dongtie0929
2016-05-10 20:03
浏览 100
已采纳

工作流混乱:PayPal Cordova插件/ Magento

I am a little bit confused by the Cordova plugin by PayPal in terms of what this means for implementing a safe workflow for interacting with a Magento instance.

Normally, the Express Checkout workflow looks like this:

  1. Customer visits Magento Site checkout
  2. Customer is directed to PayPal
  3. Customer is returned to Magento Site
  4. Customer clicks 'Place Order' on Magento Site
  5. Magento Site converts quote to order
  6. Magento Site accesses PayPal to capture / confirm funds, check for possible fraud, etc...

The workflow imposed by the Cordova plugin appears to be like this:

  1. Customer visits App checkout
  2. Customer is directed to PayPal
  3. Payment is authorized or captured based upon the configuration
  4. Customer is directed back to App
  5. App executes a success handler

In the above Cordova Plugin workflow, notice that the step where a quote to order conversion is missing. From my perspective, I see two options:

Insert quote -> order conversion call between 2 and 3

Caveats:

  1. The customer may not complete checkout and now an order is permanently orphaned in the system
  2. The customer may wish to change something (which now can't happen -- orders can't be modified)

Insert quote -> order conversion call after 5

Caveats:

  1. The client is being trusted to notify the server that the payment was made (which requires server-side cross-examination with PayPal / additional complexity)
  2. The client may never actually send the notification.

I do not like any of the options presented above. Can anyone help clear up my confusion or show me what I hope that I'm missing?

图片转代码服务由CSDN问答提供 功能建议

我对PayPal的Cordova插件有点困惑,这对于实现安全工作流程意味着什么 与Magento实例交互。

通常,Express Checkout工作流程如下所示:

  1. 客户访问Magento网站结帐
  2. 客户被引导至PayPal
  3. 客户返回Magento网站
  4. 客户点击Magento网站上的“下订单” \ n
  5. Magento网站将报价转换为订单
  6. Magento网站访问PayPal以捕获/确认资金,检查可能的欺诈行为等......

    Cordova插件强加的工作流程如下所示:

    1. 客户访问应用程序结帐
    2. 客户指示 到PayPal
    3. 根据配置授权或捕获付款
    4. 客户被定向回App
    5. App执行成功处理程序< / li>

      在上面的Cordova插件中 工作流程,请注意缺少订单转换的报价的步骤。 从我的角度来看,我看到两个选项:

      插入引用 - &gt; 2到3之间的订单转换调用

      警告:

      1. 客户可能无法完成结帐并现在订单 在系统中永久孤立
      2. 客户可能希望更改某些内容(现在无法修改 - 订单无法修改)

        插入引号 - &gt; 5之后的订单转换调用

        注意事项:

        1. 客户端受信任通知服务器付款 (需要使用PayPal /额外的复杂性进行服务器端交叉检查)
        2. 客户可能永远不会实际发送通知

          我不喜欢上面提到的任何选项。 任何人都可以帮助解决我的困惑或向我展示我希望我失踪的东西吗?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dsvf46980 2016-05-13 14:01
    已采纳

    I've found that I am able to provide a placeholder invoice number to the Cordova application to pass on to PayPal.

    PayPal can then send this invoice number along with relevant transaction details to the Magento server via an IPN. This takes the client out of the picture and fits my needs.

    So really the workflow is as follows:

    1. The client clicks on the 'PayPal Button'
    2. A request is sent to the Magento Server to create an order and placeholder invoice
    3. The Magento Server provides the placeholder invoice number to the client
    4. The order is now 'Pending Payment' in Magento
    5. The client proceeds to PayPal to make the payment
      • If the client successfully pays, an IPN is sent to the Magento Server and the client is returned to the App payment success page
      • If the client fails to pay and fails to return to the app, the order will remain as 'Payment Pending' to be cancelled by a crontask every so often
      • If the client fails to pay and successfully returns to the app, the app will contact the Magento Server and immediately cancel the order

    I'm severely disappointed by the lack of documentation / support for this product.

    点赞 评论

相关推荐 更多相似问题