Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amount paid is no longer validated when creating an order #15834

Closed
idnovate opened this issue Oct 4, 2019 · 37 comments
Closed

Amount paid is no longer validated when creating an order #15834

idnovate opened this issue Oct 4, 2019 · 37 comments

Comments

@idnovate
Copy link
Contributor

@idnovate idnovate commented Oct 4, 2019

Describe the bug
When the amount paid sent in validateOrder() doesn't match with order total, order is created with state sent as a parameter (usually Configuration::get('PS_OS_PAYMENT')) instead of Configuration::get('PS_OS_ERROR') as in PS 1.7.5.2.

Since commit 57271b5#diff-0f162f4cf098397033f06b1cced01745, validation

// Amount paid by customer is not the right one -> Status = payment error	
// We don't use the following condition to avoid the float precision issues : http://www.php.net/manual/en/language.types.float.php	
// if ($order->total_paid != $order->total_paid_real)	
// We use number_format in order to compare two string	
if ($order_status->logable && number_format($cart_total_paid, _PS_PRICE_COMPUTE_PRECISION_) != number_format($amount_paid, _PS_PRICE_COMPUTE_PRECISION_)) {	
    $id_order_state = Configuration::get('PS_OS_ERROR');	
}

has been moved to createOrderFromCart(), so initial order state set in validateOrder() takes $id_order_state and is not changed to Configuration::get('PS_OS_ERROR').

// Set the order status
$new_history = new OrderHistory();
$new_history->id_order = (int) $order->id;
$new_history->changeIdOrderState((int) $id_order_state, $order, true);
$new_history->addWithemail(true, $extra_vars);

To Reproduce
This can only be reproduced with an external payment method. Please contact me at info@idnovate.com or let me know your mail address so I can send you a module and credentials to test it.

Additional information
PrestaShop version: 1.7.6.1

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 4, 2019

Hi @idnovate,

Thanks for your report.
Thanks to follow this comment of our lead developer about the payment module issues with PS1.7.6.
Thanks to check & feedback.

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 4, 2019

Hi @idnovate,

Thanks for your report.
Thanks to follow this comment of our lead developer about the payment module issues with PS1.7.6.
Thanks to check & feedback.

Not related.

  1. Please install this module in PS 1.7.6.1:
    redsysoficial.zip

  2. Configure it this way:
    image

(copy-paste)
Commerce: 327234688
Key: sq7HjrUOBfKmC576ILgskD5srU870gJ7

  1. Open frontoffice and add a product
  2. Open a new window and do the checkout, select Payment by card and push Pay
  3. When you are about to pay with card and before you introduce the payment card,

image

go to the first window and add a new product to the cart. Now you will have 2 products in the cart.

  1. Now, pay with this card:
    4548812049400004
    12/20
    123
    2nd code: 123456

  2. Payment accepted. Check your orders. You get a validated order and you have only paid for 1 product

image

This is because the issue detailed in first message. Until now any payment module take care of it as PrestaShop checks it.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 4, 2019

@idnovate, I have an error on the FO
image
Here's my configuration => similar to yours
image

Thanks to check & feedback.

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 4, 2019

This error appeared after you insert the card?

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 4, 2019

Please test it in a store accessible from the outside without maintenance mode to receive the payment confirmation.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 4, 2019

@idnovate,

This error appeared after you insert the card?

No, before
https://drive.google.com/file/d/1MkRDWCCc30tVH4ANzQh-2kHx9AoYrYJy/view
I tried with this shop also: http://optimal-scarf.machine-shuffle.prestashop.net/en/: store accessible from outside & without maintenance mode.
Same issue

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 4, 2019

Error SIS0063 is "Card not available". Why is it submitting empty card form? Do you have any extension doing so?

You should be able to introduce the card I sent you :) Who's submitting the form? This is the first time I see this.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 4, 2019

@idnovate, no, I don't have any extension.
Did you try with the shop that I sent you?

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 4, 2019

Yes, and the form remains quiet until I introduce the card.

Could you try in private mode with Spanish VPN?

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 4, 2019

@idnovate, yes, in fact, I'm using a VPN while testing this shop.

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 7, 2019

Still same problem today?

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 7, 2019

You can also try with Paypal, same problem appears.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 7, 2019

@idnovate, Yes, I tried today with the redsys module & the same issue.
With Paypal module v5.0.1, I did not manage to reproduce the issue.
I attached a screen record
https://drive.google.com/file/d/1C82pAX5eTVrJagLRsyslVhVS6L0Ex9Lh/view
Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 7, 2019

Please note that PayPal screen has not been recorded so I couldn't see all the process.

According with the data you sent me, you should have paid 43,20€ in PayPal but final accepted cart is 57,48€.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 7, 2019

@idnovate, I added the second product with price =14.28 Euro.
https://drive.google.com/file/d/1NzffspHOOxMziUA0X8UB6fdTjEcMc1Kz/view
Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 7, 2019

Is correct what you do and you have reproduced the issue.

You have only paid 34,80€ for a cart of 49,08€ because information to Paypal have been sent before you added the 2nd product.
Please do the same test with PS 1.7.5.2 and order should be created with "Payment error" status.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 7, 2019

@idnovate, no, it is the same with PS1.7.5.2.
I have two products in the order
image
https://drive.google.com/file/d/1la9Uf32yk28bQKD-8a62acS4_kRZz7Az/view
Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

Can you give me access to a PS 1.7.6.1 store FO and BO?

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 8, 2019

@idnovate, Yes!
Link of the BO: http://beefy-machine.machine-shuffle.prestashop.net/admin-dev
Email address: test@prestashop.com
Password: 123456789
Link of the FO: http://beefy-machine.machine-shuffle.prestashop.net/en/
I tried with this shop with redsys: the same issue.
I tried with Paypal => OK, I have two products.

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

Thanks!

I have reproduced the issue with "Redsys". You are paying for one product but purchased 2 and any error appear.

Is it possible for you to check why Redsys is submitting the form automatically when it loads, before you introduce the card? I suspect is related with your environment/computer.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 8, 2019

@idnovate, The previous shop is erased.
Can you please provide me a screen record with this shop(same credentials)
http://knowledgeable-hill.machine-shuffle.prestashop.net/admin-dev

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

If you want me to provide with a PS 1.7.5.2 I can test the same and you will see like order is created with "Payment error" status.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 8, 2019

@idnovate, yes, it is the same as what I reproduce with PS1.7.5.2 & PS1.7.6.1 when using the Paypal module.
The payment is accepted with the correct amount & we have two products in the order.
Ps1.7.5.2 & PS1.7.6.1 => same behavior.

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

The payment is accepted but the information is incorrect, you have only paid for 1 product.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 8, 2019

@idnovate, yes, but before submitting and validate the order, you added a product to your cart.
So, all the data are updated, the data sent to the payment method is updated & it is the same behavior that I manage to reproduce with PS1.7.5.2 also( there is no payment error).

Please do the same test with PS 1.7.5.2 and order should be created with "Payment error" status.

It is OK with PS1.7.5.2, There is no payment error., as described in my last comment: #15834 (comment)

Can you please provide a screen record with PS1.7.5.2.

Thanks

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 8, 2019

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 8, 2019

@idnovate, thanks for your feedback.
The Paypal module, have you The Payment error also with PS1.7.5.2?

Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 9, 2019

No, because Paypal use a custom validateOrder() function, not from PaymentModule class. So this issue would happen with any payment method that uses core validateOrder() function.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Oct 9, 2019

@idnovate, So your module builds a FrontController to handle validation instead of a custom endpoint like validation.php?
Thanks!

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 9, 2019

Yes

@eternoendless

This comment has been minimized.

Copy link
Member

@eternoendless eternoendless commented Oct 9, 2019

If I got it right, before 1.7.6.0, this block in validateOrder() was able to change the value of $id_order_state in some circumstances: 57271b5#diff-0f162f4cf098397033f06b1cced01745L403-L405

This value is reused several lines later in validateOrder(): https://github.com/PrestaShop/PrestaShop/blob/develop/classes/PaymentModule.php#L571

However, the aforementioned block has been extracted into a new method createOrderFromCart(), the $id_order_state is no longer changed in the context validateOrder(), which is a problem.

@idnovate could you please confirm?

@idnovate

This comment has been minimized.

Copy link
Contributor Author

@idnovate idnovate commented Oct 10, 2019

@Prestaworks

This comment has been minimized.

Copy link
Contributor

@Prestaworks Prestaworks commented Nov 7, 2019

I can confirm this issue also, it's just as @eternoendless explains it. The issue is in 1.7.6.0 and 1.7.6.1. I think this needs to be fixed quickly as many merchants expects the payment error status to work.

@khouloudbelguith

This comment has been minimized.

Copy link
Contributor

@khouloudbelguith khouloudbelguith commented Nov 7, 2019

Ping @eternoendless @colinegin @marionf, what do you think? this issue should be fixed in the next patch PS1.7.6.2?

Thanks!

@eternoendless eternoendless added this to Backlog in PrestaShop 1.7.6 via automation Nov 8, 2019
@colinegin colinegin moved this from Backlog to To do in PrestaShop 1.7.6 Nov 8, 2019
@atomiix atomiix self-assigned this Nov 8, 2019
@atomiix atomiix moved this from To do to In progress in PrestaShop 1.7.6 Nov 8, 2019
@atomiix atomiix moved this from In progress to To be reviewed in PrestaShop 1.7.6 Nov 8, 2019
@marionf marionf moved this from To be reviewed to To be tested in PrestaShop 1.7.6 Nov 12, 2019
@sarahdib sarahdib added Fixed and removed To Do labels Nov 12, 2019
@sarahdib sarahdib moved this from To be tested to To be merged in PrestaShop 1.7.6 Nov 12, 2019
@sarahdib sarahdib added this to the 1.7.6.2 milestone Nov 12, 2019
@marionf marionf closed this Nov 12, 2019
PrestaShop 1.7.6 automation moved this from To be merged to Done Nov 12, 2019
@colinegin colinegin added the Major label Nov 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.