stripe-samples / accept-a-payment Goto Github PK
View Code? Open in Web Editor NEWLearn how to accept a payment from customers around the world with a variety of payment methods.
License: MIT License
Learn how to accept a payment from customers around the world with a variety of payment methods.
License: MIT License
We need to communicate restrictions like (don't really need to cover all, but most would be good):
By this PR the CI workflow runs on Dependabot PRs, too. I believe it's good if we can auto-merge those of CI succeeded because then we can ignore lots of PRs and only care about failed ones.
If this sounds good, I'd like to work on it. I think we can do that by doing a similar thing as automerge.yml when all the CI jobs succeed on a Dependabot PR.
📝 When I work on it, I want to know if we should keep the automerge.yml
. I'm not sure the reason why currently they are being auto-merged immediately.
Documentation update:
config.ini
should be updated to .env
in accept-a-payment/prebuilt-checkout-page/server/php/README.md
The accept-a-payment/prebuilt-checkout-page/server/php/README.md
references config.ini
instead of .env
.
Also make a note that .env.example
is above the server
folder and the copied .env
should be in the server
folder.
Steps to reproduce the behavior, please provide code snippets or a repository:
Navigate to https://github.com/stripe-samples/accept-a-payment/tree/main/prebuilt-checkout-page/server/php to see the README.md.
config.ini
should be changed to .env
and config.ini.sample
to .env.example
.
We should move the payment intent creation into a separate central function? Otherwise it’s a lot of duplicate code in each payment method activity: https://github.com/stripe-samples/accept-a-payment/blob/main/custom-payment-flow/client/android-kotlin/app/src/main/java/com/example/app/AlipayActivity.kt#L70-L111
E.g. this is what we do on iOS: https://github.com/stripe-samples/accept-a-payment/blob/main/custom-payment-flow/client/ios-swiftui/AcceptAPayment/Model/BackendModel.swift
The set-output
became deprecated and now CI outputs warning messages like this:
Warning: The
set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
According to the announcement, we have to migrate to the new syntax by 31st May 2023.
It occurs when CI runs.
Here's an example: https://github.com/stripe-samples/accept-a-payment/actions/runs/3297935428
No deprecation messages.
Uncaught Error: Class "Stripe\Stripe" not found
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
This comment is really helpful for us to reproduce the CI error in our local.
#15 (comment)
So I'd like to create a Wiki or docs to summarize this instruction.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Attempting to run the custom-payment-flow/client/ios-swiftui
sample in Xcode 14 throws two instances of the following error:
Stored properties cannot be marked potentially unavailable with '@available'
There's also the following warning:
'IndexDistance' is deprecated: All index distances are now of type Int
When the html server is up and running and go to card section the console throw a 404 not found.
Steps to reproduce the behavior, please provide code snippets or a repository:
Should not throw a 404 error
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
As a best practice it's probably better to use error_log()
to write error information to the PHP error log rather than echo it to the output. Two instances of where this needs to change are referenced above.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Hi,
When I use the examples provided in this repository and others, after hitting checkout, I get redirected to checkout.stripe.com
(below is screenshot) Is the code for this page posted somewhere as I could not find it? I would like to host this page myself with some minor modification -
If this is not a right place for this question, could you please point me to the appropriate contact.
Thanks,
Karthik
This isn't an issue per se, it's more of a "here's what's possible" kind of thing and a recommendation.
The code above uses echo
statements, which work fine, but there are some other approaches that might be a better fit.
The first alternative is heredoc syntax, which would look like this:
<<<HEREDOC
<p>Payment $paymentIntent->id has status: $paymentIntent->status</p>
<a href="/afterpay-clearpay.php">Try Afterpay/Clearpay again</a><br>
<a href="/">Restart demo</a>
HEREDOC;
That's somewhat easier to read and write, and a bit more forgiving about getting the syntax exactly right by avoiding all the concatenation. You also don't need to worry about mixing and matching single and double quotes.
You can also drop out of PHP back to HTML:
?>
<p>Payment <?php echo $paymentIntent->id; ?> has status: <?php echo $paymentIntent->status; ?></p>
<a href="/afterpay-clearpay.php">Try Afterpay/Clearpay again</a><br>
<a href="/">Restart demo</a>
<?php
For this particular bit I probably would have used heredoc syntax because of how easy it is to include object properties inline.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
I have successfully created checkout form in php. it 's not showing google pay or apple pay buttons on my checkout form. they both have been by default ON in my dashboard. so what could be the problem.
What i need :
https://i.imgur.com/a06wtgH.png?1
What i have :
https://i.imgur.com/FnXl4KA.png?1
Any Reply Would be Greatly Appreciated.
Thanks.
According to the outputs of the webservers, the CI does not get the right secret API key these days. I guess the Stripe CLI process is failing due to the same reason. Could you check if the secrets below are set?
TEST_STRIPE_PUBLISHABLE_KEY
TEST_STRIPE_SECRET_KEY
The output of the webserver (Ruby): https://github.com/stripe-samples/accept-a-payment/runs/4062828436#step:6:118
web_1 | Your secret API key (STRIPE_SECRET_KEY) is configured incorrectly or
web_1 | doesn't match the expected format. You can find your API keys in the Stripe
web_1 | dashboard here: https://dashboard.stripe.com/test/apikeys. Then update
web_1 | the .env file.
stripe
process seems exited abnormally: https://github.com/stripe-samples/accept-a-payment/runs/4062828436#step:6:84
Name Command State Ports
------------------------------------------------------------------------------------------
accept-a-payment_runner_1 /work/sample-ci/docker/run ... Up
accept-a-payment_runner_run_f839113385d7 /bin/sh -c true Exit 0
accept-a-payment_stripe_1 /bin/ash -c /bin/stripe -- ... Exit 1
accept-a-payment_web_1 /work/sample-ci/docker/rub ... Exit 0
{
"name": "accept-a-payment",
"configureDotEnv": true,
"integrations": [
{
"name": "payment-element",
"clients": ["html", "react-cra"],
"servers": [
"ruby",
"node",
"python",
"php",
"java",
"go",
"dotnet",
"node-typescript"
]
},
{
"name": "prebuilt-checkout-page",
"clients": ["html", "react-cra", "vue-cva"],
"servers": [
"ruby",
"node",
"python",
"php",
"java",
"go",
"dotnet"
]
},
{
"name": "custom-payment-flow",
"clients": ["html", "react-cra", "ios", "android-kotlin", "ios-swiftui"],
"servers": [
"ruby",
"node",
"python",
"php",
"java",
"go",
"dotnet",
"node-typescript"
]
}
]
}
stripe-cli-1.8.11.zip
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Should we always collect name? email? minimum?
If we only collect the minimum, that's most likely to help with conversion optimization.
If we don't collect name or email, then the user might be curious about how to pass billing details.
Some of the redirect payment methods like grabpay will redirect before the payment is done processing. Let's add a poll with setInterval to refetch the payment intent and display a simple log of statuses until success.
In shared.php errors are handled in several different ways:
A single approach to error handling should be chosen and used throughout for consistency.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
There's no need for all these echo
statements and worrying about quote types and inserting newlines manually, you can instead drop out of PHP and spit out HTML:
if(!file_exists('../config.ini')) {
?>
<p>Make a copy of <code>config.ini.sample</code> and name it <code>config.ini</code>, then populate the variables.</p>
<p>It should look something like the following, but contain your <a href="https://dashboard.stripe.com/test/apikeys">API keys</a> and a <a href="https://stripe.com/docs/api/prices/create">Price ID</a>.:</p>
<pre>stripe_secret_key = sk_test_1234...
stripe_publishable_key = pk_test_1234...
stripe_webhook_secret = whsec_1234...
price = price_123...
domain = http://localhost:4242</pre>
<hr>
<p>You can use this command to get started:</p>
<pre>cp config.ini.sample config.ini</pre>
<?php
exit;
}
Couple options:
How do we want to refetch state? poll with set/clear interval?
How should we build the return URL? Thinking we might want to use window.location.
Ref: #1612
We need to automate to update the MAINTAINERS
value on the .github/workflows/ci.yaml
.
https://github.com/stripe-samples/accept-a-payment/blob/main/.github/workflows/ci.yml#L12-L19
Possibly using GitHub API to list the maintainers and update it.
Upgrade API version on each server side examples.
Several example apps are not using the latest API.
We may need to think about upgrading these API versions.
https://github.com/stripe-samples/accept-a-payment/search?q=apiVersion
https://github.com/stripe-samples/accept-a-payment/search?q=%222020-08-27%22
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Should we make two examples for react one with hooks and one with class components?
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Add the error code and error type from the Stripe API to the API response.
example:
return res.status(400).send({
error: {
message: e.message,
+ code: e.code,
+ type: e.type,
},
});
Some testing codes are using an error message from the Stripe API.
But when the error message is changed, it will be failed. And we need to update the test code to follow its updates.
example: https://github.com/stripe-samples/accept-a-payment/pull/1382/files
We can reduce these tasks when we use the error code and type instead of the error message.
A clear and concise description of what the bug is.
Steps to reproduce the behavior, please provide code snippets or a repository:
A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
Add any other context about the problem here.
Thinking we might want to combine the payment request button for the web and just call it payment-request.html
and payment-request.js
Unfortunately, all of the payment request demos have so many restrictions around https and having cards setup in chrome / google pay settings that it'll be hard for anyone to test locally.
controller-a03b04ebe66d2345eb5c2670f9f98387.js:1 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'arb_id')
at ws (controller-a03b04ebe66d2345eb5c2670f9f98387.js:1:239287)
at controller-a03b04ebe66d2345eb5c2670f9f98387.js:1:240705
Hi, I have a proposal to improve the CI. I appreciate your comments.
Currently, we cannot run CI properly for PRs from non-maintainers since they don't have permission to read the secrets which are mandatory to run the tests. Because of that, we have to merge first before checking the result of the CI and it's inconvenient for everyone.
I think we can change the current CI workflow and make those failed CI jobs retryable with the right permission for only maintainers.
pull_request_target
event instead of pull_request
so that the job can read the secrets.pull_request_target
triggers jobs with write permissions, that cannot be granted unconditionally. We make the workflow check if the user who triggered the event is in the list of the maintainers before running the tests.
The following chart illustrates how CI runs tests or aborts.
flowchart LR
A[Start CI] --> B{Triggered by a maintainter?}
B -->|Yes| C[Checkout Code]
C --> D[Run the tests w/ write permissons]
D --> E[End]
B -->|No| F[Abort]
F --> E
The workflow will be like the screenshot below. All the jobs will depend on the require-permission
job and this job checkus if the job was triggered by a maintainer.
I created a PR to implement it: #1612
📝 Note that in my fork, I made myself (hibariya) as a maintainer for testing.
This example shows that if a non-maintainer opened the PR, the CI aborts. The CI is failing on the require-permission
job.
hibariya#1315
This example shows that if a maintainer re-ran the aborted CI like the above, it runs tests. You can confirm that the latest run is triggered by a maintainer (me) here.
hibariya#1317
This example shows that if a maintainer opened the PR, the CI runs tests as ever.
hibariya#1316
This example shows that if a maintainer pushed commits to the main branch, the CI runs tests as ever.
hibariya@3bc03ab
I'm thinking of maintaining the list as an ordinary environment variable in the ci.yml
so far.
This article suggests using labels to run jobs triggered by pull_request_target
safely.
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
However, it also says it should be a temporary solution since it could lead to race conditions.
Note that this kind of label based verification is still prone to a race condition in which the attacker may push new changes after the workflow was approved (labeled), but has not started yet.
The proposal of this issue does not introduce these kinds of race conditions since it requires retrying the job that is associated with a known commit.
Hello,
This is not a bug report, it's a feature request, as per WC customer support:
Currently, the OXXO voucher barcode and ref. number are not included in the order confirmation email (to customer). The voucher only appears as a (Stripe hosted) pop-up after order completion, and there’s no more reference to it, or way to retrieve it.
A logic step would be: as the customer has to go physically to a store, scan the voucher (or provide ref. number), the voucher should be made easily available to the user (i.e. to send it together with the order confirmation email); or at least the unique URL to the hosted Stripe voucher page. Currently, the only option is to print the voucher (not sure who actually prints these days, specially mobile-first users).
We've been in contact with Stripe developers, and it's already baked in their solution, it just needs to be integrated into the plugin. Here are the guidelines and references to make it easier for you:
_I totally understand the need of making the payment process more efficient and practical. There is indeed an option to email the voucher link to your customers, but you may need to have access to edit the integration made by your platform WooCommerce.
Stripe sends a payment_intent.requires_action event when an OXXO voucher is created successfully. If you need to email your customers the voucher link, you can retrieve the PaymentIntent to get the link upon receiving the event. The hosted_voucher_url
field in payment_intent.next_action.oxxo_display_details contains the link to the voucher.
You can see this information in our Docs here:
https://stripe.com/docs/payments/oxxo/accept-a-payment?platform=web#optional:-email-voucher-link-to-your-customer
Setting up OXXO payment instructions in Spanish by passing the instructions parameter:
https://stripe.com/docs/payments/oxxo/accept-a-payment?platform=web#oxxo-payment-instructions_
Hopefully, you can make this happen in near future, as it's only logical for a smooth and practical process.
Thanks
payment-element cross origin error
I use payment-element for stripe pay. but when I click the card number input, the console print error "lookup.js:279 Uncaught DOMException: Blocked a frame with origin "https://js.stripe.com" from accessing a cross-origin frame."
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.