Internal server error with GraphQL mollieCustomerOrder query

[bramstroker]

Describe the bug Our client is trying to use the mollieCustomerOrder query as indicated in your docs. However this is resulting in a NoSuchEntityException thrown from the OrderRepository.

[2020-11-26 07:21:48] main.ERROR: The entity that was requested doesn't exist. Verify the entity and try again. {"exception":"[object] (GraphQL\\Error\\Error(code: 0): The entity that was requested doesn't exist. Verify the entity and try again. at /var/domains/magentoacceptance-acceptance.dekbeddiscounter.emico.nl/application/releases/17/vendor/webonyx/graphql-php/src/Error/Error.php:174, Magento\\Framework\\Exception\\NoSuchEntityException(code: 0): The entity that was requested doesn't exist. Verify the entity and try again. at /var/domains/magentoacceptance-acceptance.dekbeddiscounter.emico.nl/application/releases/17/vendor/magento/module-sales/Model/OrderRepository.php:139)"} []

Used versions

• Magento 2.4.1:
• Open source:
• Mollie version number: 1.17.1

To Reproduce Steps to reproduce the behavior:

1. Create a new cart (with products, addresses etc.) using GraphQL.
2. Place the order and request the payment token:

   mutation {
   placeOrder(input: {
     cart_id: "{{cart_token}}"
   }) {
   order {
     order_id
     mollie_payment_token
   }
   }
   }

3. Retrieve the order status based on the payment token:

   type Query {
   mollieCustomerOrder (
       hash: "{{payment_token}}"
   ) {
       id
       increment_id
       created_at
       grand_total
       status
   }
   }

Expected behavior The order is returned

Actual behavior An "Internal server error" message is returned

Additional context I did some digging around and found the following; The PaymentToken resolver which is used during the place order mutation is responsible for generating the payment token. When I look at the algorithm used I see the following: $this->mathRandom->getUniqueHash().

Next I did have a look at the MollieCustomerOrder resolver. There I see the following code to get from the payment token to an order:

$hash = $args['hash'];
$decodedHash = base64_decode($hash);
$orderId = $this->encryptor->decrypt($decodedHash);

This is a 2 way encryption, but when generating the payment token a one way hash is generated which is not decryptable in anyway imho.

Imo the following code should be used to retrieve the order by the payment token, which is also used by the CreateMollieTransaction mutation:

$tokenModel = $this->paymentTokenRepository->getByToken($token);
$orderId = $tokenModel->getOrderId();

When my findings are correct I'm curious how this could have worked previously.

[bramstroker]

Nevermind, this is not an issue. The graphQL schema doc "The hash added to your custom URL" brought me on the right track. We need to pass the order_hash in the returnURL, not the payment token.

This is not clear in the docs/wiki. In the example <payment_token> is listed, so maybe the docs need a little tweaking.