search

dualcube / moodle-enrol_stripepayment

Moodle Stripe Payment Collector
16 stars 27 forks source link

Redirection fails after stripe payment - access to <site> is denied #112

Closed jimcrammond closed 1 year ago

jimcrammond commented 1 year ago

Others have reported this issue too. On attempting to return from the stripe payment web page, an attempt to redirect to /webservice/rest/server.php?wstoken=text&wsfunction=moodle_stripepayment_success_stripe_url&moodlewsrestformat=json&session_id=cs_test_a1WXI4rp83Ci8EnAFYgWPP497gVJo4I4EGA7r9NNJ54LDVT6CbOw1&courseid=7&couponid=TEST2&user_id=357&instance_id=23

is made which should run the stripepayment_success_stripe_url to finish the enrolment. But this instead produces an HTTP 403 error.

jimcrammond commented 1 year ago

I got further by enabling web services in "site administration->advanced settings" and then enabling the "rest" protocol. Now it fails with the exception of missing token. Not clear how to create the required token.

It seems there is a set of new configuration steps required with 3.3.4 that are not documented.

moumitahalder commented 1 year ago

You need to create Token for stripe : https://jhn4wdmbd4.vmaker.com/record/UMr80J688kjRahxg

Kindly add this and check again.

Please do keep us posted.

jimcrammond commented 1 year ago

This was what I was missing, but I then ran into a couple of bugs.

  1. On returning from the stripe page, I got a "paymentsorry" message. This was because the call to is_enrolled() in success_stripe_url is called with a null user and therefore is_enrolled() tries the $USER global which is set to the admin user as per the token setting (who is not enrolled). Passing $user to is_enrolled() fixes this.
  2. The test for coupon in success_stripe_url fails and therefore the coupon is not applied in stripe. Changing the test "data->coupon_id != 0" to "data->coupon_id != '0'" fixes this. I.e. put quotes around the zero. (I realize the zero is what stripe returns in the callback when there is no coupon but it needs to be a string compare)
  3. In some tests I got an exception displayed rather than the paymentsorry message because the $OUTPUT variable was not set- it should be declared in the list of globals at the beginning of success_stripe_url. Not sure why it worked sometimes.
  4. $data->timeupdated is not set in success_stripe_url so that field in the database is not updated. It is set in the free_enrol case
jimcrammond commented 1 year ago

This patch addresses the issues I found in the success_stripe_url function in the previous comment.

stripepayment-success-url.patch