README

Installing module

We recommend using Composer for installation and update management.

composer require remp/crm-payments-module

Enabling module

Add installed extension to your app/config/config.neon file.

extensions:
	- Crm\PaymentsModule\DI\PaymentsModuleExtension

Add following commands to your scheduler (e.g. crontab) and change the path to match your deploy path:

# charge available recurrent payments
*/15 * * * * flock /tmp/payments_charge.lock /usr/bin/php /var/www/html/bin/command.php payments:charge

# pre-calculate payment-related metadata
04 04 * * * /usr/bin/php /var/www/html/bin/command.php payments:calculate_averages

Configuration

Data retention configuration

You can configure time before which application:cleanup deletes old repository data and column which it uses by using (in your project configuration file):

services:
    paymentLogsRepository:
        setup:
            - setRetentionThreshold('-2 months', 'created_at')

Fast charge check configuration

You can configure fast charge threshold check by adding this to your configuration:

payments:
    fastcharge_threshold: 24 # default: 24; number of hours (if set to 0 fast charge check is disabled)

Fast charge check is done by RecurrentPaymentsChargeCommand::validateRecurrentPayment and it prevents system from repeated charging if error occurs while charging.

Scheduled commands

For payment module to work correctly, please add execution of following commands to your scheduler. Example displays crontab usage for execution (alter paths to your deploy paths):

# calculate payment related averages; expensive calculations that should be done nightly
04 04 * * * php /var/www/html/bin/command.php payments:calculate_averages

# recurrent payment charges; using flock to allow only single instance running at once
*/15 * * * * flock /tmp/payments_charge.lock /usr/bin/php /var/www/html/bin/command.php payments:charge

### OPTIONAL 

# failcheck to prevent payments not working without anyone noticing (see command options) 
*/10 * * * * php /var/www/html/bin/command.php payments:last_payments_check --notify=admin@example.com

# try to acquire debit card expiration dates for cards that don't have it
*/10 * * * * php /var/www/html/bin/command.php payments:update_recurrent_payments_expires

# stop recurrent payments with expired cards
7 2 1 * * php /var/www/html/bin/command.php payments:stop_expired_recurrent_payments

# if you use Cardpay/Comfortpay gateways and bank sends you email notifications, you can confirm payments based
# on those emails
*/3 * * * * php /var/www/html/bin/command.php payments:tatra_banka_mail_confirmation

Service commands

Module might provide service commands to be run in the deployed environment. Mostly to handle internal changes and to prevent direct manipulation with the database. You can display required and optional arguments by using --help switch when running the command.

Payments module doesn't provide service commands.

Payment gateways

Module has a default set of supported payment gateways developed and used by us:

• free. Developed for development purposes, to be used for testing payment-related flows.
• bank_transfer. Gateway generates unfinished payment and displays user bank account, amount and transaction identification so the payment can be paired and confirmed later.
• cardpay (tatrabanka.sk). One-time card payment provided by Slovak bank.
• comfortpay (tatrabanka.sk). Recurrent card payment provided by Slovak bank (CRM is handling charging)
• csob (csob.cz). One-time card payment provided by Czech bank.
• csob_one_click (csob.cz). Recurrent card payment provided by Czech bank (CRM ish handling charging)
• paypal (paypal.com). One-time payment provided by major global provider.
• paypal_reference (paypal.com). Recurrent payment provided by major global provider (CRM is handling charging)
• tatrapay (tatrabanka.sk). One-time payment linked to Slovak bank's internet banking.

By default, only bank_transfer as a default payment gateway is enabled by PaymentsModule. You can enable gateways you wish to use by adding following snippet to your app/config/config.neon:

services:
	# ...
	gatewayFactory:
		setup:
			- registerGateway(free, Crm\PaymentsModule\Gateways\Free)

At this moment, there are several gateway implementations you can add to your CRM installation as a separate module:

• stripe (stripe.com). One-time payment provided by major global provider.
• stripe_recurrent (stripe.com). Recurrent payment provided by major global provider (CRM is handling charging)
• slsp_sporopay (slsp.sk). One-time payment linked to Slovak bank's internet banking.
• vub_eplatby (vub.sk). One-time payment linked to Slovak bank's internet banking.

Standard (one-time) payments

Standard and initial recurrent payment have common beginning of process. Once the system generates instance of new payment, user can be redirected to payment gateway for processing. Each gateway requires different set of parameters to be provided, therefore gateway is responsible for generating the redirect URL with all required parameters.

As remp/crm-payments-module is responsible only for actual payment processing, frontend flow can be managed by our remp/crm-salesfunnel-module which provides a way to create sales funnels (payment windows), aggregates statistics and displays user success page after the payment with possibility to extend it with widgets.

After the payment, user is directed back to the CRM. Each gateway provides its own URL where user is directed for payment completion processing.

If the payment is successful, payments module uses PaymentCompleteRedirectManager to determine what kind of success page the user should see. If crm-salesfunnel-module is used, user is directed to the success page registered by the module.

The flow of payment processing can be described with following diagram:

Recurrent payments

Initiating payment

If the payment uses gateway that supports recurrent payment, the initial flow is usually the same as with the regular payments. The difference comes in during processing of successful initial payment.

PaymentsModule creates new instance of recurrent payment - a profile defining when the system should charge user again, and what subscription type will the user get when charged.

Each recurrent payment instance represent a single payment that will be charged in the future. That means, that if the charge fails, system creates new recurrent payment with charge date calculated based on retry rules and stores failing information to the original recurrent payment. Similarly, if the charge was successful, new subscription is created and new recurrent payment is defined to be charged in the next period. Thanks to that the system is able to provide information about each charge attempt for whole history of user charging including the bank approval/failure code.

This is all done on backend without system requiring any kind of user interaction. This block merely explains the flow and describes the terms so when displayed in CRM admin, the reader understands the displayed data.

Automatic charges

To charge the user, add payments:charge command to your scheduler. Command doesn't handle concurrent runs - that means that it's responsibility of your scheduler to prevent multiple overlapping instances of command running at the same time. Otherwise a user could be charged twice during the same period.

We recommend using flock or some other locking tool which will prevent command to be execute while the previous instance is still running. Following is an example snippet for crontab to run the charging every 15 minutes:

*/15 * * * * flock /tmp/payments_charge.lock /usr/bin/php /var/www/html/bin/command.php payments:charge

Notifying expired cards

If gateway supports it, CRM fetches expiration date for each cid (effectively credit card) used to execute recurring charges. Optionally, you can add command to your scheduler that automatically stops expired recurrent payments:

# stop recurrent payments with expired cards
7 2 1 * * php /var/www/html/bin/command.php payments:stop_expired_recurrent_payments

When recurrent payment is stopped, Crm\PaymentsModule\Events\RecurrentPaymentCardExpiredEvent is emitted. By default, PaymentsModule checks if there's another active recurring payment for user. If there isn't, it sends NotificationEvent with card_expires_this_month template code.

If you're not satisfied with the default implementation, you can remove the default handler by unregistering it in your module definition:

class FooModule extends Crm\ApplicationModule\CrmModule
{
    // ...
    public function registerEventHandlers(League\Event\Emitter $emitter)
    {
        $emitter->removeListener(
            \Crm\PaymentsModule\Events\RecurrentPaymentCardExpiredEvent::class,
            $this->getInstance(\Crm\PaymentsModule\Events\RecurrentPaymentCardExpiredEventHandler::class)
        );
        // ...
    }
}

Implementing new gateway

You can implement and integrate new gateways to the CRM if necessary. Based on whether you're implementing standard or recurrent gateway, you implementation should implement just Crm\PaymentsModule\Gateways\PaymentInterface or the former and Crm\PaymentsModule\Gateways\RecurrentPaymentInterface.

When implementing a gateway, we recommend extending Crm\PaymentsModule\Gateways\GatewayAbstract to avoid implementing parts which are always similar and would cause code duplication.

Once you have your implementation ready, you need to seed it into the database from within seeder in your own module (see PaymentGatewaysSeeder as an example) and register it into the application's configuration:

services:
	# ...
	- Crm\FooModule\Gateways\Foo
	# ...
	gatewayFactory:
		setup:
			- registerGateway(foo, Crm\FooModule\Gateways\Foo)

Then, add seeder that will insert the gateway to database. See Crm\PaymentsModule\Seeders\PaymentGatewaysSeeder as an example seeder implementation and register seeders section of CRM skeleton documentation too see how the seeders should be registered in your module.

Adding PaymentCompletedRedirectResolver

If you want to change the success page displayed to user after the payment based on any arbitrary rule - for example your gateway might want user to see some special offering or require him to enter some additional data - you can register redirect resolver to process this request. When the payment is confirmed, redirect resolver will decide (based on priority of registered resolvers) whether to redirect user to a special success page or whether a default success page (if remp/crm-salesfunnel-module is used) is sufficient.

The implementation of redirect resolver can look like this:

<?php

namespace Crm\FooModule\Model;

use Crm\PaymentsModule\Model\PaymentCompleteRedirectResolver;
use Nette\Database\Table\ActiveRow;

class FooPaymentCompleteRedirectResolver implements PaymentCompleteRedirectResolver
{
    public function wantsToRedirect(?ActiveRow $payment, string $status): bool
    {
        if ($payment && $status === self::PAID) {
            return $payment->payment_gateway->code === 'foo_gateway';
        }
        return false;
    }

    public function redirectArgs(?ActiveRow $payment, string $status): array
    {
        if ($payment && $status === self::PAID) {
            return [
                ':Foo:SalesFunnel:Success',
                ['variableSymbol' => $payment->variable_symbol],
            ];
        }
        throw new \Exception('unhandled status when requesting redirectArgs (did you check wantsToRedirect first?): ' . $status);
    }
}

In the example the resolver first checked whether the redirection should happen for this particular payment - it should happen if the payment was done via foo_gateway. Then the redirectArgs method returns array of arguments, that will be 1:1 used in Nette's $this->redirect() call. User will be redirected to renderSuccess method of SalesFunnelPresenter that is implemented in our FooModule and presents user our own success page.

When the implementation is ready, resolver needs to be registered in the app/config/config.neon with the priority specifying order of execution of resolvers - higher the number, higher the priority.

services:
	# ...
	paymentCompleteRedirect:
	 	setup:
	 		- registerRedirectResolver(Crm\FooModule\Model\FooPaymentCompleteRedirectResolver(), 400)

Bank Transfer landing page

When bank_transfer is used, user isn't redirected to external payment gateway provider, but CRM displays payment information that user should use to complete the payment manually.

By default, this is handled by BankTransferPresenter, but you can use your own custom screen with transfer information by using your own redirect resolver instead of bank transfers' default resolver.

Create the resolver and register it with priority >10 in your config.neon.

services:
	# ...
	paymentCompleteRedirect:
		setup:
			- registerRedirectResolver(Crm\FooModule\BankTransferPaymentCompleteRedirectResolver(), 50)

Bank email processing

Sometimes user doesn't finish the whole payment process and quits after the payment was made but before returning to the CRM for internal payment confirmation. That scenario is always unpleasant as user doesn't have money nor subscription.

To support this scenario, we've added possibility to read bank confirmation emails and try to confirm unfinished payments based on incoming emails.

The implementation is not universal yet and you'd need to create your own command for checking the mailbox. Please take a look at two implementations that we included within this package: confirmation commands for Tatra banka and for CSOB.

Mail downloaders

By default, our mail processing commands (e.g.: Tatra banka, CSOB) are using our implementation of mail downloader: ImapMailDownloader. You can replace this downloader if needed by:

1. creating your own mail downloader which must implement MailDownloaderInterface
2. replacing default implementation with your own in your app config neon file:

services:
	mailDownloader: Crm\YourModule\Models\MailDownloader\YourMailDownloader

Upgrades

Payments module provides a very basic way how to handle the upgrades. The upgrades are not currently configurable and work with predefined set of rules. There are 4 type of upgrades available:

• Shortening. If user's subscription doesn't end in the near time, system allows upgrade via shortening of actual subscription. The amount of days to shorten is based on number of remaining days of current subscription and the price of subscription type user's being upgraded to. Shortening is not trigerred if the shortened subscription would end sooner than in 14 days.
• Paid upgrade. If the shortening is not available, user is offered a paid upgrade. The amount to pay is calculated based
• Paid recurrent. Triggered when user's current subscription is recurrent and the subscription doesn't end within the following 5 days. Immediate charge amount is calculated based on upgraded subscription type price and the remaining number of days of current users's subscription. Next period charge is then made with the price of upgraded subscription.
• Free recurrent. If user has less than 5 days of subscription remaining, system allows the free upgrade to higher subscription. Next period charge is then made with the price of upgraded subscription.

Upgrade options for subscription types are configurable within subscription type detail in CRM admin. Upgrades don't check the content of each subscription type - therefore they cannot automatically determine that monthly web subscription can be upgraded to monthly web + print subscription. Each upgrade has to be configured manually and all upgrade options are always determined based on actual subscription, price of actual subscription type and price of upgraded subscription type.

API documentation

All examples use http://crm.press as a base domain. Please change the host to the one you use before executing the examples.

All examples use XXX as a default value for authorization token, please replace it with the real tokens:

• API tokens. Standard API keys for server-server communication. It identifies the calling application as a whole. They can be generated in CRM Admin (/api/api-tokens-admin/) and each API key has to be whitelisted to access specific API endpoints. By default the API key has access to no endpoint.
• User tokens. Generated for each user during the login process, token identify single user when communicating between different parts of the system. The token can be read:
  • From n_token cookie if the user was logged in via CRM.
  • From the response of /api/v1/users/login endpoint - you're free to store the response into your own cookie/local storage/session.

API responses can contain following HTTP codes:

If possible, the response includes application/json encoded payload with message explaining the error further.

POST /api/v1/payments/paypal-ipn

Handles the IPN notifications from PayPal. Follow this guide to enable IPN notifications for your PayPal account. Use http://crm.press/api/v1/payments/paypal-ipn as "Notification URL" (replace http://crm.press with your domain).

Note: when switching to "live" mode, don't forget to also change the paypal_ipn_baseurl config to the live IPN endpoint (see here)

GET /api/v1/payments/variable-symbol

API call returns unique variable symbol (transaction ID) to be used for new payment instance.

Headers:

Example:

curl -X POST \
  http://crm.press:8080/api/v1/payments/variable-symbol \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Authorization: Bearer XXX'

Response:

{
    "status": "ok",
    "variable_symbol": "2735309229"
}

GET /api/v1/users/recurrent-payments

API call returns list of all user's recurrent payments.

Headers:

Params:

Example:

curl 'http://crm.press/api/v1/users/recurrent-payments?states[]=active&states[]=user_stop&chargeable_from=2020-07-10T09%3A13%3A38%2B00%3A00' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer XXX'

Response:

[
  {
    "id": 154233,
    "parent_payment_id": 1231610,
    "charge_at": "2020-10-07T08:54:00+02:00",
    "payment_gateway_code": "stripe_recurrent",
    "subscription_type_code": "sample",
    "state": "active",
    "retries": 4
  }
]

POST /api/v1/recurrent-payment/reactivate

API call to reactivate user's recurrent payment.

Conditions to successfully reactivate recurrent payment:

• RecurrentPayment has to be in \Crm\PaymentsModule\Repository\RecurrentPaymentsRepository::STATE_USER_STOP state.
• Next charge of payment has to be in future (>= now).

Changes:

• State of recurrent payment is set to \Crm\PaymentsModule\Repository\RecurrentPaymentsRepository::STATE_ACTIVE.

Headers:

Payload params:

Example:

curl -X POST 'http://crm.press/api/v1/recurrent-payment/reactivate' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer XXX' \
--data-raw '{
    "id": 999999
}'

Response:

On success HTTP status 200 OK is returned with recurrent payment's details.

{
  "id": 999999,
  "parent_payment_id": 1234567,
  "charge_at": "2020-10-07T08:54:00+02:00", // charge is not changed when reactivating recurrent
  "payment_gateway_code": "stripe_recurrent",
  "subscription_type_code": "sample",
  "state": "active", // on success, state is always set to `active`
  "retries": 4
}

In addition to API responses described at the beginning of API documentation section:

POST /api/v1/recurrent-payment/stop

API call to stop user's recurrent payment.

Conditions to successfully stop recurrent payment:

• RecurrentPayment has to be in \Crm\PaymentsModule\Repository\RecurrentPaymentsRepository::STATE_ACTIVE state.

Changes:

• State of recurrent payment is set to \Crm\PaymentsModule\Repository\RecurrentPaymentsRepository::STATE_USER_STOP.

Headers:

Payload params:

Example:

curl -X POST 'http://crm.press/api/v1/recurrent-payment/stop' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer XXX' \
--data-raw '{
    "id": 999999
}'

Response:

On success HTTP status 200 OK is returned with recurrent payment's details.

{
  "id": 999999,
  "parent_payment_id": 1234567,
  "charge_at": "2020-10-07T08:54:00+02:00", // charge is not changed when stopping recurrent
  "payment_gateway_code": "stripe_recurrent",
  "subscription_type_code": "sample",
  "state": "user_stop", // this endpoint always sets state to `user_stop`
  "retries": 4
}

In addition to API responses described at the beginning of API documentation section:

Components

ActualFreeSubscribersStatWidget

Simple admin dashboard widget showing free subscribers count.

Source code

How to use

ActualPaidSubscribersStatWidget

Simple admin dashboard widget showing paid subscribers count.

Source code

How to use

ChangePaymentStatus

Admin listing/detail change payment status modal component.

Source code

How to use

DeviceUserListingWidget

Admin user listing device component.

Source code

How to use

DonationPaymentItemListWidget

Source code

How to use

DupliciteRecurrentPayments

Admin listing of duplicit recurrent payments.

Source code

How to use

LastPayments

Admin listing of last payments in payment gateway detail.

Source code

How to use

MonthAmountStatWidget

Admin dashboard simple stat widget showing payments amount for last month.

Source code

How to use

MonthToDateAmountStatWidget

Admin dashboard simple stat widget showing payments amount for last month.

Source code

How to use

MyNextRecurrentPayment

Source code

How to use

ParsedMails

Payments admin widget showing payments with wrong amount.

Source code

How to use

PaymentItemsListWidget

Admin listing of payment items in payment detail.

Source code

How to use

SubscribersWithPaymentWidget

Admin dashboard single stat widget.

Source code

How to use

SubscriptionsWithActiveUnchargedRecurrentEndingWithinPeriodWidget

Admin listing widget.

Source code

How to use

SubscriptionsWithoutExtensionEndingWithinPeriodWidget

Admin dashboard stats widget.

Source code

How to use

SubscriptionTypeReports

Admin subscription type detail stats widget.

Source code

How to use

TodayAmountStatWidget

Admin dashboard simple single stat widget.

Source code

How to use

TotalAmountStatWidget

Admin dashboard simple single stat widget.

Source code

How to use

TotalUserPayments

Admin user detail stat widget.

Source code

How to use

UserPayments

Admin user detail listing widget.

Source code

How to use

Confirmation e-mails

Examples of confirmation mails received from banks. Every type of mail has it's own IMAP access configurable in application configuration.

TatraBanka Simple

From: b-mail (at) tatrabanka (dot) sk

Subject: e-commerce

Example e-mail file

TatraBanka

From: b-mail (at) tatrabanka (dot) sk

Subject: Kredit na ucte

Example e-mail file

TatraBanka Statement

From: vypis_obchodnik (at) tatrabanka (dot) sk

Example e-mail file

CSOB

From: notification (at) csob (dot) cz

Subject: CEB Info: Zaúčtování platby

Example e-mail file

Slovak CSOB

From: AdminTBS (at) csob (dot) sk

Subject: ČSOB Info 24 - Avízo

Example e-mail file