stripe / stripe-ios

Stripe iOS SDK
https://stripe.com
MIT License
2.12k stars 981 forks source link

SDK crashes after 3DS verification (synchronous payment flow) #1725

Closed meismyles closed 3 years ago

meismyles commented 3 years ago

Summary

Using synchronous payment flow, when completing a purchase that requires 3DS, after entering 3DS verification code (correctly) and pressing submit the SDK crashes saying: "Calling completion with invalid state".

A smaller separate issue is that it also appears that due to the assertion statement within the failure code block, the app can never fail gracefully (for example, showing an error) and instead will just crash.

Code to reproduce

Try making a purchase using a 3DS test card and calling handleNextAction, performing 3DS verification and then the app should crash.

After discussing in Stripe IRC channel it appears this may be an SDK bug. The payment intent status is requiresConfirmation which we believe is correct, however, the SDK doesn't seem to allow requiresConfirmation as a success status, see: https://github.com/stripe/stripe-ios/blob/b1102323c07e2ce343d59c20bf15a50fd03ae1b0/Stripe/STPPaymentHandler.swift#L257

In an older version of the SDK (when still in Obj-C) you can see requiresConfirmation was allowed as a success state, see: https://github.com/stripe/stripe-ios/blob/e55d8d1a2354ca22487134bd3cb9a605ec4b6025/Stripe/Payments/STPPaymentHandler.m#L147

It also seems like the assertion statement within the else block should be removed so that the SDK can complete with a failed state gracefully rather than the app crash: https://github.com/stripe/stripe-ios/blob/b1102323c07e2ce343d59c20bf15a50fd03ae1b0/Stripe/STPPaymentHandler.swift#L260

iOS version

iOS 14.X

Installation method

Cocoapods

SDK version

21.0.1

Other information

Spoke to @karllekko about this on IRC and we both came to the conclusion that this looks like an SDK issue on there. Hopefully they can flag this internally. Thanks!

davidme-stripe commented 3 years ago

Thanks for the detailed report, I'll look into this today.

meismyles commented 3 years ago

Hey, any update on this??

davidme-stripe commented 3 years ago

Sorry for the delay! This is fixed in version 21.1.0.