Adyen / adyen-web

Adyen Web Drop-in and Components
https://docs.adyen.com/online-payments
MIT License
183 stars 130 forks source link

Setting an invalid shopper country code on payment session breaks checkout #2643

Open eamonn-convious opened 6 months ago

eamonn-convious commented 6 months ago

Describe the bug A payment session can be created using an invalid country code e.g. GBUK instead of UKGB. In this case the create session endpoint returns 200 success. When trying to load the payment options form for the session the Adyen widget makes a call to https://checkoutshopper-live.adyen.com/checkoutshopper/v1/sessions/$SESSION_ID/setup and a 500 error is returned.

To Reproduce Steps to reproduce the behavior:

  1. Create a payment session on api version 1.9.6 POST /checkout/v40/paymentSession with countryCode: "GB" countryCode: "UK"
  2. Adyen returns 200 sucess
  3. Load payment methods using the Adyen frontend widget. A call is made to https://checkoutshopper-live.adyen.com/checkoutshopper/v1/sessions/$SESSION_ID/setup
  4. 500 error is returned and checkout cannot continue

Expected behavior Either the initial call to create payment session should return an error, or, the invalid country code should be ignored and reverted to default.

Additional context The documentation states that the countryCode parameter is optional. I'm not entirely clear what the parameter does, or why it can put the checkout to get into a bad state https://docs.adyen.com/api-explorer/Checkout/69/post/sessions#request-countryCode

sponglord commented 6 months ago

@eamonn-convious - just to be clear I find the opposite to be true. If I make a sessions call with GB everything works fine. However if I use UK then the situation you describe arises: the initial /sessions call works but the subsequent /setup call fails.

But I take you point... I'll pass on your question to our API team

eamonn-convious commented 6 months ago

@sponglord my mistake. You are correct GB works and UK doesn't.

Thanks for picking this up!

sponglord commented 6 months ago

The API team has created a ticket for this...

(Internal ref: COAPI-408)