Announcement

Collapse
No announcement yet.

Entering incorrect credit card information results in "Authorization Required"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CnP.Support.AM
    replied
    Good day @DanMakeway

    We have fixed the issue with URL parameters with ??.

    Please test it and let us know if we can be of any further assistance.

    Leave a comment:


  • CnP.Support.AM
    replied
    Good day @DanMakeway

    Yes, we have identified an issue with URL parameters with ??. We are working on it and will be addressed as soon as possible. I will update this post once it is fixed.

    Leave a comment:


  • DanMakeway
    replied
    Hi, any updates? thank you

    Leave a comment:


  • CnP.Support.AM
    replied
    DanMakeway

    We are reviewing your case and get back to you shortly. For now, we don't need SF Temp Code. If needed we will request you.

    Thank you for your patience.

    Leave a comment:


  • DanMakeway
    replied
    Updating with new code

    Temporary Code
    ZBKKQJY4QH
    Expires
    25/01/2022 7:12 AM

    Leave a comment:


  • DanMakeway
    replied
    Hi this is very helpful. I've figured out the issue. the Error and declined pages are throwing an error, because they are also expecting the ID?=XXX paramater. is there a way to have those passed back from the form? Currently I've updated the links to be :
    <input type="hidden" name="OnSuccessUrl" id="OnSuccessUrl" value="https://makewaygifts.secure.force.com/donate/thanks?id={!dq.id}" />
    <input type="hidden" name="OnDeclineUrl" id="OnDeclineUrl" value="https://makewaygifts.secure.force.com/donate/declined?id={!dq.id}" />
    <input type="hidden" name="OnErrorUrl" id="OnErrorUrl" value="https://makewaygifts.secure.force.com/donate/error?id={!dq.id}" />

    but on an error, it gets overwritten to:
    /error?id=a3061000000lXOaAAM?err=Cardnumber%20is%20 invalid&hashresponse=ZGEzOWEzZWU1ZTZiNGJkMzI1NWJmZ WY5NTYwMTg5MGFmZDg3OQ==&RefID=web

    The error is having two ? in the parameters.

    this is the same issue as this post: Error Redirect fails when an existing ID in the redirect url - ClickandPledge.com Support Forum

    I've given you access to my login again:
    Username
    [email protected]
    Temporary Code
    IIYAGIGD01
    Expires
    21/01/2022 9:08 PM
    Last edited by DanMakeway; 01-20-2022, 11:08 PM.

    Leave a comment:


  • CnP.Support
    replied
    Good day DanMakeway

    Your are using the FaaS API platform inside Salesforce. In FaaS we have 3 URL's that are part of the required nodes:

    Please see: https://manual.clickandpledge.com/Fo...rvice_Response
    • Authorization URL
    • Decline URL
    • Error URL
    The above URL's need to be visible to the Site Guest User in Salesforce. In other words, the public visiting the page has to have the right to see all these pages.

    It appears that you have put URL's in these parameters that are not visible to the outside user. Please NOTE that these URL's are NOT part of Click & Pledge's system or in any way or form in our control. These are pages you have defined in Salesforce and since the Site Guest User does not have view access then they see Authorization Required- this is what Salesforce is telling the visitor .. simply they do not have permission to see the page.

    Please review the links you have put for those pages

    Looking at your page's HTML source I see the following:

    Click image for larger version

Name:	URLs.jpg
Views:	67
Size:	81.5 KB
ID:	62252

    If you are seeing an issue when a card declines you need to change the permission for the page you are assigning to the OnDeclineUrl

    Hope that helps. As I stated this is outside our control but make sure Site Guest User has view permission to these pages.

    On a separate NOTE: Please keep in mind that your page does not have reCAPTCHA, at least I do not see it, and your page will be, in a matter of time, target of credit card validation attacks. This is given and we see this over and over again. By using the API you are accepting responsibility for the page, the code, and the attacks if you are not incorporating safety measures. CONNECT forms have a lot of safety features built that are server side and is protected against fraud, whereas your page as it is a custom form is not protected. Just keep this in mind - the probability of attack is quite high on this page.

    Leave a comment:


  • DanMakeway
    replied
    Here is the new code
    Temporary Code
    92BBRZP3AJ
    Expires
    20/01/2022 6:34 AM

    Leave a comment:


  • CnP.Support.AM
    replied
    Good day @DanMakeway

    The code is expired. Would you please share the new code so we can continue the investigation?

    Leave a comment:


  • DanMakeway
    replied
    the code is DIBHBLF5DV

    Leave a comment:


  • CnP.Support.AM
    replied
    DanMakeway

    You can share it here as it can be used only by those you have granted access to your instance. Otherwise, you can also open a support ticket and reference this forum thread with subject Attn: Forum

    Leave a comment:


  • DanMakeway
    replied
    How do I securely share the code?

    Leave a comment:


  • CnP.Support.AM
    replied
    Good day @DanMakeway

    In order to login to your Salesforce instance, you will need to generate a temporary code for us so that we can login and review: https://help.salesforce.com/s/articl...ate.htm&type=5

    Leave a comment:


  • Entering incorrect credit card information results in "Authorization Required"

    Hi there, getting this error:
    Authorization Required

    You must first log in or register before accessing this page.
    If you have forgotten your password, click Forgot Password to reset it.
    When trying to donate on : MakeWay - Donate (force.com) using an incorrect credit card. so when someone mistypes something its that error. Entering correct information seems to work ok.
    Remote admin is enabled, SFID is: 00D61000000YC6K
    Thank you
Working...
X