This is an Ubercart payment gateway module for Stripe. It maintains PCI SAQ A
compliance which allows Stripe, the payment processor, to handle prcoessing and
storing of payment card details.
It is compliant with 3D Secure, 3D Secure 2, and Strong Customer Authentication (SCA)
Versions of the Stripe PHP Library and Stripe API that this module currently
supports are found in uc_stripe_libraries_info() in uc_stripe.module.
Installation and Setup
======================
a) Install and enable the module in the normal way for Drupal.
b) Visit your Ubercart Store Administration page, Configuration
section, and enable the gateway under the Payment Gateways.
(admin/store/settings/payment/edit/gateways)
c) On that page, provide your Stripe API keys, from
https://dashboard.stripe.com/account/apikeys
d) Download and install the Stripe PHP Library version 6.38.0 with stripe api
2019-05-16 or newer from https://github.com/stripe/stripe-php/releases. The
recommended technique is to use the command
drush ldl stripe
If you don't use "drush ldl stripe", download and install the Stripe library in
sites/all/libraries/stripe such that the path to VERSION
is sites/all/libraries/stripe/VERSION. YOU MUST CLEAR THE CACHE AFTER
CHANGING THE STRIPE PHP LIBRARY. The Libraries module caches its memory of
libraries like the Stripe Library.
(With the latest version of the libraries module you can use the command:
e) If you are using recurring payments, install version 2.x
of the Ubercart Recurring module:
http://drupal.org/project/uc_recurring
and set up as described below.
f) Every site dealing with credit cards in any way should be using https. It's
your responsibility to make this happen. (Actually, almost every site should
be https everywhere at this time in the web's history.)
g) If you want Stripe to attempt to validate zip/postal codes, you must enable
that feature on your *Stripe* account settings. Click the checkbox for
"Decline Charges that fail zip code verification" on the "Account info" page.
(You must be collecting billing address information for this to work, of course.)
h) The uc_credit setting "Validate credit card numbers at checkout" must be
disabled on admin/store/settings/payment/method/credit - uc_credit never sees
the credit card number, so cannot properly validate it (and we don't want it to
ever know the credit card number.)
i) uc_stripe creates it's own payment pane. Ensure the correct ordering by visiting
store->configuration->checkout (admin/store/settings/checkout).
Upgrading from uc_stripe 7.x-2.x
===========================================
7.x-3.x maintains PCI SAQ A compliance and has major implementation changes from
2.x. This version uses it's own payment pane in uc_cart to collect card info.
The card fields such as card number, expiration date, and cvc code have all been
hidden, and is handled entirely by Stripe's Element implementation.
Which means no credit card information gets processed at all by drupal. The last4,
and expiration date are sent back to drupal by Stripe's api.
7.x-3.x no longer creates a new stripe customer for each order. If a drupal user
already has a stripe customer ID, this module will attach future orders to that
exisiting stripe customer ID.
When upgrading from 2.x the ordering of the new stripe payment pane should be
verified at store->configuration->checkout (admin/store/settings/checkout).
An upgrade of the stripe library is required. See installation step d from above.
7.x-3.x Uses the uc_recurring module for recurring payments. It is also equipped
to handle recurring payments that require authentication (See the uc_recurring
steps below). Exisiting recurring payments set up with 7.x-2.x work without any
configuration changes.
Upgrading from uc_stripe 6.x-1.x or 7.x-1.x
============================================
The upgrade hooks, however, must move the customer id stored in the obsolete
uc_recurring_stripe table into the user table. When this happens the old
record in the uc_recurring_stripe table will have its plan changed to
<old_plan>_obsolete. This just prevents an import from happening more than once
and gives you backout options if you wanted to downgrade.
If you were using 1.x of this module and want to cancel existing subscriptions
which were configured via the Stripe api (since they are now managed via
uc_recurring) a drush command is provided to cancel these. Use "drush help subcancel"
for more information.
Recurring Payments Setup
========================
You'll need the Ubercart Recurring module:
http://drupal.org/project/uc_recurring installed. It is not
listed as a dependency for this Stripe payment module because
this module could be used without recurring payments.
But it is a dependency to use the recurring payments piece of
this module. Note that this module does *not* use Stripe subscriptions.
Instead, recurring payments are managed by uc_recurring, which does not
retain any valid CC info, only the stripe customer id.
Recurring payments require automatically triggered renewals using
uc_recurring_trigger_renewals ("Enabled triggered renewals" must be enabled
on admin/store/settings/payment/edit/recurring)
You should also set your email message for recurring payments that require
Authentication. The system will email your customers with a link so that they
can authenticate and have their payment processed.
(You can edit from here: admin/store/settings/payment/edit/gateways)
If you were using Stripe subscriptions in v1 of this module, you may have to
disable those subscriptions in order to not double-charge your customers.
uc_stripe 6.x-2.x and 7.x-2.x were based on Bitcookie's work (thanks!) which was posted at
http://bitcookie.com/blog/pci-compliant-ubercart-and-stripe-js
from discussion in the uc_stripe issue queue,
https://www.drupal.org/node/1467886
View source
- This is an Ubercart payment gateway module for Stripe. It maintains PCI SAQ A
- compliance which allows Stripe, the payment processor, to handle prcoessing and
- storing of payment card details.
-
- It is compliant with 3D Secure, 3D Secure 2, and Strong Customer Authentication (SCA)
-
- Versions of the Stripe PHP Library and Stripe API that this module currently
- supports are found in uc_stripe_libraries_info() in uc_stripe.module.
-
- Installation and Setup
- ======================
-
- a) Install and enable the module in the normal way for Drupal.
-
- b) Visit your Ubercart Store Administration page, Configuration
- section, and enable the gateway under the Payment Gateways.
- (admin/store/settings/payment/edit/gateways)
-
- c) On that page, provide your Stripe API keys, from
- https://dashboard.stripe.com/account/apikeys
-
- d) Download and install the Stripe PHP Library version 6.38.0 with stripe api
- 2019-05-16 or newer from https://github.com/stripe/stripe-php/releases. The
- recommended technique is to use the command
-
- drush ldl stripe
-
- If you don't use "drush ldl stripe", download and install the Stripe library in
- sites/all/libraries/stripe such that the path to VERSION
- is sites/all/libraries/stripe/VERSION. YOU MUST CLEAR THE CACHE AFTER
- CHANGING THE STRIPE PHP LIBRARY. The Libraries module caches its memory of
- libraries like the Stripe Library.
- (With the latest version of the libraries module you can use the command:
-
- e) If you are using recurring payments, install version 2.x
- of the Ubercart Recurring module:
- http://drupal.org/project/uc_recurring
- and set up as described below.
-
- f) Every site dealing with credit cards in any way should be using https. It's
- your responsibility to make this happen. (Actually, almost every site should
- be https everywhere at this time in the web's history.)
-
- g) If you want Stripe to attempt to validate zip/postal codes, you must enable
- that feature on your *Stripe* account settings. Click the checkbox for
- "Decline Charges that fail zip code verification" on the "Account info" page.
- (You must be collecting billing address information for this to work, of course.)
-
- h) The uc_credit setting "Validate credit card numbers at checkout" must be
- disabled on admin/store/settings/payment/method/credit - uc_credit never sees
- the credit card number, so cannot properly validate it (and we don't want it to
- ever know the credit card number.)
-
- i) uc_stripe creates it's own payment pane. Ensure the correct ordering by visiting
- store->configuration->checkout (admin/store/settings/checkout).
-
- Upgrading from uc_stripe 7.x-2.x
- ===========================================
-
- 7.x-3.x maintains PCI SAQ A compliance and has major implementation changes from
- 2.x. This version uses it's own payment pane in uc_cart to collect card info.
- The card fields such as card number, expiration date, and cvc code have all been
- hidden, and is handled entirely by Stripe's Element implementation.
- Which means no credit card information gets processed at all by drupal. The last4,
- and expiration date are sent back to drupal by Stripe's api.
-
- 7.x-3.x no longer creates a new stripe customer for each order. If a drupal user
- already has a stripe customer ID, this module will attach future orders to that
- exisiting stripe customer ID.
-
- When upgrading from 2.x the ordering of the new stripe payment pane should be
- verified at store->configuration->checkout (admin/store/settings/checkout).
-
- An upgrade of the stripe library is required. See installation step d from above.
-
- 7.x-3.x Uses the uc_recurring module for recurring payments. It is also equipped
- to handle recurring payments that require authentication (See the uc_recurring
- steps below). Exisiting recurring payments set up with 7.x-2.x work without any
- configuration changes.
-
- Upgrading from uc_stripe 6.x-1.x or 7.x-1.x
- ============================================
-
- The upgrade hooks, however, must move the customer id stored in the obsolete
- uc_recurring_stripe table into the user table. When this happens the old
- record in the uc_recurring_stripe table will have its plan changed to
- _obsolete. This just prevents an import from happening more than once
- and gives you backout options if you wanted to downgrade.
-
- If you were using 1.x of this module and want to cancel existing subscriptions
- which were configured via the Stripe api (since they are now managed via
- uc_recurring) a drush command is provided to cancel these. Use "drush help subcancel"
- for more information.
-
- Recurring Payments Setup
- ========================
-
- You'll need the Ubercart Recurring module:
- http://drupal.org/project/uc_recurring installed. It is not
- listed as a dependency for this Stripe payment module because
- this module could be used without recurring payments.
- But it is a dependency to use the recurring payments piece of
- this module. Note that this module does *not* use Stripe subscriptions.
- Instead, recurring payments are managed by uc_recurring, which does not
- retain any valid CC info, only the stripe customer id.
-
- Recurring payments require automatically triggered renewals using
- uc_recurring_trigger_renewals ("Enabled triggered renewals" must be enabled
- on admin/store/settings/payment/edit/recurring)
-
- You should also set your email message for recurring payments that require
- Authentication. The system will email your customers with a link so that they
- can authenticate and have their payment processed.
- (You can edit from here: admin/store/settings/payment/edit/gateways)
-
- If you were using Stripe subscriptions in v1 of this module, you may have to
- disable those subscriptions in order to not double-charge your customers.
-
- uc_stripe 6.x-2.x and 7.x-2.x were based on Bitcookie's work (thanks!) which was posted at
- http://bitcookie.com/blog/pci-compliant-ubercart-and-stripe-js
- from discussion in the uc_stripe issue queue,
- https://www.drupal.org/node/1467886