Order that is expired seems to be accepted by Vendr

[royberris]

Hi Matt,

We have a couple of hundredth orders in now and we noticed some problems on some orders. Mollie is showing the transaction status as expired, while Vendr is sending the confirmation e-mail to client and the fulfillment partner. Some people received their products while never paying for it.

When I look at the code I see that status Cancelled in Vendr is equal to Expired in the Mollie status. This seems to work fine.

But I am not sure how it is possible that Vendr accepted the order in the first place. In Mollie when I look at the transaction history it goes as follows:

- 31 december 08:23: Order created
- 31 december 08:25: Order is expired from status created
- 31 december 08:25: Webhook succesfully called, took 4.3 seconds

So the payment was never in a succeeded state, where they cancelled afterwards.

[royberris]

Update: the order status Cancelled got removed in the Vendr statuses for some reason. The Mollie status Expired now seems to default to Completed.

That might be the solution

[mattbrailsford]

Hi @royberris, hmm, according to the code here, Expired is mapped to Cancelled https://github.com/vendrhub/vendr-payment-provider-mollie/blob/v2/dev/src/Vendr.PaymentProviders.Mollie/MollieOneTimePaymentProvider.cs#L423 🤔

[royberris]

@mattbrailsford the status was deleted in the Order Statuses overview. You can customize this of course. But when changing the alias, or removing the status. It falls back to Completed. That seemed to be the problem here.

[mattbrailsford]

@royberris ahhh, I see what you mean 👍

[royberris]

@mattbrailsford Hi Matt, update on this. Even after adding back the status cancelled in the Order Statuses overview I still get orders like these occasionally.

Where the "Order Status" is Confirmed but the "Payment Status" is Cancelled. Only payment provider we have set up is Mollie.

These are the three statuses that we have. The confirm e-mail got send, even though the payment never succeeded.

[mattbrailsford]

Hi @royberris

I think this is expected behavior. Canceled isn’t considered an error status which is the only order status that is auto assigned. Order Statuses are really just folders for store owners to organise their orders into.

If this is confusing it might be worth creating a status for new orders and then you manually organise them after payment process is complete. You can then move them into a logical folder.

For reference, orders become canceled when an authorised transaction is not captured in the relevant timeframe. So technically the order is Complete, but the payment was Canceled.

[royberris]

Hi @mattbrailsford

I don't really understand why cancelled as a payment status is not considered a fail with Mollie. Because now when the payment status is cancelled the confirmation e-mail still goes out.

How could I achieve that only a captured payment status will send out the confirmation e-mail.

---

Edit: Or are you saying that the order status is considered Completed (and the e-mail goes out) before the payment is processed?

[mattbrailsford]

Hi @royberris

I'll explain what I mean, but in thinking on this, I do need to check whether things are moving through the right processes.

So generally speaking, if the payment method supports authorization which is where a customer completes the checkout flow, entering their details and getting to the confirmation page, but the payment provider is configured to not immediately capture the payment but instead puts a hold on the funds, then in this scenario the order is still considered Complete and finalized because the customer has completed the checkout process and payment has been approved. This will therefore trigger the confirmation email.

When a order payment is authorized though, there is generally a set window that you must then complete and capture the payment. If you don't complete it in a timely manor, or if you manually decide to cancel the payment (usually happens when the customer asks to cancel the order before it's been shipped) then the payment will become cancelled. Even though the payment is cancelled though, the order is still complete and the order confirmation will have already been sent prior.

All this said though, the thing I'm not sure about in your case is, is the orders payment status becoming cancelled after a period of time? Or are you saying it's immediately becoming cancelled at the point of checkout completion? If it's the later, maybe it means that Mollie are sending a webhook notification to say a payment process was cancelled when the customer decides to go back to the website to modify the order. If that is the case, then this is different to all other payment providers who only issue notifications for completed orders.

Can you confirm which of these is the case? And whether you can reliably replicate this later scenario if that is the case?

[royberris]

@mattbrailsford

Earlier in this thread I shared this.

Scenario 1 (cancelled)

- 31 december 08:23: Order created
- 31 december 08:25: Order is expired from status created
- 31 december 08:25: Webhook succesfully called, took 4.3 seconds

It seems to create the order, then it's expired and webhook is called.

For a completed order it looks like this.

Scenario 2 (completed)

- 11 januari 21:56: Order created
- 11 januari 21:56: Paymentmethod menu provided
- 11 januari 21:56: iDEAL-payment started
- 11 januari 21:56: iDEAL-payment completed

I can confirm that in scenario 1 the payment was never completed in the first place. But I'm not sure what status Mollie sent back to Vendr. It might be authorized?

In scenario 2 I also can't confirm the original status in Vendr. But I can confirm this succeeded in 1 step without calling the webhook.

Is there any way to see the "order log" in Vendr. Where it captured the different statuses it might've gone through? Then I can match these Mollie transactions to the Vendr payment statuses.

[mattbrailsford]

@royberris hmmm, we have the vendrActivityLog table which does track some payment status changes, but cancelled doesn't appear to be one of them 🤔

Looking at scenario 1 though, it does look like it could be notifying the webhook of just straight up cancelled payments for orders that haven't completed (ie, the customer cancelled out of the payment flow and went back to the site). If this is the case, then yea, this could lead to orders becoming finalized with a cancelled status.

If this is the case, then again, this is Mollie making up their own rules as literally every other payment gateway doesn't do this 🤦‍♂️ If they are doing this, then we are going to need to try and find a way in the webhook to figure out if the order should complete. I guess a simple scenario would be to say that it can only become canceled if it's already been finalized. You can't straight finalize to a canceled status 🤔

[royberris]

@mattbrailsford

I found the problem. These where created a month ago. Now after a month (13 december to 10 januari) the webhook is called. And Vendr finds these orders, sets their payment status to Cancelled. And Vendr sends out the confirmation e-mail to the customer and the fulfillment partner.

This is a critical issue in the webhook because now (webshop is up for 1.5 month) every order that expired in the past will be completed eventually. Even though the payment never arrived.

I'm guessing the workflow needs to change so they can't hop from one status to another.

---

Why do we consider the expired Mollie status as Cancelled? I think the problem sits there. Expired means the order never succeeded.

[mattbrailsford]

@royberris the issue is, Mollie is treating those statuses differently to what other payment gateways treat them as. Most other gateways only fire those events / notifications for completed orders, but Mollie is firing them for everything.

I think we'll need to do some checks to ensure the payment is Authorized before applying an expired or canceled status.

[mattbrailsford]

@royberris ok, there is a 2.0.1-beta0001 on our unstable nuget feed here https://nuget.outfield.digital/unstable/vendr/v3/index.json As per this code commit https://github.com/vendrhub/vendr-payment-provider-mollie/commit/fea803d23b9a3bb52cd2a18aac899f44940910c1 I now check the webhook, and only allow an order to move into a canceled state, if it was previously in an authorized state (which is really the only time it should be allowed).

I believe this should fix the issue, as in scenario 1 it was moving from created to expired so this should no longer cause an order to become finalized.

Please test the unstable build and let me know if it solves your issue and then I'll issue a proper release.

[royberris]

@mattbrailsford

It's ok to go from Authorized -> Cancelled. But not from New -> Cancelled.

When order is in status New, and Mollie sends the Expired status. (Which Vendr registers as Cancelled). The order should not be completed, but be cancelled.

---

We commented on the same moment. I reacted to the previous comment. That might solve it.

[mattbrailsford]

@royberris naa, if the order isn't completed / finalized, and we receive a canceled / expired notification, we just need to ignore the notification as we don't really care. If the customer cancels out of the checkout flow, when they re-enter a new payment is created so we don't care what happens to the old one so it can safely expire and be ignored.

We only need to track / record the status of the payment that is associated with a completed checkout flow.

[royberris]

@mattbrailsford hmm I'm testing right now, but there is no way for me to manually expire the order in Mollie. I can expire the transactions that sit on top of the order. But the order itself shows status "Created". The order is what will call the webhook, not the transactions. It tells me the order will expire in 27 days.

Looking at the statuses and the code I do think this is the solution. But I have no way to confirm it right now.

[mattbrailsford]

@royberris yea, I think this is going to be the tricky thing of it, it's going to need to wait for something to expire (don't you just love testing 3rd party apis 🤦‍♂️)

I'll leave this issue open for now an hopefully we'll get confirmation when the payment expires

[royberris]

@mattbrailsford I have some orders on production that will expire soon. Seeing the need for us to have this fixed is critical I will run this code on production so we can finish this. I'll come back tomorrow, because I have a couple of orders that will expire tomorrow

[royberris]

@mattbrailsford we've got some expired orders in Mollie that did not make it into Vendr afterwards. I do see that Mollie now retries the webhook a couple of times and gets below error code is that expected?

Webhook failed with status code 400 (Bad Request)

See: https://user-images.githubusercontent.com/25608596/149469562-6ece680f-b090-41d0-9121-55c084d241ad.png

[mattbrailsford]

Hey @royberris so a 400 usually occurs outside of the payment provider and is usually when Vendr can't find the linked order. Webhooks usually send back and Order ID + Order Number for Vendr to locate the order but if it can't find an order with those ID's it returns a 400.

I think what is potentially happening is people are starting payments, but cancelling and returning to the store and potentially going back and editing their order. The way Vendr works though is when this happens, a new order number is generated as some payment gateways don't like processing the same order number multiple times.

The issue with Mollie is that they are sending notifications for un-completed orders and so payments that were started for order number ABC may have been changed and so now have a new order number of XYZ and so when Vendr receives a webhook request for an expiring old payment, it is now unable to locate that specific order ID + order number combo and so returns a 400 status.

Only real thing I could think to do is maybe make Vendr return a 200 status even if it can't find the order, as whilst yes it can't process the webhook, if it can't process it now, it's unlikely it will be able to process it later and so a 200 would prevent Mollie retrying.

I'll need to thing if there are any further issues with returning 200 by default 🤔

[royberris]

Hi @mattbrailsford

This specific order might've been outside the issue we have above. I can see this behavior in Mollie. Some orders have 5 different order numbers with the same cart and address all unpaid.

I noticed that not all expired orders caused the above problem, but only a few. I am not sure what the requirements are to get in to the order state where the expired order causes it to complete. Because not every order in Mollie that is created and unpaid seems to cause this.

But this doesn't exclude your fix not working. So I'll keep monitoring it.

---

In Mollie's case, I guess you need to cancel the order when the user goes back to the store if that is a possibility.

[mattbrailsford]

@royberris hmm, yea, maybe that's possible within the redirect handling code. I'll give it some thought.

[royberris]

Hi @mattbrailsford

It's been two weeks and I can safely say we haven't seen any expired order back in Vendr as completed. For us this issue is resolved.

[mattbrailsford]

Thanks for confirming @royberris I'll push out an official release shortly.

[mattbrailsford]

@royberris A new release of the Mollie provider has just been pushed out 👍