matthiask / plata

Plata - the lean and mean Django-based Shop
https://plata-django-shop.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
202 stars 63 forks source link

Error handling in payment processors #41

Closed arteme closed 12 years ago

arteme commented 12 years ago

Hi,

The default behavior for payment processors when an error is encountered seems to be the HTTP error 403 "Forbidden" response. This particularly applies to ipn() method as there hasn't been a case yet where it is possible that process_order_confirmed() will raise an error.

I am writing a payment processor for a service with a REST API that will return "success" or "error" upon payment record creation using that API. While I can handle the error using the same code 403 response, I would much like to handle this case with some application logic: set a flash error message (messages.error(request, ...)) and return to the confirmation page. In fact, I would like to be able to do that in the ipn() method as well -- it wouldn't disturb user work-flow unlike error 403.

Currently there is no API to give the opportunity to redirect payment processing errors to some application-level logic or even to the "failure URL" provided to the payment processor. I would like to open this feature for discussion (and possible implementation by myself or someone else).

matthiask commented 12 years ago

@arteme, the IPN URLs we have are never visited by customers; those endpoints are only used by the PSPs. I think it's correct to send 403 errors when the parameters cannot be parsed.

Once past the confirmation point, the payment processors have full control over the request/response cycle. You can add as many URLconf entries and views as you want as long as they are contained inside the payment processor class. It should be easily possible to add the REST call and issue redirects and/or error messages afterwards in process_order_confirmed.

Please get back to me if you're having problems again -- maybe paste the code somewhere where I can see it, it might be easier to give pointers.

We are always interested in additional payment processors inside Plata btw!

(And sorry for not answering earlier, I missed this issue somehow.)

arteme commented 12 years ago

@matthiask, you're absolutely right, IPN URLs are never visited by the end-user.

Quick off-topic question: are Ogone and PostFinance IPN handlers ever used? They are not actually referenced from anywhere.

I guess my real question boils down to the following use case:

The payment processing server may return an error code and error message from its REST call. It would be good to display this message to the end-user. Currently the basic shop "order_payment_failure" doesn't take any additional messages to show to the user. While I could very well override "order_payment_failure" URL in my own show instance, would it make sense to rather add this functionality to the default Plata shop?

matthiask commented 12 years ago

Yes, those IPN handlers are definitively used; the callback URL is to be entered in the merchant interface of Ogone/PostFinance. The Ogone/PostFinance servers (it's the same with PayPal by the way) send a POST to this IPN URL as soon as the buyer confirms the transaction. This URL is only used for a server to server request, never by the client.

Concerning messages: I'd use django.contrib.messages everywhere and I think that this is sufficient for all feedback to the user.

matthiask commented 12 years ago

I think this issue can be closed?