[ECP-8861] Orders with failed authorisation can't be canceled

[marinagociulybe]

Describe the bug Since we upgraded the module to the latest 8 version, orders with failed authorisation have remained stuck in payment review and are not being canceled when processing the Adyen notification. There is a generic message "The order failed to update: Transaction has been declined. Please try again later.", that I think I've been able to track to the changes introduced in this PR: https://github.com/Adyen/adyen-magento2/pull/2227/files

To Reproduce Steps to reproduce the behavior:

1. Place an order and fail the 3d secure authentication
2. Order is present in Magento backend, with corresponding Magento payment info
3. Error shows up in the Adyen error log: "Error with cancellation"
4. A notification is received from Adyen

   Adyen HTTP Notification(s):
   eventCode: AUTHORISATION
   pspReference: %PSP reference goes here%
   paymentMethod: mc
   success: false
   reason:3D Not Authenticated

   but the Magento order is not canceled, it's just updated with a comment saying: "The order failed to update: Transaction has been declined. Please try again later."

Expected behavior Magento order should get canceled.

Magento version 5.4.6-p3

Plugin version 8.22.5

Additional context I've tracked this issue and it seems to be due to the changes introduced in this PR: https://github.com/Adyen/adyen-magento2/pull/2227/files After that was added, the PSP references used to build the cancel request have started to be determined based on adyen_order_payment table entries: https://github.com/Adyen/adyen-magento2/pull/2227/files#diff-51b8cf2ebb2e0050bf1d10b97464bac8a567c6ac9cf148bb0a7a24b89432a3d9R56

Gateway/Request/CancelDataBuilder.php

        $pspReferences = $this->adyenPaymentResourceModel->getLinkedAdyenOrderPayments(
            $payment->getEntityId()
        );

But the issue is that with orders failing 3ds authentication, there is no entry in the adyen_order_payment table and this used to work because the PSP reference was fetched from the Magento payment: https://github.com/Adyen/adyen-magento2/pull/2227/files#diff-51b8cf2ebb2e0050bf1d10b97464bac8a567c6ac9cf148bb0a7a24b89432a3d9L35

Gateway/Request/CancelDataBuilder.php

$pspReference = $payment->getCcTransId();

[marinagociulybe]

I have fixed this by applying a patch with these changes, but it's something that should be addressed in the Adyen module directly:

--- Gateway/Request/CancelDataBuilder.php
+++ Gateway/Request/CancelDataBuilder.php
@@ -62,6 +62,11 @@
         $pspReferences = $this->adyenPaymentResourceModel->getLinkedAdyenOrderPayments(
             $payment->getEntityId()
         );
+        if (empty($pspReferences)) {
+            $pspReferences = [
+                ['pspreference' => $payment->getCcTransId()]
+            ];
+        }

         $requests['body'] = [];
         foreach ($pspReferences as $pspReference) {

[hossam-adyen]

Hi @marinagociulybe, I have tried to reproduce this with the given steps and I wasn't able to reproduce it, can you check it and let me know if there is any missing step?

And besides that we need CancelDataBuilder to build a cancelation request for a previous successful authorized payment that we want to void or cancel it not for a failed authorization, so if you have a failed authorization no need to trigger that CancelDataBuilder.

Also we don't save failed authorizations in adyen_order_payment table, that's why it's valid that you don't see that failed notification there but it's still not an issue as we highlighted at the previous point that you don't need to cancel a failed authorization.

[marinagociulybe]

Hi @hossam-adyen, indeed no authorizations are saved in adyen_order_payment, however, there is an order transaction saved in Magento that corresponds to the failed authorization from Adyen. From what I can see this was happening in multiple situations with reasons like:

• reason:3D Not Authenticated
• reason:CVC Declined and seems restricted to paymentMethod: mc.

[hossam-adyen]

Hi @marinagociulybe, in case of failure payment, you should see a canceled order in Magento, and then you will receive an authorization notification with success: "false".

Can you tell what is the current state of those orders? for this case we are expecting them to be in canceled state

[hossam-adyen]

@marinagociulybe you can also check if you set the Order status: order cancellation config correctly

[marinagociulybe]

@hossam-adyen, I can confirm that the Order status: order cancellation setting is Canceled.

Here's the flow I was seeing with these orders:

• order gets created in Magento in Payment Review status (as expected based on the Order status: order creation) setting
• a Magento order transaction also gets saved in the DB with transaction ID being the PSP reference and Transaction Type being Authorization
• I see the following order comments added by the Adyen module:

  
  Nov 21, 2023 12:25:21 PM Payment Review Customer Not Notified
  We will authorize 275,00 kr after the payment is approved at the payment gateway. Transaction ID: "%PSP reference goes here%"

Nov 21, 2023 12:25:21 PM Customer Not Notified Adyen Result response: authResult: IdentifyShopper pspReference: %PSP reference goes here%

- then 10 minutes later I see this in the order comments:

Nov 21, 2023 12:37:06 PM Payment Review Customer Not Notified The order failed to update: Transaction has been declined. Please try again later.

Nov 21, 2023 12:37:06 PM Payment Review Customer Not Notified Adyen HTTP Notification(s): eventCode: AUTHORISATION pspReference: %PSP reference goes here% paymentMethod: mc success: false reason:3D Not Authenticated

For the 3D secure process, I would not expect the order to show up directly as canceled in Magento, but to be canceled after that authentication process has failed.

[hossam-adyen]

Hi @marinagociulybe, thanks lot for your insights, I was able to reproduce this issue when I set Order status: payment authorization to Pending instead of Pending Payment and did try your suggested solution and it did fix the issue

here is the fix PR https://github.com/Adyen/adyen-magento2/pull/2479

Thanks for your valuable contribution

[marinagociulybe]

@hossam-adyen, thanks for the update! Indeed, on this project Order status: payment authorization is set to Pending.

[liamjt95]

Hello @hossam-adyen, do you have any update on this issue? We are seeing this affect some clients running version 8.22.8 of your module. The main issue we are seeing is that stock is being held back on the orders that remain in payment_review state and are not cancelled.

We are applying the following fix as a patch in the CancelDataBuilder class before returning the requests:

+       /**
+        * Fix for failed auth cancellation bug
+        * @see https://github.com/Adyen/adyen-magento2/issues/2404
+        */
+       if (empty($requests['body']) && empty($pspReferences)) {
+           // PSP reference not found during cancellation, use PSP associated to order payment
+           $requests['body'][] = [
+               "paymentPspReference" => $payment->getCcTransId(),
+               "reference" => $order->getOrderIncrementId(),
+               "merchantAccount" => $merchantAccount
+           ];
+       }

        return $requests;

Please let me know if you have made any progress on this on your end, we are keen on implementing a more robust solution. Thanks!