[IPP/POS] Automatically Cancel Payment Intents #13719
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Generated by 🚫 Danger |
4 tasks
📲 You can test the changes from this Pull Request in WooCommerce-Wear Android by scanning the QR code below to install the corresponding build.
|
malinajirka
commented
Mar 11, 2025
| paymentIntent.status == PaymentIntentStatus.REQUIRES_CONFIRMATION | ||
| if (paymentIntent.status != PaymentIntentStatus.SUCCEEDED && | ||
| paymentIntent.status != PaymentIntentStatus.CANCELED && | ||
| paymentIntent.status != PaymentIntentStatus.REQUIRES_CAPTURE |
There was a problem hiding this comment.
📓 Previously, we were whitelisting statuses that should be cancelled. I believe this is not correct and we should attempt to cancel all nonfinal statuses. Ideally even Requires capture, however, this one is more tricky as mentioned in the description of this PR.
malinajirka
commented
Mar 11, 2025
| } | ||
| } | ||
| } finally { | ||
| if (!eligibleForRetry) { |
There was a problem hiding this comment.
The idea here is that if the PaymentIntent can be used for retries => we shouldn't cancel it as we'd break the retry logic, but we should cancel all other non-final payment intents.
|
📲 You can test the changes from this Pull Request in WooCommerce Android by scanning the QR code below to install the corresponding build.
|
malinajirka
changed the title
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #13593
Description
Note: The code complexity introduced in this PR is IMO not worth merging, especially considering it doesn't solve all the edge-cases. I'm creating the PR so we can discuss it and document the decision, however, I'd personally vote for leaving the code as is (prior this PR). cc @kidinov @samiuelson @AnirudhBhat in case you believe this PR is still worth merging or if you believe we should continue looking into this.
This PR adds an additional safety measure to ensure the app doesn't leave Payment Intents in an uncaptured state (on hold state) - this is not a critical issue, since the payment authorization expires after a few days and the Payment Intent gets cancelled automatically.
We added a basic safety measure a few weeks ago in this PR which prevents users from leaving the payment flow by tapping on the back button. However, this solution doesn't cover edge cases and is dependent on the implementation of the client app which could potentially bite us in the future. The goal of this PR is to ensure this issue is solved even if the client app doesn't suppress the back button.
This PR doesn't completely solve the problem since we are not cancelling Payment Intents in the
Requires Capturestate, since the Stripe SDK doesn't change the status of the Payment Intent after it's successfully captured -> this is understandable, since capturing payment intent doesn't involve communication with the SDK at all, the app communicates only with the Woo site and the site communicates with Stripe's backend. We could potentially try to cancel PI in theRequires capturestate and rely on the fact that completed payments can't be cancelled, however, this doesn't work either, since Stripe refunds the payment in such case which is likely not what we want.Bottom line is, that I believe preventing users from pressing the back is a good enough solution and it's likely not worth further effort to try to fix this in the CardReaderModule layer.
Steps to reproduce
Revert changes done in this PR to ensure you can easily reproduce the issue.
Testing information
The tests that have been performed
I have tested many different scenarios
Images/gif
RELEASE-NOTES.txtif necessary. Use the "[Internal]" label for non-user-facing changes.Reviewer (or Author, in the case of optional code reviews):
Please make sure these conditions are met before approving the PR, or request changes if the PR needs improvement:
- The PR is small and has a clear, single focus, or a valid explanation is provided in the description. If needed, please request to split it into smaller PRs.
- Ensure Adequate Unit Test Coverage: The changes are reasonably covered by unit tests or an explanation is provided in the PR description.
- Manual Testing: The author listed all the tests they ran, including smoke tests when needed (e.g., for refactorings). The reviewer confirmed that the PR works as expected on big (tablet) and small (phone) in case of UI changes, and no regressions are added.
3593