ECE: Fix checkout fails for countries without states (#4451)

* add helper methods

* modify country locale for countries with empty states

* add nonce verification

* add changelog

* update changelog

* add tests

* ignore phpcs

Author: Mayisha

changelog.txt

@@ -50,6 +50,7 @@
 * Fix - Fix payment processing for $0 subscription with recurring coupon
 * Dev - Add e2e tests to cover Affirm purchase flow
 * Fix - Add safety check when checking error object
+* Fix - Correctly handle countries without states when using the express payment methods
 
 = 9.5.3 - 2025-06-23 =
 * Fix - Reimplement mapping of Express Checkout state values to align with WooCommerce's expected state formats

client/api/index.js

@@ -625,10 +625,19 @@ export default class WCStripeAPI {
 	 * @return {Promise} Promise for the request to the server.
 	 */
 	expressCheckoutECECreateOrder( orderData ) {
-		return this.postToBlocksAPI( '/wc/store/v1/checkout', {
-			...orderData,
-			customer_note: getCustomerNote(),
-		} );
+		return this.postToBlocksAPI(
+			'/wc/store/v1/checkout',
+			{
+				...orderData,
+				customer_note: getCustomerNote(),
+			},
+			{
+				'X-WCSTRIPE-EXPRESS-CHECKOUT': true,
+				'X-WCSTRIPE-EXPRESS-CHECKOUT-NONCE': getExpressCheckoutData(
+					'nonce'
+				)?.wc_store_api_express_checkout,
+			}
+		);
 	}
 
 	/**
@@ -653,14 +662,16 @@ export default class WCStripeAPI {
 	 *
 	 * @param {string} path The path to post to.
 	 * @param {Object} data The data to post.
+	 * @param {Object} headers The headers for the request.
 	 * @return {Promise} The promise for the request to the server.
 	 */
-	postToBlocksAPI( path, data ) {
+	postToBlocksAPI( path, data, headers = {} ) {
 		return apiFetch( {
 			method: 'POST',
 			path,
 			headers: {
 				Nonce: getExpressCheckoutData( 'nonce' )?.wc_store_api,
+				...headers,
 			},
 			data,
 		} );

includes/payment-methods/class-wc-stripe-express-checkout-ajax-handler.php

@@ -38,6 +38,7 @@ public function init() {
 		add_action( 'wc_ajax_wc_stripe_clear_cart', [ $this, 'ajax_clear_cart' ] );
 		add_action( 'wc_ajax_wc_stripe_log_errors', [ $this, 'ajax_log_errors' ] );
 		add_action( 'wc_ajax_wc_stripe_pay_for_order', [ $this, 'ajax_pay_for_order' ] );
+		add_filter( 'woocommerce_get_country_locale', [ $this, 'modify_country_locale_for_express_checkout' ], 20 );
 	}
 
 	/**
@@ -388,4 +389,29 @@ public function ajax_pay_for_order() {
 
 		wp_send_json( $result );
 	}
+
+	/**
+	 * Modify country locale for express checkout.
+	 * Countries that don't have state fields, make the state field optional.
+	 *
+	 * @param array $locale The country locale.
+	 * @return array Modified country locale.
+	 */
+	public function modify_country_locale_for_express_checkout( $locale ) {
+		// Only modify locale settings if this is an express checkout context.
+		if ( ! $this->express_checkout_helper->is_express_checkout_context() ) {
+			return $locale;
+		}
+
+		include_once WC_STRIPE_PLUGIN_PATH . '/includes/constants/class-wc-stripe-payment-request-button-states.php';
+
+		// For countries that don't have state fields, make the state field optional.
+		foreach ( WC_Stripe_Payment_Request_Button_States::STATES as $country_code => $states ) {
+			if ( empty( $states ) ) {
+				$locale[ $country_code ]['state']['required'] = false;
+			}
+		}
+
+		return $locale;
+	}
 }

includes/payment-methods/class-wc-stripe-express-checkout-element.php

@@ -341,18 +341,19 @@ public function javascript_params() {
 				'is_payment_request_enabled'  => $this->express_checkout_helper->is_payment_request_enabled(),
 			],
 			'nonce'                      => [
-				'payment'                   => wp_create_nonce( 'wc-stripe-express-checkout' ),
-				'shipping'                  => wp_create_nonce( 'wc-stripe-express-checkout-shipping' ),
-				'normalize_address'         => wp_create_nonce( 'wc-stripe-express-checkout-normalize-address' ),
-				'get_cart_details'          => wp_create_nonce( 'wc-stripe-get-cart-details' ),
-				'update_shipping'           => wp_create_nonce( 'wc-stripe-update-shipping-method' ),
-				'checkout'                  => wp_create_nonce( 'woocommerce-process_checkout' ),
-				'add_to_cart'               => wp_create_nonce( 'wc-stripe-add-to-cart' ),
-				'get_selected_product_data' => wp_create_nonce( 'wc-stripe-get-selected-product-data' ),
-				'log_errors'                => wp_create_nonce( 'wc-stripe-log-errors' ),
-				'clear_cart'                => wp_create_nonce( 'wc-stripe-clear-cart' ),
-				'pay_for_order'             => wp_create_nonce( 'wc-stripe-pay-for-order' ),
-				'wc_store_api'              => wp_create_nonce( 'wc_store_api' ),
+				'payment'                       => wp_create_nonce( 'wc-stripe-express-checkout' ),
+				'shipping'                      => wp_create_nonce( 'wc-stripe-express-checkout-shipping' ),
+				'normalize_address'             => wp_create_nonce( 'wc-stripe-express-checkout-normalize-address' ),
+				'get_cart_details'              => wp_create_nonce( 'wc-stripe-get-cart-details' ),
+				'update_shipping'               => wp_create_nonce( 'wc-stripe-update-shipping-method' ),
+				'checkout'                      => wp_create_nonce( 'woocommerce-process_checkout' ),
+				'add_to_cart'                   => wp_create_nonce( 'wc-stripe-add-to-cart' ),
+				'get_selected_product_data'     => wp_create_nonce( 'wc-stripe-get-selected-product-data' ),
+				'log_errors'                    => wp_create_nonce( 'wc-stripe-log-errors' ),
+				'clear_cart'                    => wp_create_nonce( 'wc-stripe-clear-cart' ),
+				'pay_for_order'                 => wp_create_nonce( 'wc-stripe-pay-for-order' ),
+				'wc_store_api'                  => wp_create_nonce( 'wc_store_api' ),
+				'wc_store_api_express_checkout' => wp_create_nonce( 'wc_store_api_express_checkout' ),
 			],
 			'i18n'                       => [
 				'no_prepaid_card'  => __( 'Sorry, we\'re not accepting prepaid cards at this time.', 'woocommerce-gateway-stripe' ),

includes/payment-methods/class-wc-stripe-express-checkout-helper.php

@@ -1641,4 +1641,41 @@ public function get_booking_id_from_cart() {
 
 		return false;
 	}
+
+	/**
+	 * Check if the current request is an express checkout context.
+	 *
+	 * @return bool True if express checkout context, false otherwise.
+	 */
+	public function is_express_checkout_context() {
+		// Only proceed if this is a Store API request.
+		if ( ! $this->is_request_to_store_api() ) {
+			return false;
+		}
+
+		// Check for the 'X-WCSTRIPE-EXPRESS-CHECKOUT' header using superglobals.
+		if ( 'true' !== sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WCSTRIPE_EXPRESS_CHECKOUT'] ?? '' ) ) ) {
+			return false;
+		}
+
+		// Check for the 'X-WCSTRIPE-EXPRESS-CHECKOUT-NONCE' header using superglobals.
+		$nonce = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WCSTRIPE_EXPRESS_CHECKOUT_NONCE'] ?? '' ) );
+		if ( ! wp_verify_nonce( $nonce, 'wc_store_api_express_checkout' ) ) {
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * Check if is request to the Store API.
+	 *
+	 * @return bool
+	 */
+	public function is_request_to_store_api() {
+		if ( empty( $GLOBALS['wp']->query_vars['rest_route'] ) ) {
+			return false;
+		}
+		return 0 === strpos( $GLOBALS['wp']->query_vars['rest_route'], '/wc/store/v1/checkout' );
+	}
 }

readme.txt

@@ -163,6 +163,6 @@ If you get stuck, you can ask for help in the [Plugin Forum](https://wordpress.o
 * Fix - Fix payment processing for $0 subscription with recurring coupon
 * Dev - Add e2e tests to cover Affirm purchase flow
 * Fix - Add safety check when checking error object
-* Update - Include extension data from block checkout when submitting an express checkout order
+* Fix - Correctly handle countries without states when using the express payment methods
 
 [See changelog for full details across versions](https://raw.githubusercontent.com/woocommerce/woocommerce-gateway-stripe/trunk/changelog.txt).

tests/phpunit/PaymentMethods/WC_Stripe_Express_Checkout_Ajax_Handler_Test.php

@@ -0,0 +1,109 @@
+<?php
+
+namespace WooCommerce\Stripe\Tests\PaymentMethods;
+
+use WC_Stripe_Express_Checkout_Ajax_Handler;
+use WC_Stripe_Express_Checkout_Helper;
+use WC_Stripe_Helper;
+use WP_UnitTestCase;
+
+/**
+ * These tests make assertions against class WC_Stripe_Express_Checkout_Ajax_Handler.
+ *
+ * @package WooCommerce/Stripe/WC_Stripe_Express_Checkout_Ajax_Handler
+ *
+ * WC_Stripe_Express_Checkout_Ajax_Handler_Test class.
+ */
+class WC_Stripe_Express_Checkout_Ajax_Handler_Test extends WP_UnitTestCase {
+
+	/**
+	 * Express checkout helper instance.
+	 *
+	 * @var WC_Stripe_Express_Checkout_Helper
+	 */
+	private $express_checkout_helper;
+
+	/**
+	 * Ajax handler instance.
+	 *
+	 * @var WC_Stripe_Express_Checkout_Ajax_Handler
+	 */
+	private $ajax_handler;
+
+	public function set_up() {
+		parent::set_up();
+
+		$stripe_settings                         = WC_Stripe_Helper::get_stripe_settings();
+		$stripe_settings['enabled']              = 'yes';
+		$stripe_settings['testmode']             = 'yes';
+		$stripe_settings['test_publishable_key'] = 'pk_test_key';
+		$stripe_settings['test_secret_key']      = 'sk_test_key';
+		WC_Stripe_Helper::update_main_stripe_settings( $stripe_settings );
+
+		$this->express_checkout_helper = $this->getMockBuilder( WC_Stripe_Express_Checkout_Helper::class )
+			->disableOriginalConstructor()
+			->getMock();
+		$this->ajax_handler            = new WC_Stripe_Express_Checkout_Ajax_Handler( $this->express_checkout_helper );
+	}
+
+
+	/**
+	 * Test modify_country_locale_for_express_checkout method.
+	 *
+	 * @dataProvider provide_test_modify_country_locale_for_express_checkout
+	 */
+	public function test_modify_country_locale_for_express_checkout( $is_express_context, $base_locale, $expected_state_required ) {
+		$this->express_checkout_helper->expects( $this->any() )
+			->method( 'is_express_checkout_context' )
+			->willReturn( $is_express_context );
+
+		$result = $this->ajax_handler->modify_country_locale_for_express_checkout( $base_locale );
+
+		$this->assertEquals( $expected_state_required, $result['AF']['state']['required'] );
+		// Countries with states should remain unchanged.
+		$this->assertTrue( $result['US']['state']['required'] );
+	}
+
+	/**
+	 * Data provider for test_modify_country_locale_for_express_checkout.
+	 *
+	 * @return array
+	 */
+	public function provide_test_modify_country_locale_for_express_checkout() {
+		$base_locale = [
+			'US' => [
+				'state' => [
+					'required' => true,
+				],
+			],
+			'GB' => [
+				'state' => [
+					'required' => true,
+				],
+			],
+			'AF' => [
+				'state' => [
+					'required' => true,
+				],
+			],
+			'RO' => [
+				'state' => [
+					'required' => true,
+				],
+			],
+		];
+
+		return [
+			'Not express checkout context - locale unchanged' => [
+				'is_express_context'      => false,
+				'input_locale'            => $base_locale,
+				'expected_state_required' => true,
+			],
+			'Express checkout context - locale modified for countries without states' => [
+				'is_express_context'      => true,
+				'input_locale'            => $base_locale,
+				'expected_state_required' => false,
+			],
+		];
+	}
+}