Skip payment processing for WooPay's order validation request (#5209)

* Skip payment processing for WooPay's order validation request

* Add changelog entry

* Add phpunit tests

* Check whether it's a pre-flight request before removing the UPE intent from session

Author: a-danae

changelog/add-handle-woopay-order-validation

@@ -0,0 +1,4 @@
+Significance: minor
+Type: update
+
+Bail out before payment processing for WooPay's order validation request

includes/class-wc-payment-gateway-wcpay.php

@@ -688,6 +688,20 @@ public function process_payment( $order_id ) {
 				);
 			}
 
+			// The request is a preflight check from WooPay.
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
+			if ( ! empty( $_POST['is-woopay-preflight-check'] ) ) {
+				// Set the order status to "pending payment".
+				$order->update_status( 'pending' );
+
+				// Bail out with success so we don't process the payment now,
+				// but still let WooPay continue with the payment processing.
+				return [
+					'result'   => 'success',
+					'redirect' => '',
+				];
+			}
+
 			UPE_Payment_Gateway::remove_upe_payment_intent_from_session();
 
 			$check_response = $this->check_against_session_processing_order( $order );

tests/unit/test-class-wc-payment-gateway-wcpay-process-payment.php

@@ -610,6 +610,49 @@ public function test_failed_transaction_rate_limiter_is_limited() {
 		}
 	}
 
+	/**
+	 * Tests that a draft order is updated to "pending" when the $_POST 'is-woopay-preflight-check` is present.
+	 */
+	public function test_draft_order_is_set_to_pending_for_woopay_preflight_check_request() {
+		$_POST['is-woopay-preflight-check'] = true;
+
+		// Arrange: Create an order to test with.
+		$order_data = [
+			'status' => 'draft',
+			'total'  => '100',
+		];
+
+		$order = wc_create_order( $order_data );
+
+		// Act: process payment.
+		$result = $this->mock_wcpay_gateway->process_payment( $order->get_id(), false );
+
+		// Assert: Order status was updated.
+		$this->assertEquals( 'pending', $order->get_status() );
+	}
+
+	/**
+	 * Tests that a success response and no redirect is returned when the $_POST 'is-woopay-preflight-check` is present.
+	 */
+	public function test_successful_result_no_redirect_for_woopay_preflight_check_request() {
+		$_POST['is-woopay-preflight-check'] = true;
+
+		// Arrange: Create an order to test with.
+		$order_data = [
+			'status' => 'draft',
+			'total'  => '100',
+		];
+
+		$order = wc_create_order( $order_data );
+
+		// Act: process payment.
+		$response = $this->mock_wcpay_gateway->process_payment( $order->get_id(), false );
+
+		// Assert: No payment was processed.
+		$this->assertEquals( $response['result'], 'success' );
+		$this->assertEmpty( $response['redirect'] );
+	}
+
 	public function test_bad_request_exception_thrown() {
 		$error_message = 'Test error.';
 		$error_notice  = 'We\'re not able to process this request. Please refresh the page and try again.';

tests/unit/test-class-wc-payment-gateway-wcpay.php

@@ -2061,6 +2061,32 @@ private function get_partial_mock_for_gateway( array $methods = [] ) {
 			->getMock();
 	}
 
+
+	/**
+	 * Tests that no payment is processed when the $_POST 'is-woopay-preflight-check` is present.
+	 */
+	public function test_no_payment_is_processed_for_woopay_preflight_check_request() {
+		$_POST['is-woopay-preflight-check'] = true;
+
+		// Arrange: Create an order to test with.
+		$order_data = [
+			'status' => 'draft',
+			'total'  => '100',
+		];
+
+		$order = wc_create_order( $order_data );
+
+		$mock_wcpay_gateway = $this->get_partial_mock_for_gateway( [ 'process_payment_for_order' ] );
+
+		// Assert: No payment was processed.
+		$mock_wcpay_gateway
+			->expects( $this->never() )
+			->method( 'process_payment_for_order' );
+
+		// Act: process payment.
+		$response = $mock_wcpay_gateway->process_payment( $order->get_id() );
+	}
+
 	/**
 	 * Mocks Fraud_Prevention_Service.
 	 *