phplaravel-8opayoomnipay

SagePa 3DS2 3377 : The ACS has provided an Erro message. CReq validation failure from thephpleague/omnipay-sagepay

I'm using thephpleague/omnipay-sagepay https://github.com/thephpleague/omnipay-sagepay

After receiving response from the 3DS Notification, I am running the following code:

$gateway = $this->fetchGateway(); 
$completeRequest = $gateway->completeAuthorize([
  'transactionId' => $payment->transaction_id
]); 
$completeResponse = $completeRequest->send(); 
print "<pre>"; 
print_r($completeResponse);

and receiving the following message:

[data:protected] => Array ( 
[VPSProtocol] => 3.00 
[Status] => ERROR 
[StatusDetail] => 3377 : The ACS has provided an Erro message. CReq validation failure. )

I've tried also including a CRes and CReq in the $gateway->completeAuthorize() function with no luck.

Anyone have any clue on this?

The protocol 4 documentation states:

This POST needs to contain the VPSTxId (or MD) and CRes (or PARes). but as above, it doesn't seem to work and returns a CReq validation error

Not sure if this could be relevant? https://dijitul.uk/payment-gateway-3d-secure-timing-out-huge-issue/#comment-121740

I read somewhere that the {} around the threeDSSessionData could be causing a problem but removing them has no effect.

Bit worried that the deadline for this is the 14th March :(

edit:

I have also tried this with the same response:

$gateway = $this->fetchGateway();
$completeRequest = $gateway->completeAuthorize([
  'VPSTxId' => str_replace("{", "", str_replace("}", "", $payment->vpsTxId)),
  'CRes' => $cres,
  'CreateToken' => '1',
]);
$completeResponse = $completeRequest->send();

$payment->vpsTxId that's sent equals: 923DD024-8E55-A543-AA6F-4E76AECB67D8

$cres equals ewogICJtZXNzYWdlVHlwZSIgOiAiRXJybyIsCiAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjEuMCIsCiAgImFjc1RyYW5zSUQiIDogIjZjOGE2MzQyLTI2OTUtNDAzMi04NDVkLTBmZGU2MDBiYmFhMyIsCiAgImVycm9yQ29kZSIgOiAiMjAzIiwKICAiZXJyb3JDb21wb25lbnQiIDogIkEiLAogICJlcnJvckRlc2NyaXB0aW9uIiA6ICJEYXRhIGVsZW1lbnQgbm90IGluIHRoZSByZXF1aXJlZCBmb3JtYXQgb3IgdmFsdWUgaXMgaW52YWxpZCBhcyBkZWZpbmVkIGluIFRhYmxlIEEuMS4iLAogICJlcnJvckRldGFpbCIgOiAidGhyZWVEU1Nlc3Npb25EYXRhIiwKICAiZXJyb3JNZXNzYWdlVHlwZSIgOiAiQ1JlcSIKfQ

Not worried about security as posting via testMode

Solution

  • I managed to fix this by stripping the parentheses "{}" from the vpsTxId before returning the form.

    For completeness the code I ended up using for the return form was:

     <!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Redirecting...</title>
</head>
<body onload="document.forms[0].submit();">
    <form action="' . $responseMessage->getRedirectUrl() . '" method="' . $responseMessage->getRedirectMethod() . '">
        <p>Redirecting to payment page...</p>
        <p>
            <input type="hidden" name="creq" value="' . $data['creq'] . '" />
<input type="hidden" name="threeDSSessionData" value="' . str_replace(array("{", "}"), "", $data['threeDSSessionData']) . '" />

            <input type="submit" value="Continue" />
        </p>
    </form>
</body>
</html>

    The really important line here is: str_replace(array("{", "}"), "", $data['threeDSSessionData'])

    I really hope this helps somebody else out!