search

Automattic / woocommerce-payments

Accept payments via credit card. Manage transactions within WordPress.
https://wordpress.org/plugins/woocommerce-payments/
Other
173 stars 69 forks source link

Payment Method is detached after WordPress user is deleted on localhost [aka mirror site/dev site connected to same WCPay account] #5384

Open ecairol opened 1 year ago

ecairol commented 1 year ago

Describe the bug

Given a user with a WooCommerce subscription and a Payment Method stored in Stripe, if WordPress site is cloned to a localhost, and the User is deleted on that localhost instance, the pm_token is detached on Stripe in Production.

To Reproduce

  1. Create a WooCommerce Subscription
  2. Subscribe to a service with a test user
  3. Login to the dashboard.stripe.com and confirm that the Customer was created and has a Payment Method in place
  4. Setup a localhost version of that site
  5. Notice how WooCommerce Payments is connected on that localhost
  6. From WP Admin panel of the localhost, go to Users and delete the customer you created on Step 2.
  7. Go back to the Stripe Dashboard and look for the Customer. The customer exists but the Payment Method was detached.

Actual behavior

The Stripe Dashboard shows the customer with their payment method empty

Screenshots

Expected behavior

The payment token should remain untouched, or at least, a Confirmation screen should alert the user that there will be changes happening outside of WordPress.

Desktop (please complete the following information):

Smartphone (please complete the following information):

Additional context

``` ### WordPress Environment ### WordPress address (URL): https://wcpay-[protected]-temp.mystagingwebsite.com Site address (URL): https://wcpay-[protected]-temp.mystagingwebsite.com WC Version: 7.2.2 REST API Version: ✔ 7.2.2 WC Blocks Version: ✔ 8.9.2 Action Scheduler Version: ✔ 3.4.0 Log Directory Writable: ✔ WP Version: 6.1.1 WP Multisite: – WP Memory Limit: 512 MB WP Debug Mode: – WP Cron: ✔ Language: en_US External object cache: ✔ ### Server Environment ### Server Info: nginx PHP Version: 8.1.14 PHP Post Max Size: 2 GB PHP Time Limit: 1200 PHP Max Input Vars: 6144 cURL Version: 7.86.0 OpenSSL/1.1.1n SUHOSIN Installed: – MySQL Version: 10.4.25-MariaDB-log Max Upload Size: 2 GB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔ ### Database ### WC Database Version: 7.2.0 WC Database Prefix: wp_ Total Database Size: 5.72MB Database Data Size: 3.44MB Database Index Size: 2.28MB wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_order_itemmeta: Data: 0.09MB + Index: 0.09MB + Engine InnoDB wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_actions: Data: 0.27MB + Index: 0.23MB + Engine InnoDB wp_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_logs: Data: 0.19MB + Index: 0.14MB + Engine InnoDB wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_comments: Data: 0.20MB + Index: 0.09MB + Engine InnoDB wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_options: Data: 0.19MB + Index: 0.06MB + Engine InnoDB wp_postmeta: Data: 1.52MB + Index: 0.52MB + Engine InnoDB wp_posts: Data: 0.11MB + Index: 0.06MB + Engine InnoDB wp_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_term_relationships: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_usermeta: Data: 0.08MB + Index: 0.06MB + Engine InnoDB wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_admin_notes: Data: 0.05MB + Index: 0.00MB + Engine InnoDB wp_wc_admin_note_actions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_product_lookup: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_product_attributes_lookup: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_product_download_directories: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_wc_rate_limits: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB ### Post Type Counts ### attachment: 23 page: 7 post: 1 product: 20 product_variation: 7 shop_order: 169 shop_subscription: 14 ### Security ### Secure connection (HTTPS): ✔ Hide errors from visitors: ✔ ### Active Plugins (7) ### Akismet Anti-Spam: by Automattic – 5.0.2 Jetpack: by Automattic – 11.7-beta3 Stop Emails: by Sal Ferrarello – 1.2.1 WooCommerce Payments Subscriptions Migration: by Team51 – 0.1 WooCommerce Payments: by Automattic – 5.1.2 (update to version 5.2.1 is available) WooCommerce Subscriptions: by WooCommerce – 4.6.0 WooCommerce: by Automattic – 7.2.2 ### Inactive Plugins (1) ### Payment Plugins for Stripe WooCommerce: by Payment Plugins support@paymentplugins.com – 3.3.34 ### Dropin Plugins (2) ### advanced-cache.php: advanced-cache.php object-cache.php: Memcached ### Settings ### API Enabled: – Force SSL: – Currency: USD ($) Currency Position: left Thousand Separator: , Decimal Separator: . Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) subscription (subscription) variable (variable) variable subscription (variable-subscription) Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5) Connected to WooCommerce.com: – Enforce Approved Product Download Directories: ✔ Order datastore: WC_Order_Data_Store_CPT ### WC Pages ### Shop base: #5 - /shop/ Cart: #6 - /cart/ Checkout: #7 - /checkout/ My account: #8 - /my-account/ Terms and conditions: ❌ Page not set ### Theme ### Name: Twenty Twenty-Two Version: 1.2 (update to version 1.3 is available) Author URL: https://wordpress.org/ Child Theme: ❌ – If you are modifying WooCommerce on a parent theme that you did not build personally we recommend using a child theme. See: How to create a child theme WooCommerce Support: ✔ ### Templates ### Overrides: – ### Subscriptions ### WCS_DEBUG: ✔ No Subscriptions Mode: ✔ Live Subscriptions Live URL: https://wcpay-[protected]-temp.mystagingwebsite.com Subscription Statuses: wc-active: 6 wc-on-hold: 8 WooCommerce Account Connected: ❌ No Report Cache Enabled: ✔ Yes Cache Update Failures: ✔ 0 failure ### Store Setup ### Country / State: United States (US) — California ### Subscriptions by Payment Gateway ### other: wc-active: 1 WooCommerce Payments: wc-active: 5 wc-on-hold: 8 ### Payment Gateway Support ### WooCommerce Payments: products refunds multiple_subscriptions subscription_cancellation subscription_payment_method_change_admin subscription_payment_method_change_customer subscription_payment_method_change subscription_reactivation subscription_suspension subscriptions subscription_amount_changes subscription_date_changes tokenization add_payment_method ### Admin ### Enabled Features: activity-panels analytics coupons customer-effort-score-tracks experimental-products-task experimental-import-products-task experimental-fashion-sample-products shipping-smart-defaults shipping-setting-tour homescreen marketing multichannel-marketing mobile-app-banner navigation onboarding onboarding-tasks remote-inbox-notifications remote-free-extensions payment-gateway-suggestions shipping-label-banner subscriptions store-alerts transient-notices woo-mobile-welcome wc-pay-promotion wc-pay-welcome-page Disabled Features: minified-js new-product-management-experience settings Daily Cron: ✔ Next scheduled: 2023-01-10 20:46:23 +00:00 Options: ✔ Notes: 62 Onboarding: skipped ### WooCommerce Payments ### Version: 5.1.2 Connected to WPCOM: Yes Blog ID: 211782206 Account ID: [protected] ### Action Scheduler ### Complete: 634 Oldest: 2022-12-10 22:51:36 +0000 Newest: 2023-01-10 17:58:12 +0000 Pending: 10 Oldest: 2023-01-10 17:59:12 +0000 Newest: 2023-01-11 16:31:52 +0000 Failed: 2 Oldest: 2023-01-04 21:31:57 +0000 Newest: 2023-01-04 21:33:53 +0000 Canceled: 3 Oldest: 2023-01-02 16:31:18 +0000 Newest: 2023-01-06 23:04:56 +0000 ### Status report information ### Generated at: 2023-01-10 17:58:22 +00:00 ```
haszari commented 1 year ago

Thanks for the report @ecairol - this could cause confusing issues, marking as high priority.

haszari commented 1 year ago

This issue could be caused by the fact that the localhost site is connected to the WCPay account, and it shouldn't be.

If multiple sites are connected to single WCPay account, this causes issues. WCPay has Safe mode to protect against these issues.

@ecairol Is this deletion happening on a localhost/staging site in Safe mode?

ecairol commented 1 year ago

Thanks, @haszari

It seems that my localhost site has WCPay is in Test Mode, but not in Safe Mode. See screenshot below:

Screen Shot 2023-01-30 at 09 57 23
haszari commented 1 year ago

Thanks for clarifying @ecairol . I see a Safe mode banner (top right in your screenshot) which suggests that the deletion happened in Safe mode - which is worth investigating, could be a bug.

ecairol commented 1 year ago

Thanks, @haszari! I'm not sure if that Safe mode banner is confirming that the site is currently in safe mode, or if it's a CTA to move to Safe Mode (I believe the latter)

However, even if this isn't a bug, from a UX perspective I'd highly recommend putting a Warning banner or Alert when a User is going to be deleted, letting the user know that there will be irreversible destructive actions outside of WordPress, in this case impacting (for instance) Subscriptions.

haszari commented 1 year ago

I'm not sure if that Safe mode banner is confirming that the site is currently in safe mode, or if it's a CTA to move to Safe Mode (I believe the latter)

Thanks for clarifying! Perhaps that banner should be clearer 😁

However, even if this isn't a bug, from a UX perspective I'd highly recommend putting a Warning banner or Alert when a User is going to be deleted, letting the user know that there will be irreversible destructive actions outside of WordPress, in this case impacting (for instance) Subscriptions.

That sounds reasonable, though maybe is a different issue. I'm not sure what's reasonable or expected here. I would naively expect that deleting a user would be a bad idea when there are subscriptions, but maybe we can add more protections here.

shrutimoorthy commented 4 days ago

discussed in HE ridealong. this was fixed in https://github.com/woocommerce/woocommerce-gateway-stripe/pull/2672 - can we look at that fix and bring it into WooPayments.

Comment by @dougaitken