Paypal sandbox not working? Payment failed. Please try again. Security header is not valid

jleemfals · February 12, 2018, 7:57pm

Hello,
We setup invoiceplane and are trying to setup a sandbox account to test with and it’s constantly failing with

Payment failed. Please try again.
Security header is not valid

I’ve seen other posts saying we need curl so we’ve installed curl and php-curl but it still errors out. I’ve tested the username/password/signature using the paypal method to test with curl and it seems to be fine. Here’s the curl command I used to test in shell.

curl https://api-3t.sandbox.paypal.com/nvp
-s
–insecure
-d USER=userxxxx
-d PWD=passxxxx
-d SIGNATURE=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-d METHOD=SetExpressCheckout
-d VERSION=98
-d PAYMENTREQUEST_0_AMT=10
-d PAYMENTREQUEST_0_CURRENCYCODE=USD
-d PAYMENTREQUEST_0_PAYMENTACTION=SALE
-d cancelUrl=https://test.com/cancel
-d returnUrl=https://test.com/success

Any suggestions on why this might not be working? I’m wondering if some other dependency is not installed but the system is not complaining about it just like php-curl or php-mbstring.

I should have mentioned this is the latest 1.5.6 IP

dmillermfals · February 12, 2018, 10:43pm

An update on this, for anyone who is looking. We found that InvoicePlane correctly goes to paypal’s sandbox if the following SQL is run on the local MySQL database:

UPDATE ip_settings SET setting_value='on' WHERE setting_key='gateway_paypal_express_testMode';

When InvoicePlane reads gateway settings, it expects a value of type checkbox to say “on” or “off,” but the setup form is somehow setting the value to 1 or 0.

Maxime_GRIMLER · February 12, 2018, 11:08pm

Thanks for the nice catch and weird behaviour because IP is setup to change the value to “on” if true

github.com

InvoicePlane/InvoicePlane/blob/864c6f6734ef1b110fc1594ec222eb44df4d94ce/application/modules/guest/controllers/Payment_handler.php#L183




    // skip empty key
    if (!$key) {
        continue;
    }


    // Decode password fields and checkboxes
    if (isset($gateway_settings[$key]) && $gateway_settings[$key]['type'] == 'password') {
        $value = $this->crypt->decode($setting->setting_value);
    } elseif (isset($gateway_settings[$key]) && $gateway_settings[$key]['type'] == 'checkbox') {
        $value = $setting->setting_value == 'on' ? true : false;
    } else {
        $value = $setting->setting_value;
    }


    $gateway_init[$key] = $value;
}


// Load Omnipay and initialize the gateway
$gateway = \Omnipay\Omnipay::create($driver);
$gateway->initialize($gateway_init);

I need to have a deeper look (maybe tomorrow) as I don’t use the payements part so I need to configure all

Edit : I’ve test it and don’t know why it seeks for “on” whereas all tests mode are with 0 or 1 …
I’ve made a change which should work but I need deeper tests as I don’t configure my account with sandbox … so I need to configure all or ask @Kovah if he can tests for me aswell.
Will do a PR soon (I create a ticket for this : https://development.invoiceplane.com/browse/IP-652)

Regards,

Kovah · February 13, 2018, 12:48pm

The check is implemented to provide a consistent true/false saving in the database because checkboxes return on as a value if they are switched on.

Maxime_GRIMLER · February 13, 2018, 1:28pm

No @Kovah you’re wrong, in the settings if it’s enable it’s setup to save as 0 or 1 (for every test mode)
cf :

github.com

InvoicePlane/InvoicePlane/blob/864c6f6734ef1b110fc1594ec222eb44df4d94ce/application/modules/settings/views/partial_settings_online_payment.php#L81


      
          
          <div class="panel-body small">
          
              <?php foreach ($fields as $key => $setting) { ?>
                  <?php if ($setting['type'] == 'checkbox') : ?>
          
                      <div class="checkbox">
                          <label>
                              <input type="hidden" name="settings[gateway_<?php echo $d; ?>_<?php echo $key ?>]"
                                     value="0">
                              <input type="checkbox" name="settings[gateway_<?php echo $d; ?>_<?php echo $key ?>]"
                                     value="1"
                                  <?php check_select(get_setting('gateway_' . $d . '_' . $key), 1, '==', true) ?>>
                              <?php _trans('online_payment_' . $key, '', $setting['label']); ?>
                          </label>
                      </div>
          
                  <?php else : ?>
          
                      <div class="form-group">
                          <label for="settings[gateway_<?php echo $d; ?>_<?php echo $key ?>]">

So you check if the value is “on” then set it to true otherwise false but as it’s never “on” in the DB then it never enters in the statement and there is a mistake (that’s why the statement by @dmillermfals to change the value in the DB works because the check is made for “on” to be true) .

So two solutions are possible
1 - change the “on” in “1” to check correctly (which is for me the best solution and in my opinion the one I will do in a PR)
2 - change the 1 to “on” in the settings form (but need to adapt, controllers … which is for me a bit longer)

Up to you

Regards,

Kovah · February 13, 2018, 1:56pm

Then this might have been an issues with the setup earlier.
Just remove the check.

Maxime_GRIMLER · February 13, 2018, 6:39pm

@dmillermfals Can you do a change for me and test if it works ?
Replace “on” by “1” here

github.com

InvoicePlane/InvoicePlane/blob/864c6f6734ef1b110fc1594ec222eb44df4d94ce/application/modules/guest/controllers/Payment_handler.php#L183




    // skip empty key
    if (!$key) {
        continue;
    }


    // Decode password fields and checkboxes
    if (isset($gateway_settings[$key]) && $gateway_settings[$key]['type'] == 'password') {
        $value = $this->crypt->decode($setting->setting_value);
    } elseif (isset($gateway_settings[$key]) && $gateway_settings[$key]['type'] == 'checkbox') {
        $value = $setting->setting_value == 'on' ? true : false;
    } else {
        $value = $setting->setting_value;
    }


    $gateway_init[$key] = $value;
}


// Load Omnipay and initialize the gateway
$gateway = \Omnipay\Omnipay::create($driver);
$gateway->initialize($gateway_init);

Test if the “testmode” is working fine and if you get no errors ?

I’m finishing the PR but as I had no account set it’s hard to test it correctly

Small edit : if it’s working I recommand to you to setup the old value until a new update is pushed (it can be changed or we can change the way we use it). It’s up to you to use it at your own risk before we push it if you don’t want to change it because it’s working

Regards,

dmillermfals · February 13, 2018, 7:01pm

I verified that this change works, and that it goes to the Sandbox after I enable test mode from the admin panel in IP. Thanks!

Maxime_GRIMLER · February 13, 2018, 7:23pm

So you can confirm me that with the fix and without running your SQL hotfix it works like intended ? There is no more bugs do you after applying this patch ?

Regards

dmillermfals · February 13, 2018, 7:25pm

Yes, that is confirmed. I set up Paypal entirely from within IP, without running any SQL, and it uses the Paypal sandbox correctly. I also tried toggling Test Mode off and on and it seems to be working as intended.

Maxime_GRIMLER · February 13, 2018, 7:42pm

Perfect !! Thanks for your test. Will make the PR tonight and as I said up to you to keep this version if really needed or wait for the next release

ZinkDifferent · June 23, 2020, 5:17am

June 2020 - this error is still happening.

InvoicePlane 1.5.11

Payment failed. Please try again.
Security header is not valid

When using Paypal in sandbox mode.

M4rt1n · June 24, 2020, 2:24pm

Please have a read there: paypal express checkout =>Error: Security header is not valid - Stack Overflow