Jump to content
  • 0

Saved Credit Cards Not Working

poehler

Asked by poehler,

 Share

Question

poehler Newbie

poehler

Posted
Posted

Hi folks,

 

Whenever I try to place an order using a cc saved in blesta, it is always declined.  I tracked it down to blesta trying to send "false" for the ccnum to the gateway.  Any tips on how to debug further or something I'm missing?  It seems like a decryption error, but the only error I get is "payment declined"...

 

Thanks,

 

Paul

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 0
Paul Community Regular

Paul

Posted
Posted

If you go edit the payment account on the clients profile page, and click the link next to the card to decrypt it, does it work? (If it's not token based storage) What gateway are you using?

 

Blesta's config file contains an encryption key generated during installation (in /config/blesta.php). If this is changed, all encrypted data in Blesta will no longer be able to be decrypted. So, if that was changed, it could be the problem.

 

EDIT: Also check the gateway log under Tools > Logs, Gateway Tab. Click the row to expand and show the raw input/output (Raw except card numbers are masked)

Link to comment
Share on other sites
  • 0
poehler Newbie

poehler

Posted
  • Author
Posted (edited)

If you go edit the payment account on the clients profile page, and click the link next to the card to decrypt it, does it work? (If it's not token based storage) What gateway are you using?

 

Blesta's config file contains an encryption key generated during installation (in /config/blesta.php). If this is changed, all encrypted data in Blesta will no longer be able to be decrypted. So, if that was changed, it could be the problem.

 

EDIT: Also check the gateway log under Tools > Logs, Gateway Tab. Click the row to expand and show the raw input/output (Raw except card numbers are masked)

 

When I click "Show Card", it prompts for "Your login password" and when I enter my login password (I confirmed it was correct by logging out and logging back in with it), I get "Password is Invalid".

 

The encryption key hasn't been touched.

 

The gateway log shows ccnum = 0 in the serialized php format.

 

I'm using the quantum gateway.

 

Paul

Edited by poehler
Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

When I click "Show Card", it prompts for "Your login password" and when I enter my login password (I confirmed it was correct by logging out and logging back in with it), I get "Password is Invalid".

 

The encryption key hasn't been touched.

 

The gateway log shows ccnum = 0 in the serialized php format.

 

I'm using the quantum gateway.

 

Paul

 

Try creating a new payment account, and then try using the "show card" option on it. Same result, or does it display?

 

Was this card number added via Blesta, or imported? If it was imported, it may be corrupt.

Link to comment
Share on other sites
  • 0
poehler Newbie

poehler

Posted
  • Author
Posted

Try creating a new payment account, and then try using the "show card" option on it. Same result, or does it display?

 

Was this card number added via Blesta, or imported? If it was imported, it may be corrupt.

 

I tried creating a new payment account, and then tried the "show card" option on it.  Same result, "Password is Invalid".  The previous card number was added via Blesta's order system, not imported.

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

I tried creating a new payment account, and then tried the "show card" option on it.  Same result, "Password is Invalid".  The previous card number was added via Blesta's order system, not imported.

 

You didn't enable batch processing did you? Settings > Company > General > Encryption. Is there a passphrase set? If there is, the passphrase must be entered to process any cards, and used to show the card instead of your password.

 

If there is no passphrase, then I'm not sure. Has anything been modified? Maybe try a fresh install on the same server (In a sub-directory or something) and see if it's an issue (No need to set up the merchant gateway or anything, just jump into adding a payment account). That'll narrow it down to either your installation or an issue on the server. Unusual.

Link to comment
Share on other sites
  • 0
poehler Newbie

poehler

Posted
  • Author
Posted

> You didn't enable batch processing did you?

 

Not as far as I know.

 

> Is there a passphrase set?

 

No.

 

> Has anything been modified?

 

I'm working on a custom module, and I was playing with "Css Javascript Html Toolbox" plugin to tweak the order system a bit, but I just disabled that plugin and was able to reproduce the problem.

 

Is it normal to get the error "Password is Invalid." if something goes wrong with the decryption?  Or is it failing before the decryption attempt happens, as the error implies?  Or is there no way to tell what is actually failing?  I guess I'll try a fresh install and let you know what happens.  :(

 

Paul

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

I tried to do a fresh install in a sub directory per your suggestion, with a 30 day trial license, and got "Sorry, a trial has already been issued for this domain and is no longer valid. To obtain a new trial key, please contact sales@blesta.com. "

 

I just PM'd you a trial key.

 

Are you sure your password is correct? Are there any other admins that can try? There is a public/private RSA key pair that is used for credit card encryption, and the private key is encrypted with AES if a passphrase is set. If you don't have a passphrase set, then your admin password is technically not necessary to decrypt the card data, but it is requested so that your access can be logged.

Link to comment
Share on other sites
  • 0
poehler Newbie

poehler

Posted
  • Author
Posted

> I just PM'd you a trial key.

Thanks.  I confirmed the fresh install WAS able to decrypt and show a credit card.  So clearly "something" is different about the other install, I just don't know what or how to track it down.

 

I see there are private/public keys stored in the blesta database, as well as the "system key" in the config/blesta.php file.  Are those values interdependent?  If so does that mean that a blesta database cannot be migrated to a fresh install of the blesta files without decryption breaking (and apparently only decryption, everything else seems ok)?  I can't say for sure that I haven't migrated the database to a new set of files at some point over the last few weeks, a lot of shuffling and database resetting has been going on while testing imports.

 

Are you sure your password is correct?

Yes.  I promise.  I'm cutting and pasting it.  The same password cut and paste the same way logs me into blesta with no problem.  I can login to Blesta, but get "Password is Invalid." when decrypting a cc.

 

Are there any other admins that can try?

Nope, just me and my testing Blesta install here.

 

Paul

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

> I just PM'd you a trial key.

Thanks.  I confirmed the fresh install WAS able to decrypt and show a credit card.  So clearly "something" is different about the other install, I just don't know what or how to track it down.

 

I see there are private/public keys stored in the blesta database, as well as the "system key" in the config/blesta.php file.  Are those values interdependent?  If so does that mean that a blesta database cannot be migrated to a fresh install of the blesta files without decryption breaking (and apparently only decryption, everything else seems ok)?  I can't say for sure that I haven't migrated the database to a new set of files at some point over the last few weeks, a lot of shuffling and database resetting has been going on while testing imports.

 

Are you sure your password is correct?

Yes.  I promise.  I'm cutting and pasting it.  The same password cut and paste the same way logs me into blesta with no problem.  I can login to Blesta, but get "Password is Invalid." when decrypting a cc.

 

Are there any other admins that can try?

Nope, just me and my testing Blesta install here.

 

Paul

 

If the public and private key pair no longer match then it would be possible to be able to encrypt a card number with the public key, but not decrypt it using the (wrong) private key. Since the key in the config file is used to generate an HMAC and encrypt the private RSA key, it's also possible (and more likely) that the key in /config/blesta.php was changed. This could have happened if Blesta was installed fresh, and the config file was overwritten with a previous one. That is likely what happened here.

 

If you don't have the original config file that was created when that RSA key pair was generated, then you're better off doing a fresh install. That key is used for encryption in other places as well, so I would highly suggest a fresh installation, especially since it is not production.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...