DarrachBarneveld
commented
8 months ago LARGE BUG: As seen in Boutique Ado walkthrough.
If there is a validation error in the form a stripe charge and payment intent succeeded passes. This is due to form submission post card verification when it should be the reverse.
Bug Description Go to checkout and purchase an item with an invalid phone number. Validation error occurs however order is still processed and charged.
Steps to reproduce
Desired result An order is not placed when server validation error occurs
Handling logs
Unable to verify as intended. I wanted to render error context of form validation before stripe intent checking, this involved server side stripe validation.
Issues involved rendering context, redirect urls and other issues.
Result A user must confirm the delivery details before payment mounted. When delivery is verified payment processing begins. Order form fields are disabled resulting in user not being able to edit the order form.
Draw backs Users can still manually edit the html from the console resulting in errors - Prone to security issues as validation should be done serverside.
Comments This was the largest and most difficult bug encountered, through extensive testing and research this pre validation was the most suitable solution I could come up with at the time