Remove local hash comparison for checkout sessions in WooCommerce (#4579)

* Remove local hash comparison for checkout sessions in WooCommerce

The backend's idempotency system now handles deduplication of checkout
session creation requests. This removes the need to store and compare
hashes locally in WooCommerce order metadata.

The checkout session will now always attempt to CREATE unless already
COMPLETE, relying on the Idempotency-Key header (derived from the
request body hash) to prevent duplicate sessions.

Resolves: ENG-607

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add to change log

* Add tests for CheckoutSession::needs() method

Tests the simplified needs() logic after removing local hash comparison:
- Status COMPLETE returns NONE
- Status OPEN/null returns CREATE
- Dependencies (line_items/discounts) return DEPENDENCY
- Dependencies checked before status

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Increment version

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: davidbarratt

pay-with-flex.php

@@ -2,7 +2,7 @@
 /**
  * Plugin Name:      Flex HSA/FSA Payments
  * Description:      Accept HSA/FSA payments directly in the checkout flow.
- * Version:          3.1.18
+ * Version:          3.2.0
  * Plugin URI:       https://wordpress.org/plugins/pay-with-flex/
  * Author:           Flex
  * Author URI:       https://withflex.com/

readme.txt

@@ -55,8 +55,9 @@ Flex makes this process simple by offering asynchronous telehealth visits direct
 
 == Changelog ==
 
-= 3.1.18 =
+= 3.2.0 =
 * Added support for dynamic pricing.
+* Removed checkout session cache since idempotency system will prevent duplicate checkout sessions from being created.
 
 = 3.1.17 =
 * Fixed a race condition where an order could be marked as `payment_complete` multiple times, once by the redirect and again by the webhook.

src/Resource/CheckoutSession/CheckoutSession.php

@@ -22,8 +22,6 @@ class CheckoutSession extends Resource {
 
 	protected const KEY_STATUS       = 'checkout_session_status';
 	protected const KEY_REDIRECT_URL = 'checkout_session_redirect_url';
-	protected const KEY_HASH         = 'checkout_session_hash';
-	protected const KEY_AMOUNT_TOTAL = 'checkout_session_amount_total';
 	protected const KEY_TEST_MODE    = 'checkout_session_test_mode';
 
 	/**
@@ -288,20 +286,13 @@ public function wc(): ?\WC_Order {
 	 */
 	public function apply_to( \WC_Order $order ): void {
 		$order->set_transaction_id( $this->id ?? '' );
-		$order->update_meta_data( self::META_PREFIX . self::KEY_HASH, $this->hash() );
 
 		if ( null === $this->redirect_url ) {
 			$order->delete_meta_data( self::META_PREFIX . self::KEY_REDIRECT_URL );
 		} else {
 			$order->update_meta_data( self::META_PREFIX . self::KEY_REDIRECT_URL, $this->redirect_url );
 		}
 
-		if ( null === $this->amount_total ) {
-			$order->delete_meta_data( self::META_PREFIX . self::KEY_AMOUNT_TOTAL );
-		} else {
-			$order->update_meta_data( self::META_PREFIX . self::KEY_AMOUNT_TOTAL, strval( $this->amount_total ) );
-		}
-
 		$status = $this->status?->value;
 		if ( null === $status ) {
 			$order->delete_meta_data( self::META_PREFIX . self::KEY_STATUS );
@@ -329,19 +320,11 @@ public function needs(): ResourceAction {
 			return ResourceAction::DEPENDENCY;
 		}
 
-		if ( null === $this->id ) {
-			return ResourceAction::CREATE;
-		}
-
-		if ( intval( $this->wc->get_meta( self::META_PREFIX . self::KEY_AMOUNT_TOTAL ) ) !== $this->amount_total ) {
-			return ResourceAction::CREATE;
-		}
-
-		if ( $this->wc->get_meta( self::META_PREFIX . self::KEY_HASH ) !== $this->hash() ) {
-			return ResourceAction::CREATE;
+		if ( Status::COMPLETE === $this->status ) {
+			return ResourceAction::NONE;
 		}
 
-		return ResourceAction::NONE;
+		return ResourceAction::CREATE;
 	}
 
 	/**

tests/Resource/CheckoutSession/CheckoutSessionTest.php

@@ -0,0 +1,138 @@
+<?php
+/**
+ * Tests for the CheckoutSession::needs() method
+ *
+ * @package Flex
+ */
+
+declare(strict_types=1);
+
+namespace Flex\Tests\Resource\CheckoutSession;
+
+use Flex\Resource\CheckoutSession\CheckoutSession;
+use Flex\Resource\CheckoutSession\Discount;
+use Flex\Resource\CheckoutSession\LineItem;
+use Flex\Resource\CheckoutSession\Status;
+use Flex\Resource\ResourceAction;
+
+/**
+ * Test the CheckoutSession::needs() method.
+ *
+ * The needs() method determines what action should be taken for a checkout session:
+ * - DEPENDENCY: If any line items or discounts need action
+ * - NONE: If the status is COMPLETE
+ * - CREATE: Otherwise (status is OPEN, null, or any other non-COMPLETE value)
+ */
+class CheckoutSessionTest extends \WP_UnitTestCase {
+
+	/**
+	 * Test that needs() returns NONE when status is COMPLETE.
+	 */
+	public function test_needs_returns_none_when_status_is_complete(): void {
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			status: Status::COMPLETE,
+		);
+
+		$this->assertSame( ResourceAction::NONE, $checkout_session->needs() );
+	}
+
+	/**
+	 * Test that needs() returns CREATE when status is OPEN.
+	 */
+	public function test_needs_returns_create_when_status_is_open(): void {
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			status: Status::OPEN,
+		);
+
+		$this->assertSame( ResourceAction::CREATE, $checkout_session->needs() );
+	}
+
+	/**
+	 * Test that needs() returns CREATE when status is null.
+	 */
+	public function test_needs_returns_create_when_status_is_null(): void {
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			status: null,
+		);
+
+		$this->assertSame( ResourceAction::CREATE, $checkout_session->needs() );
+	}
+
+	/**
+	 * Test that needs() returns DEPENDENCY when a line item needs action.
+	 */
+	public function test_needs_returns_dependency_when_line_item_needs_action(): void {
+		$line_item = $this->createStub( LineItem::class );
+		$line_item->method( 'needs' )->willReturn( ResourceAction::CREATE );
+
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			line_items: array( $line_item ),
+			status: Status::OPEN,
+		);
+
+		$this->assertSame( ResourceAction::DEPENDENCY, $checkout_session->needs() );
+	}
+
+	/**
+	 * Test that needs() returns DEPENDENCY when a discount needs action.
+	 */
+	public function test_needs_returns_dependency_when_discount_needs_action(): void {
+		$discount = $this->createStub( Discount::class );
+		$discount->method( 'needs' )->willReturn( ResourceAction::DEPENDENCY );
+
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			status: Status::OPEN,
+			discounts: array( $discount ),
+		);
+
+		$this->assertSame( ResourceAction::DEPENDENCY, $checkout_session->needs() );
+	}
+
+	/**
+	 * Test that dependencies are checked before status.
+	 *
+	 * Even if the status is COMPLETE, if a line item needs action,
+	 * the result should be DEPENDENCY (not NONE).
+	 */
+	public function test_needs_checks_dependencies_before_status(): void {
+		$line_item = $this->createStub( LineItem::class );
+		$line_item->method( 'needs' )->willReturn( ResourceAction::DEPENDENCY );
+
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			line_items: array( $line_item ),
+			status: Status::COMPLETE,
+		);
+
+		$this->assertSame(
+			ResourceAction::DEPENDENCY,
+			$checkout_session->needs(),
+			'Dependencies should be checked before status'
+		);
+	}
+
+	/**
+	 * Test that needs() returns NONE when status is COMPLETE and no dependencies need action.
+	 */
+	public function test_needs_returns_none_when_complete_with_satisfied_dependencies(): void {
+		$line_item = $this->createStub( LineItem::class );
+		$line_item->method( 'needs' )->willReturn( ResourceAction::NONE );
+
+		$discount = $this->createStub( Discount::class );
+		$discount->method( 'needs' )->willReturn( ResourceAction::NONE );
+
+		$checkout_session = new CheckoutSession(
+			success_url: 'https://example.com/success',
+			line_items: array( $line_item ),
+			status: Status::COMPLETE,
+			discounts: array( $discount ),
+		);
+
+		$this->assertSame( ResourceAction::NONE, $checkout_session->needs() );
+	}
+}