Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ECP-9553] Payment Captured for Failed order. #2793

Open
SamJUK opened this issue Oct 31, 2024 · 5 comments
Open

[ECP-9553] Payment Captured for Failed order. #2793

SamJUK opened this issue Oct 31, 2024 · 5 comments
Assignees
Labels
Bug report Indicates that issue has been marked as a possible bug

Comments

@SamJUK
Copy link
Contributor

SamJUK commented Oct 31, 2024

Describe the bug
Two orders were placed via Apple Pay with near identical timings (a sub-second delta), one successfully placed and passed the customer through to the success page.

The other was rejected due to a Unique constraint violation on the increment_id and returned a 400 status on the /payment-information request. Leaving them on the checkout page, and the order was never created in Magento. After receiving the payment notification from their bank, they closed the site and never attempted to replace the failed order.

  • Both orders were captured in Adyen, with the same Merchant ID.
  • Adyen notification logs shows both PSP coming in with the same Merchant ID & the same UID.
  • The phantom order pushed its webhook notifications to the Merchant ID, despite the order belonging to a different customer.

Screenshot 2024-10-31 at 15 02 06

Expected behaviour
Adyen not to capture payment for an order which fails the /payment-information post request or to cancel the payment it previously captured.

Magento version
2.4.6-p8

Plugin version
9.9.1

@SamJUK SamJUK added the Bug report Indicates that issue has been marked as a possible bug label Oct 31, 2024
@candemiralp candemiralp self-assigned this Nov 4, 2024
@candemiralp
Copy link
Member

Hello @SamJUK,

Thank you for sharing this issue. Even though I wasn't able to reproduce it on my end, I've realised the root cause of the issue and I am confirming the edge case. As you may know, a quote turns into an order after completing the payment transaction and validating the transaction response in QuoteManagement's submitQuote() method.

I assume the concurrency that you have defined is causing reserving the same increment_id and quote can not be converted into an order as the previous order with the same increment_id has been inserted to the database already.

Until this moment, it's an expected Magento behaviour due to unique constraints. However, the overall case should be caught and handled if there is an exception in the QuoteManagement. It can cancel the authorisation of the payment etc. Let us continue our investigation for a potential solution.

In the meantime, could you please share the frequency of this issue on your end and how did you realise it in the first place?

Best Regards,
Can

@candemiralp candemiralp changed the title Payment Captured for Failed order. [ECP-9553] Payment Captured for Failed order. Nov 13, 2024
@SamJUK
Copy link
Contributor Author

SamJUK commented Nov 13, 2024

Hi @candemiralp,

Looking through our log retention, there is no other examples of this issue happening (before or after). Although going into the sales period, the potential risk of another clash does increase a bit.

It was flagged up in monitoring as it comes through as a Magento critical log entry.
Screenshot 2024-11-13 at 10 03 31

Thanks
Sam

@candemiralp
Copy link
Member

Hello @SamJUK,

I have done a bit more investigation about this issue and it looks like this issue is related to Magento's order ID reservation.

As our plugin is not in-charge of reserving the ID for the order (it just consumes the generated value), this issue needs to be addressed on Magento 2 Github repository.

Best Regards,
Can

@SamJUK
Copy link
Contributor Author

SamJUK commented Nov 25, 2024

Hi @candemiralp,

Whilst I agree the core issue of the duplicate IDs likely can be attributed to the core.

I would still expect Adyen to catch the cases when a order fails to save, void/cancel any taken payments & prevent any webhooks being dispatched for said failed order.

There are other circumstances where an order save might fail due to issues unrelated to duplicate ids.
And it would be nice not to be left with ghost payments, that goes unnoticed until a customer complains.

Its worth noting, most stores do not run an extensive Observability suite. So the failed orders, likely would go unnoticed until a customer complains.

Thanks
Sam

@candemiralp
Copy link
Member

Hello @SamJUK,

Thank you for your response and I would like to inform you that we haven't finalised the investigation yet.

I agree the idea of cancelling that authorisation or at least notifying the merchant about it. But, we are a bit hesitant of cancelling an authorisation on behalf of a merchant. Once we make our final decision, we will inform you.

Best Regards,
Can

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug report Indicates that issue has been marked as a possible bug
Projects
None yet
Development

No branches or pull requests

2 participants