cancel
Showing results for 
Search instead for 
Did you mean: 

IPN method validation needs to allow refunds against inactive methods

0 Kudos

IPN method validation needs to allow refunds against inactive methods

Feature request from mynameismud, posted on GitHub Jun 20, 2017

Preconditions

  • v2.1.3
  • You need a standard Paypal account
  • You need a Payflow Pro account also

NOTE: It appears that ANY two Paypal types of accounts would suffice for this test. This is a general issue with validation in Ipn.php, not an issue specific to these two methods.

Steps to reproduce

  1. Enable Paypal Express Checkout and process a payment using it
  2. Disable Paypal Express Checkout
  3. Enable Payflow Pro and process a payment using it
  4. Create a credit memo for the Paypal Express Checkout payment via Magento Admin or log into paypal.com and process a refund directly there

Expected result

Paypal should send the IPN and it should pass validation then trigger appropriate business logic.

Actual result

In Ipn.php, line 110, the validation logic checks to see if the payment method is both active AND available. It seems that this should ONLY check isMethodAvailable. In cases where the merchant swaps out payment methods (in our case we changed from Paypal to Payflow Pro), the merchant still needs to be able to process reference transactions against older payments originated with the now-inactive method.

It might be preferable to make the validation more specific and only perform this check against AUTH and SALE transactions. Then refunds, etc would be excluded from the check.

Example from exceptions.log: [2017-06-15 23:26:36] main.CRITICAL: Exception: Method "paypal_express" is not available. in /var/www/.../vendor/magento/module-paypal/Model/Ipn.php:124

3 Comments
apiuser
New Member

Comment from chm1975, posted on GitHub Jun 21, 2017

Hi. I have detected the same issue on my side. Also tested on version 2.1.7 with the same bad result. The line with problems is this:

if (!$this->_config->isMethodActive($methodCode) || !$this->_config->isMethodAvailable()) {
    throw new Exception(sprintf('Method "%s" is not available.', $methodCode));
}

Is incorrect this line becuase in the case that we change after several months of sales to other payment method and we need deactivate Paypal Express, for example all pending refunds will return Ipn error to Paypal.

Magento team should consider improve this part on future versions.

apiuser
New Member

Comment from YPyltiai, posted on GitHub Jun 23, 2017

Hello All,

Thank you for contributing. So it was an expected behavior. Magento is not saving configurations for payments retrospectively. It is a good thing to improve though, as the cases you described are valid. The same happens if you change account and / or other credentials.

I will send this request for further internal review, so we can see if we can improve this.

red82
New Contributor

We just changed PayPal payment providers and are running into this same issue on 2.1.11.