Skip to content

Orders being received without payment processing #2812

New issue
New issue
Open
Open
Orders being received without payment processing#2812
@eugeniobonifacio

Description

@eugeniobonifacio
eugeniobonifacio
opened on Nov 19, 2024

Describe the Bug

With PR #2523 the orders are being received without payment. The PR solves the fatal error resulting from not expected responses but it simply ignores them, while it should handle them correctly instead.

To Reproduce

When a customer saves the credit card for future payments, this results in an unhandled flow in \WooCommerce\PayPalCommerce\WcGateway\Gateway\CreditCardGateway::process_payment that lets the issue I'm experiencing.

When these customers place a new order, the following happens via API:

  1. A payment token request for the customer is done and matched with the local ones for him.
  2. The payment order is created with a 200 OK response, instead of 201 Created
  3. The relative response body is the following:
{
  "id": "[**OBFUSCATED**]",
  "status": "PAYER_ACTION_REQUIRED",
  "payment_source": {
    "card": {
      "last_digits": "xxxxxx",
      "expiry": "xxxxxx",
      "brand": "xxxxxx",
      "available_networks": [
        "VISA"
      ],
      "type": "xxxxxx",
      "bin_details": {
        "bin": "xxxxxx",
        "bin_country_code": "AT",
        "products": [
          "CORPORATE"
        ]
      }
    }
  },
  "purchase_units": [
    {
      "reference_id": "default"
    }
  ],
  "links": [
    {
      "href": "https://api.paypal.com/v2/checkout/orders/[**OBFUSCATED**]",
      "rel": "self",
      "method": "GET"
    },
    {
      "href": "https://www.paypal.com/webapps/helios?action=verify&flow=3ds&cart_id=[**OBFUSCATED**]",
      "rel": "payer-action",
      "method": "GET"
    }
  ]
}

Before PR #2523 this response produced a fatal error because of null call exception, now it is simply ignored. Doing so the processing goes on and produces an order being received but without being paid and also without any notification to the merchant.

The response should be handled with a redirect to the payer-action reported in the "links" section.

Expected Behavior

The processing should continue, redirecting the customer to the 3DS verification process (the "payer-action" href inside the response body).

Actual Behavior

The order is received, no payment is done and no notifications are sent to the merchant. The (wrong) order placement is never notified and the merchant cannot be aware of the issue.

Environment

  • WordPress 6.6.2
  • WooCommerce 9.2.3
  • WooCommerce PayPal Payments 2.9.4

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions