Reply
Member
Posts: 1
Registered: ‎02-13-2019
Accepted Solution

Magento 2.2 CE Direct Post SHA512 Upgrade

On the native Magento 2 backend for Authorize.net Direct Post, it does not currently support SHA512 hashing and the only input field for Authorize.net Direct Post on the Magento 2 Dashboard is with MD5 (https://imgur.com/a/qkNkSjh)
 

Currently Direct Post will send information to Authorize.net but without a SHA signature key Authorize.net will not send any responses/information to Magento 2 so when a customer submits a order the order will never confirm or process the payment since Authorize.net is no longer sending this information back to Magento to process the order. I want to know if the signature key is even required to recieve responses back to Magento 2 and if so how would I go about updated the new SHA512 Hash in Direct Post when the only configuration inbox is with a MD5 Hash? Any info would be greatly appreciated!


Accepted Solutions
Solution
Accepted by topic author antbruv
‎02-21-2019 10:17 AM
All Star
Posts: 685
Registered: ‎11-05-2018

Re: Magento 2.2 CE Direct Post SHA512 Upgrade

I am not versed in magento but here’s your issue, I think. If you inquire about sha512 and where to put it, you will get a response that there is nowhere to put it. That doesn’t mean you don’t use it. The md5 “key” or whatever you wish to call it was entered directly into the interface. The sha512 doesn’t have, isn’t intended to have, and will likely never will have an input box like the md5. So to put it in other words there is no difference in magento in that regard and in what any other DPM user is using.

If I understand this correctly, and I think that I do after getting in the mix with the DPM/SIM guys a month or so ago, your md5/sha512 signature is required to submit transactions. If that is the case then you without a doubt will need to get rolling with the sha512. The md5 will be zapped at some point and your app will break.

With magento being a managed framework, they may well do this for you in a new release of the community or enterprise edition. I never fully understood just how much of the actual coding you do vs what they handle. Being Php based, if you do have to manually code in the sha512 signature you can search the forum for the post I put up “working Php hash verification.” The first sample code I put up is for modern API methods like what I use, and then the DPM/SIM guys brought it to my attention that theirs is a little different. So I pulled their guide and modified the sample code based on it, and posted it in a separate post. The bit I posted hasn’t been tested by me, but others in other threads were using pretty much identical code and saying it worked. So my 2nd code example should get you very close and it should work with only a few minor tweaks.

The big piece for you if I understand what I have read correctly is getting the signature. There is also a r response verification process you can use that has 30 values. Not having the response verification won’t break your app. Not having the signature will. The signature is also referred to as the fingerprint.

And there is a novel written on this topic in various forum threads. Once you find my post you can see the posts from a week or two earlier through a week or two later. It was like a mania/craze over this. The earlier posts are mainly people panicking, and it is the later posts where people started figuring it out that have the most value.

View solution in original post


All Replies
Solution
Accepted by topic author antbruv
‎02-21-2019 10:17 AM
All Star
Posts: 685
Registered: ‎11-05-2018

Re: Magento 2.2 CE Direct Post SHA512 Upgrade

I am not versed in magento but here’s your issue, I think. If you inquire about sha512 and where to put it, you will get a response that there is nowhere to put it. That doesn’t mean you don’t use it. The md5 “key” or whatever you wish to call it was entered directly into the interface. The sha512 doesn’t have, isn’t intended to have, and will likely never will have an input box like the md5. So to put it in other words there is no difference in magento in that regard and in what any other DPM user is using.

If I understand this correctly, and I think that I do after getting in the mix with the DPM/SIM guys a month or so ago, your md5/sha512 signature is required to submit transactions. If that is the case then you without a doubt will need to get rolling with the sha512. The md5 will be zapped at some point and your app will break.

With magento being a managed framework, they may well do this for you in a new release of the community or enterprise edition. I never fully understood just how much of the actual coding you do vs what they handle. Being Php based, if you do have to manually code in the sha512 signature you can search the forum for the post I put up “working Php hash verification.” The first sample code I put up is for modern API methods like what I use, and then the DPM/SIM guys brought it to my attention that theirs is a little different. So I pulled their guide and modified the sample code based on it, and posted it in a separate post. The bit I posted hasn’t been tested by me, but others in other threads were using pretty much identical code and saying it worked. So my 2nd code example should get you very close and it should work with only a few minor tweaks.

The big piece for you if I understand what I have read correctly is getting the signature. There is also a r response verification process you can use that has 30 values. Not having the response verification won’t break your app. Not having the signature will. The signature is also referred to as the fingerprint.

And there is a novel written on this topic in various forum threads. Once you find my post you can see the posts from a week or two earlier through a week or two later. It was like a mania/craze over this. The earlier posts are mainly people panicking, and it is the later posts where people started figuring it out that have the most value.