如何处理2C2P中的OTP等认证

问题描述 投票:0回答:1

我正在使用2C2P支付网关

     public function process_payment( $order_id ) {
        
        
        $result = $this->request->result( $order );
        
        error_log( print_r( $result, true ) );
    
        if ( in_array( $result->response->ApiResponse->ResponseCode, array( 'PC-B050000', 'PC-B050001', 'PC-B050002' ) ) ) {
    
            // Success but pending, requires account verification like OTP.
            if ( isset( $result->response->Data->paymentIncompleteResult->aresACSChallenge->transStatus ) && 'C' === $result->response->Data->paymentIncompleteResult->aresACSChallenge->transStatus ) {
    
              // Handle OTP verification etc.
             }
     
            return;
        }
    }

如何处理 OTP 验证?它给出的响应如下:

[05-Apr-2024 09:03:58 UTC] stdClass Object
(
    [response] => stdClass Object
        (
            [Data] => stdClass Object
                (
                    [paymentIncompleteResult] => stdClass Object
                        (
                            [notificationURLs] => 
                            [aresACSChallenge] => stdClass Object
                                (
                                    [transStatus] => C
                                    [acsURL] => https://paysecure.nicasiabank.com/3dsAcs2FrontOfficeWeb/paymentAuthentication
                                    [CReq] => PGh0bWw-PGhlYWQ-PC9oZWFkPjxib2R5Pgo8Zm9ybSBuYW1lPSdjcmVxRm9ybScgbWV0aG9kPSdQT1NUJyBhY3Rpb249J2h0dHBzOi8vcGF5c2VjdXJlLm5pY2FzaWFiYW5rLmNvbS8zZHNBY3MyRnJvbnRPZmZpY2VXZWIvcGF5bWVudEF1dGhlbnRpY2F0aW9uJz4KICAgIDxpbnB1dCB0eXBlPSdoaWRkZW4nIG5hbWU9J2NyZXEnIHZhbHVlPSdleUp0WlhOellXZGxWSGx3WlNJNklrTlNaWEVpTENKamFHRnNiR1Z1WjJWWGFXNWtiM2RUYVhwbElqb2lNRE1pTENKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJbUZoTVdWbE5HUm1MVFprT0RZdE5Ea3lZUzA0WVdVNUxUWXdPV05rWkRjelltTXlPQ0lzSW1GamMxUnlZVzV6U1VRaU9pSTBOelF5WWpBM1lTMW1NekppTFRFeFpXVXRPV1V4WXkweE0yVXhaREppWm1Fd09USWlMQ0p0WlhOellXZGxWbVZ5YzJsdmJpSTZJakl1TWk0d0luMCc-CiAgICA8aW5wdXQgdHlwZT0naGlkZGVuJyBuYW1lPSd0aHJlZURTU2Vzc2lvbkRhdGEnIHZhbHVlPSdZV0V4WldVMFpHWXRObVE0TmkwME9USmhMVGhoWlRrdE5qQTVZMlJrTnpOaVl6STQnPgogICAgPG5vc2NyaXB0PjxidXR0b24-UGxlYXNlIGNsaWNrIGhlcmUgdG8gY29udGludWU8L2J1dHRvbj48L25vc2NyaXB0Pgo8L2Zvcm0-CiAgICA8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc-ZG9jdW1lbnQuY3JlcUZvcm0uc3VibWl0KCk7PC9zY3JpcHQ-PC9ib2R5PjwvaHRtbD4
                                    [rawCreq] => eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDMiLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImFhMWVlNGRmLTZkODYtNDkyYS04YWU5LTYwOWNkZDczYmMyOCIsImFjc1RyYW5zSUQiOiI0NzQyYjA3YS1mMzJiLTExZWUtOWUxYy0xM2UxZDJiZmEwOTIiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIn0
                                    [ChallengeHtml] => PGh0bWw-PGhlYWQ-PC9oZWFkPjxib2R5Pgo8Zm9ybSBuYW1lPSdjcmVxRm9ybScgbWV0aG9kPSdQT1NUJyBhY3Rpb249J2h0dHBzOi8vcGF5c2VjdXJlLm5pY2FzaWFiYW5rLmNvbS8zZHNBY3MyRnJvbnRPZmZpY2VXZWIvcGF5bWVudEF1dGhlbnRpY2F0aW9uJz4KICAgIDxpbnB1dCB0eXBlPSdoaWRkZW4nIG5hbWU9J2NyZXEnIHZhbHVlPSdleUp0WlhOellXZGxWSGx3WlNJNklrTlNaWEVpTENKamFHRnNiR1Z1WjJWWGFXNWtiM2RUYVhwbElqb2lNRE1pTENKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJbUZoTVdWbE5HUm1MVFprT0RZdE5Ea3lZUzA0WVdVNUxUWXdPV05rWkRjelltTXlPQ0lzSW1GamMxUnlZVzV6U1VRaU9pSTBOelF5WWpBM1lTMW1NekppTFRFeFpXVXRPV1V4WXkweE0yVXhaREppWm1Fd09USWlMQ0p0WlhOellXZGxWbVZ5YzJsdmJpSTZJakl1TWk0d0luMCc-CiAgICA8aW5wdXQgdHlwZT0naGlkZGVuJyBuYW1lPSd0aHJlZURTU2Vzc2lvbkRhdGEnIHZhbHVlPSdZV0V4WldVMFpHWXRObVE0TmkwME9USmhMVGhoWlRrdE5qQTVZMlJrTnpOaVl6STQnPgogICAgPG5vc2NyaXB0PjxidXR0b24-UGxlYXNlIGNsaWNrIGhlcmUgdG8gY29udGludWU8L2J1dHRvbj48L25vc2NyaXB0Pgo8L2Zvcm0-CiAgICA8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc-ZG9jdW1lbnQuY3JlcUZvcm0uc3VibWl0KCk7PC9zY3JpcHQ-PC9ib2R5PjwvaHRtbD4
                                    [threeDSSessionData] => YWExZWU0ZGYtNmQ4Ni00OTJhLThhZTktNjA5Y2RkNzNiYzI4
                                )

                            [failedReason] => 
                            [availablePaymentTypes] => 
                            [untokenizedStoredCardList] => 
                            [storedCardUniqueID] => 
                            [paymentExpiryDateTime] => 2024-04-05T09:48:40.0051453Z
                            [merchantIdForMcp] => 
                            [mcpDetails] => 
                            [preferredPaymentTypes] => Array
                                (
                                    [0] => CC
                                )

                            [transactionDateTime] => 2024-04-05T09:03:42.987867Z
                            [orderNo] => 297
                            [productDescription] => Another Product - 3
                            [InvoiceNo2C2P] => HBL0000000047
                            [pspReferenceNo] => 
                            [controllerInternalID] => e40bc631b7a447afb42574998de7b380
                            [paymentStatusInfo] => stdClass Object
                                (
                                    [PaymentStatus] => I
                                    [PaymentStep] => AC
                                    [LastUpdatedDateTime] => 2024-04-05T09:03:39.9619103Z
                                )

                            [paymentType] => CC
                            [channelCode] => 
                            [agentCode] => 
                            [mcpFlag] => N
                            [transactionAmount] => stdClass Object
                                (
                                    [AmountText] => 000000000003
                                    [CurrencyCode] => USD
                                    [DecimalPlaces] => 2
                                    [Amount] => 0.03
                                )

                            [settlementAmount] => stdClass Object
                                (
                                    [AmountText] => 000000000003
                                    [CurrencyCode] => USD
                                    [DecimalPlaces] => 2
                                    [Amount] => 0.03
                                )

                            [customFieldList] => 
                            [clientIp] => 
                            [officeId] => 9104135843
                            [ddcId] => 
                        )

                    [paymentPage] => 
                )

            [Version] => 1.0
            [ApiResponse] => stdClass Object
                (
                    [ResponseMessageId] => 03dad34c-ae08-4636-9e0c-ff777504d864
                    [ResponseToRequestMessageId] => 866900bf-d915-3415-4844-039c43152970
                    [ResponseCode] => PC-B050001
                    [ResponseDescription] => Success
                    [ResponseDateTime] => 2024-04-05T09:03:42.9878657Z
                    [ResponseTime] => 3100
                    [AcquirerResponseCode] => 
                    [AcquirerResponseDescription] => 
                    [EciValue] => 
                    [MarketingDescription] => Payment success but not completed yet.
Please finish your payment via selected payment channel later.
                )

        )

    [aud] => 4b0d276fcaf04fbd9469859949b1b83c
    [iss] => PacoIssuer
    [exp] => 1712311423
    [iat] => 1712307823
    [nbf] => 1712307823
)
php authentication payment-gateway
1个回答
2
投票

我在你的回复中看到:

[aresACSChallenge] => stdClass Object
                                (
                                    [transStatus] => C
                                    [acsURL] => https://paysecure.nicasiabank.com/3dsAcs2FrontOfficeWeb/paymentAuthentication
                                    [CReq] => PGh0bWw-PGhlYWQ-PC9oZWFkP...

您需要将用户正确重定向到响应中提供的 ACS URL,发布 

CReq
参数,并处理用户在银行页面上完成 OTP 验证后收到的响应。

ACS 是支付行业中的“访问控制服务”(在您的情况下:https://paysecure.nicasiabank.com/)。
它是3-D 安全协议的一个组件,用于为在线信用卡和借记卡交易添加另一层安全保障。 ACS 通过在授权交易之前提示持卡人输入密码或一次性代码来帮助验证持卡人的身份。

您已经确定,当交易状态(transStatus)为“

C
”时,需要使用
OTP(一次性密码)

当需要 OTP 时,您需要以编程方式创建一个表单,并使用您收到的 
acsURL
参数将其自动提交到 
CReq
。这通常在前端完成(有点类似于 
bigskysoftware/htmx
讨论 951)。

public function process_payment( $order_id ) {
    $result = $this->request->result( $order );

    error_log( print_r( $result, true ) );

    if ( in_array( $result->response->ApiResponse->ResponseCode, array( 'PC-B050000', 'PC-B050001', 'PC-B050002' ) ) ) {

        // Check if it requires OTP
        if ( isset( $result->response->Data->paymentIncompleteResult->aresACSChallenge->transStatus ) && 
             'C' === $result->response->Data->paymentIncompleteResult->aresACSChallenge->transStatus ) {

            $acsURL = $result->response->Data->paymentIncompleteResult->aresACSChallenge->acsURL;
            $creq = $result->response->Data->paymentIncompleteResult->aresACSChallenge->CReq;

            // Prepare auto-submit form for OTP
            echo "<form id='otpForm' action='{$acsURL}' method='post'>
                    <input type='hidden' name='creq' value='{$creq}'>
                    <noscript><button type='submit'>Continue</button></noscript>
                  </form>
                  <script>document.getElementById('otpForm').submit();</script>";

            return;
        }

        // Other handling logic if needed
    }
}

回显的 HTML 中的表单包含一个带有 CReq 值的隐藏字段,并发布到从 2C2P API 接收的 ACS URL。 JavaScript 自动提交此表单。如果用户浏览器中禁用了 JavaScript,则 

<noscript>
标签提供了一个后备按钮来手动提交表单。

重定向用户进行 OTP 身份验证后,您将需要处理来自 ACS 身份验证后的响应。这通常涉及捕获身份验证的结果并根据身份验证是否成功继续进行支付处理。确保后端端点已准备好接收 ACS 响应并进行相应处理。

您可以通过另一个 PHP 库 nsoftware TS2 了解更多信息,它说明了类似的工作流程:

CheckAuthResponse
方法(IPWorks3DS_Client类)用于处理来自ACS认证后的响应(但它不是开源项目!)。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.