Merge remote-tracking branch 'origin/release/8.8.2' into trunk

Author: diegocurbelo

changelog.txt

@@ -1,5 +1,10 @@
 *** Changelog ***
 
+= 8.8.2 - 2024-11-07 =
+* Fix - Prevent marking renewal orders as processing/completed multiple times due to handling the Stripe webhook in parallel.
+* Dev - Refactor lock_order_payment() to use order meta instead of transients.
+* Update - Process successful payment intent webhooks asynchronously.
+
 = 8.8.1 - 2024-10-28 =
 * Tweak - Disables APMs when using the legacy checkout experience due Stripe deprecation by October 29, 2024.
 * Fix - Prevent marking orders on-hold with order note "Process order to take payment" when the payment has failed.

includes/abstracts/abstract-wc-stripe-payment-gateway.php

@@ -1672,17 +1672,25 @@ private function get_intent( $intent_type, $intent_id ) {
 	 * @return bool            A flag that indicates whether the order is already locked.
 	 */
 	public function lock_order_payment( $order, $intent = null ) {
-		$order_id       = $order->get_id();
-		$transient_name = 'wc_stripe_processing_intent_' . $order_id;
-		$processing     = get_transient( $transient_name );
+		$order->read_meta_data( true );
 
-		// Block the process if the same intent is already being handled.
-		if ( '-1' === $processing || ( isset( $intent->id ) && $processing === $intent->id ) ) {
-			return true;
+		$existing_lock = $order->get_meta( '_stripe_lock_payment', true );
+
+		if ( $existing_lock ) {
+			$parts         = explode( '|', $existing_lock ); // Format is: "{expiry_timestamp}" or "{expiry_timestamp}|{pi_xxxx}" if an intent is passed.
+			$expiration    = (int) $parts[0];
+			$locked_intent = ! empty( $parts[1] ) ? $parts[1] : '';
+
+			// If the lock is still active, return true.
+			if ( time() <= $expiration && ( empty( $intent ) || empty( $locked_intent ) || ( $intent->id ?? '' ) === $locked_intent ) ) {
+				return true;
+			}
 		}
 
-		// Save the new intent as a transient, eventually overwriting another one.
-		set_transient( $transient_name, empty( $intent ) ? '-1' : $intent->id, 5 * MINUTE_IN_SECONDS );
+		$new_lock = ( time() + 5 * MINUTE_IN_SECONDS ) . ( isset( $intent->id ) ? '|' . $intent->id : '' );
+
+		$order->update_meta_data( '_stripe_lock_payment', $new_lock );
+		$order->save_meta_data();
 
 		return false;
 	}
@@ -1694,8 +1702,8 @@ public function lock_order_payment( $order, $intent = null ) {
 	 * @param WC_Order $order The order that is being unlocked.
 	 */
 	public function unlock_order_payment( $order ) {
-		$order_id = $order->get_id();
-		delete_transient( 'wc_stripe_processing_intent_' . $order_id );
+		$order->delete_meta_data( '_stripe_lock_payment' );
+		$order->save_meta_data();
 	}
 
 	/**

includes/class-wc-stripe-webhook-handler.php

@@ -928,22 +928,20 @@ public function process_payment_intent_success( $notification ) {
 				break;
 			case 'payment_intent.succeeded':
 			case 'payment_intent.amount_capturable_updated':
-				$charge = $this->get_latest_charge_from_intent( $intent );
-
 				WC_Stripe_Logger::log( "Stripe PaymentIntent $intent->id succeeded for order $order_id" );
 
-				/**
-				 * Check if the order is awaiting further action from the customer. If so, do not process the payment via the webhook, let the redirect handle it.
-				 *
-				 * This is a stop-gap to fix a critical issue, see https://github.com/woocommerce/woocommerce-gateway-stripe/issues/2536. It would
-				 * be better if we removed the need for additional meta data in favor of refactoring this part of the payment processing.
-				 */
-				$is_awaiting_action = $order->get_meta( '_stripe_upe_waiting_for_redirect' ) ?? false;
+				$process_webhook_async = apply_filters( 'wc_stripe_process_payment_intent_webhook_async', true, $order, $intent, $notification );
+				$is_awaiting_action    = $order->get_meta( '_stripe_upe_waiting_for_redirect' ) ?? false;
+
+				// Process the webhook now if it's for a voucher or wallet payment , or if filtered to process immediately and order is not awaiting action.
+				if ( $is_voucher_payment || $is_wallet_payment || ( ! $process_webhook_async && ! $is_awaiting_action ) ) {
+					$charge = $this->get_latest_charge_from_intent( $intent );
 
-				// Voucher payments are only processed via the webhook so are excluded from the above check.
-				// Wallets are also processed via the webhook, not redirection.
-				if ( ! $is_voucher_payment && ! $is_wallet_payment && $is_awaiting_action ) {
-					WC_Stripe_Logger::log( "Stripe UPE waiting for redirect. Scheduled deferred webhook processing. The status for order $order_id might need manual adjustment." );
+					do_action( 'wc_gateway_stripe_process_payment', $charge, $order );
+
+					$this->process_response( $charge, $order );
+				} else {
+					WC_Stripe_Logger::log( "Processing $notification->type ($intent->id) asynchronously for order $order_id." );
 
 					// Schedule a job to check on the status of this intent.
 					$this->defer_webhook_processing(
@@ -954,14 +952,11 @@ public function process_payment_intent_success( $notification ) {
 						]
 					);
 
-					do_action( 'wc_gateway_stripe_process_payment_intent_incomplete', $order );
-					return;
+					if ( $is_awaiting_action ) {
+						do_action( 'wc_gateway_stripe_process_payment_intent_incomplete', $order );
+					}
 				}
 
-				do_action( 'wc_gateway_stripe_process_payment', $charge, $order );
-
-				// Process valid response.
-				$this->process_response( $charge, $order );
 				break;
 			default:
 				if ( $is_voucher_payment && 'payment_intent.payment_failed' === $notification->type ) {
@@ -1123,6 +1118,11 @@ protected function handle_deferred_payment_intent_succeeded( $order, $intent_id
 
 		$charge = $this->get_latest_charge_from_intent( $intent );
 
+		if ( ! $charge ) {
+			WC_Stripe_Logger::log( "Skipped processing deferred webhook for Stripe PaymentIntent {$intent_id} for order {$order->get_id()} - no charge found." );
+			return;
+		}
+
 		WC_Stripe_Logger::log( "Processing Stripe PaymentIntent {$intent_id} for order {$order->get_id()} via deferred webhook." );
 
 		do_action( 'wc_gateway_stripe_process_payment', $charge, $order );

includes/compat/trait-wc-stripe-subscriptions.php

@@ -499,18 +499,15 @@ public function process_subscription_payment( $amount, $renewal_order, $retry =
 
 				throw new WC_Stripe_Exception( print_r( $response, true ), $localized_message );
 			}
-
-			// TODO: Remove when SEPA is migrated to payment intents.
-			if ( 'stripe_sepa' !== $this->id ) {
-				$this->unlock_order_payment( $renewal_order );
-			}
 		} catch ( WC_Stripe_Exception $e ) {
 			WC_Stripe_Logger::log( 'Error: ' . $e->getMessage() );
 
 			do_action( 'wc_gateway_stripe_process_payment_error', $e, $renewal_order );
 
 			/* translators: error message */
 			$renewal_order->update_status( 'failed' );
+			$this->unlock_order_payment( $renewal_order );
+
 			return;
 		}
 
@@ -561,6 +558,8 @@ public function process_subscription_payment( $amount, $renewal_order, $retry =
 
 			do_action( 'wc_gateway_stripe_process_payment_error', $e, $renewal_order );
 		}
+
+		$this->unlock_order_payment( $renewal_order );
 	}
 
 	/**

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "woocommerce-gateway-stripe",
   "title": "WooCommerce Gateway Stripe",
-  "version": "8.8.1",
+  "version": "8.8.2",
   "license": "GPL-3.0",
   "homepage": "http://wordpress.org/plugins/woocommerce-gateway-stripe/",
   "repository": {

package.json

@@ -4,7 +4,7 @@ Tags: credit card, stripe, apple pay, payment request, google pay, sepa, bancont
 Requires at least: 6.4
 Tested up to: 6.6
 Requires PHP: 7.4
-Stable tag: 8.8.1
+Stable tag: 8.8.2
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 Attributions: thorsten-stripe
@@ -110,11 +110,9 @@ If you get stuck, you can ask for help in the [Plugin Forum](https://wordpress.o
 
 == Changelog ==
 
-= 8.8.1 - 2024-10-28 =
-* Tweak - Disables APMs when using the legacy checkout experience due Stripe deprecation by October 29, 2024.
-* Fix - Prevent marking orders on-hold with order note "Process order to take payment" when the payment has failed.
-* Fix - Prevent subscriptions from being marked as "Pending" when a customer attempts to change their payment method to a declining card.
-* Fix - Delay updating the subscription's payment method until after the intent is confirmed when using the new checkout experience.
-* Fix - Display a success notice to customers after successfully changing their subscription payment method to a card that required 3DS authentication.
+= 8.8.2 - 2024-11-07 =
+* Fix - Prevent marking renewal orders as processing/completed multiple times due to handling the Stripe webhook in parallel.
+* Dev - Refactor lock_order_payment() to use order meta instead of transients.
+* Update - Process successful payment intent webhooks asynchronously.
 
 [See changelog for all versions](https://raw.githubusercontent.com/woocommerce/woocommerce-gateway-stripe/trunk/changelog.txt).

readme.txt

@@ -1768,8 +1768,11 @@ public function test_subscription_renewal_is_successful() {
 
 		list( $amount, $description, $metadata ) = $this->get_order_details( $order );
 		$order->set_payment_method( WC_Stripe_UPE_Payment_Gateway::ID );
+		$order->update_meta_data( '_stripe_lock_payment', ( time() + MINUTE_IN_SECONDS ) ); // To assist with comparing expected order objects, set an existing lock.
 		$order->save();
 
+		$order = wc_get_order( $order_id );
+
 		$payment_method_mock                     = self::MOCK_CARD_PAYMENT_METHOD_TEMPLATE;
 		$payment_method_mock['id']               = $payment_method_id;
 		$payment_method_mock['customer']         = $customer_id;
@@ -1799,7 +1802,7 @@ public function test_subscription_renewal_is_successful() {
 		$this->mock_gateway->expects( $this->once() )
 			->method( 'create_and_confirm_intent_for_off_session' )
 			->with(
-				wc_get_order( $order_id ),
+				$order,
 				$prepared_source,
 				$amount
 			)
@@ -1820,7 +1823,7 @@ public function test_subscription_renewal_is_successful() {
 			->method( 'get_latest_charge_from_intent' )
 			->willReturn( $this->array_to_object( $charge ) );
 
-		$this->mock_gateway->process_subscription_payment( $amount, wc_get_order( $order_id ), false, false );
+		$this->mock_gateway->process_subscription_payment( $amount, $order, false, false );
 
 		$final_order = wc_get_order( $order_id );
 		$note        = wc_get_order_notes(
@@ -1859,8 +1862,11 @@ public function test_subscription_renewal_checks_payment_method_authorization()
 
 		list( $amount, $description, $metadata ) = $this->get_order_details( $order );
 		$order->set_payment_method( WC_Stripe_UPE_Payment_Gateway::ID );
+		$order->update_meta_data( '_stripe_lock_payment', ( time() + MINUTE_IN_SECONDS ) ); // To assist with comparing expected order objects, set an existing lock.
 		$order->save();
 
+		$order = wc_get_order( $order_id );
+
 		$payment_method_mock                     = self::MOCK_CARD_PAYMENT_METHOD_TEMPLATE;
 		$payment_method_mock['id']               = $payment_method_id;
 		$payment_method_mock['customer']         = $customer_id;
@@ -1898,7 +1904,7 @@ public function test_subscription_renewal_checks_payment_method_authorization()
 		$this->mock_gateway->expects( $this->once() )
 			->method( 'create_and_confirm_intent_for_off_session' )
 			->with(
-				wc_get_order( $order_id ),
+				$order,
 				$prepared_source,
 				$amount
 			)
@@ -1919,7 +1925,7 @@ public function test_subscription_renewal_checks_payment_method_authorization()
 			->method( 'get_latest_charge_from_intent' )
 			->willReturn( $this->array_to_object( $charge ) );
 
-		$this->mock_gateway->process_subscription_payment( $amount, wc_get_order( $order_id ), false, false );
+		$this->mock_gateway->process_subscription_payment( $amount, $order, false, false );
 
 		$final_order = wc_get_order( $order_id );
 		$note        = wc_get_order_notes(

tests/phpunit/test-class-wc-stripe-upe-payment-gateway.php

@@ -568,4 +568,51 @@ public function test_get_balance_transaction_id_from_charge() {
 
 		$this->assertEquals( null, $this->gateway->get_balance_transaction_id_from_charge( null ) );
 	}
+
+	/**
+	 * Tests for `lock_order_payment` method.
+	 */
+	public function test_lock_order_payment() {
+		$order_1 = WC_Helper_Order::create_order();
+		$locked  = $this->gateway->lock_order_payment( $order_1 );
+
+		$this->assertFalse( $locked );
+		$current_lock = $order_1->get_meta( '_stripe_lock_payment' );
+		$this->assertEqualsWithDelta( (int) $current_lock, ( time() + 5 * MINUTE_IN_SECONDS ), 3 );
+
+		$locked = $this->gateway->lock_order_payment( $order_1 );
+		$this->assertTrue( $locked );
+
+		// lock with an intent ID.
+		$order_2   = WC_Helper_Order::create_order();
+		$intent_id = 'pi_123intent';
+
+		$locked       = $this->gateway->lock_order_payment( $order_2, $intent_id );
+		$current_lock = $order_2->get_meta( '_stripe_lock_payment' );
+
+		$this->assertFalse( $locked );
+		$locked = $this->gateway->lock_order_payment( $order_2, $intent_id );
+		$this->assertTrue( $locked );
+		$locked = $this->gateway->lock_order_payment( $order_2 ); // test that you don't need to pass the intent ID to check lock.
+		$this->assertTrue( $locked );
+
+		// test expired locks.
+		$order_3 = WC_Helper_Order::create_order();
+		$order_3->update_meta_data( '_stripe_lock_payment', time() - 1 );
+		$order_3->save_meta_data();
+
+		$locked       = $this->gateway->lock_order_payment( $order_3, $intent_id );
+		$current_lock = $order_3->get_meta( '_stripe_lock_payment' );
+
+		$this->assertFalse( $locked );
+		$this->assertEqualsWithDelta( (int) $current_lock, ( time() + 5 * MINUTE_IN_SECONDS ), 3 );
+
+		// test two instances of the same order, one locked and one not.
+		$order_4   = WC_Helper_Order::create_order();
+		$dup_order = wc_get_order( $order_4->get_id() );
+
+		$this->gateway->lock_order_payment( $order_4 );
+		$dup_locked = $this->gateway->lock_order_payment( $dup_order );
+		$this->assertTrue( $dup_locked ); // Confirms lock from $order_4 prevents payment on $dup_order.
+	}
 }

tests/phpunit/test-wc-stripe-payment-gateway.php

@@ -5,7 +5,7 @@
  * Description: Take credit card payments on your store using Stripe.
  * Author: Stripe
  * Author URI: https://stripe.com/
- * Version: 8.8.1
+ * Version: 8.8.2
  * Requires Plugins: woocommerce
  * Requires at least: 6.4
  * Tested up to: 6.6
@@ -22,7 +22,7 @@
 /**
  * Required minimums and constants
  */
-define( 'WC_STRIPE_VERSION', '8.8.1' ); // WRCS: DEFINED_VERSION.
+define( 'WC_STRIPE_VERSION', '8.8.2' ); // WRCS: DEFINED_VERSION.
 define( 'WC_STRIPE_MIN_PHP_VER', '7.3.0' );
 define( 'WC_STRIPE_MIN_WC_VER', '7.4' );
 define( 'WC_STRIPE_FUTURE_MIN_WC_VER', '7.5' );