No 8.1 support in 2023 is actually insane. #440
Comments
|
I wouldn't personally have used the same strong language in an open source repository, but I very much share your sentiment as I'm just finding out I wont be able to use this SDK. @kikmak42 @gnongsie Should this SDK be considered end-of-life as it hasn't been upgraded in a few years and there are many issues and open PRs detailing how it does not work on currently supported versions of PHP? |
|
For sure, you are 100% right. I am quite animated some times. This is actually me "toning it down" :) I guess it is quite unprofessional of me to word it this way but I'm not exactly as well spoken as Barack Obama either! I guess It's my way of matching the ridiculousness of the situation for dramatic effect. To that end, there is a fork over at https://github.com/zhartaunik/authorizenet-sdk-php that I have been using for 8.1, but recently realized there is a bug in the Log class that fails if you do not set a I pushed a PR to fix that just today, but I'm not sure if they will merge it or not, so feel free to use my version @ttag 3.0.1 using a custom "vcs" repository in your composer.json file: https://github.com/BelniakMedia/authorizenet-sdk-php |
|
What in the actual f*** is right. Though I am not surprised at a major payment company being out of touch with security. |
Yeah, quite sad. We can't upgrade our PHP version due to this and are most likely going to switch to Stripe instead in few weeks if nothing changes with Authorize.NET. |
|
Is it possible that they have already provided an answer to this inquiry in a different forum? |
|
@XIAOXIAOSIYU Just look at this issue tracker. They haven't responded to this or many other issues. It's like this whole SDK is a dead project at this point. |
|
@RickKukiela I'm not entirely comfortable using an unofficial package. Could you please share what you did instead? |
|
@RickKukiela @djdevin @adrovz I forked the repo and modified files to address the problems. I submitted a pull request, but if you need an immediate solution, download my fork by adding/merging the following into your composer file: If you want to perform the fix yourself, search |
|
@jdpace2 I already have a fork that fixed the issue as described in my last comment: #440 (comment) but I do appreciate the contribution. Ideally the people responsible for maintaining this project would pokes with stick ... "do something". |
|
@RickKukiela Yeah, I noticed that after I made my changes. My hosting provider upgraded PHP to 8.1, and the issues with this SDK prevented my client from processing cards. In my scramble, I skimmed the coments. I agree that the owner ideally would make these changes, but it's nice to have a community to do it, too. Thank you for your contribution. |
|
I last checked this in March to see if we could upgrade, it's now August with zero news. I'm not sure what the companies priorities are right now but it blows my mind we still don't have a native json API in 2023 either. They still provide a handicapped JSON interface via a translation layer when the content type is application/json. If we need to start a community run fork, they should just come out and say it. |
|
I think the volume of forks indicates that the community is already established -- we should consolidate them. I suspect that AuthNet's code is generated from an API spec, so it may not be straightforward for them to incorporate changes and release. |
|
@WalrusSoup I'd nominate the fork made by @RickKukiela as representative of the community's needs. I validated his changes and incorporated them into my project. What sort of validation do you need to use his fork over the official? |
|
I'd like to make a couple of points that I know will be unpopular but ...
I am supporting six integrations all on PHP 7.4 with the most recent (unforked) SDK and they all work flawlessly and with no security issues. YMMV. |
|
@gregorysandoval The reason I do not allow out dated versions of PHP on my servers is that I do not want, for example, some new 0-day PHP7.4 exploit that is discovered to allow attackers to break in into my server. Such an exploit will not be patched because 7.4 is no longer even receiving security updates. It's my opinion that running EOL server processes that could allow remote code execution if exploited with no avenues to patch such holes, should they occur, is irresponsible at best. Given this, a "real world" example is that my servers do not run 7.4 anymore yet I have many sites that need authorize.net integration on them. Authorize.net is the author and maintainer of this SDK and it strongly behooves them to maintain the SDK to be compatible with the current (secure) versions of the programming language it is for. Failing to do this is failing their community and their customers as there is no doubt plenty of extra billable time that is being spent by their customers to have 3rd party fixes (like mine) vetted and implemented into their code base to ensure uninterrupted operation of their site; in the event that their web host deprecates EOL PHP versions that are no longer considered "secure". Furthermore, there is no really valid argument here because the changes required to make the SDK compatible with 8.1+ were relatively minor and could have been implemented without a lot of fuss if they just would have put someone on the task. They could have even hired one of "us" to do it, I'm sure, if the are that pressed for developer resources... |
This is exactly the reason they gave for not updating it. IMO if the bug is not in the spec, then the code that "generates" the SDK files has a bug and it should be fixed there... 🤷 |
|
@RickKukiela All fine points, I don't dispute any of them. I'm just saying that - given the real world business climate - it's not a bit of an overstatement to say that lack of 8.1 support is "insane" or to lament the lack of response from Auth.net. The folks in the boardrooms at Visa are interested in maximizing shareholder value, period. They wouldn't know an API or SDK if it bit them in the you-know-what. I think it's a far better use of one's time and energy to acknowledge the complexities involved here. It's not about the minimal engineering effort to fix the situation. It's about the fact that the people responsible for maintaining the SDK's were let go long ago. If being on the latest version of PHP is a dealbreaker for you (and some security experts would argue that is as problematic as being on 7.4), then that's a valid requirement. Write your own middle layer to communicate with the API endpoints and be done with the SDK if and until Visa decides to make that investment again. That's a far better use of one's time and energy. I completely agree with you, it's lamentable that this is the case, but that's the reality. BTW, you know who's far worse? PayPal. If you've ever done any integrations with PayPal, you'd be shocked at the state of their SDK's and documentation. Thanks to years of acquisitions, shifting business priorities, etc. their stuff is a mess. |
|
I came here to find an updated SDK because we need to upgrade our server to a new OS, and PHP8 is the bare minimum for that process. The crazier part is, it was the PCI Compliance company thats demanding we upgrade our OS, PHP and SSL etc etc. A PCI Compliance company that is tied to our authnet gateway provider. Yet here authnet has an SDK which doesn't even run on the versions the PCI Compliance is demanding. Arg! So, it looks like I'm going to have to drill through the hundred or so phpcs ERRORs in their code and fix all of this myself. While I think I could trust the work done by @RickKukiela .... I am wary. Or I can just write my own handler like I did with the original authnet some 15 years ago. Guh. This is also why we are switching to NMI and Braintree. On the note about PayPal... yes, their whole sdk keeps changing around, but so far running phpcs on it, there are no errors or warnings generated for 8.1 checks. Haha. Its still a mess though, and bloated. |
|
@IncredibleHat you could certainly download both releases and |
That actually sounds like an excellent idea. I'm just so angry right now by the lack of support from authnet! |
|
few things:
best. |
|
Sorry, my fork was actually done via my org account: https://github.com/BelniakMedia/authorizenet-sdk-php |
and here i thought i was just slow... |
|
Thanks so much @jdpace2 for your suggestion, we followed these instructions and now, finally, we've been able to move the site to PHP 8.1. 🙏If only Authorize.net support were as helpful as you!
|
|
I was unaware of this whole Looking at this SDK, and the simplicity of the core authnet API ... this SDK is an awful lot of code for just making a basic json payload and sending through curl. Hopefully the warning suppression fix will last for however long we stick with authnet before the other gateways are in place and migrated too. |
|
Well, we tried to use the modified one with all the additions to the jsonSerialize entries. We just get actual fatal errors now instead of warnings. Errors like:
So, this looks to be a nightmare in the brewing. We are moving away from authorize.net entirely now, but we need something cobbled working until we are off them 100%. |
|
What version of PHP are you using?
…On Tue, Sep 19, 2023 at 12:46 PM IncredibleHat ***@***.***> wrote:
Well, we tried to use the modified one with all the additions to the
jsonSerialize entries. We just get actual fatal errors now instead of
warnings. Errors like:
Uncaught TypeError: Return value of
net\authorize\api\contract\v1\ANetApiRequestType::jsonSerialize() must be
an instance of net\authorize\api\contract\v1\mixed, array returned in
/.../lib/net/authorize/api/contract/v1/ANetApiRequestType.php:127
So, this looks to be a nightmare in the brewing. We are moving away from
authorize.net entirely now, but we need something cobbled working until
we are off them 100%.
—
Reply to this email directly, view it on GitHub
<#440 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACW6TT3V2A3TE6MZNKGWD23X3HK6ZANCNFSM6AAAAAAV5PTT3I>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@jdpace2 currently staging fixes in php 7.4 so things are ready when we do the php8 upgrade this week. Not sure why the authnet-sdk fixes would be any issue in 7.4, but they are. Im not sure if those same issues will exist in php8.... so, gonna play it by ear and hot-seat fix whatever breaks. Authorize.net are providing no support in the matter. |
|
@IncredibleHat I'm interested to know how it goes. I've found the transition from PHP 7.2 to 8 easier than 7.2 to 7.4 (in general). |
|
I made composer patches that can be used instead of an alternative third party repo: So my method was to do composer patching.
Then make sure your composer.json includes the below. Now when you install authroize.net you will see the below telling you the patches are being ran. That’s it, now you have a portable composer patch off the official repo. This feels safer to me and if the official repo ever gets 8.2 support, I can just pull my patches out. Our clients use case is very simple, so I cannot guarantee this will solve all the php 8.2 problems in the library as we didn’t have budget to explore this any further. Hopefully it works for you. Full write up here on my blog. |
I'm going to try this on our php 8 setup. We use accept hosted and other more complex setups so we will see. I've reached out to Visa and Authorize.net multiple times with no reply. Thanks for sharing this |
|
When you upgrade to PHP 8.2, there is another subtle error. The latest release of PHP is 8.2, not 8.1. There are only security updates for PHP 8.1 for the next 10-months. PHP8.2 is in active development for the next 10-months. See The Deprecation Notice: This is a simple fix, go to:
The warning will go away. I have made this change to the forked repository at https://github.com/resumeblaze/sdk-php/releases/tag/2.0.4 I bumped our forked version from 2.0.3 to 2.0.4. The 2.0.3 contains the same changes that jdpace2 recommended. |
|
Maybe if everyone opens a ticket with authorize.net and floods them, they will do something??? I also opened a ticket with Visa, since they acquired Authorize.net; not sure if that will get anywhere, who knows... |
|
I added the forked repo to a packagist.org. You can now use composer to install the releases that best suite your needs. The package can be found at https://packagist.org/packages/resumeblaze/authorizenet. I tested the repo in a production environment on resumeblaze.com and there hasn't been any issues. We have been successfully processing credit cards using PHP8.3. Version 2.0.3 - PHP8.1 Support |
|
for those still playing along; i used @jdpace2 version of this sdk. i have found a problem: he has the following 2 lines of code there: which is resulting in the following error: PHP Fatal error: Attribute "ReturnTypeWillChange" must not be repeated in.... i have not checked the packagist version, but will do so soon. |
|
fyi, i am not seeing this 1 error in the packagist version. |
|
@proseLA I'm not sure how that duplication occurred, but it sure did! Are you in a position to submit a fix for it? If not, I can update it tonight. |
|
@jdpace2 for my code, i moved to the packagist version being done by @resumeblaze; so a fix on your fork, at least for me is not necessary. the packagist version did not have that duplication. so you can update your fork at your leisure. |
|
@proseLA, let me know if there are any issues with our version. I haven't encountered any other errors after I pushed version 2.0.5. |
How in the world is the official SDK from the biggest/oldest online credit transaction gateways, for the most popular back-end programming language this out of touch with reality?
This is unacceptable and quite frankly an embarrassment at this point.
PHP7.4 is already EOL and 8.0 is not going to be far behind.
What in the actual F***?
The text was updated successfully, but these errors were encountered: