You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
This is the homepage for fundraising-tech documentation. If you can't find what you are looking from from here then take a look at our documentation plan and add the appropriate header & links.
Note that much of the content on this page should be moved to linked pages.
- If you want to understand what fr-tech does, who we are and how to contact us head over to https://www.mediawiki.org/wiki/Fundraising_tech
- There is some information on this page - Fundraising Software Development. - that needs to be migrated onto this main page
A Donor-facing endpoints
DonationForm - reusable frontend
B Internal endpoints
WMF fundraising uses CiviCRM to track donor data.
CiviCRM requires a 'host CMS' and to that end we use Drupal7. Drupal 7 is EOL in November 2022 and next year we plan to upgrade to Drupal 9 - or maybe even 10. Our goal, however, is that we do not use any CMS-specific code going forwards. While we currently expect to stick with Drupal in we should be equally able to move to Wordpress. To this end we are in the process of migrating our drupal modules to CiviCRM extensions.
Drush is a really useful drupal command line utility. There is a lot of documentation about drush on the internet but a few things to know with regards to WMF.
- On production, staging and in our docker dev set up we have an alias 'wmff' which tells drush details about where the code is and to use user 1.
- Common usage:
|`drush @wmff updb`||local dev and prod||Run any database updates that need to be run|
|`drush @wmff up --security-only`||local dev||Download and install any security updates (these are then checked into git to deploy)|
|`drush @wmff cvapi Contact.get version=4 checkPermissions=0`||local dev and prod||Run a civicrm api - the Contact.get action is probably not in itself useful but it does show how a api version 4 call would look|
Our CiviCRM customisations
C External services
D Cluster layout, deployment, codebases
E Data and multi-component processes
We have the ability to use several payment processors for online donations. Currently, we route most credit card donations to GlobalCollect.
- Ingenico: http://www.ingenico.com/
- Ingenico has the ability to handle payments from multiple international systems including: credit card, direct debit, real time bank transfer, eWallets and more.
- We get notified about payments via PayPal's IPN service (documentation: https://cms.paypal.com/cms_content/US/en_US/files/developer/IPNGuide.pdf) The receiving endpoint is our IPN listener
- Note: In general, note that the PayPal documentation tends to be incorrect, out of date, etc.
- Amazon: A widget on our page, integrated using Login and Pay with Amazon.
- Adyen: https://www.adyen.com/, documentation
- WorldPay An alternate credit card processor that we use primarily for France and RTL languages. We can do other methods through them, too, if we want.
See also, "Ways to Give" for our recommended donation methods according to country.
Payment processor capabilities:
|Bank transfer||Yes||Yes||No||Yes||IBAN, Swift|
|Refund by API||n/i||n/i||n/i||n/i|
|Fully automated auditing||Yes||Yes||Yes||Yes||No||Yes|
|n/i||Not yet implemented|
|No||Unsupported by processor|
Notification failure policies:
When we don't respond to an IPN message from a payment processor with a successful HTTP code, they usually resend it.
Adyen: back-off algorithm from 5 minutes to 8 hrs, then every 8 hrs for a week
Amazon: every hour for 14 days
- See GlobalCollectAdapter::getCurrencies
- DE, IT, NL (todo: AT, BE, CH, ES, FR, GB)
- Pending roll-out
- See GlobalCollectAdapter::getAvailableLanguages. Our code must find a fallback language if the donor's native tongue is unsupported.
- See PaypalAdapter::stage_locale. For unknown reasons, we have to specify language *by country*.
Email integration - Acoustic
Following the data flow, the donor's email address gets onto our subscription list either by entering their address while donating, or at a "remind me" prompt. This email is entered into our CRM, and then a nightly export job stores in a CSV file. This file is uploaded to Silverpop and imported into their database, where segmentation and other queries can be run to cut multiple lists per experiment. Emails are templated using this data, and contain links back to our servers, which include Contact ID and other tracking information about the mailing. Donatewiki landing page views are instrumented, and we do analysis on the results and use the tracking information to correlate with donations, to inform future emails.
This describes the WMF fundraising systems configuration. See the MediaWiki.org page on payments message queues for a discussion of how message queues are used to buffer and decouple fundraising infrastructure, and to read about the format and content of normalized messages.
WMF fundraising uses the ActiveMQ (http://activemq.apache.org/) message broker for most queues, and STOMP as its wire protocol. This queue server is outside of PCI scope, and communicates with CiviCRM.
The limbo queue *WILL SOON BE* stored in Redis on the payments cluster, which is important for PCI certification. We cannot afford to have our queue servers in scope.
Various queue wrangling techniques are available.
All queues feeding into services outside the fr-cluster live on a single ActiveMQ instance. This is a SPOF.
The DonationInterface frontends set and delete messages on localhost's queue. Nice to have: if record to delete is not found, try the other masters.
Orphan slayer pops messages off of available masters in round-robin order. Set and delete are to the same queue the message came from.
Redis masters on payments1-3 replicate to three slaves on payments4.
codfw holds (three or) six replicas of the queues on eqiad payments1-4.
Port all STOMP queuing to high-availability Redis instead.
We should clean up any unused queues, and overly narrowly defined ones.
When a potential donor visits the Wikimedia donation page, a tracking record is created in the drupal.contribution_tracking table. This record includes the user's language, referrer, donation comment, opt-out status, a timestamp, and various other data. The tracking is handled on the MediaWiki side by the DonationInterface and ContributionTracking extensions. If the user makes a successful donation, a contribution record is passed to CiviCRM via ActiveMQ. The queue2civicrm module then inserts the contribution record into the CiviCRM database and updates the tracking record with the id given to the contribution by CiviCRM.
Banner Impression/Landing Page Stats Collection
Banner impressions and landing page stats are collected from the production proxies. Fundraising_Analytics/Impression_Stats. The wmf:Thank_you page includes wmf:Template:Hide_banners which loads Special:HideBanners from multiple domains via image src. HideBanners sets cookies for donors which tell CentralNotice's bannerController.js not to pester them for a year or so.
Contribution tracking data is surfaced through a stats portal on foundation wiki. All entries have to be white listed under wgAllowedTemplates in CommonSettings.php so that we don't surface any doctored banners.
This is a tracking variable which is supposed to collect information about the transaction. Currently, it is a period-separated concatenation of three components. One interpretation of the components is, 1) banner name, 2) landing page name, and 3) payment method. We are currently in the process of standardizing (see FR #965 and FR #673).
In theory, each component may be a tilde-concatenation of a sequence of landing pages, for example. That code is badly dysfunctional.
Donor was referred by this type of site: sitenotice, spontaneous, sidebar, socialmedia.
Seems unuseful at this broad granularity.
The parent campaign for the banner where this donation was initiated.
The following Mediawiki extensions related to fundraising are installed on the payments wiki:
This module handles all of the payment gateway specific functionality for the fundraising system at the point the user makes a donation. Other handling (secondary verification, queue managing) is handled on Fundraising.wikimedia.org. DonationInterface It is made up of the following components:
Contains the Stomp library and provides a mechanism for correctly formatting a message for storage in ActiveMQ. This could probably be refactored a bit to allow the other extension pieces to more flexibly rely on this to communicate with ActiveMQ. As it is right now, the functionality exposed by activemq_stomp.php is very limited, however the included Stomp library exposes whatever you might need to communicate with the queue.
This directory contains several different hooks that can be used as needed at various points in a gateway's donation workflow. Extras include conversion_log, custom_filters (used for fraud prevention), minfraud (which also exists as a custom filter), and recaptcha.
Generally, the gateway_common directory contains gateway adapter code written to be gateway-agnostic, but which all the gateway-specific classes are descended from.
Forms and form classes that are not written to be gateway-specific should be kept here.
All gateway-specific code can be found here.
In the course of a normal globalcollect hosted credit card transaction, a small percentage of donors will complete a transaction on the globalcollect hosted credit card form, and not manage to come back to the globalcollect ResultSwitcher page. The function of the ResultSwitcher page is to both filter and finalize the pending transaction and record it in the case of a successful conversion, so the donor not returning to the ResultSwitcher would effectively strand the otherwise successful transaction in a sort of limbo state. The code contained in the globalcollect scripts directory was written to address the problem of these stranded transactions.
This maintenance script is currently running on a Jenkins job, and uses data pulled from the 'cc-limbo' queue in ActiveMQ.
Generally speaking, all modules that could be said to be gateway-agnostic should live in this directory. These modules will be loaded as-needed with resource loader.
This exposes the credit card donation form (as opposed to the PayPal stuff) and handles the communication between the donation page and PayflowPro. It negotiates the entire process from the point the user submits the donation to insertion of a donation into ActiveMQ - if a donation is considered valid at the point of submission, it is placed in the 'donation' queue. Otherwise, it is either rejected or placed in the 'pending_pfp' queue for review. Further handling happens on pending messages by Fundraising.wikimedia.org#PayflowPro_Pending_Transaction_Verification.
There are a series of extra sub-extensions, or filters, for payflowpro_gateway that perform analysis on credit card transactions to determine the likelihood that a transaction is fraudulent. Each of the filters helps determine the 'risk score' for a transaction. Actions to take based on certain risk scores can be configured for payflowpro_gateway (reject, review, challenge, accept). The filters currently available include:
- MaxMind/MinFraud - a third party solution that helps analyze the transaction. They return their own 'risk score' for a transaction which heavily influences our own internal scoring.
- Referrer - Regular expressions can be configured to be run on a transaction's 'referrer', and each regex can be configured to apply a different score in the event that the referrer is a match.
- utm_source - Same as referrer, but for the utm_source bit in the tracking fields.
Our configuration of payflowpro_gateway causes two local logfiles to be generated:
The 'minfraud' log logs more than just 'minfraud' related information. It tracks a user's transaction through our fraud prevention filters, and if their transaction is considered safe enough to be sent off to PayflowPro, Payflow's response object also gets logged here. This log also gets used to help us determine patterns in fraudulent transactions, analyze more general patterns in our transactions and determine why or why not a certain transaction was accepted/rejected.
The 'payflow' log logs more than just payflow related information. It's more of a debug log, tracking a transactions progress through the different parts of the payflowpro_gateway experience. The only piece of transactional data that actually gets recorded in the log is our internal 'trxn_id', which is considered the 'invoice id' by PayPal/Payflow (this makes it possible to line up transactional information either later on our end [eg from CiviCRM] or from the PayPal manager with the information contained in this log). We primarily use this log to keep track of timing information - how long it takes to communicate with the various third party services (MaxMind and PayflowPro), timeouts, retries, etc.
It is important to note that for our purposes, these log files actually get aggregated and later archived - more details can be found on the documentation for the payments cluster.
Handles the redirect from the Wikimedia site to PayPal for donations.
We are implementing a stand-alone listener to talk to PayPal's IPN and push pending PayPal transactions into the proper queue (see Fundraising.wikimedia.org#PayPal_IPN_Listener).
See also: Tracking Architecture
The ContributionTracking extension provides an unlisted special page for logging online donations. When the donation process is initiated, the extension stores some basic information in the Drupal contribution_tracking table and the transaction is assigned a unique, internal ID. This ID is used to track the contribution through the process of being validated and ultimately consumed in CiviCRM.
This extension also exposes a function contributionTrackingConnection() which will allow you to connect to the database containing the contribution_tracking table.
This extension makes it possible to provide a user-facing link that will direct the user to n possible URLs x% of the time. For instance, this is useful for doing randomized A/B testing - you can configure the module to send 50% of clicks to one URL, and the other 50% to another URL. The percentages are completely configurable as are the URLs. This was used extensively to make the 'Donate' sidebar link on Wikipedia point to a number of different donation landing pages for testing purposes.
High-level Overview of Donation Pipeline
Click the images for further explanation.
There are some miscellaneous scripts to help with things like Paypal Verification, queue handling, etc. Details of which can be found on Fundraising.wikimedia.org.
See Fundraising/Translation for more info
- Donatewiki translations go out regularly on the l10n cache
- TYs need to be manually deployed - make a task for this and put it in pending review in the current sprint
- Subject line needs to be manually deployed - make a task for this and put it in pending review in the current sprint
- Payments needs to be manually deployed - make a task for this and put it in pending review in the current sprint
Public reporting - possibly entirely out of date
The public reporting data is stored in the civicrm.public_reporting table on db9. This data gets replicated to the slave database, db10, which is where the public reporting pages actually pull the data from.
The code that manages the public reporting data lives in /srv/org.wikimedia.civicrm/sites/all/bin/public_reporting on the grosley server (donate.wikimedia.org).
- table.sql - Creates the public_reporting table
- trigger.sql - Sets up the database triggers for updating the table
- synchronize.sql - Can be used to manually sync the public reporting data with the existing contribution records
The reporting pages are created through the ContributionReporting mediawiki exntension
F How we work
Fundraising Engineering Documentation has with system information and emergency response protocols. Or more specifically Shutting the pipeline down details how/when to disable banner campaigns or other fundraising/payment services.
Fundraising On-Call documentation
Fundraising Engineering On-call documentation is a quick-reference page for on-call duty.
Feature / Bug Trackers
There's loads of information about how fr-tech triages bugs here: https://wikitech.wikimedia.org/wiki/Fundraising/Bug_Triaging
Not sure what to do next? See Fundraising Tech's Phabricator Workboard