The Devletter #12: Magento 2.0.6 Payment changes
This article is originally created for The Devletter #12: Important changes in Magento 2.0.6. If you would like to receive The Devletter every Wednesday directly into your inbox (for free), click to subscribe.
Magento team committed to deliver great quality releases starting from Magento 2.0 GA back in November 2015. It is also expected to get stable major releases every quarter starting from 2016 year. Having this in mind major release should happen in March 2016 - 2.1, June 2016 - 2.2, September 2016 - 2.3 and so on.
We live in changing environment. Especially if you support and implement big open source project such as Magento 2. Even if you have 100 developers and 30 quality assurance engineers every major release might be a nightmare when it comes to final verification.
While everyone shares feedback for ongoing Magento 2.1-RC1 release (while I am writing current The Devletter, Magento 2.1-RC2 has been released, check it out), I would like to share observations for the Magento 2.0.6 version.
I closely work with Payments Service Providers. Recently, I was surprised with the 2.0.6 release. The Release Notes document highlights security changes which aren't related to payment integrations. There is only one exception - XSS protection security fix was introduced for the Authorize.net integration.
There are two major changes in the 2.0.6 introduced in the Magento\Payment module:
- The Magento\Payment\Model\Method\AbstractMethod class officially became deprecated. If you are using it in your custom payment methods, consider switching to more stable Magento\Payment\Model\Method\Adapter class.
- The Magento\Payment module is no longer responsible for setting credit card data from checkout payment form. In other words, in case your custom payment integration relies on such fields as cc_number, cc_type, cc_exp_year and cc_exp_month you have to check and re-test payment integration. These fields should be pre-populated by a custom payment module.
The reason for this change is Magento team works hard on security improvements around Payment related functionality. Also, the Magento\Payment module has no knowledge about credit or offline payments usage that is why a lot of changes going on right now.
Magento team works hard on security improvements around Payment related functionality.
I am planning to write step-by-step article with recommendations to cover non-documented issues. Stay tuned.
- In case you are looking for custom payment implementation guide, I have detailed article explaining how to configure and use Magento\Payment\Gateway module library.
- If you are running Magento 2 on production together with PHP 7 or you plan to move to this version, consider upgrading to Magento 2.0.7 release. The release fixes issue related to all payment methods when running PHP 7.
- Alan Storm did a great "Magento 2 Book Review: Theme Web Page Assets" book review by Alan Kent - VP of Magento Architecture. I join Alan's Storm opinion about few points.