Adyen / adyen-magento2

Adyen Payment plugin for Magento2
MIT License
155 stars 211 forks source link

[ECP-8861] Orders with failed authorisation can't be canceled #2404

Open marinagociulybe opened 10 months ago

marinagociulybe commented 10 months ago

Describe the bug Since we upgraded the module to the latest 8 version, orders with failed authorisation have remained stuck in payment review and are not being canceled when processing the Adyen notification. There is a generic message "The order failed to update: Transaction has been declined. Please try again later.", that I think I've been able to track to the changes introduced in this PR: https://github.com/Adyen/adyen-magento2/pull/2227/files

To Reproduce Steps to reproduce the behavior:

  1. Place an order and fail the 3d secure authentication
  2. Order is present in Magento backend, with corresponding Magento payment info
  3. Error shows up in the Adyen error log: "Error with cancellation"
  4. A notification is received from Adyen
    Adyen HTTP Notification(s):
    eventCode: AUTHORISATION
    pspReference: %PSP reference goes here%
    paymentMethod: mc
    success: false
    reason:3D Not Authenticated

    but the Magento order is not canceled, it's just updated with a comment saying: "The order failed to update: Transaction has been declined. Please try again later."

Expected behavior Magento order should get canceled.

Magento version 5.4.6-p3

Plugin version 8.22.5

Additional context I've tracked this issue and it seems to be due to the changes introduced in this PR: https://github.com/Adyen/adyen-magento2/pull/2227/files After that was added, the PSP references used to build the cancel request have started to be determined based on adyen_order_payment table entries: https://github.com/Adyen/adyen-magento2/pull/2227/files#diff-51b8cf2ebb2e0050bf1d10b97464bac8a567c6ac9cf148bb0a7a24b89432a3d9R56

Gateway/Request/CancelDataBuilder.php

        $pspReferences = $this->adyenPaymentResourceModel->getLinkedAdyenOrderPayments(
            $payment->getEntityId()
        );

But the issue is that with orders failing 3ds authentication, there is no entry in the adyen_order_payment table and this used to work because the PSP reference was fetched from the Magento payment: https://github.com/Adyen/adyen-magento2/pull/2227/files#diff-51b8cf2ebb2e0050bf1d10b97464bac8a567c6ac9cf148bb0a7a24b89432a3d9L35

Gateway/Request/CancelDataBuilder.php

$pspReference = $payment->getCcTransId();
marinagociulybe commented 10 months ago

I have fixed this by applying a patch with these changes, but it's something that should be addressed in the Adyen module directly:

--- Gateway/Request/CancelDataBuilder.php
+++ Gateway/Request/CancelDataBuilder.php
@@ -62,6 +62,11 @@
         $pspReferences = $this->adyenPaymentResourceModel->getLinkedAdyenOrderPayments(
             $payment->getEntityId()
         );
+        if (empty($pspReferences)) {
+            $pspReferences = [
+                ['pspreference' => $payment->getCcTransId()]
+            ];
+        }

         $requests['body'] = [];
         foreach ($pspReferences as $pspReference) {
hossam-adyen commented 10 months ago

Hi @marinagociulybe, I have tried to reproduce this with the given steps and I wasn't able to reproduce it, can you check it and let me know if there is any missing step?

And besides that we need CancelDataBuilder to build a cancelation request for a previous successful authorized payment that we want to void or cancel it not for a failed authorization, so if you have a failed authorization no need to trigger that CancelDataBuilder.

Also we don't save failed authorizations in adyen_order_payment table, that's why it's valid that you don't see that failed notification there but it's still not an issue as we highlighted at the previous point that you don't need to cancel a failed authorization.

marinagociulybe commented 9 months ago

Hi @hossam-adyen, indeed no authorizations are saved in adyen_order_payment, however, there is an order transaction saved in Magento that corresponds to the failed authorization from Adyen. From what I can see this was happening in multiple situations with reasons like:

hossam-adyen commented 9 months ago

Hi @marinagociulybe, in case of failure payment, you should see a canceled order in Magento, and then you will receive an authorization notification with success: "false".

Can you tell what is the current state of those orders? for this case we are expecting them to be in canceled state

hossam-adyen commented 9 months ago

@marinagociulybe you can also check if you set the Order status: order cancellation config correctly

Screenshot 2024-01-25 at 12 10 41 PM

marinagociulybe commented 9 months ago

@hossam-adyen, I can confirm that the Order status: order cancellation setting is Canceled.

Here's the flow I was seeing with these orders:

Nov 21, 2023 12:25:21 PM Customer Not Notified Adyen Result response: authResult: IdentifyShopper pspReference: %PSP reference goes here%

- then 10 minutes later I see this in the order comments:

Nov 21, 2023 12:37:06 PM Payment Review Customer Not Notified The order failed to update: Transaction has been declined. Please try again later.

Nov 21, 2023 12:37:06 PM Payment Review Customer Not Notified Adyen HTTP Notification(s): eventCode: AUTHORISATION pspReference: %PSP reference goes here% paymentMethod: mc success: false reason:3D Not Authenticated



For the 3D secure process, I would not expect the order to show up directly as canceled in Magento, but to be canceled after that authentication process has failed.
hossam-adyen commented 9 months ago

Hi @marinagociulybe, thanks lot for your insights, I was able to reproduce this issue when I set Order status: payment authorization to Pending instead of Pending Payment and did try your suggested solution and it did fix the issue

here is the fix PR https://github.com/Adyen/adyen-magento2/pull/2479

Thanks for your valuable contribution

marinagociulybe commented 9 months ago

@hossam-adyen, thanks for the update! Indeed, on this project Order status: payment authorization is set to Pending.

liamjt95 commented 3 months ago

Hello @hossam-adyen, do you have any update on this issue? We are seeing this affect some clients running version 8.22.8 of your module. The main issue we are seeing is that stock is being held back on the orders that remain in payment_review state and are not cancelled.

We are applying the following fix as a patch in the CancelDataBuilder class before returning the requests:

+       /**
+        * Fix for failed auth cancellation bug
+        * @see https://github.com/Adyen/adyen-magento2/issues/2404
+        */
+       if (empty($requests['body']) && empty($pspReferences)) {
+           // PSP reference not found during cancellation, use PSP associated to order payment
+           $requests['body'][] = [
+               "paymentPspReference" => $payment->getCcTransId(),
+               "reference" => $order->getOrderIncrementId(),
+               "merchantAccount" => $merchantAccount
+           ];
+       }

        return $requests;

Please let me know if you have made any progress on this on your end, we are keen on implementing a more robust solution. Thanks!