livotovlabs / 3dsview Goto Github PK
View Code? Open in Web Editor NEWAndroid UI component to process banking 3D Secure (MasterCard SecureCode / Verified By Visa) payment authorizations in Android apps.
License: Apache License 2.0
3dsview's People
Contributors
Stargazers
Watchers
Forkers
bugraoral wang9090980 evrimulgen niamathsa rsbulanon coolred sachinchoudhary085 fomdeveloper lkorth phamthaithinh abdullah38rcc zulkis feitianfffttt leaderyang chemouna cbeyls owenobyrne bonnguyen tusharbapte jaynakus janechung rovkinmax lpancevski kaustubhsatam ialtamirano opnczk vechnetmakuyana zeronofreya ibshe anonk2 ankit1057 devishankar rschoultz benitkibabu1 jahk88 scoffable morristech tinder-aaronweaver dacodenet 9arret leiwenchang budhahack warrennkomanga afrknchld mezpahlan yfmacit fridzov beebs-company defidax3dsview's Issues
Chrome version 71 - Android 8.1.0
Hi,
I'm using Android 8.1.0 and the Chrome Webview version is 71 and I'm not getting the md and paRes parameters from the D3SSViewAuthorizationListener on onAuthorizationCompleted, but if I use Chrome Webview version 70 it will work fine.
Can you help me?
Thanks.
onAuthorizationCompleted() not called for some banks without enabling webview.getSettings().enableDomStorage()
Hi,
I'm trying to implement some 3d-secure logic in my app. It is for the Swedish market. I find that the D3SView successfully redirects to the correct URL, but once I authenticate the transaction, the onAuthorizationCompleted() method is not called. Can you please help me out in knowing if this is a common issue? I am working with this technology for the first time.
call back url to open activity using scheme please help me
Application url schema not working. i trying to use for call back url "activity_b".
<category android:name="android.intent.category.DEFAULT" />
<data android:scheme="activity_b" />
</intent-filter>
No matter user clicks accept or decline it always returns accepted value in onAuthorizationCompleted
in the authform the user has the option to click on accept or decline button, currently wether a user clicks on accept or on decline authorization is always successful and it returns the value of accepted, where in decline case it should be different.
Setup GH actions for automatic build, test and release of the library
Gradle support and maven repo
Add gradle support and maven repo
Consider using maven central or SSL
Serving code over HTTP can be very insecure. Please consider adding an SSL certificate to your host and redirecting to the HTTPS version or better yet pushing it up to maven central.
Certain bank cards don't work with this library
A few of our customers have ran into the following error:
We have a 3-D Secure success rate of 91-92% on Android, and on our other platforms they are all solidly around 95% (this is on a volume of around 20,000 transactions since I made the change in the Android app).
It seems to be an issue confined to certain banks. The cards affected seem to be Co-op and perhaps Clydesdale Bank and Capital One ๐
Here are a few IINs that seem to be affected: 498824, 557351
Update - reproduced issue
I've been able to reproduce the issue here. When the library loads it seems to fairly quickly show the above Google page in the screenshot (without any sort of intervention required).
The code that extracts the PaRes from the HTML doesn't appear to be called (as I had debug code to spit out the HTML if that was hit). There are the following cryptic log lines though which might offer a clue:
2019-01-11 12:55:07.033 10790-12869/com.scoffable W/chromium: [WARNING:spdy_session.cc(2876)] Received RST for invalid stream1
2019-01-11 12:55:07.079 10790-10790/com.scoffable I/chromium: [INFO:CONSOLE(1)] "Uncaught TypeError: Cannot read property 'innerHTML' of undefined", source: https://www.google.com/ (1)
The above error points to an issue with this line of code:
view.loadUrl(String.format("javascript:window.%s.processHTML(document.getElementsByTagName('html')[0].innerHTML);", JavaScriptNS));
So, still not 100% sure why this is happening, but it's definitely an issue. The employee who has an affected card is off today, so I can't reproduce again until they are back in the office.
Add optional dialog support for performing 3DS auth
Add DialogFragment based dialog for easy 3ds authorization in the popup dialog instead of separate activity/fragment
Migrate artefacts to mavenCentral or GitHub maven repo
Migrate to androidX
Any plan to migrate legacy support package to use androidX ?
By moving the library to androidX, we can disable jetifier and make some improvement on the build speed.
Chrome for Android Update 75
I can't complete the 3D Secure process after the new Chrome for Android update since June 19, 2019.
Any suggestion?
Thanks.
Disallow auto-zoom in 3dsDialog
When the bank page opens, we can see it auto-zoom in webView. How can we open with origin zoom?
Regex matcher prematurely captures blank value
Whilst using the library we noticed a bug in one of the regex patterns that caused certain ACS web pages to not display and hence 3DS transactions aborted. Upon investigation we noticed a change in the way certain ACS web pages were being presented around 8th October 2020.
The regex in question is: private static Pattern valuePattern = Pattern.compile(".*? value=\\\"(.*?)\\\"", Pattern.DOTALL); when combined with an ACS web page that starts off like this:
<!--[if lte IE 8]>
<html class="lt-ie9" lang="en"><![endif]--><!--[if IE 9]>
<html class="lt-ie10" lang="en"><![endif]--><!--[if gt IE 9]>
<html lang="en"><![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Processing</title>
<link href="/Content/dist/css/template-e527b6106c.min.css" rel="stylesheet">
<style>
body {color: #000000;font-family: Arial, 'Helvetica Neue', Helvetica, sans-serif;font-size: 1.25em}.header, legend, h1, h2, h3, h4 {color: #000000}label {color: #000000}a,.btn-link {color: #000000;text-decoration: underline}a:visited,.btn-link:visited {color: #000000}a:hover,a:focus,.btn-link:hover,.btn-link:focus {color: #211f1f}a:active,.btn-link:active {color: #211f1f}a.btn-link {font-size: .95em}.btn-primary,.btn-primary:focus,.btn-primary:hover {background: #211f1f;color: #FFF;border: none;border-radius: 0}.btn-primary:active,.btn-primary:active:hover,.btn-primary:active:focus {background: #AB2C29}fieldset {border: 0}fieldset > legend {border-bottom: 0;font-size: 1.00em}:not(.lt-ie9) label.custom-radio [type=radio]:checked+span:before {background: #211f1f}.accordion.modal .modal-body .panel-group .expander {color: #211f1f}.accordion.modal .modal-body .panel-group .panel {background: #FFF}.field-validation-error {color: #AB2C29}.toast-top-full-width {display: none}
</style>
</head>
<body>
<div class="threeds-one">
<div class="container container-sticky-footer">
<div class="header" id="HeaderLogos">
<div class="row no-pad">
<div class="col-12">
<img alt="Starling Logo" class="img-responsive header-logo pull-left" src="somelogo.png">
<img alt="Mastercard Identity Check logo" class="img-responsive header-logo pull-right" src="anotherlogo.png">
</div>
</div>
</div>
<div class="container">
<div class="body" dir="LTR">
<h1 class="screenreader-only">Processing</h1>
<div class="row">
<div class="col-12">
<div id="Body1"><strong>Your payment is being processed.</strong><br><br>Please do not close this window or hit your Back button.
</div>
</div>
</div>
<div class="row">
<div class="col-12 processing">
<img src="/Content/images/loading.svg" alt="Loading Indicator" class="processing-img center-block content-block">
<br>
<p id="Processing-label" class="processing-text">Processing</p>
</div>
</div>
<div class="row">
<div class="col-12">
<div id="Body2"></div>
</div>
</div>
</div>
</div>
<form action="/Api/NextStep/ProcessRisk" autocomplete="off" data-ajax="true" data-ajax-begin="ccHelpers.ajax.onBegin"
data-ajax-complete="ccHelpers.ajax.onComplete" data-ajax-failure="ccHelpers.ajax.onFailure" data-ajax-method="form"
data-ajax-success="ccHelpers.ajax.onSuccess" id="ProcessRiskForm" method="post" name="ProcessRiskForm"><input
id="TransactionId" name="TransactionId" type="hidden" value="some_value"><input id="DeviceId"
name="DeviceId"
type="hidden"
value="some_value"><input
id="ProviderType" name="ProviderType" type="hidden" value="TM"><input id="ProviderId" name="ProviderId" type="hidden"
value="some_value"><input id="IssuerId" name="IssuerId"
type="hidden"
value="some_value">
</form>
<div class="hidden">
<iframe title="hidden-iframe"
src="https://geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?referenceId=some_reference&orgUnitId=some_unit_id&threatmetrix=true&tmEventType=PAYMENT"
frameborder="0"></iframe>
</div>
<form class="nextstep-form" method="post">
<input id="NextStepTransactionId" name="TransactionId" type="hidden" value="some_value">
<input id="GroupId" name="GroupId" type="hidden" value="">
<input id="Type" name="Type" type="hidden" value="">
<input id="NextStepChoiceType" name="NextStepChoiceType" type="hidden" value="">
<input id="NextStepIssuerId" name="IssuerId" type="hidden" value="some_value">
</form>
<div class="modal modal-clear" id="ProcessingModal" tabindex="-1" role="dialog" aria-labelledby="Processing-label"
aria-hidden="true" data-keyboard="false" data-backdrop="static">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<div class="row">
<div class="col-12 processing">
<img id="ProcessingImage" src="/Content/images/loading.svg" alt="Loading Indicator"
class="processing-img center-block content-block">
<p class="processing-text" id="Processing-label">Processing</p>
</div>
</div>
</div>
</div>
</div>
</div>
<input data-val="true" data-val-number="The field MessageVersion must be a number."
data-val-required="The MessageVersion field is required." id="MessageVersion" name="MessageVersion" type="hidden" value="1">
<form class="nextstep-form" method="post">
<input id="NextStepTransactionId" name="TransactionId" type="hidden" value="some_value">
<input id="GroupId" name="GroupId" type="hidden" value="">
<input id="Type" name="Type" type="hidden" value="">
<input id="NextStepChoiceType" name="NextStepChoiceType" type="hidden" value="">
<input id="NextStepIssuerId" name="IssuerId" type="hidden" value="some_value">
</form>
<form method="POST" id="TermForm">
<input type="hidden" id="PaRes" name="PaRes" value="">
<input type="hidden" id="MD" name="MD" value="">
</form>
</div>
</div>
<script src="/Content/dist/js/template-34c97fbbe3.min.js"></script>
</body>
This is from Starling Bank in the UK but we noticed similar failures with Monzo and HSBC. The bug appears to be when using the above regex to parse this page and being confronted with the snippet at the end of the webpage:
<form method="POST" id="TermForm">
<input type="hidden" id="PaRes" name="PaRes" value="">
<input type="hidden" id="MD" name="MD" value="">
</form>
The values for the PaRes and MD seem to become populated as the user steps through / completes their 3DS interaction but on initial page load they are blank. The current valuePattern allows for empty values and we do not guard against these at present.
We patched this internally by modifying the regex. I'll share a PR shortly with the fix but I also wanted to explore creating some tests for this and in future the library in general. If you have any suggestions for how best to test the library that would be appreciated.
3-D Secure v2: Issue with Monzo in the UK
Steps to reproduce:
- Submit a payment using a Monzo card that gets 3-D Secure v2 challenged
- Break out of app containing 3DSView library to go to Monzo app and accept the payment
- Return to original app
What happens:
Term URL is hit, and onAuthorizationCompleted3dsV2() is not called with parameters (cres etc)
What should happen:
onAuthorizationCompleted3dsV2() should be called, meaning the payment can be completed
Google error 413. That's an error after confirm payment
After accept payment and back to app. WebView redirect to Google error page
- That's an error.
Your client issued a request that was too large.
That's all we know.
3Ds with more than one page does not work
Hi, there!
onAuthorizationCompleted needs pause. Because payment does not have time to be processed.
@Override
public void onAuthorizationCompleted(String md, String paRes) {
mHandler.postDelayed(() -> mPresenter.onGetPaymentRezult(md), 1000);
}
But basic problem with banks wich use more then one page. For example: - insert 3ds code and then another page with button "Continue". Proccesing is made only after pressed continue buuton
How to use D3sDialog
Not a single code snippet is available on how to use the D3SDialog
When I am using D3S Dialog, i want to show the Loading progress bar, when ever there is loading.
Especially after the 3D secure pin is entered and when a user click the submit button.
Note: I dont know the URL of the 3D secure page , which is created by ACS Server with multiple redirection
3 D Secure
Create unit tests to cover what we can cover here in this tiny lib
PDS2 (3-D Secure v2)
I've got a working version of the library that I've (accidentally) included in #26 (as I committed to master on my own fork, and there was already a PR from master into this repository).
This supports the fallback to 3-D Secure v1. Feel free to change! ๐
Revise code, update project structure/configs/gradle files
Lint warnings
After using 3DSView, I am getting the following Lint warnings.
- AddJavascriptInterface: addJavascriptInterface Called - WebView.addJavascriptInterface should not be called with minSdkVersion < 17 for security reasons: JavaScript can use reflection to manipulate application
- SetJavaScriptEnabled: Using setJavaScriptEnabled - Using setJavaScriptEnabled can introduce XSS vulnerabilities into you application, review carefully.
- WrongConstant: Incorrect constant - Must be one or more of: Pattern.UNIX_LINES, Pattern.CASE_INSENSITIVE, Pattern.COMMENTS, Pattern.MULTILINE, Pattern.LITERAL, Pattern.DOTALL, Pattern.UNICODE_CASE, Pattern.CANON_EQ
Are there any fixes for these warnings?
Webview not loading for stripe gateway
Getting below error , for stripe url . If iam using load url its working fine but for posturl not working
405 Method now allowed
Hi,
I use 3Ds Dialog and after confirm, I have got the error "405 method not allowed" on the WebView
and have got a callback on Authorization Completed with md and pores are empty
p.s. Please help me!
"Processing..." page displays instead of 3DSecure page
Hey LivotovLabs,
Thanks for the library. I've been using this fine up until sometime within the past 3 weeks I get a "Processing..." page (attached) that appears for about a second and then disappears. Previously I would get a 3DSecure page that asks what kind of response I want to return (as it's a test server). This happens with both the 3DSView and the Dialog, same exact issue.
This whole process works fine on Web and I'm trying to get confirmation for iOS. Has anyone else run into this issue or am I alone?
completeAuthorization called without required html form for 3D Secure with Continue button
In this case the 3D Secure page that is loaded into the WebView first asks your to press a "next" button. Once next is pressed the bank sends a USSD to the phone associated with your card. You then reply to the USSD, and the Webview shows a "CONTINUE" button. Once you press "continue" the redirect is caught. However the html that is sent to completeAuthorisation contains a pre-auth link with PaReq, TermUrl, MD, rather than the required form with MD & PaRes. Attached is the html that is caught.
continueHtml.txt
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.