如何将与活跃商家链接的正常形式更改为 Braintree dropin-ui?
How to change normal form which is linked with active merchant to Braintree dropin-ui?
我有一个注册页面,用户将在其中输入个人信息和信用卡信息。
此信用卡信息与 activemerchant 集成,并且此信息存储在数据库中。
这是我的表格:
<%= semantic_form_for(@account, :url => account_create_path, :html => { :multipart => true, :class => 'billing'}) do |f| %>
<div class="section section-first">
<%= f.inputs :for => :user do |u| %>
<h3>Account Information</h3>
<%= u.input :name, :input_html => {:placeholder => "Name", :value => @account.user.name} %>
<%= u.input :email, :input_html => {:placeholder => "Email", :value => @account.user.email} %>
<% end %>
</div>
<div class="section">
<%= f.inputs :for => :creditcard do |c| %>
<h3>Credit Card Information</h3>
<%= c.input :brand, :selected => @creditcard.brand.nil? ? "visa" : @creditcard.brand, :label => "Credit Card", :as => :select, :class => 'dropkick', :include_blank => false, :collection => Saas::Config.gateway == "bogus" ? [['Bogus', 'bogus']] : [['Visa', 'visa'], ['MasterCard', 'master'], ['American Express', 'american_express'], ['Discover', 'discover']] %>
<%= c.input :number, :input_html => { :placeholder => "Card Number"}, :label => "Card Number", :as => :numeric %>
<li class="select required" id="account_creditcard_expiration_input">
<label for="account_creditcard_expiration">Card Expires On<abbr title="required">*</abbr></label>
<%= c.select :year, (Time.now.year .. 10.years.from_now.year), :selected => @creditcard.year.nil? ? Time.now.year : @creditcard.year, :class => 'dropkick dd-small' %>
<%= c.select :month, [['1 - January', 1], ['2 - February', 2], ['3 - March', 3], ['4 - April', 4], ['5 - May', 5], ['6 - June', 6], ['7 - July', 7], ['8 - August', 8], ['9 - September', 9], ['10 - October', 10], ['11 - November', 11], ['12 - December', 12]], :selected => @creditcard.month.nil? ? "1" : @creditcard.month, :class => 'dropkick' %>
</li>
<%= c.input :verification_value, :label => "CVV Code", :input_html => { :placeholder => "CVV Code", :value => @creditcard.verification_value,
:type => "password",
:class => 'short' } %>
<% end %>
<% end %>
现在卡号、有效期等字段;上面的表格必须在 braintree drop-in ui 中(此处信用卡号本身由 braintree 验证)。
我该如何修改这个表格?请帮忙。
这是我的模型,account.rb:
def valid_subscription?
return if errors.any?
self.build_subscription(:plan => @plan, :next_renewal_at => @plan_start, :creditcard => @creditcard, :address => @address, :affiliate => @affiliate)
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
self.subscription.store_card(@creditcard, :billing_address => @address.to_activemerchant)
if !subscription.valid?
errors.add(:base, "Error with payment: #{subscription.errors.full_messages.to_sentence}")
return false
end
end
accounts_controller:
class AccountsController < ApplicationController
before_filter :build_account, :only => [:new, :create]
before_filter :build_user, :only => [:new, :create]
before_filter :load_billing, :only => [:new, :create, :billing]
def create
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
@account.address = @address
@account.creditcard = @creditcard
if @account.new_record?
if @account.save
flash[:notice] = 'Account was created.'
bypass_sign_in(@user)
redirect_to session[:previous_url] || user_reports_path(@user)
else
render :action => 'new'
end
else
@user.account_id = @account.id
if @user.save
flash[:notice] = 'User was created.'
bypass_sign_in(@user)
redirect_to session[:previous_url] || user_reports_path(@user)
else
render :action => 'new'
end
end
end
def billing
@user = current_user
@account = Account.find(params[:id])
if request.put?
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
puts @address.first_name
if @creditcard.valid? & @address.valid?
if @subscription.store_card(@creditcard, :billing_address => @address.to_activemerchant, :ip => request.remote_ip)
flash[:notice] = "Your billing information has been updated."
redirect_to settings_path(@user)
end
end
end
end
protected
def resource
@account ||= current_account
end
def build_account
@account = params[:account_name].blank? ? Account.new : Account.find_by_name(params[:account_name])
end
def build_user
@account.user = @user = User.new(params[:account].blank? ? nil : params[:account][:user])
end
def load_billing
@creditcard = ActiveMerchant::Billing::CreditCard.new(params[:account].blank? ? {} : params[:account][:creditcard])
@address = SubscriptionAddress.new(params[:account].blank? ? {} : params[:account][:address])
end
end
这是与帐户模型关联的另一个模型,subscription.rb:
class Subscription < ActiveRecord::Base
attr_accessor :creditcard, :address
def store_card(creditcard, gw_options = {})
# Clear out payment info if switching to CC from PayPal
destroy_gateway_record(paypal) if paypal?
@response = if billing_id.blank?
gateway.store(creditcard, gw_options)
else
gateway.update(billing_id, creditcard, gw_options)
end
if @response.success?
if active_card = @response.params['active_card']
# Stripe token-based response
self.card_number = "XXXX-XXXX-XXXX-#{active_card['last4']}"
self.card_expiration = "%02d-%d" % [active_card['exp_month'], active_card['exp_year']]
else
self.card_number = creditcard.display_number
self.card_expiration = "%02d-%d" % [creditcard.expiry_date.month, creditcard.expiry_date.year]
end
set_billing
else
errors.add(:base, @response.message)
false
end
end
def card_storage
self.store_card(@creditcard, :billing_address => @address.to_activemerchant) if @creditcard && @address && card_number.blank?
end
def set_billing
self.billing_id = @response.token
end
end
production.rb:
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :production
::GATEWAY = ActiveMerchant::Billing::AuthorizeNetGateway.new(
:login => "xxxxxxx",
:password => "xxxxxxxxxxxxxx" )
end
免责声明:我在 Braintree 工作。
简答:你不能。 Drop-in 旨在安全地替代您托管的信用卡表格。要使用 Drop-in,您应该取出表格和帐户模型的整个信用卡部分,而不是期望处理和存储信用卡数据-接收 Drop-in 返回的 payment method nonce 和通过 Braintree 交易或支付方式使用它 API.
长答案:Drop-in 是由 Braintree 托管的预建表单,我们将通过 iframe 将其插入到您页面上的表单中。提交表单后,来自 Drop-in 的信用卡(或 PayPal 等)信息将发送到 Braintree,并且付款方式随机数将返回到您的页面(通过 JavaScript 回调或插入到表单中的隐藏字段。)随机数是一个随机生成的字符串,代表支付信息,可以在没有安全风险的情况下通过您的应用程序传递。查看 Braintree 开发人员文档以获取更多详细信息和示例代码。
所有这一切的主要原因是安全性。在不安全的环境中存储信用卡信息是违反行业法规(称为 PCI 安全标准)的,而且存储信用卡的 CVV/security 代码也是违反 PCI 法规的。 Even having credit card data passing through your site can put it at risk。 Drop-in(或我们的 Hosted Fields 集成)可以更轻松地满足 PCI 标准并减轻您保护站点的负担。
总结:您应该从 ActiveMerchant 中删除客户信用卡的集成,并且根本不要将它们包含在您的架构中。相反,在您的表单中包含一个空白 div 以便插入 Drop-in,并在您的 model/controller 中使用 Drop-in returns 的付款方式。如何将随机数、服务器端 Braintree API 调用及其结果集成到您的 rails 模型中取决于您。我们有一个使用 Drop-in 的完整示例 rails 应用程序:随时查看 Braintree github 上的 braintree_rails_example 存储库创意页面。
我有一个注册页面,用户将在其中输入个人信息和信用卡信息。 此信用卡信息与 activemerchant 集成,并且此信息存储在数据库中。
这是我的表格:
<%= semantic_form_for(@account, :url => account_create_path, :html => { :multipart => true, :class => 'billing'}) do |f| %>
<div class="section section-first">
<%= f.inputs :for => :user do |u| %>
<h3>Account Information</h3>
<%= u.input :name, :input_html => {:placeholder => "Name", :value => @account.user.name} %>
<%= u.input :email, :input_html => {:placeholder => "Email", :value => @account.user.email} %>
<% end %>
</div>
<div class="section">
<%= f.inputs :for => :creditcard do |c| %>
<h3>Credit Card Information</h3>
<%= c.input :brand, :selected => @creditcard.brand.nil? ? "visa" : @creditcard.brand, :label => "Credit Card", :as => :select, :class => 'dropkick', :include_blank => false, :collection => Saas::Config.gateway == "bogus" ? [['Bogus', 'bogus']] : [['Visa', 'visa'], ['MasterCard', 'master'], ['American Express', 'american_express'], ['Discover', 'discover']] %>
<%= c.input :number, :input_html => { :placeholder => "Card Number"}, :label => "Card Number", :as => :numeric %>
<li class="select required" id="account_creditcard_expiration_input">
<label for="account_creditcard_expiration">Card Expires On<abbr title="required">*</abbr></label>
<%= c.select :year, (Time.now.year .. 10.years.from_now.year), :selected => @creditcard.year.nil? ? Time.now.year : @creditcard.year, :class => 'dropkick dd-small' %>
<%= c.select :month, [['1 - January', 1], ['2 - February', 2], ['3 - March', 3], ['4 - April', 4], ['5 - May', 5], ['6 - June', 6], ['7 - July', 7], ['8 - August', 8], ['9 - September', 9], ['10 - October', 10], ['11 - November', 11], ['12 - December', 12]], :selected => @creditcard.month.nil? ? "1" : @creditcard.month, :class => 'dropkick' %>
</li>
<%= c.input :verification_value, :label => "CVV Code", :input_html => { :placeholder => "CVV Code", :value => @creditcard.verification_value,
:type => "password",
:class => 'short' } %>
<% end %>
<% end %>
现在卡号、有效期等字段;上面的表格必须在 braintree drop-in ui 中(此处信用卡号本身由 braintree 验证)。 我该如何修改这个表格?请帮忙。
这是我的模型,account.rb:
def valid_subscription?
return if errors.any?
self.build_subscription(:plan => @plan, :next_renewal_at => @plan_start, :creditcard => @creditcard, :address => @address, :affiliate => @affiliate)
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
self.subscription.store_card(@creditcard, :billing_address => @address.to_activemerchant)
if !subscription.valid?
errors.add(:base, "Error with payment: #{subscription.errors.full_messages.to_sentence}")
return false
end
end
accounts_controller:
class AccountsController < ApplicationController
before_filter :build_account, :only => [:new, :create]
before_filter :build_user, :only => [:new, :create]
before_filter :load_billing, :only => [:new, :create, :billing]
def create
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
@account.address = @address
@account.creditcard = @creditcard
if @account.new_record?
if @account.save
flash[:notice] = 'Account was created.'
bypass_sign_in(@user)
redirect_to session[:previous_url] || user_reports_path(@user)
else
render :action => 'new'
end
else
@user.account_id = @account.id
if @user.save
flash[:notice] = 'User was created.'
bypass_sign_in(@user)
redirect_to session[:previous_url] || user_reports_path(@user)
else
render :action => 'new'
end
end
end
def billing
@user = current_user
@account = Account.find(params[:id])
if request.put?
@address.first_name = @creditcard.first_name
@address.last_name = @creditcard.last_name
puts @address.first_name
if @creditcard.valid? & @address.valid?
if @subscription.store_card(@creditcard, :billing_address => @address.to_activemerchant, :ip => request.remote_ip)
flash[:notice] = "Your billing information has been updated."
redirect_to settings_path(@user)
end
end
end
end
protected
def resource
@account ||= current_account
end
def build_account
@account = params[:account_name].blank? ? Account.new : Account.find_by_name(params[:account_name])
end
def build_user
@account.user = @user = User.new(params[:account].blank? ? nil : params[:account][:user])
end
def load_billing
@creditcard = ActiveMerchant::Billing::CreditCard.new(params[:account].blank? ? {} : params[:account][:creditcard])
@address = SubscriptionAddress.new(params[:account].blank? ? {} : params[:account][:address])
end
end
这是与帐户模型关联的另一个模型,subscription.rb:
class Subscription < ActiveRecord::Base
attr_accessor :creditcard, :address
def store_card(creditcard, gw_options = {})
# Clear out payment info if switching to CC from PayPal
destroy_gateway_record(paypal) if paypal?
@response = if billing_id.blank?
gateway.store(creditcard, gw_options)
else
gateway.update(billing_id, creditcard, gw_options)
end
if @response.success?
if active_card = @response.params['active_card']
# Stripe token-based response
self.card_number = "XXXX-XXXX-XXXX-#{active_card['last4']}"
self.card_expiration = "%02d-%d" % [active_card['exp_month'], active_card['exp_year']]
else
self.card_number = creditcard.display_number
self.card_expiration = "%02d-%d" % [creditcard.expiry_date.month, creditcard.expiry_date.year]
end
set_billing
else
errors.add(:base, @response.message)
false
end
end
def card_storage
self.store_card(@creditcard, :billing_address => @address.to_activemerchant) if @creditcard && @address && card_number.blank?
end
def set_billing
self.billing_id = @response.token
end
end
production.rb:
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :production
::GATEWAY = ActiveMerchant::Billing::AuthorizeNetGateway.new(
:login => "xxxxxxx",
:password => "xxxxxxxxxxxxxx" )
end
免责声明:我在 Braintree 工作。
简答:你不能。 Drop-in 旨在安全地替代您托管的信用卡表格。要使用 Drop-in,您应该取出表格和帐户模型的整个信用卡部分,而不是期望处理和存储信用卡数据-接收 Drop-in 返回的 payment method nonce 和通过 Braintree 交易或支付方式使用它 API.
长答案:Drop-in 是由 Braintree 托管的预建表单,我们将通过 iframe 将其插入到您页面上的表单中。提交表单后,来自 Drop-in 的信用卡(或 PayPal 等)信息将发送到 Braintree,并且付款方式随机数将返回到您的页面(通过 JavaScript 回调或插入到表单中的隐藏字段。)随机数是一个随机生成的字符串,代表支付信息,可以在没有安全风险的情况下通过您的应用程序传递。查看 Braintree 开发人员文档以获取更多详细信息和示例代码。
所有这一切的主要原因是安全性。在不安全的环境中存储信用卡信息是违反行业法规(称为 PCI 安全标准)的,而且存储信用卡的 CVV/security 代码也是违反 PCI 法规的。 Even having credit card data passing through your site can put it at risk。 Drop-in(或我们的 Hosted Fields 集成)可以更轻松地满足 PCI 标准并减轻您保护站点的负担。
总结:您应该从 ActiveMerchant 中删除客户信用卡的集成,并且根本不要将它们包含在您的架构中。相反,在您的表单中包含一个空白 div 以便插入 Drop-in,并在您的 model/controller 中使用 Drop-in returns 的付款方式。如何将随机数、服务器端 Braintree API 调用及其结果集成到您的 rails 模型中取决于您。我们有一个使用 Drop-in 的完整示例 rails 应用程序:随时查看 Braintree github 上的 braintree_rails_example 存储库创意页面。