Multiple Adyen payments for single Pronamic Pay payment

pronamic / wp-pronamic-pay-adyen

Adyen driver for the WordPress payment processing library.

6 stars 2 forks source link

Multiple Adyen payments for single Pronamic Pay payment #1

Closed rvdsteege closed 2 years ago

rvdsteege commented 2 years ago

Our current implementation of the Adyen drop-in can result in multiple payments at Adyen for a single Pronamic Pay payment. This is probably undesired as this is the only gateway integration where this is possible.

Multiple payments can occur in for example the following cases:

a card payment fails and is then tried again;
while a payment is being processed, the payment page can be reloaded and a 2nd payment can then be made.

This previously also resulted in an issue with a failed payment updating a later successfully paid payment in https://github.com/pronamic/wp-pronamic-pay/issues/245.

rvdsteege commented 2 years ago

In https://github.com/pronamic/wp-pronamic-pay/issues/289 we discovered that notifications can trigger payment status updates on the wrong subsite in a multisite, if the merchant reference (Pronamic Pay payment ID) is the same across sites and all sites are receiving the same notifications from Adyen (that is, no differentiation across sites through merchant accounts).

To resolve that issue, we need the single Adyen transaction for a Pronamic Pay payment (this issue) and make sure to check if the pspReference in an Adyen notification matches the transaction ID of the Pronamic Pay payment.

rvdsteege commented 2 years ago

To resolve that issue, we need the single Adyen transaction for a Pronamic Pay payment (this issue) and make sure to check if the pspReference in an Adyen notification matches the transaction ID of the Pronamic Pay payment.

This is not possible anymore since #6. An other idea would be to add the site ID as metadata in a multisite environment and make sure it matches the current site ID when handling notification items.

remcotolsma commented 2 years ago

Discussed at Pronamic HQ:

<?php

$network_id = '1';
$blog_id    = '3';
$payment_id = '98765';

$reference = sprintf( '%s-%s-%s', $network_id, $blog_id, $payment_id );

var_dump( $reference );

list( $scan_network_id, $scan_blog_id, $scan_payment_id ) = sscanf( $reference, '%d-%d-%d' );

var_dump( $scan_network_id );
var_dump( $scan_blog_id );
var_dump( $scan_payment_id );

rvdsteege commented 2 years ago

An other idea would be to add the site ID as metadata […]

On further exploration it became clear that including transaction metadata in notifications would require additional configuration in the webhook settings and is only available for payments using 3D Secure.

Because of the above, we chose to extend the merchant reference with network and blog IDs in https://github.com/pronamic/wp-pronamic-pay-adyen/commit/1ae804bd8362a0be8b0d0cea1eaabb232c532c77. As we now need 'multiple references' within the reference, we opted for the format {network_id}-{blog_id}-{payment_id} as suggested by Adyen:

The reference to uniquely identify a payment. This reference is used in all communication with you about the payment status. We recommend using a unique value per payment; however, it is not a requirement. If you need to provide multiple references for a transaction, separate them with hyphens ("-"). Maximum length: 80 characters.