django-payments icon indicating copy to clipboard operation
django-payments copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Braintree tokens

Open litchfield opened this issue 9 years ago • 5 comments
trafficstars

The braintree backend should be using the client side javascript tokens approach- so we can stay fully PCI compliant. Any thoughts on this?

litchfield avatar Apr 08 '16 05:04 litchfield

Braintree no longer offers Transparent Redirect. Supported methods that helps with PCI compliance now are called "Drop-in" and "Hosted Fields" An example of using the Drop-in interface with a Python backend server can be found on braintree's GitHub here.

At this time Braintree support is completely broken, but it seems to me that supporting the new methods should be much simpler than it was before (but I do not have the expertise needed to figure out how to update the existing code, sorry).

dappiu avatar Jun 11 '16 15:06 dappiu

Hi @dappiu, I'm not talking about any type of redirect. Tokens are the standard way of implementing modern payment gateways (Braintree, Stripe, etc).

Hosted Fields were a response to the introduction of SAQ-A standard, but are no longer necessary since SAQ-A-EP which was released shortly after. Drop-in is obviously not for everybody.

litchfield avatar Jun 12 '16 01:06 litchfield

@litchfield what I was saying is that the method currently in use in latest django-payments release, that was called Transparent Redirect, do not work anymore so I was just agreeing with you that the .js library with Tokens is the way to go

dappiu avatar Jun 13 '16 04:06 dappiu

@bogdal, @mociepka: I think we should plan to solve this soon. We don't want to block people from accepting payments and I understand that this is the case currently.

patrys avatar Jun 13 '16 09:06 patrys

I managed to get it working, apparently was not that Braintree stopped supporting the current used method, but an incompatibility with <class 'django_countries.fields.Country'> that was passed to xml_from_dict() in braintree/util/xml_util.py raising this exception: RuntimeError: Unexpected XML node type: <class 'django_countries.fields.Country'>

What I did as a temporary workaround was to edit payments/braintree/forms.py at line 51, replacing 'country_code_alpha2': self.payment.billing_country_code} with 'country_code_alpha2': str(self.payment.billing_country_code)}

But I don't have any idea if this can be used as a definitive fix or may cause other troubles in other scenarios, so I'm leaving further review to you guys. I'm using django-payments==0.9.4 with Python 3.5

EDIT: Sorry, I realize that I brought this thread off-topic, let me know if I should open another issue or a pull request with the fix I suggested.

dappiu avatar Jun 16 '16 15:06 dappiu