UPE: cus_ and src_ tokens are not saved in subscriptions when creating an account during checkout

[jrick1229]

Describe the bug

When checking out with a subscription product as a new user, creating an account (whether manually or automatically) during checkout, both the cus_ and src_ tokens are not saved within the subscription. This makes any subsequent renewals fail, as there are no tokens available to use for the charge:

Error: stdClass Object
(
    [error] => stdClass Object
        (
            [code] => payment_intent_unexpected_state
            [doc_url] => https://stripe.com/docs/error-codes/payment-intent-unexpected-state
            [message] => You cannot confirm this PaymentIntent because it's missing a payment method. You can either update the PaymentIntent with a payment method and then confirm it again, or confirm it again directly with a payment method.
            [type] => invalid_request_error
        )

)

To Reproduce

Steps to reproduce the behavior:

1. Set Stripe to use the new UPE
2. Upload Subscriptions and create a new product like this one: https://d.pr/i/StfEIk
3. Per this issue, be sure to use a webhook secret from Stripe as well (else the order will remain set to 'Pending payment')
4. In a private browser window, as a non-logged in user, purchase your subscription product
5. Navigate to the new subscription in your admin dashboard
6. Notice that there are no saved tokens: https://d.pr/i/mcKJuv
7. If you try to manually renew the subscription, you'll see that it is set to 'On hold' and the order will be set to 'Failed' with the error message I included in the above section

Expected behavior

Payment tokens should be saved in the subscription, else it has no way to renew, aside from the subscriber manually logging in and paying for the failed order (which will then save the payment tokens, since the subscriber is logged into their account).

Screenshots

_stripe_source_id has no value in the database: https://d.pr/i/utux0O

Stripe settings: https://d.pr/i/jkBwgJ

Environment (please complete the following information):

``` ### WordPress Environment ### WordPress address (URL): ----- Site address (URL): ----- WC Version: 6.2.0 REST API Version: ✔ 6.2.0 WC Blocks Version: ✔ 6.7.3 Action Scheduler Version: ✔ 3.4.0 WC Admin Version: ✔ 3.1.0 Log Directory Writable: ✔ WP Version: 5.9 WP Multisite: – WP Memory Limit: 256 MB WP Debug Mode: ✔ WP Cron: ✔ Language: en_US External object cache: – ### Server Environment ### Server Info: Apache/2.4.52 (Unix) OpenSSL/1.0.2g PHP Version: 7.4.27 PHP Post Max Size: 1 GB PHP Time Limit: 30 PHP Max Input Vars: 5000 cURL Version: 7.47.0 OpenSSL/1.0.2g SUHOSIN Installed: – MySQL Version: 5.7.33-0ubuntu0.16.04.1-log Max Upload Size: 512 MB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔ ### Database ### WC Database Version: 6.2.0 WC Database Prefix: wp_ Total Database Size: 4.89MB Database Data Size: 3.43MB Database Index Size: 1.46MB wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_actions: Data: 0.02MB + Index: 0.11MB + Engine InnoDB wp_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_logs: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_ariadminer_connections: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_comments: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_options: Data: 2.45MB + Index: 0.06MB + Engine InnoDB wp_postmeta: Data: 0.06MB + Index: 0.06MB + Engine InnoDB wp_posts: Data: 0.05MB + Index: 0.06MB + Engine InnoDB wp_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_term_relationships: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_usermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_admin_notes: Data: 0.05MB + Index: 0.00MB + Engine InnoDB wp_wc_admin_note_actions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_product_lookup: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_wc_rate_limits: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB ### Post Type Counts ### attachment: 1 page: 7 post: 2 product: 1 shop_order: 8 shop_subscription: 6 ### Security ### Secure connection (HTTPS): ✔ Hide errors from visitors: ❌Error messages should not be shown to visitors. ### Active Plugins (4) ### ARI Adminer: by ARI Soft – 1.2.3 WooCommerce Stripe Gateway: by WooCommerce – 6.1.0 WooCommerce Subscriptions: by WooCommerce – 4.0.2 WooCommerce: by Automattic – 6.2.0 ### Inactive Plugins (0) ### ### Settings ### API Enabled: – Force SSL: – Currency: EUR (€) Currency Position: left Thousand Separator: , Decimal Separator: . Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) subscription (subscription) variable (variable) variable subscription (variable-subscription) Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5) Connected to WooCommerce.com: – ### WC Pages ### Shop base: #5 - /shop/ Cart: #6 - /cart/ Checkout: #7 - /checkout/ My account: #8 - /my-account/ Terms and conditions: ❌ Page not set ### Theme ### Name: Twenty Twenty-Two Version: 1.0 Author URL: https://wordpress.org/ Child Theme: ❌ – If you are modifying WooCommerce on a parent theme that you did not build personally we recommend using a child theme. See: How to create a child theme WooCommerce Support: ✔ ### Templates ### Overrides: – ### Subscriptions ### WCS_DEBUG: ✔ No Subscriptions Mode: ✔ Live Subscriptions Live URL: ----- Subscription Statuses: wc-active: 5 wc-on-hold: 1 WooCommerce Account Connected: ❌ No Report Cache Enabled: ✔ Yes Cache Update Failures: ✔ 0 failure ### Store Setup ### Country / State: United States (US) — California ### Subscriptions by Payment Gateway ### Stripe: wc-active: 5 wc-on-hold: 1 ### Payment Gateway Support ### Stripe: products refunds tokenization add_payment_method subscriptions subscription_cancellation subscription_suspension subscription_reactivation subscription_amount_changes subscription_date_changes subscription_payment_method_change subscription_payment_method_change_customer subscription_payment_method_change_admin multiple_subscriptions ### Action Scheduler ### Complete: 21 Oldest: 2022-02-09 19:18:36 +0000 Newest: 2022-02-09 19:39:22 +0000 Pending: 15 Oldest: 2022-02-09 19:44:18 +0000 Newest: 2022-08-09 19:31:24 +0000 ### Status report information ### Generated at: 2022-02-09 19:41:31 +00:00 ```

Additional context

This was done on a JN site, since the webhook secret wouldn't work on a local site.

4742935-zen

[jrick1229]

Seen in: 4761919-zen

[thracefulton]

Another instance in 4840163-zen.

[thuautp]

4864269-zen

[csmcneill]

4850713-zen

[aheckler]

25868718-hc

[waynep16]

This is a real pain as renewals are unable to process

requires_payment_method & payment_intent_unexpected_state are not stored

[message] => You cannot confirm this PaymentIntent because it’s missing a payment method. You can either update the PaymentIntent with a payment method and then confirm it again, or confirm it again directly with a payment method. [type] => invalid_request_error

Please push for a fix

[aheckler]

One way to find potentially affected subscriptions would be a search in phpMyAdmin, or an equivalent query:

Some possible workarounds:

• Disable Stripe's new checkout experience? (I have not tested this myself.)
• Using User Switching, log in as the user and then take payment via phone or some other method. You'll be able to save the payment to their account this way, and the Stripe metadata is saved to the subscription.
• Email the affected customers, explain the situation, and have them come back to the site to pay. This will save the info to the subscription normally as well.

[jrick1229]

4940677-zen

[AashikP]

Another possible report in 5202276-zen

[mouligreenlaw]

Possibly also on 5202047-zen

[spigotdesign]

Reporting this issue on a client site. Disabling the New Checkout Experience fixed it, and we will be manually adding customer and source ID info into subscriptions.

[EvanDotPro]

Quick update to say that I've successfully reproduced this issue. The exact reason this is happening for UPE orders hasn't been identified yet, but we should have further updates and hopefully a PR for this soon.

[dreamtooloud]

Most likely another report : 5826805-zen

[AbhinavSakalle]

5879441-zen

[Brianmitchtay]

We're seeing this again in 5930711-zen

I wanted to note that in this user's experience as well as in my testing, not only are the customer ID and source ID not saved to the user's subscription, the Payment method is not set up for recurring payments in Stripe.

So if the user tries to take the pm_ token from the customers profile in the Stripe dashboard, and place that in the subscription as a payment method, future renewals will fail with an 'invalid_request _error' despite how in the documentation for setting up automatic payments for subscriptions it states:

"Other valid tokens are card_, and pm_"

Disabling UPE causes new subscriptions to be created correctly, but now because the payment method for all previously created subscriptions is not properly set up, customers are all going to have to manually re-enter their payment information which is a large burden.

@EvanDotPro any news on an movement towards a PR for this critical bug? A year feels like a long time to have this open. Can I help test in any way?

[conschneider]

Hi good people,

Trying for a 🛎️ . Is there somebody that can take a look at this with us? We are happy to help with any kind of testing.

[zoupkat]

Hello @EvanDotPro ! Any updates on this issue? Can you please let us know where we are so that we can inform the user that asked for an update? We also asked yesterday but without a ping: https://github.com/woocommerce/woocommerce-gateway-stripe/issues/2317#issuecomment-1465872523 Thank you in advance :)

[EvanDotPro]

@zoupkat Unfortunately I'm no longer with Automattic. I'll ping the current team lead and hopefully they can reprioritize this!

/cc @diegocurbelo

[zoupkat]

Thanks @EvanDotPro ! @diegocurbelo please let us know!

[diegocurbelo]

Hey @zoupkat! We are going to start working on this next week.

[leafarenuk]

hey @EvanDotPro @diegocurbelo what is the timeplan for the release of a fix? 😎

[ericfri]

6262680-zen

[jobthomas]

@vbelolapotkov @diegocurbelo can someone please explain why there has been no update on this bug report in such a long time?

cc @beaulebens

[mattallan]

Hey all, I believe this issue will be fixed by my PR here: https://github.com/woocommerce/woocommerce-gateway-stripe/pull/2619

This issue is caused by this nonce check failing when accounts are being created via the checkout process, returning early from our payment redirect flow. This then prevents the following $order->payment_complete() from being called and the cus_ and src_ tokens from being saved on the subscription.

Here are my results from purchasing a subscription as a guest customer with UPE enabled.

On the develop branch :x:

• Processing a renewal puts the subscription on-hold

On PR https://github.com/woocommerce/woocommerce-gateway-stripe/pull/2619:

• Processing a renewal works as expected

[imodouglas]

6480189-zen (possible issue)