Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54770

PayPal enrolment plugin to support required SSLVERSION TLS v1.2 if possible

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Deferred
    • Affects Version/s: 3.0.3, 3.1.1
    • Fix Version/s: None
    • Component/s: Enrolments
    • Labels:
    • Testing Instructions:
      Hide

      This is a somewhat complicated test that involves compiling the PHP/cURL extension against libssl which itself has to be compiled against different SSL/TLS libraries. To make this easier I've written a small bash script to automate much of the compiling parts test (attached to this issue).

      You'll also need ngrok, and I would also recommend mailcatcher - but it can be a bit of a pain to set up sometimes. As an alternative you can use your moodle gmail account as an SMTP server.

      Setup Server

      1. Create a virtual machine using this Debian ISO. It must be this one otherwise the bash script won't work.
      2. Set up your webserver stack (make sure you use Apache and PHP from apt-get though). However don't install the PHP/cURL extension. We're going to compile that.
      3. Place the attatched bash script in your home directory (or somewhere that you can write to)
      4. Install sudo - this guide seems OK
      5. Run ./install.sh init - it uses sudo so will prompt for your password
      6. If it worked it should have downloaded some sources and installed a few packages. If something goes wrong it should produce some sort of error
      7. Try running ./install.sh again and make sure it says "No packages to install"
      8. Make a PHP file with phpinfo(); and put it in your webroot
      9. Access the PHP script and check that there is no mention of the cURL extension
      10. Run ./install.sh OpenSSL - it should compile the PHP/cURL extension, put it in the right place, and restart Apache for you
      11. Check the info script again, check that you can see the cURL extension

      Setup Moodle and PayPal

      1. Clone the moodle integration branch and put it in your webroot
      2. Go through the installation procedure
      3. Create a new user with a valid email that you can check the inbox of
      4. Make sure the admin user's email is also a valid email you can check the inbox of
      5. Edit config.php, adding the following line just before the require_once(...setup.php);

        $CFG->usepaypalsandbox = true;
        

      6. Now is probably also a good time to set up your ngrok tunnel and change $CFG->wwwroot to match
      7. It would also be a good idea to get email stuff working now
      8. Set up PayPal sandbox:
        1. Login to developer.paypal.com/ and go to the dashboard
        2. Under "Sandbox" click "Accounts"
        3. Create two accounts, one business account and one personal account. Make sure the personal one has lots of money (two accounts may already exist by default, I think you can edit them)
        4. Set the password for each account to something you can remember
        5. Log in to sandbox.paypal.com as the business account from before
        6. You should be on the "My Account" page, Click "Profile" in the menu bar (click the word profile, not something in the sub-menu)
        7. Under "Selling Preferences" click "Instant Payment Notification Preferences"
        8. Enter "http://[your_ngrok_id].ngrok.io/[moodle_path]/enrol/paypal/ipn.php" as the notification URL and turn on IPN notifcations
      9. Back on your moodle site, set up the PayPal enrolment plugin:
        1. Update config.php with your ngrok URL
        2. Login as admin and browse to "Site administration" > "Plugins" > "Enrolments" > "Manage enrol plugins"
        3. Enable PayPal and configure it:
          1. Business email: the business email you made earlier
          2. Notify students: yes (not strictly needed, but it's useful to make sure everything is working properly)
          3. Everything else can be default
        4. Create a new course (default settings are fine)
        5. Browse to "Course administration" > "Users" > "Enrolment methods"
        6. Add the PayPal enrolment method, make sure to add some dollar amount for "Enrol cost"
        7. Ensure there are no other enrolment methods like "Guest access" or "Self enrolment"

      Testing the different SSL/TLS libraries

      1. At your virtual machine's terminal, run the install script: ./install.sh OpenSSL with_tls
      2. Check the info PHP file made earlier and ensure under "curl" you see that the SSL Version is "OpenSSL/1.0.1t"
      3. Log in as the student account
      4. You should be able to see the PayPal course
      5. Click it and go through the process of payment on the PayPal site (use the personal account email that we set up before)
      6. Verify that the student is enrolled in the course
      7. Verify the student got an email (if they were enrolled without error, but you don't have the email, you'll need to sort that out before continuing)
      8. As admin, unenrol the student
      9. Run the install script again: ./install.sh GnuTLS
      10. Repeat steps 2-8 (check for "GnuTLS/3.3.8" under SSL Version)
      11. Run the install script again: ./install.sh NSS
      12. Repeat steps 2-8 (check for "NSS/3.17.2 Basic ECC" under SSL Version)
      13. Run the install script again: ./install.sh OpenSSL without_tls (check the info script for "OpenSSL/0.9.8o")
      14. As the student go through the process of enrolling again
      15. It should all work, but check the site admin email, there should be an email explaining that the SSL library will need to be updated
      Show
      This is a somewhat complicated test that involves compiling the PHP/cURL extension against libssl which itself has to be compiled against different SSL/TLS libraries. To make this easier I've written a small bash script to automate much of the compiling parts test (attached to this issue). You'll also need ngrok , and I would also recommend mailcatcher - but it can be a bit of a pain to set up sometimes. As an alternative you can use your moodle gmail account as an SMTP server. Setup Server Create a virtual machine using this Debian ISO. It must be this one otherwise the bash script won't work. Set up your webserver stack (make sure you use Apache and PHP from apt-get though). However don't install the PHP/cURL extension. We're going to compile that. Place the attatched bash script in your home directory (or somewhere that you can write to) Install sudo - this guide seems OK Run ./install.sh init - it uses sudo so will prompt for your password If it worked it should have downloaded some sources and installed a few packages. If something goes wrong it should produce some sort of error Try running ./install.sh again and make sure it says "No packages to install" Make a PHP file with phpinfo(); and put it in your webroot Access the PHP script and check that there is no mention of the cURL extension Run ./install.sh OpenSSL - it should compile the PHP/cURL extension, put it in the right place, and restart Apache for you Check the info script again, check that you can see the cURL extension Setup Moodle and PayPal Clone the moodle integration branch and put it in your webroot Go through the installation procedure Create a new user with a valid email that you can check the inbox of Make sure the admin user's email is also a valid email you can check the inbox of Edit config.php, adding the following line just before the require_once(...setup.php); $CFG->usepaypalsandbox = true; Now is probably also a good time to set up your ngrok tunnel and change $CFG->wwwroot to match It would also be a good idea to get email stuff working now Set up PayPal sandbox: Login to developer.paypal.com/ and go to the dashboard Under "Sandbox" click "Accounts" Create two accounts, one business account and one personal account. Make sure the personal one has lots of money (two accounts may already exist by default, I think you can edit them) Set the password for each account to something you can remember Log in to sandbox.paypal.com as the business account from before You should be on the "My Account" page, Click "Profile" in the menu bar (click the word profile, not something in the sub-menu) Under "Selling Preferences" click "Instant Payment Notification Preferences" Enter "http://[your_ngrok_id].ngrok.io/[moodle_path]/enrol/paypal/ipn.php" as the notification URL and turn on IPN notifcations Back on your moodle site, set up the PayPal enrolment plugin: Update config.php with your ngrok URL Login as admin and browse to "Site administration" > "Plugins" > "Enrolments" > "Manage enrol plugins" Enable PayPal and configure it: Business email: the business email you made earlier Notify students: yes (not strictly needed, but it's useful to make sure everything is working properly) Everything else can be default Create a new course (default settings are fine) Browse to "Course administration" > "Users" > "Enrolment methods" Add the PayPal enrolment method, make sure to add some dollar amount for "Enrol cost" Ensure there are no other enrolment methods like "Guest access" or "Self enrolment" Testing the different SSL/TLS libraries At your virtual machine's terminal, run the install script: ./install.sh OpenSSL with_tls Check the info PHP file made earlier and ensure under "curl" you see that the SSL Version is "OpenSSL/1.0.1t" Log in as the student account You should be able to see the PayPal course Click it and go through the process of payment on the PayPal site (use the personal account email that we set up before) Verify that the student is enrolled in the course Verify the student got an email (if they were enrolled without error, but you don't have the email, you'll need to sort that out before continuing) As admin, unenrol the student Run the install script again: ./install.sh GnuTLS Repeat steps 2-8 (check for "GnuTLS/3.3.8" under SSL Version) Run the install script again: ./install.sh NSS Repeat steps 2-8 (check for "NSS/3.17.2 Basic ECC" under SSL Version) Run the install script again: ./install.sh OpenSSL without_tls (check the info script for "OpenSSL/0.9.8o") As the student go through the process of enrolling again It should all work, but check the site admin email, there should be an email explaining that the SSL library will need to be updated
    • Affected Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE
    • Pull Master Branch:
      MDL-54770-master
    • Story Points:
      1
    • Sprint:
      3.2 Sprint 3

      Description

      PayPal enrolment plugin to support required SSLVERSION TLS v1.2 if possible.
      As of June 17, 2016 PayPal will require HTTP 1.1 and SSL version TLS v1.2
      see: https://devblog.paypal.com/upcoming-security-changes-notice/

        Attachments

        1. curltest.php
          0.1 kB
        2. install.sh
          4 kB

          Issue Links

            Activity

              People

              Assignee:
              cameron1729 cameron1729
              Reporter:
              brentboghosian Brent Boghosian
              Peer reviewer:
              Simey Lameze
              Integrator:
              Dan Poltawski
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: