active_merchant
active_merchant copied to clipboard
activemerchant
Authorize.net to upgrade md5 to sha256
Hi, i just received an email that authorize.net that it will upgrade from md5 to a SHA-256 trans hash by month end. Will this gem get updated for that ?
Thanks
Link to Article detailing the end of life/support for MD5 Hash and it's replacement option: MD5 Hash End of Life & Signature Key Replacement
Link to Upgrade Guide
You know, just searching the repository:
https://github.com/activemerchant/active_merchant/search?q=transHash&unscoped_q=transHash
It looks to me like transHash isn't used as part of authorize.net's implementation in ActiveMerchant.
It only looks like it's referenced as part of the response in a test file.
Can anyone else confirm? I think the real question is: Is your code using the returned transHash value to save or reference any transactions.
Can anyone else chime in if that's right?
HI every one, I'm having here the same question and to be sure, and because none answer this thread with facts beyond @seebq
I've checked the source code at the current master and some other tags and at any moment the transaction is validated.
Also @seebq please note that in master there's a md5_hash at the parse_direct_response_elements(response, options) but it's unused.
In previous tags, the method was named parse and the mechanism employed to get the information was using the same nokogiri gem but in a more direct way. Anyway the transactions it's never confirmed, it justs trusts that the transaction_id will only be provided when a transaction it's completed.
Hope this helps someone and also I wish if someone who had worked on the gem could provide some kind of confirmation here.
Thanks!
Any updates on this? From reading the Authorize.net docs, it seems to me that the MD5 hash is only used in verifying the API response, but it seems to be implemented in the Authorize.net CIM Gateway (line 927, 'md5_hash' => direct_response_fields[37]).
cc: @DavidStoltzfus
