403 allways on payment notifcation

  • Posts: 63
  • Thank you received: 1
  • Hikashop Business
7 years 7 months ago #268074

Hello,

So every time we receive a notification from Worldpay it is html encoded so :

https%3A%2F%2Fwww.mysite.co.uk%2Findex.php%3Foption%3Dcom_hikashop%26ctrl%3Dcheckout%26task%3Dnotify%26notif_payment%3Dbf_rbsbusinessgateway%26tmpl%3Dcomponent%26componentStyle%3Dcommon%26lang%3Den&authMode=A&instId=1000552&displayAddress=myaddres&AAV=00000&testMode=0&name=Home&callbackPW=cb_pw&region=&AVS=2222&desc=mydescription&authAmountString=%26%23163%3B8.19
The problem... When this is decoded we get:
index.php?option=com_hikashop&ctrl=checkout&task=notify¬if_payment=bf_rbsbusinessgateway&tmpl=component&componentStyle=common&lang=en&authMode=A&instId=1000552&displayAddress=myaddress&AAV=00000&testMode=0&name=Home&callbackPW=cb_pw®ion=&AVS=2222&desc=mydescription&authAmountString=£8.19
But it should be:
index.php?option=com_hikashop&ctrl=checkout&task=notify&notif_payment=bf_rbsbusinessgateway&tmpl=component&componentStyle=common&lang=en&authMode=A&instId=1000552&displayAddress=myaddress&AAV=00000&testMode=0&name=Home&callbackPW=cb_pw®ion=&AVS=2222&desc=mydescription&authAmountString=£8.19
See the :

¬if

The raw access request it is:

%C2%AC which should be: & not

The above look the same as your site is also encoding it! If you edit the post you will see the difference.

is the HTML Entity for: ¬ so therefore the notification is never received and the IPN gets a 403 error from the site since it's trying to do something it cannot.

Do you have any suggestions to resolving this?

Last edit: 7 years 7 months ago by Jerome. Reason: [code] tag is nice

Please Log in or Create an account to join the conversation.

  • Posts: 26159
  • Thank you received: 4028
  • MODERATOR
7 years 7 months ago #268091

Hello,

The "&not" has nothing to do with the issue. There is no HTML characters in an URL.
There is no HTML parsing in an URL so the "&not" will always be "&not" and not "¬".

Please take a look at your server log in order to understand what and why you have a 403.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 63
  • Thank you received: 1
  • Hikashop Business
7 years 7 months ago #268133

Hello Jerome,

As explained this is the issue. Server Raw access logs show:

0.0.0.0 - - [24/Apr/2017:09:00:33 +0100] "GET /index.php?option=com_hikashop&ctrl=checkout&task=notify%C2%ACif_payment=bf_rbsbusinessgateway&componentStyle=common&lang=en&authMode=A&instId=1000552&displayAddress=1%20MyAddress%20House,%20City&AAV=00000&testMode=0&name=Doris%20Joe&callbackPW=My_Call_back_password%C2%AEion=&AVS=2222&desc=&authAmountString=%C2%A360.18 HTTP/1.1" 403 2108 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.68 Safari/537.36"

As you can see, worldpay is using encoding on the callback url. which in turn encodes ¬ as %C2%AC

Given you say ¬ has nothing to do with the issue, yet it is the core issue here. replacing %C2%AC with ¬ in the request allows it to proceed. But we cannot control how worldpay is handling the encoding.

Many thanks

Please Log in or Create an account to join the conversation.

  • Posts: 26159
  • Thank you received: 4028
  • MODERATOR
7 years 7 months ago #268137

Hello,

Can you provide your HikaShop version number and your PHP version number ?
Please note that the WorldPay payment plugin is now externalized in GitHub ; that plugin has been created by a third party and the HikaShop team just try to maintain it :
github.com/HikaShop/hikashoppayment-worl...f_rbsbusinessgateway

I don't know what or how the URL is decoded but your're the first person with that problem and we have very recently some feedback on the plugin for implementation of new features ; so the plugin is working fine for other users.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

  • Posts: 63
  • Thank you received: 1
  • Hikashop Business
7 years 7 months ago #268180

Hello Jerome,

Thank you and It was me with has recently upgraded the hikashop plugin for the additional options. You might want to get Nicolas to look through this post.

As stated it is because the way hikashop adds the query string:

¬ into the url. Worldpay encode the url on return which is quite standard practice when returning and keeping the url entact for each:

echo urlencode('&not');
		echo urldecode('%26not');

In your PHP code, this shows how it encodes and decodes the URL.

Hikashop is the latest release installed two days ago. php 7.0.17.

The plugin works, but we are not receiving payment confirmations because it decodes the url and therefore cannot find the location.

Many thanks
Tony

Please Log in or Create an account to join the conversation.

  • Posts: 63
  • Thank you received: 1
  • Hikashop Business
7 years 7 months ago #268185

Currently trying to encode the return url before going to worldpay. Will run some tests and report back.

Please Log in or Create an account to join the conversation.

  • Posts: 82906
  • Thank you received: 13378
  • MODERATOR
7 years 7 months ago #268226

Hi,

Great. Let us know how it goes.

Please Log in or Create an account to join the conversation.

  • Posts: 63
  • Thank you received: 1
  • Hikashop Business
7 years 3 months ago #276003

This has reared its ugly head again. I suspect this is why we are not authenticating PayPals IPN's and they come back with invalid transaction. Since our notification logged url is:

option=com_hikashop&ctrl=checkout&task=notify¬if_payment=paypal&tmpl=component&componentStyle=common&lang=en&Itemid=206&mc_gross=8.19&invoice=1054&

further down it is has: &mc_fee=0.48¬ify_version=3.8&

So I've done some code to try and remove it and will wait for a test user to come through.

Please Log in or Create an account to join the conversation.

  • Posts: 26159
  • Thank you received: 4028
  • MODERATOR
7 years 3 months ago #276004

Hello,

For Paypal IPN issues :
www.hikashop.com/forum/payment-methods/8...?limitstart=0#273747

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.

Please Log in or Create an account to join the conversation.

Time to create page: 0.068 seconds
Powered by Kunena Forum