Check intent attached to order before payment (#5346)

* Add `check_payment_intent_attached_to_order_succeeded` to both the main gateway and UPE classes.
* Handle the redirection for UPE flow in the front-end (JS code)
* Add info text to the thank-you page

Author: htdat

changelog/add-check-intent-attached-to-order-before-payment

@@ -0,0 +1,4 @@
+Significance: patch
+Type: update
+
+Check the status of previously initiated payments and mark orders as processing instead of initiating a new payment.

client/checkout/api/index.js

@@ -705,17 +705,28 @@ export default class WCPayAPI {
 	}
 
 	/**
-	 * If another order has the same cart content and was paid, redirect to its thank-you page.
+	 * Redirect to the order-received page for duplicate payments.
 	 *
 	 * @param {Object} response Response data to check if doing the redirect.
 	 * @return {boolean} Returns true if doing the redirection.
 	 */
-	handlePreviousOrderPaid( response ) {
-		let didRedirection = false;
-		if ( response.wcpay_upe_paid_for_previous_order && response.redirect ) {
-			window.location = response.redirect;
-			didRedirection = true;
+	handleDuplicatePayments( {
+		wcpay_upe_paid_for_previous_order: previouslyPaid,
+		wcpay_upe_previous_successful_intent: previousSuccessfulIntent,
+		redirect,
+	} ) {
+		if ( redirect ) {
+			// Another order has the same cart content and was paid.
+			if ( previouslyPaid ) {
+				return ( window.location = redirect );
+			}
+
+			// Another intent has the equivalent successful status for the order.
+			if ( previousSuccessfulIntent ) {
+				return ( window.location = redirect );
+			}
 		}
-		return didRedirection;
+
+		return false;
 	}
 }

client/checkout/blocks/upe-fields.js

@@ -272,7 +272,7 @@ const WCPayUPEFields = ( {
 			onCheckoutAfterProcessingWithSuccess(
 				( { orderId, processingResponse: { paymentDetails } } ) => {
 					async function updateIntent() {
-						if ( api.handlePreviousOrderPaid( paymentDetails ) ) {
+						if ( api.handleDuplicatePayments( paymentDetails ) ) {
 							return;
 						}
 

client/checkout/classic/upe.js

@@ -462,7 +462,7 @@ jQuery( function ( $ ) {
 			);
 
 			if ( updateResponse.data ) {
-				if ( api.handlePreviousOrderPaid( updateResponse.data ) ) {
+				if ( api.handleDuplicatePayments( updateResponse.data ) ) {
 					return;
 				}
 			}
@@ -542,7 +542,7 @@ jQuery( function ( $ ) {
 				fingerprint ? fingerprint : ''
 			);
 
-			if ( api.handlePreviousOrderPaid( response ) ) {
+			if ( api.handleDuplicatePayments( response ) ) {
 				return;
 			}
 

includes/class-wc-payment-gateway-wcpay.php

@@ -96,6 +96,11 @@ class WC_Payment_Gateway_WCPay extends WC_Payment_Gateway_CC {
 	 */
 	const FLAG_PREVIOUS_ORDER_PAID = 'wcpay_paid_for_previous_order';
 
+	/**
+	 * Flag to indicate that a previous intention attached to the order was successful.
+	 */
+	const FLAG_PREVIOUS_SUCCESSFUL_INTENT = 'wcpay_previous_successful_intent';
+
 	/**
 	 * Client for making requests to the WooCommerce Payments API
 	 *
@@ -709,12 +714,17 @@ public function process_payment( $order_id ) {
 
 			UPE_Payment_Gateway::remove_upe_payment_intent_from_session();
 
-			$check_response = $this->check_against_session_processing_order( $order );
-			if ( is_array( $check_response ) ) {
-				return $check_response;
+			$check_session_order = $this->check_against_session_processing_order( $order );
+			if ( is_array( $check_session_order ) ) {
+				return $check_session_order;
 			}
 			$this->maybe_update_session_processing_order( $order_id );
 
+			$check_existing_intention = $this->check_payment_intent_attached_to_order_succeeded( $order );
+			if ( is_array( $check_existing_intention ) ) {
+				return $check_existing_intention;
+			}
+
 			$payment_information = $this->prepare_payment_information( $order );
 			return $this->process_payment_for_order( WC()->cart, $payment_information );
 		} catch ( Exception $e ) {
@@ -1924,6 +1934,56 @@ protected function get_account_branding_icon( $default_value = '' ): string {
 		return $default_value;
 	}
 
+	/**
+	 * Checks if the attached payment intent was successful for the current order.
+	 *
+	 * @param  WC_Order $order Current order to check.
+	 *
+	 * @return array|void A successful response in case the attached intent was successful, null if none.
+	 */
+	protected function check_payment_intent_attached_to_order_succeeded( WC_Order $order ) {
+		$intent_id = (string) $order->get_meta( '_intent_id', true );
+		if ( empty( $intent_id ) ) {
+			return;
+		}
+
+		// We only care about payment intent.
+		$is_payment_intent = 'pi_' === substr( $intent_id, 0, 3 );
+		if ( ! $is_payment_intent ) {
+			return;
+		}
+
+		try {
+			$intent        = $this->payments_api_client->get_intent( $intent_id );
+			$intent_status = $intent->get_status();
+		} catch ( Exception $e ) {
+			Logger::error( 'Failed to fetch attached payment intent: ' . $e );
+			return;
+		};
+
+		if ( ! in_array( $intent_status, self::SUCCESSFUL_INTENT_STATUS, true ) ) {
+			return;
+		}
+
+		$intent_meta_order_id_raw = $intent->get_metadata()['order_id'] ?? '';
+		$intent_meta_order_id     = is_numeric( $intent_meta_order_id_raw ) ? intval( $intent_meta_order_id_raw ) : 0;
+		if ( $intent_meta_order_id !== $order->get_id() ) {
+			return;
+		}
+
+		$charge    = $intent->get_charge();
+		$charge_id = $charge ? $charge->get_id() : null;
+		$this->update_order_status_from_intent( $order, $intent_id, $intent_status, $charge_id );
+
+		$return_url = $this->get_return_url( $order );
+		$return_url = add_query_arg( self::FLAG_PREVIOUS_SUCCESSFUL_INTENT, 'yes', $return_url );
+		return [
+			'result'                               => 'success',
+			'redirect'                             => $return_url,
+			'wcpay_upe_previous_successful_intent' => 'yes', // This flag is needed for UPE flow.
+		];
+	}
+
 	/**
 	 * Checks if the current order has the same content with the session processing order, which was already paid (ex. by a webhook).
 	 *

includes/class-wc-payments-order-success-page.php

@@ -17,6 +17,7 @@ public function __construct() {
 		add_filter( 'woocommerce_thankyou_order_received_text', [ $this, 'show_woopay_thankyou_notice' ], 10, 2 );
 		add_action( 'woocommerce_thankyou_woocommerce_payments', [ $this, 'show_woopay_payment_method_name' ] );
 		add_filter( 'woocommerce_thankyou_order_received_text', [ $this, 'add_notice_previous_paid_order' ], 11 );
+		add_filter( 'woocommerce_thankyou_order_received_text', [ $this, 'add_notice_previous_successful_intent' ], 11 );
 		add_action( 'wp_enqueue_scripts', [ $this, 'enqueue_scripts' ] );
 	}
 
@@ -70,13 +71,13 @@ public function show_woopay_payment_method_name( $order_id ) {
 	}
 
 	/**
-	 * Add the notice to the thank you take in case a recent order with the same content has already paid.
+	 * Add the notice to the thank you page in case a recent order with the same content has already paid.
 	 *
 	 * @param string $text  the default thank you text.
 	 *
 	 * @return string
 	 */
-	public function add_notice_previous_paid_order( $text ) {
+	public function add_notice_previous_paid_order( string $text ) {
 		if ( isset( $_GET[ WC_Payment_Gateway_WCPay::FLAG_PREVIOUS_ORDER_PAID ] ) ) { // phpcs:disable WordPress.Security.NonceVerification.Recommended
 			$text .= sprintf(
 				'<div class="woocommerce-info">%s</div>',
@@ -86,6 +87,25 @@ public function add_notice_previous_paid_order( $text ) {
 
 		return $text;
 	}
+
+	/**
+	 * Add the notice to the thank you page in case an existing intention was successful for the order.
+	 *
+	 * @param string $text  the default thank you text.
+	 *
+	 * @return string
+	 */
+	public function add_notice_previous_successful_intent( string $text ) {
+		if ( isset( $_GET[ WC_Payment_Gateway_WCPay::FLAG_PREVIOUS_SUCCESSFUL_INTENT ] ) ) { // phpcs:disable WordPress.Security.NonceVerification.Recommended
+			$text .= sprintf(
+				'<div class="woocommerce-info">%s</div>',
+				esc_attr__( 'We prevented multiple payments for the same order. If this was a mistake and you wish to try again, please create a new order.', 'woocommerce-payments' )
+			);
+		}
+
+		return $text;
+	}
+
 	/**
 	 * Enqueue style to the order success page
 	 */

includes/payment-methods/class-upe-payment-gateway.php

@@ -207,12 +207,17 @@ public function update_payment_intent( $payment_intent_id = '', $order_id = null
 			return;
 		}
 
-		$check_response = $this->check_against_session_processing_order( $order );
-		if ( is_array( $check_response ) ) {
-			return $check_response;
+		$check_session_order = $this->check_against_session_processing_order( $order );
+		if ( is_array( $check_session_order ) ) {
+			return $check_session_order;
 		}
 		$this->maybe_update_session_processing_order( $order_id );
 
+		$check_existing_intention = $this->check_payment_intent_attached_to_order_succeeded( $order );
+		if ( is_array( $check_existing_intention ) ) {
+			return $check_existing_intention;
+		}
+
 		$amount   = $order->get_total();
 		$currency = $order->get_currency();
 
@@ -480,12 +485,17 @@ public function process_payment( $order_id ) {
 					throw new Exception( WC_Payments_Utils::get_filtered_error_message( $exception ) );
 				}
 
-				$check_response = $this->check_against_session_processing_order( $order );
-				if ( is_array( $check_response ) ) {
-					return $check_response;
+				$check_session_order = $this->check_against_session_processing_order( $order );
+				if ( is_array( $check_session_order ) ) {
+					return $check_session_order;
 				}
 				$this->maybe_update_session_processing_order( $order_id );
 
+				$check_existing_intention = $this->check_payment_intent_attached_to_order_succeeded( $order );
+				if ( is_array( $check_existing_intention ) ) {
+					return $check_existing_intention;
+				}
+
 				$additional_api_parameters = $this->get_mandate_params_for_order( $order );
 
 				try {

tests/unit/payment-methods/test-class-upe-payment-gateway.php

@@ -943,6 +943,147 @@ public function provider_process_payment_check_session_and_continue_processing()
 		];
 	}
 
+	/**
+	 * @dataProvider provider_check_payment_intent_attached_to_order_succeeded_with_invalid_intent_id_continue_process_payment
+	 * @param ?string $invalid_intent_id An invalid payment intent ID. If no intent id is set, this can be null.
+	 */
+	public function test_upe_check_payment_intent_attached_to_order_succeeded_with_invalid_intent_id_continue_process_payment( $invalid_intent_id ) {
+		$_POST['wc_payment_intent_id'] = 'pi_mock';
+
+		// Arrange order.
+		$order = WC_Helper_Order::create_order();
+		$order->update_meta_data( '_intent_id', $invalid_intent_id );
+		$order->save();
+
+		$order_id = $order->get_id();
+
+		// Assert: get_intent is not called.
+		$this->mock_api_client
+			->expects( $this->never() )
+			->method( 'get_intent' );
+
+		// Assert: the payment process continues.
+		$this->mock_api_client
+			->expects( $this->once() )
+			->method( 'update_intention' )
+			->willReturn( WC_Helper_Intention::create_intention() );
+
+		// Act: process the order.
+		$this->mock_upe_gateway->process_payment( $order_id );
+	}
+
+	public function provider_check_payment_intent_attached_to_order_succeeded_with_invalid_intent_id_continue_process_payment(): array {
+		return [
+			'No intent_id is attached'   => [ null ],
+			'A setup intent is attached' => [ 'seti_possible_for_a_subscription_id' ],
+		];
+	}
+
+	/**
+	 * The attached PaymentIntent has invalid info (status or order_id) with the order, so payment_process continues.
+	 *
+	 * @dataProvider provider_check_payment_intent_attached_to_order_succeeded_with_invalid_data_continue_process_payment
+	 * @param  string  $attached_intent_id Attached intent ID to the order.
+	 * @param  string  $attached_intent_status Attached intent status.
+	 * @param  bool  $same_order_id True when the intent meta order_id is exactly the current processing order_id. False otherwise.
+	 */
+	public function test_upe_check_payment_intent_attached_to_order_succeeded_with_invalid_data_continue_process_payment(
+		string $attached_intent_id,
+		string $attached_intent_status,
+		bool $same_order_id
+	) {
+		$_POST['wc_payment_intent_id'] = 'pi_mock';
+		// Arrange order.
+		$order = WC_Helper_Order::create_order();
+		$order->update_meta_data( '_intent_id', $attached_intent_id );
+		$order->save();
+
+		$order_id = $order->get_id();
+
+		// Arrange mock get_intent.
+		$meta_order_id   = $same_order_id ? $order_id : $order_id - 1;
+		$attached_intent = WC_Helper_Intention::create_intention(
+			[
+				'id'       => $attached_intent_id,
+				'status'   => $attached_intent_status,
+				'metadata' => [ 'order_id' => $meta_order_id ],
+			]
+		);
+		$this->mock_api_client
+			->expects( $this->once() )
+			->method( 'get_intent' )
+			->with( $attached_intent_id )
+			->willReturn( $attached_intent );
+
+		// Assert: the payment process continues.
+		$this->mock_api_client
+			->expects( $this->once() )
+			->method( 'update_intention' )
+			->willReturn( WC_Helper_Intention::create_intention() );
+
+		// Act: process the order.
+		$this->mock_upe_gateway->process_payment( $order_id );
+	}
+
+	public function provider_check_payment_intent_attached_to_order_succeeded_with_invalid_data_continue_process_payment(): array {
+		return [
+			'Attached PaymentIntent with non-success status - same order_id' => [ 'pi_attached_intent_id', 'requires_action', true ],
+			'Attached PaymentIntent - non-success status - different order_id' => [ 'pi_attached_intent_id', 'requires_action', false ],
+			'Attached PaymentIntent - success status - different order_id' => [ 'pi_attached_intent_id', 'succeeded', false ],
+		];
+	}
+
+	/**
+	 * @dataProvider provider_check_payment_intent_attached_to_order_succeeded_return_redirection
+	 */
+	public function test_upe_check_payment_intent_attached_to_order_succeeded_return_redirection( string $intent_successful_status ) {
+		$_POST['wc_payment_intent_id'] = 'pi_mock';
+		$attached_intent_id            = 'pi_attached_intent_id';
+
+		// Arrange order.
+		$order = WC_Helper_Order::create_order();
+		$order->update_meta_data( '_intent_id', $attached_intent_id );
+		$order->save();
+		$order_id = $order->get_id();
+
+		// Arrange mock get_intention.
+		$attached_intent = WC_Helper_Intention::create_intention(
+			[
+				'id'       => $attached_intent_id,
+				'status'   => $intent_successful_status,
+				'metadata' => [ 'order_id' => $order_id ],
+			]
+		);
+
+		$this->mock_api_client
+			->expects( $this->once() )
+			->method( 'get_intent' )
+			->with( $attached_intent_id )
+			->willReturn( $attached_intent );
+
+		// Assert: no more call to the server to update the intention.
+		$this->mock_api_client
+			->expects( $this->never() )
+			->method( 'update_intention' );
+
+		// Act: process the order but redirect to the order.
+		$result = $this->mock_upe_gateway->process_payment( $order_id );
+
+		// Assert: the result of check_intent_attached_to_order_succeeded.
+		$this->assertSame( 'yes', $result['wcpay_upe_previous_successful_intent'] );
+		$this->assertSame( 'success', $result['result'] );
+		$this->assertStringContainsString( $this->mock_upe_gateway->get_return_url( $order ), $result['redirect'] );
+	}
+
+	public function provider_check_payment_intent_attached_to_order_succeeded_return_redirection(): array {
+		$ret = [];
+		foreach ( WC_Payment_Gateway_WCPay::SUCCESSFUL_INTENT_STATUS as $status ) {
+			$ret[ 'Intent status ' . $status ] = [ $status ];
+		}
+
+		return $ret;
+	}
+
 	public function test_process_redirect_payment_intent_processing() {
 		$order               = WC_Helper_Order::create_order();
 		$order_id            = $order->get_id();