Open bymayo opened 4 days ago
Captchas are run before payment integrations, and if a captcha has marked a submission as spam payments aren't run.
I'll double check this with Opayo with regards to its capture flow, but while the payment is authorized before the form is submitted, it's not supposed to be captured until after everything has cleared.
@engram-design Yeah might just be worth checking, or letting me know if we've missed a setting somewhere.
You can see that it's marked as spam from recaptcha, but payment is success:
Yep, so I've just tested this and it's working as I'd expect. Note that we added a check in 2.1.4 to fix processing payments regardless of spam. I note you're on 2.1.9 but just wanted to confirm.
A quick-and-dirty test that might be useful on your end is to add some debug code in 2 places.
Firstly to flag the captcha failing here:
$this->spamReason = 'Manual fail.';
return false;
Then, adding a debug statement before processing payments here:
Craft::dd('processPayments');
You'll have to inspect the network request in your web developer tools, as the form will be Ajax due to Opayo's requirements. But this should be either showing the submission as successful (and the payment not being triggered) or, you should see that debug message.
Otherwise, I can't see a scenario where payments are being processed when something is marked as spam...
Describe the bug
We are using Opayo as a payment gateway, and the hidden Google Recaptcha V3.
When someone is using the form to make a payment it seems that the submission goes through even if they fail the recaptcha, and the payment is taken. The issue being that admins aren't then notified by email of the payment.
I know theres a setting to send emails for all spam submissions, but this can't be turned on really.
It would be good if the payment wasn't taken and an alert was shown or something similar
Steps to reproduce
Form settings
Craft CMS version
4.10.0
Plugin version
2.1.9
Multi-site?
No
Additional context
No response