"confirm" step on checkout
Stephanie Powell
I was just wondering if there is a reason that the "Confirm" step on
checkout is tied to the Gateway.current.payment_profiles_supported? method.
My client still would like to have a "Confirm" step, but with the
AuthorizeNet gateway (not AuthorizeNetCim). I see that I can override
the payment_profiles_supported? method in the Gateway::AuthorizeNet
class, but that made me wonder why the confirm step is tied to
collecting user CC profiles. Is the credit card authenticated after the
user clicks "save and continue" from the payment page on gateways that
don't have the confirm step? How does one change this to authenticate
the credit card AFTER the Confirm step?
Has it been considered to change the core to always have the confirm
step? That makes sense from a usability perspective - most users are
familiar with reviewing and confirming an order before it's finalized
(read: authenticated). And since the Spree demo shows the Confirm step
with the bogus gateway, I find it a bit misleading that the Confirm step
is removed after one replaces the bogus gateway with the Authorize.net
setup.
Thanks,
Steph
app/helpers/checkouts_helper.rb:
module CheckoutsHelper
def checkout_progress
steps = Checkout.state_names.reject { |n| n == "complete" }.map do
|state|
next if state == "confirm" and not
Gateway.current.payment_profiles_supported?
...
end
end
...
end
Sean Schofield
not secure without credit card profiles. The only way you can do this
without a profile is to store the credit card on the server somehow.
Without the confirm step you submit payment as the last step and you
authorize straight away. The only way the confirm step is safe is to
store the card offsite and authorize against the profile.
The confirm step is nice but the client needs to spring for the extra
charge for profiles and use a gateway that supports them in order to
do this safely. Sadly, I suspect many of the sites with the confirm
steps are storing cards insecurely but I can't prove that. I have
seen sites where clients store them in plain text in the database and
I have no reason to think these were the only such cases out there.
Sean Schofield
-------------------------------------------
Rails Dog LLC
2 Wisconsin Circle, Suite 700
Chevy Chase, MD 20815
voice: (301)560-2000
-------------------------------------------
> --
> You received this message because you are subscribed to the Google Groups
> "Spree" group.
> To post to this group, send email to spree...@googlegroups.com.
> To unsubscribe from this group, send email to
> spree-user+...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/spree-user?hl=en.
>
>
Stephanie Powell
Ahh, yes this makes sense now. And since there is no longer a one page
checkout, the credit card isn't stored on the same page.
Well, that'll do for us - we'll just need to change the button to read
"complete order" instead of "save & continue".
Thanks,
Steph
Sean Schofield
> "complete order" instead of "save & continue".
There was a patch recently that might have done this already. Just
make sure you're using edge.
> Thanks,
>
> Steph
Sean
Stephanie Powell
we just won't tackle development of that at the moment.
Thanks again.
_mnt
maybe i am doing something wrong but i ran into the "problem" that the
confirm-page was disabled because i only use custom PaymentMethods
without any Gateway or any credit card payment. IMHO the cofirm page
makes sense even if you dont use CC-Gateways. Or should a
PaymentMethod like Check return true for "payment_profiles_supported"?
As i understand it, check is not a Gateway.
Cheers,
Sebastian
Sean Schofield
to make sure that people could have a reasonable alternative for
gateways that didn't support profiles. We could probably add a
setting Spree::Config[:confirmation_step] which default to false
unless a gateway is present and configured with profiles.
Patches welcome.
Sean Schofield
-------------------------------------------
Rails Dog LLC
2 Wisconsin Circle, Suite 700
Chevy Chase, MD 20815
voice: (301)560-2000
-------------------------------------------