Let merchant know about allowed statement descriptor characters

madeincosmos commented 5 years ago

Added by @v18:

When receiving statement descriptors with disallowed characters, Stripe will either strip or convert the characters. We should let the merchant know about this when saving the statement descriptor in their settings.

Affected ticket(s)

1894621-zen

What I expected

To process transactions through Stripe.

What happened instead

There's an error on the checkout page Sorry, we are unable to process your payment at this time. Please retry later.

This turned out to be due to non-UTF-8 characters included in Statement Descriptor, such as ™:

Screenshot: https://cld.wthms.co/bANjrb

Removing the character solved the problem, but it would be great to escape this string anyway as it's breaking the main checkout flow.

Steps to reproduce the issue

Set statement descriptor with a special character, ie. Super Awesome Company™
Add any product to cart and try to complete the order,
Observe the error

[ ] Issue assigned to next milestone.
[ ] Issue assigned a priority (will be assessed by maintainers).

allendav commented 5 years ago

An appropriate fix could be to strip non digit non letter non space from any entry before persisting.

dougaitken commented 5 years ago

In addition, only alpha-numeric characters may be used. is mentioned in the docs under setup and config.

Stripping non-alpha numeric would be great.

reykjalin commented 5 years ago

@allendav @dougaitken would it be appropriate here to display some sort of warning and refusing to save this option? If users don't see what they expect in the box after saving the settings without being informed about why it changed, that will definitely be a source of confusion 🙂.

reykjalin commented 5 years ago

Adding an error to wp-admin is easy enough:

if ( ! empty( $statement_descriptor ) ) {
    $setting_link = $this->get_setting_link();
    // Check if statement descriptor contains invalid characters.
    $allowed_symbols_regex = '/^[a-zA-Z0-9:;\.,[\]\-_\/?|~`!@#$%^&(){}=+\s]+$/';
    if ( ! preg_match( $allowed_symbols_regex, $statement_descriptor ) ) {
        /* translators: 1) link */
        $this->add_admin_notice( 'statement_descriptor', 'notice notice-error', sprintf( __( 'The statement descriptor contains some <a href="%1$s">invalid characters</a>. Store checkout may fail! Please go to your settings and <a href="%2$s">ensure your statement descriptor is alphanumeric</a>.', 'woocommerce-gateway-stripe' ), 'https://stripe.com/docs/connect/statement-descriptors#requirements', $setting_link ), true );
    }

    // Check if statement descriptor has the right length; between 5 and 22 characters.
    if ( strlen( $statement_descriptor ) < 5 || 22 < strlen( $statement_descriptor ) ) {
        /* translators: 1) link */
        $this->add_admin_notice( 'statement_descriptor', 'notice notice-error', sprintf( __( 'The statement descriptor is either <a href="%1$s">too long or too short</a>. Store checkout may fail! Please go to your settings and <a href="%2$s">ensure your statement descriptor has the right length.</a>', 'woocommerce-gateway-stripe' ), 'https://stripe.com/docs/connect/statement-descriptors#requirements', $setting_link ), true );
    }
}

Is punctuation included in the alphanumeric restriction, or is it purely /[a-zA-Z0-9\s]/?

I'm also wondering if showing errors like these is enough, or if we should automatically strip the descriptor? This includes cutting off the descriptor if it's too long, and padding it if it's too short?

dougaitken commented 5 years ago

Can we ask Stripe to confirm @reykjalin? I'm unsure about what characters are allowed but it sounds like only alpha-numeric is only allowed now so no punctuation

mikkamp commented 4 years ago

2590402-zen

In this case the statement descriptor was set to Chinese characters which resulted in the following error:

Invalid UTF-8 characters found in POST body

Neither the settings nor the Stripe documentation indicates which characters can be used: https://stripe.com/docs/statement-descriptors https://stripe.com/docs/api/charges/create

Would be nice to get a final answer from Stripe on that. I assume it's alpha numeric characters since it has to work for every bank.

madeincosmos commented 4 years ago

Another user running into the same problem in 3071324-zen.

They had the É letter in statement descriptor.

v18 commented 3 years ago

This issue is partially fixed in #1263 and partially fixed by Stripe now accepting these characters:

巧兒
É
™

The part that's not fixed is that we don't let the user know that these characters will either be stripped by Stripe, or will be converted to latin characters. I'll change the name and description of this issue to reflect that.

For reference, here's a doc outlining the requirements of statement descriptors: https://stripe.com/docs/statement-descriptors#requirements

cesarcosta99 commented 2 years ago

Closing this since we're now letting the merchant know about an acceptable input for the statement descriptor field (via #2283).

woocommerce / woocommerce-gateway-stripe