Billing in SaaS applications on Ruby on Rails. Continued about 3-D Secure
Hello, community!
Today I will tell you, as promised in the last article , about the implementation of 3-D Secure authentication in SaaS applications. 3-D Secure adds another authentication step for online payments. Usually there is a redirect to the website of the issuing bank, where the user is prompted to enter a verification SMS-pin to confirm the payment. This process is terribly inconvenient, your customers are required to leave your service in order to pass this authentication.
In LPCloud, we decided to do 3-D Secure frame authentication so that the user does not leave our service.
')
If your client’s card requires 3-DS, then cloudpayments returns the necessary parameters for authentication, including the url of the page on the issuing bank’s website, where SMS-pin is entered, which is what we open in the frame. Further, after passing the authentication, the website of the issuing bank, right in the frame, will redirect the client to your website, where you can display a payment message. And what if after passing the authentication you want to automatically close the popup with the frame and display the alert?
Just pass the response results from the cloudpayments server to the js variable and call the function in parent.
That's all. If there are suggestions how to improve this method I will be glad to hear you in the comments.
Today I will tell you, as promised in the last article , about the implementation of 3-D Secure authentication in SaaS applications. 3-D Secure adds another authentication step for online payments. Usually there is a redirect to the website of the issuing bank, where the user is prompted to enter a verification SMS-pin to confirm the payment. This process is terribly inconvenient, your customers are required to leave your service in order to pass this authentication.
In LPCloud, we decided to do 3-D Secure frame authentication so that the user does not leave our service.
')
Controller
def purchase updating_card = current_user.account.present? options = { :IpAddress => request.ip, :AccountId => current_user.email, :Name => params[:name], :JsonData => { plan: params[:plan], updating_card: updating_card }.to_json, :Currency => current_subscription.currency, :Description => "Storing card details" } current_subscription.plan = Plan.find(params[:plan]) if params[:plan].present? amount = updating_card ? 1 : current_subscription.amount response = gateway.purchase(params[:cryptogram], amount, options, true) # making response as action controller params @params = parametrize(response.params) if response.success? resp = { json: success_transaction(@params) } else # if 3d-secure needed if @params and @params['PaReq'].present? resp = { json: { response: @params, type: '3ds' }, status: 422 } else resp = { json: { response: response, type: 'error' }, status: 422 } end end render resp end private def gateway ActiveMerchant::Billing::CloudpaymentsGateway.new(public_id: configatron.cloudpayments.public_id, api_secret: configatron.cloudpayments.api_secret) end If your client’s card requires 3-DS, then cloudpayments returns the necessary parameters for authentication, including the url of the page on the issuing bank’s website, where SMS-pin is entered, which is what we open in the frame. Further, after passing the authentication, the website of the issuing bank, right in the frame, will redirect the client to your website, where you can display a payment message. And what if after passing the authentication you want to automatically close the popup with the frame and display the alert?
Controller
def post3ds response = gateway.check_3ds(params[:MD], params[:PaRes]) @params = parametrize(response.params) if response.success? resp = success_transaction(@params) else resp = { message: response.message } end @response = { response: resp, success: response.success? } end View
Just pass the response results from the cloudpayments server to the js variable and call the function in parent.
javascript: var resp = JSON.parse('#{@response.to_json.html_safe}'); parent.window.showMessage(resp); Client function
window.showMessage = function(r) { alert(r.response.message); } That's all. If there are suggestions how to improve this method I will be glad to hear you in the comments.
Source: https://habr.com/ru/post/240573/
All Articles