module?  Or is it my Stripe Reloaded module?

 

As far as correcting your issue, it is hard for me to say.  The module returns 501 status codes for various reasons documented below

1) The module only supports receiving 'charge.disputed' and 'charge.captured' events.  All other events will return 501

2) The Stripe module is not enabled/installed

3) The webhook URL is not configured properly in the Stripe dashboard settings

4) The order cannot be located within your database

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for the prompt response bellini. I'm using the old free module 0.9.5 not your reloaded module. Does your module work with prestashop 1.4.11? Also what is the purpose of the webhook? Stripe staff informed me that they have simply disabled my webhooks but that I can still recieve payments like normal. So this leaves me to wonder about the purpose of the webhook.

Share this post


Link to post
Share on other sites

The purpose of a webhook is so that the Stripe gateway can inform your Store of changes to transactions after the transaction is initially completed.

 

An example is a charge back.  Let us pretend that you received an order today, and the customer paid via credit card.  So your Stripe module creates a Prestashop order with the order status "Payment Accepted".

 

Now what happens if the customer disputes the transaction next week, and Stripe receives a charge back?  If you are using webhooks, then your Prestashop store will be notified automatically, and the Stripe module will attempt to cancel the order by changing the Order Status.

 

The usage of webhooks is not required, since Stripe will also send you an email to notify you of the dispute, and you can manually change the order status as desired.

 

You can find out more about the different types of webhooks on the Stripe website

https://stripe.com/docs/api#list_events

 

My Stripe Reloaded module supports 'charge.disputed' and 'charge.captured' webhooks.  I believe your version only supports 'charge.disputed', and it is broken which results in a 501 response code.

 

charge.disputed: This occurs when a dispute is created on a previous transaction

charge.captured: This occurs when a charge has been captured.  This only applies if you are using the Authorization Only Charge Mode. 

  • Like 1

Share this post


Link to post
Share on other sites

Thanks again bellini,

 

I have purchased your module and am experimenting with it right now. Do you know if there is anyway to generate an "external" secure payment page, similar to paypal? Some customers seem most familiar and comfortable with this type of payment.

Share this post


Link to post
Share on other sites

Do you know if there is anyway to generate an "external" secure payment page, similar to paypal? Some customers seem most familiar and comfortable with this type of payment.

 

Unfortunately Stripe does not offer a hosted payment page solution.

Share this post


Link to post
Share on other sites

and where did you get this version from? the last stripe version released from Prestashop was v0.9.7.

  • Like 1

Share this post


Link to post
Share on other sites

i think i got it from the prestashop addons page. it seems to be working fine now and thank you for your help trev

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More