Changelogs » Django-oscar



- Add support for django-oscar 2.x.
- Drop support for django-oscar 1.x.


- Replace a few instances of ```` with ```` to fix naive datetime warnings.


- Fix bug in Internationalization string interpolation


- Use Cybersource SOAP API for performing card authorizations
- Support Bluefin encrypted card entry / swipe devices.
- Improve Internationalization


- Make payment methods create separate ``payment.Source`` objects per Reference number (`!7 <>`_).
- Fix pate parsing bug which occurs during a spring-time daylight savings time transition.


- Fix bug with missing payment token fields on REVIEW replies.


- Adds support for ``django-oscar-api-checkout>=0.4.0``
- Fix error handling behavior in CyberSourceReplyView which often times lead to infinite loops.


- Add management command for unreadable Secure Acceptance Profiles from the database: ``python remove_unreadable_cybersource_profiles``
- Add exception try/catch into ``SecureAcceptanceProfile.get_profile`` method to more gracefully handle Fernet decryption errors thrown when fetching a profile from the database.
- Makes ``SecureAcceptanceProfile.get_profile`` method fall-back to Django settings when no readable profiles exist in the database.
- Fix unit tests broken by an expired development key


- Add ``order`` as a value for the ``CARD_REJECT_ERROR`` string template literal.


- Use Cybersource's ``reason_code`` field in addition to the ``decision`` field when deciding how to handle a response.
- Move secure acceptance profile data into the database.
- Profiles can be configured in the Django Admin interface. A default profile is created when running migrations based on the old environment variable settings.
- Stores the profile secret key in the using Fernet encryption via `django-fernet-fields <>`_. Therefore, you should declare a ``FERNET_KEYS`` setting in your project.
- Since secure acceptable profiles are limited to a single domains for customer redirect pages, this change allows a single Django instance to serve multiple domains (by using multiple profiles).


- Fix Django 2.0 Deprecation warnings.


- Make it possible to use a placeholder (``{order_number}``) in ``settings.CARD_REJECT_ERROR``.


- Add better error handling to the Cybersource response view. Prevents exceptions when a customer refreshes and resends one of the payment POST requests.


- Adds an order's shipping method into calls to Cybersource. This field can then be used by decision manager to help make decision regarding order fraud.
- Cybersource expects to receive one of the following values:
- `sameday`: courier or same-day service
- `oneday`: next day or overnight service
- `twoday`: two-day service
- `threeday`: three-day service
- `lowcost`: lowest-cost service
- `pickup`: store pick-up
- `other`: other shipping method
- `none`: no shipping method
- You can configure the mapping of Oscar shipping method code to Cybersource shipping method codes using the ``CYBERSOURCE_SHIPPING_METHOD_DEFAULT`` and ``CYBERSOURCE_SHIPPING_METHOD_MAPPING`` Django settings.
- Added exception handling and logging for bug sometimes occurring in the Cybersource reply handler.


- Add support for Django 1.11 and Oscar 1.5


- Improve testing with tox.


- Upgrade dependencies.


- Make ``DecisionManagerNotificationView`` directly set order status instead of relying on the ``set_status`` method. This avoids issues with order status pipelines.
- Add optional ``CYBERSOURCE_DECISION_MANAGER_KEYS`` keys setting to allow token-based authentication on the decision manager web hook endpoint.
- Default is disabled, which equates to disabled authentication.
- To enable authentication, set it to a list of valid authentication keys/tokens.
- When enabled, the ``DecisionManagerNotificationView`` view will inspect the ``key`` query parameter on incoming requests and compare it to the predefined keys in the setting. If it doesn't match one of the keys, the request is aborted.


- Make sure amounts sent to Cybersource are always properly quantized


- Support flagging authorizations for review with Decision Manager
- Transactions under review are marked with status `REVIEW`.
- Adds new boolean property to payment.Transaction model: `transaction.is_pending_review`.
- When handling an authorization that is pending review in Decision Manager, a note is added to the order.


- Fix IntegrityError sometimes thrown when processing a declined payment.


- Fix exception from typo in record_declined_authorization.


- Fix case-mismatch of payment source types.


- Add data migration to populate `CyberSourceReply.order` on rows from before 3.0.1.


- Added foreign key from `cybersource.CyberSourceReply` from `order.Order`.


- Change to two step SOP method with discrete get_token and authorization steps. This works around a bug in Cybersource's code which will leave a pending authorization on a user's card, even if the address verification or decision manager rejects the transaction. By doing the transaction in two phases, we can catch most AVN / DM rejections before the authorization is placed on the credit card. The downside is that the client must now perform 2 separate form posts to Cybersource.


- Internationalization


- Fix a few more Django 2.0 deprecation warnings that were missed in ``2.2.7``.


- Fix Django 2.0 Deprecation warnings.


- Add support for Oscar 1.5 and Django 1.11.


- Detect 9-digit ZIP codes in shipping a warehouse addresses and, instead of truncating the last 4 digits, send them in the `Plus4` field of the SOAP request.


- [Important] Fix bug causing order lines to get deleted is the corresponding basket or basket line is deleted.


- Handle bug occurring when a basket contained a zero-quantity line item.


- Upgrade dependencies.


- Simplified retry logic and fixed infinite loop issue.


- Improved documentation.
- Added ability to retry CCH transactions when requests raises a ConnectionError, ConnectTimeout, or ReadTimeout.
- Added new setting, ``CCH_MAX_RETRIES``, to control how many retries to attempt after an initial failure. Defaults to 2.


- Remove caching functionality from CCHTaxCalculator.estimate_taxes since miss rate was almost 100%.
- Fix bug in tax calculation causing taxes to be calculated based on pre-discounted prices instead of post-discounted prices.
- Add optional basket line quantity override by checking for property `BasketLine.cch_quantity`. Falls back to standard quantity if property doesn't exist.


- Added support for Oscar 2.
- Dropped support for Oscar 1.6 and lower, and dropped support for Python 2.


- Refactor as a plugin to django-oscar-api-checkout to eliminate code not related to Cybersource.



* Added missing parameter when raising a `DocDataStatusError` exception in the sandbox
* Wrap the order update in `order_status_changed` in a transaction
* Wrap `_store_report_lines` in a transaction and make sure `payment_id` is a string
* Simplified `_store_report_lines` by using `get_or_create`

`View commits <>`_



* remove `DOCDATA_ORDER_ID_START` from sandbox
* renamed remaining createErrors / cancelErrors / statusErrors to be compliant with Docdata API version 1.3

`View commits <>`_



* createError has been renamed to createErrors in Docdata API version 1.3



* Upgraded to Docdata 1.3 API
* Removed the untested and probably unused `start` method from the `DocdataClient` class
* Removed the corresponding start_payment method from the `Interface` class



* Added Python 3 and Django classifiers and wheel package
* Dropped Django < 1.11 and added support for Django 1.11, 2.0 and 2.1
* Fixed management commands to work with Django>=1.11
* Cleanup and simplified sandbox application
* Removed unused `django-polymorphic` dependency and cleanup up depending model



* Added Python 3 support.



* Fixed Django 1.9+ support in templates.



* Fixed the ``default`` value of the ``merchant_name`` field in the migrations.



* Fixed Django 1.10 deprecation warnings



* Added django-polymorphic 0.8 support



* Added Django 1.7 migrations



* Cache Docdata WSDL information, avoid fetching it each time ``Facade``/``Interface``/``DocdataClient`` object is constructed.
* Added ``DocdataClient.set_merchant(name, password)`` method.
* Added subaccount support

* Added ``merchant_name`` parameter to ``create_payment()``.
* Fill ``DOCDATA_MERCHANT_PASSWORDS`` to support updating/cancelling orders created at other subaccounts.
* Minor **backwards incompatibility**: ``start_payment()`` "order_key" parameter is renamed to "order".
This only affects passing kwargs. Passing the order key works but is deprecated, pass a ``DocdataOrder`` instead.

* Added ``update_docdata_order`` management command.
* Added ``-v3`` flag for managements commands to displays the SOAP XML conversation (via logging).
* Allow ``return_view_called`` signal handlers to return a response, thereby overriding the default response.
* Increased ``DOCDATA_PAYMENT_SUCCESS_MARGIN`` for USD to $1.50
* Fix reverting order statuses, using ``Order.set_status()`` now so manually changed order statuses are not reversed.
* Fix detecting "paid" status when the customer starts multiple payment attempts, but then completes the first.
(the root issue here is the lack of a missing global "cluster/order status" field in the API - so we have to make guesses).
* Fix handling of paid orders that have a partial refund (e.g. 5%).
* Fix handling of orders with received a chargeback.
* Fix using ``%s`` in logging statements so Sentry can group similar events.
* Fix ``DocdataOrder.last_payment`` property.



* Added support for multiple merchant accounts in a single database (multi-tenant support).
* Added manager methods to ``DocdataOrder.objects``: ``current_merchant()``, ``for_reference()``, ``for_order()``.
* Added support for the parameters ``billing_address``, ``shipping_address``, ``basket`` in the `get_create_payment_args()` code.
* Added support for the ``Invoice`` element. This is needed to pass state for PayPal.
* Added ``DOCDATA_FACADE_CLASS`` setting, so all views use a custom Facade
* Added ``oscar_docdata.gateway.to_iso639_part1()`` function, for sending language codes in the proper format.
* Added pagination in docdata dashboard view.
* Using suds-jurko_ fork for SOAP calls, which is a maintained fork of suds_.
* Fix detecting expired orders via the status API.
* Improve ``/api/docdata/update/`` output for curl usage.



* Fix concurrency issues with Docdata calling both the return_url and notification_url at the same time.
* Apply 32 char limit to street field in the default `get_create_payment_args()` implementation.



* Add management command ``expire_docdata_orders``
* Add management command ``docdata_report``
* Be more strict with payment tags, check for ``capture=CAPTURED``
* Explicitly set ``DocdataException.value`` to be a unicode string.
* Fix possible circular import errors when using ``Facade`` in ````
* Avoid warning for undocumented ``AUTHORIZATION_ERROR`` and ``CANCEL_FAILED`` status value.



* Add ``DOCDATA_PAYMENT_SUCCESS_MARGIN`` setting to handle currency conversion rate issues.
* Avoid warning for undocumented ``AUTHORIZATION_FAILED`` status value.
* Mention 32 character limit for street fields in the README and sandbox.



* Upgraded to Docdata 1.2 API



* Fix validation of empty start and end times on opening periods.



* Load app models dynamically to allow overriding.
* Add a `PUBLIC_HOLIDAYS` option to `OpeningPeriod.weekday` choices.


- Add the ability to set CCH product SKU, item, and group per-product in addition to globally.


- Add `CCH_TIME_ZONE` setting.
- Send time zone aware ISO format date as CalculateRequest InvoiceDate node. Formerly just sent the date.


- Truncate ZIP coes so that CCH doesn't choke when the user supplies a full 9-digit ZIP code.


- Make profile, access, and secret mandatory
- Upgrade to `django-oscar-api>=1.0.4` to get rid of the need for our custom empty basket check
- Make test coverage much more expansive


- README Updates
- Added tests for FingerprintRedirectView
- Fixed a bug in the img-2 redirect url


- README Updates


- Added support for Oscar 1.6 and Django 1.11, 2.0 and 2.1.
- Dropped support for Oscar 1.5 and lower, and Django 1.10 and lower.


- Initial release.


- Add support for django-oscar 2.x.
- Drop support for django-oscar 1.x.


- Drop support for Oscar 1.5
- Use PostgreSQL full-text search (instead of Haystack) for all indexes (credit applications, transfers, and pre-qualification data)


- Internationalization
- Add PreQual request data into PreQualificationResponseSerializer serializer
- Add view to allow resuming a PreQual offer from a different session


- Make payment methods create separate ``payment.Source`` objects per Reference number (`!24 <>`_).
- Change behavior of denied and pended credit applications. Application records are now always saved to the database (`!26 <>`_).
- Made Fraud screen system fail-open (rather than closed, denying all orders) upon returning an error.


- Improve Pre-Qualification Dashboard.
- Adds new columns
- Improves search using Haystack
- Adds export ability
- Add financing advertising thresholds to the API


- Fix widget rendering issue in Django 2.1


- Extend PreQual views to work with new Wells Fargo Pre-Approval SDK.
- Record transaction records for denied transaction attempts.
- Add support for Django 2.1
- Add support for Python 3.7


- Upgrade to django-oscar-bluelight 0.10.0.
- Make Wells Fargo offers use HiddenPostOrderAction results.


- Adds support for Django 2.0 and Oscar 1.6.


- Adds support for ``django-oscar-api-checkout>=0.4.0``


- Update compatible django-oscar-api-checkout version


- Add new API endpoint for estimating loan payments based on advertised plan thresholds.


- Add support for Wells Fargo's Pre-Qualification (soft-credit check) API.


- Fix corrupted package build in version ``0.10.0``.


- Add support for django-localflavor 2.0 by switching to using django-phonenumber-field for phone number fields.
- This introduces a breaking change in the application APIs. Phone number fields were previously expected to be submitted in the format: ``5555555555``. They must now be submitted in a format accepted by `python-phonenumbers <>`_, such as ``+1 (555) 555-5555`` or ``+1 555.555.5555``.
- Remove previously squashed migrations.
- Remove dependency on django-oscar-accounts and django-oscar-accounts2.
- Fix Django 2.0 deprecation warnings.


- Patch package requirements to require django-localflavor less than 2.0.


- Add automatic retries to transactions when they encounter a network issue.



* Django 1.7 support
* Fix localisation bug


- Add ability to gate transaction using pluggable fraud screen modules. By default fraud screening is disabled.


- Add support for Django 1.11 and Oscar 1.5
- Add new field to the FinancingPlan model to contain a price threshold value.
- While the offers system is still used to determine what plans a basket is eligible for, sometimes plan data is needed before a product is in the basket. For example, you may wish to advertise a monthly payment price for a product outside of the basket context. Previously the ``is_default_plan`` flag was used for this purpose. Now, each plan can have a price threshold set in the ``product_price_threshold``. Then, those threshold values can be used to determine which plan to display for each product. For example, if you configure plan 0001 with a threshold of $100.00 and plan 0002 with a threshold of $200.00, a product costing $150.00 would display a monthly price calculated based on plan 0001 while a product costing $500.00 would display a monthly price calculated based on plan 0002. The ``is_default_plan`` flag still exists and can be used as a fallback to products not meeting any of the configured thresholds.
- Add template override in the sandbox store to demonstrate this behavior.


- Add new field to the FinancingPlan model to contain a superscript number, corresponding to fine print displayed elsewhere on the page.



* Load geocode service dynamically
* Drop support for Oscar 0.5


- Fix 404ing JS in Oscar Dashboard
- Add several new columns to the Credit Application dashboard:
- Merchant Name used for application
- Application Source
- Requested Credit Amount
- Resulting Credit Limit
- Order total of first related order
- Merchant name used for order
- Fixes exception thrown when trying to decrypt invalid data using KMS backend
- Add button to export a CSV of credit applications from the dashboard
- Make Wells Fargo Benefits use offer conditions to consume basket lines
- Use oscar-bluelight's offer groups feature to allow stacking other discounts with financing benefits. The recommended set-up is to place all Wells Fargo related offers into an offer group of their own, configured with a lower priority than any other group.


- Add new multi-encryptor class that combines multiple other encryptors together. This allows key rotation and graceful migration between different encryption methods.


- Handle pending application responses separately from denied responses. They now throw different API exceptions with different error messages and error codes.
- Add some basic dashboard view tests.


- Add foreign key from TransferMetadata to APICredentials used to make the transfer.


- Fix bug which prevented adding new plan groups via the dashboard.
- Adds unit tests for financing plan and financing plan group dashboard forms.


- Save last 4 digits of resulting account number to credit application models.
- Add ``TransferMetadata.purge_encrypted_account_number`` method.
- Handle ValidationError when submitting a transaction to prevent 500 errors in checkout.
- Fix 500 error in Credit App API when SOAP API returned a validation issue.
- Fix install documentation regarding API credentials.


- Fix bug when migrating account numbers to new encrypted fields.


- Moved Fernet encryption class from ```` to ````.
- Added alternative `AWS KMS <>`_ encryption class as ````.



* Support Django 1.6
* Templates now load assets over HTTPS where appropriate


- **Major Release. Breaking Changes.**
- Drop dependency on django-oscar-accounts.
- Stop tracking accounts in database.
- Account numbers are now encrypted at rest.



A couple of extensions.

* Fix cancel link for store form
* Allow HTML map box to be more easily customised
* Allow search results to be distance limited



* Support Oscar 0.6

* Support Django 0.5


- Add support for Django 1.10, Python 3.6.
- Drop support for Django 1.8, Python 3.4.


- During reconciliation with WFRS, adjust credit limit before doing compensating transaction.


- Make application date times display in localized timezone in the dashboard search-results table.


- Upgrade dependencies.


Note that this release is backwards incompatible! This is due to a renaming
of the module from `accounts` to `oscar_accounts`.

- Updated to be compatible with Oscar 1.2 (Django 1.8 / 1.9)
- Updated dashboard to support Bootstrap 3
- Refactored test infrastructure


- Add improved credit application search functionality to dashboard.
- Fix bug where AccountInquiryResult.reconcile() would sometimes attempt to make a debit with a negative amount.


- Add boolean for controlling whether or not to display a credit application form to the client.


- Include HTML templates in package
- Dashboard templating fixes


The complete changelog can be found at



- Move API credentials into database, optionally triggered by user group.


- Add a relation between wellsfargo.AccountMetadata and order.BillingAddress.


- Prevent creating invalid WFRS Plan Group Benefits in the standard bluelight benefit dashboard.



* Add support for Oscar v0.7 and v0.8
* Add support for Django 1.7 when using Oscar 0.8. Earlier versions of Oscar
are not supported because Django 1.7 support is only available starting with
Oscar 0.8.



* Add tests for migrations using PostgreSQL and MySQL databases on Travis
* Add a fix for MySQL when renaming tables in migration ``0004`` which fails
if constraints on the foreign keys are not dropped before renaming them. This is
details in ticket 466 for South:
* Fix dependency with Oscar's ``basket`` app in eway migration.
* Rename deprecated tables in migration due to PostgreSQL issue with uppercase


- Initial release.

.. _changelog: