Hey Buddy, Nice! Saving the token is desirable for me because I'd like to be able to go back and audit the whole interaction. It's also helpful because if you need help from the Stripe team to debug why a transaction wasn't approved or something then they'll ask for the token.
One question -- why are you making credit-card choices a Satchmo setting when it's pretty much up to Stripe whether they accept a given card type or not? If you end up implementing their webhook callback API then be sure to not trust any data you get from them. Because their callbacks don't include a digital signature you can't be sure the data is coming from them. Just take the event ID you get via the webhook and request the event details using the Stripe API. That way you'll be immune to people tampering with your callback handler. Also you need to make sure the callback handler is idempotent because otherwise someone could attack you by sending you the same event multiple times. RJ On Mon, Apr 2, 2012 at 10:13 PM, Buddy Lindsey <[email protected]> wrote: > I guess there isn't a really big problem saving to the database. Was just > wanting to avoid it. > > This module is mostly kicking my butt because I haven't used satchmo > before, and I am trying to do something this tedious. > > Also any suggestions at what I do have would be appreciated. > > -Buddy > > > On Monday, April 2, 2012 8:25:38 PM UTC-5, Chris Moffitt wrote: >> >> If the issue is saving a token, you could try throwing it in the cache. >> >> -Chris >> >> On Mon, Apr 2, 2012 at 8:05 PM, Buddy Lindsey <[email protected]>wrote: >> >>> I have been working on this for a few days now, feels like banging my >>> head against a wall. Mine is a "bit" more generic, but there are some >>> serious problems with satchmo itself when it comes to stripe integration. >>> >>> Here is my attempt (still doesn't work) https://github.com/** >>> buddylindsey/satchmo-stripe<https://github.com/buddylindsey/satchmo-stripe> >>> >>> My biggest problem is getting the token to the processor. I am trying to >>> avoid saving to the DB, but if I have to I will. >>> >>> Just throwing out my attempt as well. >>> >>> >>> On Wednesday, March 28, 2012 5:43:52 PM UTC-5, RJ Ryan wrote: >>>> >>>> Here's my first hack at the Stripe module. >>>> >>>> It's missing: >>>> * Templates (all my templates are specific to my use of Satchmo. I'll >>>> try to make some based on the example project) >>>> * Handling of notifications from Stripe (it just logs them and does >>>> nothing more) >>>> >>>> The way Stripe works is that you never handle credit card details at >>>> all. The form that the user enters their details into is posted to Stripe, >>>> and then in Javascript you get a token back from Stripe's servers which is >>>> a 1-time-use token for charging that credit card. The way I did it, the >>>> token is POSTed to Satchmo and its stored in the database much like credit >>>> card credentials are stored in the database in other payment modules. When >>>> it comes time to charge the credit card, it requests the charge from Stripe >>>> and either succeeds or fails. Because of this you don't need a callback >>>> from Stripe to indicate that the payment succeeded. >>>> >>>> What you /do/ need to listen to the callbacks for are charge disputes >>>> and refund actions. I haven't implemented this yet. >>>> >>>> I wanted to get the code up somewhere so that people can use it and >>>> comment on my implementation. It's hard to know if I'm following all the >>>> requirements of a Satchmo payment module so I'd appreciate any comments >>>> about what I'm doing wrong. >>>> >>>> To use it you need to install the stripe Python package: >>>> http://pypi.python.**or**g/pypi/stripe/<http://pypi.python.org/pypi/stripe/> >>>> >>>> Here's the branch: https://bitbucket.org/****rryan/satchmo/changeset/** >>>> 745fbd**35b6f9<https://bitbucket.org/rryan/satchmo/changeset/745fbd35b6f9> >>>> >>>> On Tuesday, March 27, 2012 11:40:22 AM UTC-4, RJ Ryan wrote: >>>>> >>>>> After realizing the Google Checkout API (not related to Satchmo) >>>>> doesn't support what I need, I hacked up a Stripe payment processor for >>>>> Satchmo today. It works well on Satchmo 0.9.1. I'll try to clean it up and >>>>> get the code pushed somewhere soon. The main limitation to be aware of >>>>> with >>>>> Stripe is that it only supports USD. >>>>> >>>>> What's the status of django-bursar? Should I bother trying to get this >>>>> merged into Satchmo or will the payment processors be deleted soon in >>>>> favor >>>>> of django-bursar? >>>>> >>>>> On Friday, January 13, 2012 2:51:18 PM UTC-5, nym wrote: >>>>>> >>>>>> Curious if anyone has Satchmo using Stripe instead of PayPal, etc. >>>>>> >>>>>> http://justinvincent.com/page/****1790/how-i-converted-my-**subscr** >>>>>> iption-site-from-paypal-**to-**stripe-in-2-days<http://justinvincent.com/page/1790/how-i-converted-my-subscription-site-from-paypal-to-stripe-in-2-days> >>>>>> >>>>>> Cheers, >>>>>> Tom Longson >>>>>> ------------------------------****------------------------------**** >>>>>> ---------------- >>>>>> CUPCAKES!! >>>>>> http://www.cupsandcakesbakery.****com/<http://www.cupsandcakesbakery.com/> >>>>>> >>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Satchmo users" group. >>> To view this discussion on the web visit https://groups.google.com/d/** >>> msg/satchmo-users/-/**1kUlJHktPfoJ<https://groups.google.com/d/msg/satchmo-users/-/1kUlJHktPfoJ> >>> . >>> >>> To post to this group, send email to [email protected]**. >>> To unsubscribe from this group, send email to satchmo-users+unsubscribe@ >>> **googlegroups.com <satchmo-users%[email protected]>. >>> For more options, visit this group at http://groups.google.com/** >>> group/satchmo-users?hl=en<http://groups.google.com/group/satchmo-users?hl=en> >>> . >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Satchmo users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/satchmo-users/-/F59sQkRFv04J. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/satchmo-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Satchmo users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/satchmo-users?hl=en.
