Over the past few days, I’ve focused on strengthening error-handling coverage and documentation in TalerPHP. These updates were inspired by the recent feedback and ongoing effort to ensure the SDK’s robustness and usability.
Exception Testing:
Added PHPUnit tests for TalerException , covering message sanitization, JSON response parsing, and DTO handling. This ensures reliable error detail extraction in all scenarios.
Order Tests:
Extended tests for CreateOrder , ForgetOrder , and RefundOrder operations to verify ErrorDetail parsing through TalerException::getResponseDTO . This significantly improves error-handling consistency across order actions.
Documentation Updates:
The README now includes a new section explaining how to use TalerException::getResponseDTO with practical examples for structured error parsing.
What’s new:
• Implemented GET /config action.
• Added DTOs: MerchantVersionResponse and ExchangeConfigInfo .
• Introduced ConfigClient with getConfig() and getConfigAsync() methods.
• New Taler::configApi() entry point for easy access.
• Comprehensive tests for DTOs and actions (covering success, async, and error cases).
• README updated with examples for using the Config API.
Just released a set of new features for Donau Charity integration
• Introduced PostDonauRequest DTO with built-in validation for safe and consistent requests.
• Implemented the CreateDonauCharity action - returns null on 204 responses, or an optional Challenge object if a 202 is returned.
• Added the ability to Delete Donau Charity by serial for effective resource management.
• Comprehensive test coverage is included.
• The README has a new Donau Charity section with usage documentation and code examples.
A new helper tool has been introduced to improve credential verification and error reporting:
• The Credential Health Check verifies merchant configuration via /config and tests instance accessibility.
• It performs an authenticated, harmless GET request to /private/orders to detect and report common errors like 404 (Not Found), 401 (Unauthorized), and other issues.
• This helps diagnose configuration or credential problems early with clear, actionable error messages.
• Usage is documented in the README for easy integration and reference.
Implemented comprehensive 2FA challenge request and confirmation APIs to boost security:
• Added MerchantChallengeSolveRequest DTO with validation and ChallengeRequestResponse DTO.
• Introduced TwoFactorAuthClient with requestChallenge() and confirmChallenge() methods handling synchronous and async operations.
• Developed RequestChallenge and ConfirmChallenge actions under the TwoFactorAuth module.
• Full test coverage ensures flow accuracy, including strict replay protection with Taler-Challenge-Ids .
• README extended with a dedicated Two Factor Auth section featuring usage examples.
This addition strengthens user authentication workflows with modern 2FA capabilities.
TalerPHP Progress & Second Feedback from Professor Christian Grothoff
Hey everyone! It’s been a little while since my last post, but I’ve still been working on TalerPHP. I’m really happy to share that I got a second round of feedback from Professor Christian Grothoff himself - super insightful as always, and I’ve already started rolling out improvements based on his suggestions.
Here are a few updates already in place:
Added stricter Taler amount validation
Added GetOrderRequest and GetOrdersRequest DTOs with forward-compatible extra parameters (for power users) and full typed request support
Improved doc blocks with detailed GNU Taler param descriptions for better autocomplete and readability
Also, as a separate improvement, I’ve set up a CI workflow to automatically run tests on every push or PR to keep everything stable and consistent.
Big thanks to Professor Grothoff for the helpful feedback - it’s great having such guidance while continuing to polish and strengthen the SDK!
For the past few weeks, I’ve been working on integrating TalerPHP into WordPress. Started small and simple, but as the files grew massive, I decided to refactor using SOLID principles - now it’s much easier to maintain and extend!
Works with ANY WordPress site - not just WooCommerce!
Key challenges and fixes:
Order spam prevention: Originally, every time the pay button showed, it created a new order - flooding the merchant backend with fake orders. Fixed.
Deep linking to Taler wallet: Triggering the Taler browser wallet from a button click required deep links to the custom taler: protocol. WordPress security blocked non-standard protocols, so I created a whitelist functionality to allow it safely.
Wallet opening issues: Additional hurdles with reliably opening the Taler wallet in the browser.
What’s also included:
Full unit tests for reliability
Custom admin settings page where users can configure payment texts, behavior, and other options
It wasn’t as easy as I expected, but I’m satisfied with the outcome so far!
I’ve started working on integrating TalerPHP into Drupal! It’s still early development stage, but it’s been much easier than WordPress so far. Drupal has SOLID principles in place, a super-organized architecture, and it’s highly configurable - so it’s a total pleasure to work with!
Ready features so far - backend configuration:
• Merchant backend URL setup
• Instance ID with username/password authentication
• Or simply storing access tokens
• Both password and access tokens are encrypted before storage
Just finished the first part of the checkout flow.
What’s working:
• Checkout process with proper order handling
• No more duplicate orders from double-clicks
• Better wallet opening (handles browser extension quirks)
• Nice checkout page with proper Taler support tags
New features added (with automated test units):
• Auto-check order status (that smoother UX from the prev comment)
• Pay with mobile wallet via QR code - this was much easier thanks to the WordPress Taler plugin experience
• New admin form to customize all public-facing texts
CI workflow integrated
This was honestly a pain. The repo is just a standalone custom module (no full Drupal install), but tests run from Drupal, not the module itself. Composer packages + test setup caused a lot of headaches.
It worked locally, so lots of trial-and-error. Finally solved it by installing a full Drupal project inside the CI container with all the right flags properly configured. Now it works !
Drupal Taler module almost done + security hardened
The Drupal Taler module task is almost accomplished now and I’ve tightened up security:
What’s safer now:
• Checkout is CSRF-protected - no more direct routes, just secure forms
• Credentials encrypted with strong AES-256-GCM (only accepts v2 format)
• Smarter error handling - no sensitive info leaking in logs
• Amount validation before sending to backend
• Updated tests and docs to match
!