Open Source

Bringing Worldpay’s payment pages into the 21st century

We know that, to put it nicely, Worldpay’s hosted gateway payment pages (“pay by link”) are a little dated. We manage because:

  1. They are the UK’s largest payment processor and one of the most cost effective,
  2. There are other options, such as “direct XML”, if you really need it to match your brand.

Recently, we found ourselves addressing a separate problem – the lack of integration between Worldpay’s core products and the Xero accounting system. There has been huge demand for this, for years. Worldpay ended up responding to this by bringing out Worldpay Online. Worldpay Online is their modern, easy to integrate payments platform that unfortunately is much more expensive than their core products. Despite a finally seeing a direct Xero-Worldpay integration, the community responded exactly as you’d expect.

Software development is what we do and, as active users and developers of both systems, we decided to take on the challenge of integrating the two systems as the community wants. The result is our second app, Coherent Pay.

Coherent Pay works well (we’re biased!) but the weak point is the part of the process where customers are redirected to a payment page that was probably built in the early ’90s and changed little since. With this in mind, we got our design hat on and created a new look for both pages (click to enlarge):

Worldpay modified payment page 1Worldpay modified payment page 2

We’re releasing these, free of charge, to Worldpay users everywhere, whether or not you use our Xero integration!

How to install the new pages

  1. Log in to the Worldpay Business Manager and click on “setup”
    Step 1
  2. Click on “Edit Payment Pages”
    Step 2
  3. Choose your installation ID (probably called Pay by Link) and click Edit Payment Pages
    Step 3
  4. Click “Header and Footer”:
    Step 4
  5. Click “Edit Header” and then repeat the following steps for “Edit Footer” as well
    Step 5
  6. Paste the header (footer) code into the box and click “Save File”
    Step 6

Read more →

 

Open source SSH gateway

If, like us, you manage a lot of servers, it can be difficult to organise them. Some time ago, we explored a few options and settled on Ezeelogin. Ezeelogin is one of very few products that provides an easy to use SSH gateway. In our case, however, the problem we needed to solve was very simple: to allow trusted staff members easy access to an evolving catalogue of servers.

Today, we are open sourcing the custom built SSH gateway that we use in-house. It uses a MySQL database to store server groups, servers and users (there is no web interface for this yet but phpMyAdmin would do everything necessary). When a user logs in, it looks up which groups that user can see. The user selects a group and it displays all of the servers in that group. The user then selects a server and it logs them in.

Authentication between the user and gateway is handled in the normal way – they have their own system user and can use a password or a key – whatever is set is sshd_config. Authentication between the gateway and the server is with an SSH keypair that is shared by all users but can only be seen by root (on a properly configured server).

To reiterate, whereas some products have focused very heavily on security, we have a number of security policies within our company that reduce the need for the gateway to be anything more than a tool for convenience. That said, I recommend the following steps to secure the gateway:

  1. Encrypt the gateway’s disk – or use an encrypted volume to store the SSH keypair
  2. Host the gateway on your office server if you have one
  3. Turn off password authentication on the gateway in sshd_config

 

Download

Download it on GitHub

Installation

  1. Import the MySQL database
  2. Edit the database as required using phpMyAdmin, the command line or anything else
  3. Upload gwshell to /sbin and make it executable (“chmod +x /sbin/gwshell”)
  4. Optionally upload gwuseradd to /sbin and make it executable (“chmod +x /sbin/gwshell”) – this is a convenience tool for the admin to add users
  5. Generate an SSH key on the gateway server in /etc/sshgateway/id_rsa and add the public key to the servers you want to control
  6. Disable SELinux
  7. Allow sudo access without a password for members of the wheel group (see /etc/sudoers)

When new users are added, they must have access to the wheel group and therefore, sudo. This is to access the shared key. You can of course copy keys, use individual keys or set up password authentication if you wish – but users should not be able to access the normal shell anyway. Each user’s shell (in /etc/passwd) should be /sbin/gwshell, which means that they see the gateway rather than a normal shell when they log in. All of this is handled in gwuseradd if you choose to use it: “gwuseradd [username]”.

Usernames in /etc/passwd need to match usernames in the database. If there is no match, they won’t be able to access any servers. Groups in the “users” table is comma-separated so, if you want to give a user access to groups 1 and 3, enter “1,3”.

Support, licence etc.

The software is MIT licensed. We hope it is convenient for you as it is for us. You may use it free of charge, at entirely your own risk. Because it is free, if you need support from us, obviously, it will be chargeable. It is pretty easy to use, though.

Read more →