search

woocommerce / woocommerce-gateway-stripe

The official Stripe Payment Gateway for WooCommerce
https://wordpress.org/plugins/woocommerce-gateway-stripe/
235 stars 206 forks source link

Critical error when creating an account during guest checkout if payment fails #2692

Open ahegyes opened 1 year ago

ahegyes commented 1 year ago

Describe the bug

When the payment fails for some reason, e.g. if the card is declined, the plugin makes an AJAX call to the action wc_stripe_update_failed_order and passes the nonce stored inside the JS parameter wc_stripe_upe_params.updateFailedOrderNonce. That nonce is created on the server-side using wp_create_nonce and used on the checkout page throughout the checkout experience.

However, the nonce can become invalid if the user starts the checkout process as a guest and an account gets created when they attempt to check out (e.g., either because WC is set to automatically create new accounts on checkout or if the option exists and the customer checks the Create account checkbox).

If the guest attempts to check out and WC determines that an account should be created for them, then it does so and logs them in automatically before the payment processing starts.

That will invalidate all the nonces stored in JS on the checkout page since the checkout happens via AJAX and thus doesn't reload the page to regenerate the nonces in PHP.

If the payment fails, the call to wc_stripe_update_failed_order will include a faulty nonce and fail the check here: https://github.com/woocommerce/woocommerce-gateway-stripe/blob/88b180468c11b89d19fcdec7fcc0f0d6a63e72a0/includes/class-wc-stripe-intent-controller.php#L609C1-L612

When that happens, the catch block catches the exception. However, line 656 inside the catch block tries to make a call on $order which is, at that point, uninstantiated and thus null because the object is set after the nonce check on line 616.

This causes a 500 error and interrupts the normal flow of the checkout process (see how the user column changes between requests due to the account creation feature):

vOQWGf.png

To Reproduce Steps to reproduce the behavior:

  1. Ensure that your WC is set up like this under Accounts & Privacy: VaomtJ.png
  2. Try to checkout as a guest with the Create account? checkbox selected and with a card that will surely be declined for some reason
  3. See fatal error

Expected behavior

No fatal error and clear processing of the failed payment until the end.

Environment (please complete the following information):

wpniall commented 12 months ago

Reported in 7213708-zen

github-actions[bot] commented 1 month ago

Hi, This issue has gone 150 days (5 months) without any activity. This means it is time for a check-in to make sure it is still relevant. If you are still experiencing this issue with the latest version, you can help the project by responding to confirm the problem and by providing any updated reproduction steps. Thanks for helping out.

github-actions[bot] commented 1 week ago

This issue has gone 180 days (6 months) without any activity.