ACP2E-4049: Unknown IPNs from PayPal abuses application IPN processor

soklymeach · soklymeach · commit 817614681715 · 2025-07-23T08:58:13.000-05:00
diff --git a/app/code/Magento/Paypal/Model/Exception/UnknownIpnException.php b/app/code/Magento/Paypal/Model/Exception/UnknownIpnException.php
@@ -3,6 +3,8 @@
  * Copyright 2025 Adobe
  * All Rights Reserved.
  */
+declare(strict_types=1);
+
 namespace Magento\Paypal\Model\Exception;
 
 use Magento\Framework\Exception\LocalizedException;
diff --git a/app/code/Magento/Paypal/Test/Unit/Controller/Ipn/IndexTest.php b/app/code/Magento/Paypal/Test/Unit/Controller/Ipn/IndexTest.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2011 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -20,6 +20,7 @@
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
+use Magento\Paypal\Model\Exception\UnknownIpnException;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -86,6 +87,15 @@ public function testIndexActionException()
         $this->model->execute();
     }
 
+    public function testIndexActionUnknownIpnException()
+    {
+        $this->requestMock->expects($this->once())->method('isPost')->willReturn(true);
+        $exception = new UnknownIpnException(__('Missing invoice field in IPN request.'));
+        $this->requestMock->expects($this->once())->method('getPostValue')->willThrowException($exception);
+        $this->loggerMock->expects($this->once())->method('critical')->with($this->identicalTo($exception));
+        $this->model->execute();
+    }
+
     public function testIndexAction()
     {
         $this->requestMock->expects($this->once())->method('isPost')->willReturn(true);
@@ -94,7 +104,7 @@ public function testIndexAction()
             'invoice' => $incrementId,
             'other' => 'other data'
         ];
-        $this->requestMock->expects($this->exactly(2))->method('getPostValue')->willReturn($data);
+        $this->requestMock->expects($this->once())->method('getPostValue')->willReturn($data);
         $ipnMock = $this->getMockForAbstractClass(IpnInterface::class);
         $this->ipnFactoryMock->expects($this->once())
             ->method('create')
diff --git a/app/code/Magento/Paypal/Test/Unit/Model/IpnTest.php b/app/code/Magento/Paypal/Test/Unit/Model/IpnTest.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2015 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -21,6 +21,11 @@
 use Magento\Sales\Model\OrderFactory;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
+use Magento\Paypal\Model\Exception\UnknownIpnException;
+use Magento\Sales\Model\Order\Email\Sender\CreditmemoSender;
+use Magento\Sales\Model\Order\Email\Sender\OrderSender;
+use Magento\Sales\Model\OrderMutexInterface;
+use \Psr\Log\LoggerInterface;
 
 class IpnTest extends TestCase
 {
@@ -115,7 +120,7 @@ protected function setUp(): void
                 'curlFactory' => $this->curlFactory,
                 'orderFactory' => $this->_orderMock,
                 'paypalInfo' => $this->_paypalInfo,
-                'data' => ['payment_status' => 'Pending', 'pending_reason' => 'authorization']
+                'data' => ['invoice' => '00000001', 'payment_status' => 'Pending', 'pending_reason' => 'authorization']
             ]
         );
     }
@@ -157,6 +162,35 @@ public function testPaymentReviewRegisterPaymentAuthorization()
         $this->_ipn->processIpnRequest();
     }
 
+    public function testProcessIpnRequestThrowsException()
+    {
+        $creditmemoSenderMock = $this->getMockBuilder(CreditmemoSender::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $orderSenderMock = $this->getMockBuilder(OrderSender::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $orderMutexMock = $this->getMockForAbstractClass(orderMutexInterface::class);
+        $loggerMock = $this->getMockForAbstractClass(LoggerInterface::class);
+        $this->_ipn = new Ipn(
+            $this->configFactory,
+            $loggerMock,
+            $this->curlFactory,
+            $this->_orderMock,
+            $this->_paypalInfo,
+            $orderSenderMock,
+            $creditmemoSenderMock,
+            $orderMutexMock,
+            [
+                'payment_status' => 'Pending',
+                'pending_reason' => 'fraud',
+                'fraud_management_pending_filters_1' => 'Maximum Transaction Amount',
+            ]
+        );
+        $this->expectException(UnknownIpnException::class);
+        $this->_ipn->processIpnRequest();
+    }
+
     public function testPaymentReviewRegisterPaymentFraud()
     {
         $paymentMock = $this->createPartialMock(
@@ -196,6 +230,7 @@ public function testPaymentReviewRegisterPaymentFraud()
                 'orderFactory' => $this->_orderMock,
                 'paypalInfo' => $this->_paypalInfo,
                 'data' => [
+                    'invoice' => '00000001',
                     'payment_status' => 'Pending',
                     'pending_reason' => 'fraud',
                     'fraud_management_pending_filters_1' => 'Maximum Transaction Amount',
@@ -241,6 +276,7 @@ public function testRegisterPaymentDenial()
                 'orderFactory' => $this->_orderMock,
                 'paypalInfo' => $this->_paypalInfo,
                 'data' => [
+                    'invoice' => '00000001',
                     'payment_status' => 'Denied',
                 ]
             ]
