Release status: stable
|Description||Provides fundraising mechanisms for collecting payments|
|Author(s)||Casey Dentinger, Elliott Eggleston, Katie Horn, Dylan Kozlowski, Adam Wight, inactive: Matt Walker, Ryan Kaldari, Sherah Smith|
|License||GNU General Public License 2.0|
Translate the DonationInterface extension if it is available at translatewiki.net
|Check usage and version matrix; code metrics|
|Open tasks · Report a bug|
DonationInterface provides fundraising mechanisms for collecting and tracking payments through various payment gateways.
- 1 Overview
- 2 Installation
- 3 Implementation
- 4 Development
- 5 See also
The majority of the work done by the Donation Interface extension is in communicating with payment gateways. We also provide a user-facing forms layer for accepting donations.
DonationInterface requires Extension:ContributionTracking to be installed and configured: DonationInterface now uses a number of static ContributionTracking functions to record relevant donation tracking data.
Include the following line in LocalSettings.php:
require_once( "$IP/extensions/DonationInterface/DonationInterface.php" );
Next, define which gateways you want to be enabled.
For example, the following would turn on all current gateways and extensions (TODO: Document defaults and update.):
$wgDonationInterfaceEnableAdyen = true; $wgDonationInterfaceEnableAmazon = true; $wgDonationInterfaceEnableAstropay = true; $wgDonationInterfaceEnableGlobalCollect = true; $wgDonationInterfaceEnableWorldpay = true; $wgDonationInterfaceEnableStomp = true; $wgDonationInterfaceEnableConversionLog = true; $wgDonationInterfaceEnableMinfraud = true; $wgDonationInterfaceEnableMinfraud_as_filter = true; // you wouldn't ever actually want this AND minfraud as a standalone enabled at the same time. $wgDonationInterfaceEnableReferrerFilter = true; $wgDonationInterfaceEnableSourceFilter = true;
After this, TODO be sure to define account information for each gateway you intend to use, for example:
<?php # settings.d/wikis/paymentswiki/settings.d/01-DI-real.php $wgGlobalCollectGatewayAccountInfo = array( 'default' => array( 'MerchantID' => '1234', ), ); $wgPaypalGatewayAccountInfo = array( 'default' => array( 'AccountEmail' => 'firstname.lastname@example.org', ), );
DonationInterface searches for globals in a special way.
Any DonationInterface global used by a gateway, can be assigned a value that is either specific to that gateway, or the default for the entire extension (with the specifics overriding the default where both are present).
To assign an extension-wide default for gateway globals, simply swap out the gateway prefix in the global variable name, to "wgDonationInterface".
For instance: To turn on syslogging by default for the entire DonationInterface extension instead of just, say, the payflow pro gateway, change this:
$wgPayflowProGatewayUseSyslog = true;
$wgDonationInterfaceUseSyslog = true;
Syslog will now be enabled for all gateways, unless you turn them off with gateway-specific globals.
To create custom donation filtering rules, set the $wgCustomFiltersRefRules and $wgCustomFiltersSrcRules global variables in your LocalSettings.php file.
These should be set to associative arrays which pair regex patterns with risk score numbers, for example:
// Filter for suspicious HTTP referrer URLs $wgCustomFiltersRefRules = array( '/hackers\.com/' => 100 '/wikipedia\.org/' => -50, ); // Filter for suspicious utm_source values $wgCustomFiltersSrcRules = array( '/TestNotice1/' => 50 '/foobar/' => -100, );
Define Globals in LocalSettings.php
While there are many more globals available to override, the following probably need to be defined in LocalSettings if you want DonationInterface to actually work.
Global variables are defined in DonationInterface.php.
|$wgGlobalCollectGatewayMerchantID||Our Merchant ID with GlobalCollect||string|
|$wgDonationInterfaceAllowedHtmlForms||A global whitelist of forms allowed to be loaded via RapidHtml. Intended to be used by any gateway. NOTE: This is not actually used anywhere directly. You must add these values to a gateway's AllowedHtmlForms for them to actually get used on any given gateway.||Array. For each form, the key should be the name of the form (aka "ffname"), and the value should be the file's location.|
|$wgGlobalCollectGatewayAllowedHtmlForms||The definitive whitelist of forms allowed to be loaded via RapidHtml, for GlobalCollect.||Array. For each form, the key should be the name of the form (aka "ffname"), and the value should be the file's location. NOTE: If you wish to use the global list of forms as well, you will have to set $wgGlobalCollectGatewayAllowedHtmlForms = $wgDonationInterfaceAllowedHtmlForms manually, before adding (or removing) forms locally.|
|$wgDonationInterfaceDisplayDebug||Set to true to get extra debugging information dumped to the screen.||boolean|
Very generally speaking, the process of completing a donation goes like this:
- The donor is sent to a donation form that is already tied to a specific payment gateway. This form will be controlled by a gateway-specific unlisted special page of a class descended from the GatewayForm class.
- The extended GatewayForm class will instantiate its gateway adapter. On construction, the gateway adapter will gather, normalize, and validate any relevant data in $wgRequest. All gateways use the same class, DonationData, to accomplish this task. Doing this means that all the data is subject to the same normalization and validation processes, no matter who's asking for it or where it came from.
- The controlling GatewayForm child class will then use the gateway adapter to determine where the user is in the donation process, and if appropriate (no errors on validation, all data present, no strangeness with the edit token or session, that sort of thing), use that same gateway adapter to interact with the remote payment servers in order to take the next step in the donation process. As every payment gateway has its own set of rules (and in some cases, completely different transaction types that are not directly analogous to anything else in any of the other gateways) it is up to the adapter to sort all of that out internally, and only expose functionality to the controlling object in such a way that it seems more or less universal across all possible adapter objects.
- After having the gateway adapter perform one or more transactions with the remote payment gateway, the controlling object would then use the gateway to determine what happened, and display appropriate results to the prospective donor. This could be a "Thank you" page, an error displayed on the submitted form prompting the user to try again in a meaningful way, or a more fatal sort of error page.
(DonationInterface/gateway_common/gateway.adapter.php) - This is an abstract class that takes care of everything a general gateway needs to do. It it also supposed to yell at you rather loudly if you fail to define any of the particulars that a gateway needs, in order to be able to do anything worthwhile.
(DonationInterface/gateway_common/GatewayForm.php) - A class that extends UnlistedSpecialPage. This will take care of all the not-gateway-specific functionality necessary to present a donation form to a user, and get the results. Of particular interest are the mechanisms for displaying the requested form (or not), handling some of the more universal aspects of form validation, and fetching data that could be used by the specified forms (as in, a list of countries and their codes for a country drop-down).
Classes that inherit from these will be specific to a particular payment gateway. As such, they will be located in a folder named something like DonationInterface/[name]_gateway/.
Most adapters will implement GatewayForm for two routes: the initial payment form, and a result switcher page.
The initial payment form is responsible for rendering a form with inputs for the mandatory data to be collected. Alternatively, some gateways such as GlobalCollect will render an iframed form hosted by the payment processor, and others such as PayPal and Amazon will transparently redirect to the processor unless the donation information (currency and amount) are invalid and must be corrected.
The result switcher is usually not responsible for confirming payment or performing further authorization, it simply routes the donor to either the Thank You or Failure pages, depending on approximate responses from the processor.
(DonationInterface/gateway_common/DonationData.php) - This class is intended to handle everything that we are likely to want to do with Donation Data. It should load the data in a consistent way from any appropriate source (including a test), saves relevant Contribution Tracking data, generates data we always need to generate (like order IDs), normalizes everything, and hands it back to the gateway. Classes inheriting from GatewayAdapter will instantiate a DonationData class on creation. The GatewayAdapter child classes should only ever use data that has come through the DonationData class. It also handles edit tokens.
All data is first normalized by DonationData, and is then validated. If data fails validation, all processing is halted and the donor is redirected back to the form where they can correct any errors. Messages are displayed to guide the user through the corrections. TODO: make messages human-readable, attach to fields rather than pop-up, etc.
The gateway adapter is consulted for some of these validations, for example a lower and upper threshold for valid donation amounts, and accepted currencies.
Constructing a Gateway Adapter
Defining A New Gateway Adapter
GatewayAdapter extends the GatewayType interface. TODO: Here is a quick guide to defining the functions in GatewayType.
Unit tests can be found in the tests directory of the DonationInterface extension.
To run unit tests go to the mediawiki-core directory, then under tests/phpunit:
cd /srv/org.wikimedia.payments/tests/phpunit php phpunit.php --group DonationInterface
Whenever composer.json changes, you must run "composer update" to refresh the contents of vendor/ .
For WMF production, vendor is deployed on the "deployment" branch as a git submodule. You must rm -rf the package ".git" directories when committing new packages, otherwise they will be treated as misshapen, nested submodules and you don't want to go there.
Some things we want to do:
- Decouple presentation layer from controllers and payments backend (Done)
- Decouple payment processing from the MediaWiki framework, so it can be used as a standalone library (in progress)
- Provide access to the payments library inside of Drupal, to enable refunds, cancellation, and status retrieval from CiviCRM (in progress)
|This extension is being used on one or more Wikimedia projects. This probably means that the extension is stable and works well enough to be used by such high-traffic websites. Look for this extension's name in Wikimedia's CommonSettings.php and InitialiseSettings.php configuration files to see where it's installed. A full list of the extensions installed on a particular wiki can be seen on the wiki's Special:Version page.|