search

PrestaShop / PrestaShop

PrestaShop is the universal open-source software platform to build your e-commerce solution.
https://www.prestashop-project.org/
Other
8.14k stars 4.8k forks source link

Order validated despite a difference between the amount paid and the cart total #37117

Open elebruchec opened 1 week ago

elebruchec commented 1 week ago

Prerequisites

Describe the bug and add attachments

Hello,

This issue should only occur if the PSP does not go through Prestashop for validation before payment (i.e., payment within an iframe) but I'm not sure.

In PaymentModuleCore::validateOrder, if a cart rule expires, it is removed from the cart, but the order is still processed with a valid status, despite the difference in amount. The cart total is calculated before the cart rules are removed. It is then compared with the paid amount, which are incorrectly considered equal.

Expected behavior

The cart rule should be removed from the cart, and the order should transition to the status Configuration::get('PS_OS_ERROR');. The cart total should be calculated after the cart rules are removed in order to compare the actual cart total with the paid amount.s

Steps to reproduce

  1. Create a cart rule with a short expiration date
  2. Add a product to your cart which matches the cart rule conditions
  3. Add the cart rule to your cart
  4. Go through the checkout process until the payment form is displayed
  5. Wait for the cart rule to fully expire, then complete the payment

PrestaShop version(s) where the bug happened

8.1.7

PHP version(s) where the bug happened

8.1

If your bug is related to a module, specify its name and its version

Observed with sdevmonetico but may appears with other payment module

Your company or customer's name goes here (if applicable).

No response

florine2623 commented 1 week ago

Hello @elebruchec ,

I tried the following :

  1. Create a cart rule
  2. Add a product to your cart which matches the cart rule conditions
  3. Add the cart rule to your cart
  4. Go through the checkout process until the payment form is displayed
  5. Disable cart rule

The order is confirmed, the price is correct. No cart rule is taken into account.

I'm using a native payment module.

Is there something I'm missing ?

Waiting for your feedback.

elebruchec commented 1 week ago

Ah sorry, that's my fault. I forgot that we have a non-native behavior regarding expiration validation. Natively, Prestashop does not remove expired vouchers after they have been added to the cart! So the 'how to reproduce' is not correct!

But, the issue also occurs if a cart rule becomes invalid after the payment form is displayed (for example, due to a change in the conditions). Actually, as soon as a cart rule needs to be removed in PaymentModule::validateOrder, it should happen.

florine2623 commented 1 week ago

Your issue is similar to : https://github.com/PrestaShop/PrestaShop/issues/26235

Could you confirm ?

Thanks!