Question
When I create a Drupal form with the API and construct the form as necessary, Braintree returns an authentication exception. When I take that same rendered HTML and output it on the page (skip the api), then it works. I can't figure out why!
Below is the code that does not work.
https://stackoverflow.com/questions/13547484
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianfunction my_module_menu() {
$items['user/payment/add'] = array(
'title' => t('Add Card'),
'type' => MENU_LOCAL_TASK,
'page callback' => 'drupal_get_form',
'page arguments' => array('my_module_add_form'),
'access arguments' => array('access content'),
'weight' => 2,
);
}
function my_module_add_form() {
global $user;
require_once 'sites/all/libraries/braintree/lib/Braintree.php';
Braintree_Configuration::environment('sandbox');
Braintree_Configuration::merchantId('xxx');
Braintree_Configuration::publicKey('xxx');
Braintree_Configuration::privateKey('xxx');
$customer = Braintree_Customer::find($user->uid);
$trData = Braintree_TransparentRedirect::updateCustomerData(
array(
'redirectUrl' => 'http://www.xxx.com/user/payment',
'customerId' => $user->uid
)
);
$form['#action'] = url(Braintree_TransparentRedirect::url(), array('external' => true));
$form['customer[first_name]'] = array(
'#type' => 'textfield',
'#title' => t('First Name'),
);
$form['customer[last_name]'] = array(
'#type' => 'textfield',
'#title' => t('Last Name'),
);
$form['tr_data'] = array(
'#type' => 'hidden',
'#value' => htmlentities($trData),
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save')
);
return $form;
}
if instead I take that exact HTML output and do this with a normal_menu_item and the same credentials as above...
function my_module_menu() {
$items['user/payment/add'] = array(
'title' => t('Add Card'),
'type' => MENU_NORMAL_ITEM,
'page callback' => 'my_module_add_page',
'access arguments' => array('access content'),
'weight' => 2,
);
}
function my_module_add_page() {
global $user;
require_once 'sites/all/libraries/braintree/lib/Braintree.php';
Braintree_Configuration::environment('sandbox');
Braintree_Configuration::merchantId('xxx');
Braintree_Configuration::publicKey('xxx');
Braintree_Configuration::privateKey('xxx');
$customer = Braintree_Customer::find($user->uid);
$trData = Braintree_TransparentRedirect::updateCustomerData(
array(
'redirectUrl' => 'http://www.xxx.com/user/payment',
'customerId' => $user->uid
)
);
$output="
<form accept-charset='UTF-8' id='tqcustom-billing' method='post' action='".Braintree_TransparentRedirect::url()."'>
<div>
<div class='form-item form-type-textfield form-item-customer-first-name'>
<label for='edit-customer-first-name'>First Name </label>
<input type='text' class='form-text' maxlength='128' size='60' value='' name='customer[first_name]' id='edit-customer-first-name'>
</div>
<div class='form-item form-type-textfield form-item-customer-last-name'>
<label for='edit-customer-last-name'>Last Name </label>
<input type='text' class='form-text' maxlength='128' size='60' value='' name='customer[last_name]' id='edit-customer-last-name'>
</div>
<input type='hidden' value='".$trData."' name='tr_data'>
<input type='submit' class='form-submit' value='Save' name='op' id='edit-submit'>
</div>
</form>
";
return $output;
}
it returns fine with a status code of 200. something about drupal_get_form or drupal_render kills the environment that braintree needs to authenticate the form post. What in the world could be causing this? The browser HTML output is 100% exactly the same both ways, but the first way won't authenticate.
Please ask me for details and I'll supply them - desperate to figure this out.
Solution
In your first example you are passing the output of Braintree_TransparentRedirect::updateCustomerData through htmlentities before displaying the form. This will cause ampersands to appear as & instead of &. Since the tr_data field is signed with your API key, it must be exactly what is returned from Braintree_TransparentRedirect::updateCustomerData.
Disclaimer: I work for Braintree
