refactor: remove locking mechanism and idempotency flag

jimmyn · jimmyn · commit 0109306b1005 · 2025-10-10T08:55:22.000+02:00
BREAKING CHANGE: Removed lock and _monei_payment_id_processed flag

Analysis revealed WooCommerce creates orders BEFORE payment (unlike PrestaShop),
so duplicate order creation is impossible. The lock and processed flag were:

1. Broken - wp_cache not persistent without external cache
2. Harmful - flag blocked AUTHORIZED→SUCCEEDED and SUCCEEDED→REFUNDED transitions
3. Unnecessary - WooCommerce's payment_complete() is already idempotent

Removed components:
- WC_Monei_Lock_Helper class
- Lock acquisition/release in IPN and redirect handlers
- _monei_payment_id_processed flag checks and setting
- wp_cache stubs from PHPStan bootstrap

The order status check provides sufficient protection against duplicate processing.
Any duplicate order notes are cosmetic and acceptable.
diff --git a/class-woocommerce-gateway-monei.php b/class-woocommerce-gateway-monei.php
@@ -139,7 +139,6 @@ private function includes() {
 			$container = ContainerProvider::getContainer();
 			include_once 'includes/woocommerce-gateway-monei-core-functions.php';
 			include_once 'includes/class-wc-monei-ipn.php';
-		include_once 'includes/class-wc-monei-lock-helper.php';
 			include_once 'includes/class-wc-monei-logger.php';
 			include_once 'includes/class-wc-monei-payment-method-display.php';
 
diff --git a/includes/class-wc-monei-ipn.php b/includes/class-wc-monei-ipn.php
@@ -85,21 +85,6 @@ public function check_ipn_request() {
 			exit;
 		}
 
-		// Acquire lock to prevent concurrent processing of the same payment.
-		// IMPORTANT: Must use same lock key pattern as redirect verification to prevent race conditions.
-		$payment_id = $payload['id'] ?? '';
-		$lock_key   = WC_Monei_Lock_Helper::get_payment_lock_key( $payment_id );
-		$lock_value = wp_rand();
-
-		if ( ! WC_Monei_Lock_Helper::acquire_lock( $lock_key, $lock_value ) ) {
-			// Another process is handling this payment.
-			$this->logging && WC_Monei_Logger::log( '[MONEI] Webhook already being processed [payment_id=' . $payment_id . ']', 'debug' );
-			http_response_code( 200 );
-			header( 'Content-Type: text/plain; charset=utf-8' );
-			echo 'OK';
-			exit;
-		}
-
 		try {
 			$this->handle_valid_ipn( $payload );
 			do_action( 'woocommerce_monei_handle_valid_ipn', $payload );
@@ -113,9 +98,6 @@ public function check_ipn_request() {
 			http_response_code( 400 );
 			header( 'Content-Type: text/plain; charset=utf-8' );
 			echo 'Bad Request';
-		} finally {
-			// Always release the lock.
-			WC_Monei_Lock_Helper::release_lock( $lock_key, $lock_value );
 		}
 
 		exit;
@@ -144,22 +126,13 @@ protected function handle_valid_ipn( $payload ) {
 			return;
 		}
 
-		// Check if this payment was already processed (idempotency check).
-		$processed_payment_id = $order->get_meta( '_monei_payment_id_processed', true );
-		if ( $processed_payment_id === $monei_id ) {
-			// Payment already processed, skip to prevent duplicate processing.
-			$this->logging && WC_Monei_Logger::log( '[MONEI] Payment already processed [payment_id=' . $monei_id . ', order_id=' . $order_id . ']', 'debug' );
-			return;
-		}
-
 		/**
 		 * Saving related information into order meta.
 		 */
 		$order->update_meta_data( '_payment_order_number_monei', $monei_id );
 		$order->update_meta_data( '_payment_order_status_monei', $status );
 		$order->update_meta_data( '_payment_order_status_code_monei', $status_code );
 		$order->update_meta_data( '_payment_order_status_message_monei', $status_message );
-		$order->update_meta_data( '_monei_payment_id_processed', $monei_id );
 
 		// Fetch payment from API to get payment method information
 		try {
diff --git a/includes/class-wc-monei-lock-helper.php b/includes/class-wc-monei-lock-helper.php
diff --git a/includes/class-wc-monei-redirect-hooks.php b/includes/class-wc-monei-redirect-hooks.php
@@ -200,96 +200,72 @@ private function verify_and_complete_order( $order_id, $payment ) {
 			return;
 		}
 
-		// Acquire lock to prevent race condition with IPN webhook.
-		// IMPORTANT: Must use same lock key pattern as IPN to prevent race conditions.
-		$lock_key   = WC_Monei_Lock_Helper::get_payment_lock_key( $payment->getId() );
-		$lock_value = wp_rand();
+		/** @var string $payment_status */
+		$payment_status = $payment->getStatus();
+		$order_status   = $order->get_status();
 
-		if ( ! WC_Monei_Lock_Helper::acquire_lock( $lock_key, $lock_value, 60 ) ) {
-			WC_Monei_Logger::log( sprintf( '[MONEI] Order completion already in progress [order_id=%s, payment_id=%s]', $order_id, $payment->getId() ), 'debug' );
+		WC_Monei_Logger::log( sprintf( '[MONEI] Redirect verification [payment_id=%s, order_id=%s, payment_status=%s, order_status=%s]', $payment->getId(), $order_id, $payment_status, $order_status ), 'debug' );
+
+		// Only process if order is still pending/on-hold/failed and payment succeeded
+		if ( ! in_array( $order_status, array( 'pending', 'on-hold', 'failed' ), true ) ) {
+			WC_Monei_Logger::log( sprintf( '[MONEI] Order already processed, skipping [order_id=%s, status=%s]', $order_id, $order_status ), 'debug' );
 			return;
 		}
 
-		try {
-			// Check if payment was already processed (prevent duplicate processing)
-			$processed_payment_id = $order->get_meta( '_monei_payment_id_processed', true );
-			if ( $processed_payment_id === $payment->getId() ) {
-				WC_Monei_Logger::log( sprintf( '[MONEI] Payment already processed via IPN [payment_id=%s, order_id=%s]', $payment->getId(), $order_id ), 'debug' );
+		// If payment is SUCCEEDED or AUTHORIZED, complete the order
+		if ( PaymentStatus::SUCCEEDED === $payment_status || PaymentStatus::AUTHORIZED === $payment_status ) {
+			$amount      = $payment->getAmount();
+			$order_total = $order->get_total();
+
+			// Verify amounts match (with 1 cent exception for subscriptions)
+			if ( ( (int) $amount !== monei_price_format( $order_total ) ) && ( 1 !== $amount ) ) {
+				$order->update_status(
+					'on-hold',
+					sprintf(
+						/* translators: 1: Order amount, 2: Payment amount */
+						__( 'Validation error: Order vs. Payment amounts do not match (order: %1$s - received: %2$s).', 'monei' ),
+						monei_price_format( $order_total ),
+						$amount
+					)
+				);
+				WC_Monei_Logger::log( sprintf( '[MONEI] Amount mismatch [order_id=%s, order_amount=%s, payment_amount=%s]', $order_id, monei_price_format( $order_total ), $amount ), 'error' );
 				return;
 			}
 
-			/** @var string $payment_status */
-			$payment_status = $payment->getStatus();
-			$order_status   = $order->get_status();
-
-			WC_Monei_Logger::log( sprintf( '[MONEI] Redirect verification [payment_id=%s, order_id=%s, payment_status=%s, order_status=%s]', $payment->getId(), $order_id, $payment_status, $order_status ), 'debug' );
+			$order->update_meta_data( '_payment_order_number_monei', $payment->getId() );
+			$order->update_meta_data( '_payment_order_status_monei', $payment_status );
+			$order->update_meta_data( '_payment_order_status_code_monei', $payment->getStatusCode() );
+			$order->update_meta_data( '_payment_order_status_message_monei', $payment->getStatusMessage() );
 
-			// Only process if order is still pending/on-hold/failed and payment succeeded
-			if ( ! in_array( $order_status, array( 'pending', 'on-hold', 'failed' ), true ) ) {
-				WC_Monei_Logger::log( sprintf( '[MONEI] Order already processed, skipping [order_id=%s, status=%s]', $order_id, $order_status ), 'debug' );
-				return;
+			// Store formatted payment method display
+			$payment_method_display = $this->paymentMethodFormatter->get_payment_method_display_from_payment( $payment );
+			if ( $payment_method_display ) {
+				$order->update_meta_data( '_monei_payment_method_display', $payment_method_display );
 			}
 
-			// If payment is SUCCEEDED or AUTHORIZED, complete the order
-			if ( PaymentStatus::SUCCEEDED === $payment_status || PaymentStatus::AUTHORIZED === $payment_status ) {
-				$amount      = $payment->getAmount();
-				$order_total = $order->get_total();
-
-				// Verify amounts match (with 1 cent exception for subscriptions)
-				if ( ( (int) $amount !== monei_price_format( $order_total ) ) && ( 1 !== $amount ) ) {
-					$order->update_status(
-						'on-hold',
-						sprintf(
-							/* translators: 1: Order amount, 2: Payment amount */
-							__( 'Validation error: Order vs. Payment amounts do not match (order: %1$s - received: %2$s).', 'monei' ),
-							monei_price_format( $order_total ),
-							$amount
-						)
-					);
-					WC_Monei_Logger::log( sprintf( '[MONEI] Amount mismatch [order_id=%s, order_amount=%s, payment_amount=%s]', $order_id, monei_price_format( $order_total ), $amount ), 'error' );
-					return;
-				}
-
-				// Mark payment as processed to prevent duplicate processing by IPN
-				$order->update_meta_data( '_monei_payment_id_processed', $payment->getId() );
-				$order->update_meta_data( '_payment_order_number_monei', $payment->getId() );
-				$order->update_meta_data( '_payment_order_status_monei', $payment_status );
-				$order->update_meta_data( '_payment_order_status_code_monei', $payment->getStatusCode() );
-				$order->update_meta_data( '_payment_order_status_message_monei', $payment->getStatusMessage() );
-
-				// Store formatted payment method display
-				$payment_method_display = $this->paymentMethodFormatter->get_payment_method_display_from_payment( $payment );
-				if ( $payment_method_display ) {
-					$order->update_meta_data( '_monei_payment_method_display', $payment_method_display );
-				}
+			if ( PaymentStatus::AUTHORIZED === $payment_status ) {
+				$order->update_meta_data( '_payment_not_captured_monei', 1 );
+				$order_note  = __( 'Payment verified via redirect - <strong>Payment Authorized</strong>', 'monei' ) . '. <br><br>';
+				$order_note .= __( 'MONEI Transaction id: ', 'monei' ) . $payment->getId() . '. <br><br>';
+				$order_note .= __( 'MONEI Status Message: ', 'monei' ) . $payment->getStatusMessage();
+				$order->add_order_note( $order_note );
+				$order->update_status( 'on-hold', __( 'Order On-Hold by MONEI', 'monei' ) );
+			} else {
+				// SUCCEEDED
+				$order_note  = __( 'Payment verified via redirect - <strong>Payment Completed</strong>', 'monei' ) . '. <br><br>';
+				$order_note .= __( 'MONEI Transaction id: ', 'monei' ) . $payment->getId() . '. <br><br>';
+				$order_note .= __( 'MONEI Status Message: ', 'monei' ) . $payment->getStatusMessage();
+				$order->add_order_note( $order_note );
+				$order->payment_complete();
 
-				if ( PaymentStatus::AUTHORIZED === $payment_status ) {
-					$order->update_meta_data( '_payment_not_captured_monei', 1 );
-					$order_note  = __( 'Payment verified via redirect - <strong>Payment Authorized</strong>', 'monei' ) . '. <br><br>';
-					$order_note .= __( 'MONEI Transaction id: ', 'monei' ) . $payment->getId() . '. <br><br>';
-					$order_note .= __( 'MONEI Status Message: ', 'monei' ) . $payment->getStatusMessage();
-					$order->add_order_note( $order_note );
-					$order->update_status( 'on-hold', __( 'Order On-Hold by MONEI', 'monei' ) );
-				} else {
-					// SUCCEEDED
-					$order_note  = __( 'Payment verified via redirect - <strong>Payment Completed</strong>', 'monei' ) . '. <br><br>';
-					$order_note .= __( 'MONEI Transaction id: ', 'monei' ) . $payment->getId() . '. <br><br>';
-					$order_note .= __( 'MONEI Status Message: ', 'monei' ) . $payment->getStatusMessage();
-					$order->add_order_note( $order_note );
-					$order->payment_complete();
-
-					$payment_method_woo_id = $order->get_payment_method();
-					if ( 'completed' === monei_get_settings( 'orderdo', $payment_method_woo_id ) ) {
-						$order->update_status( 'completed', __( 'Order Completed by MONEI', 'monei' ) );
-					}
+				$payment_method_woo_id = $order->get_payment_method();
+				if ( 'completed' === monei_get_settings( 'orderdo', $payment_method_woo_id ) ) {
+					$order->update_status( 'completed', __( 'Order Completed by MONEI', 'monei' ) );
 				}
-
-				$order->save();
-				WC_Monei_Logger::log( sprintf( '[MONEI] Order completed via redirect verification [order_id=%s, payment_status=%s]', $order_id, $payment_status ), 'debug' );
 			}
-		} finally {
-			// Always release the lock.
-			WC_Monei_Lock_Helper::release_lock( $lock_key, $lock_value );
+
+			$order->save();
+			WC_Monei_Logger::log( sprintf( '[MONEI] Order completed via redirect verification [order_id=%s, payment_status=%s]', $order_id, $payment_status ), 'debug' );
 		}
 	}
 }
diff --git a/tests/phpstan-bootstrap.php b/tests/phpstan-bootstrap.php
@@ -130,41 +130,6 @@ function set_transient( $transient, $value, $expiration = 0 ) {
 	}
 }
 
-if ( ! function_exists( 'wp_cache_add' ) ) {
-	/**
-	 * @param string $key
-	 * @param mixed $data
-	 * @param string $group
-	 * @param int $expire
-	 * @return bool
-	 */
-	function wp_cache_add( $key, $data, $group = '', $expire = 0 ) {
-		return true;
-	}
-}
-
-if ( ! function_exists( 'wp_cache_get' ) ) {
-	/**
-	 * @param string $key
-	 * @param string $group
-	 * @return mixed
-	 */
-	function wp_cache_get( $key, $group = '' ) {
-		return false;
-	}
-}
-
-if ( ! function_exists( 'wp_cache_delete' ) ) {
-	/**
-	 * @param string $key
-	 * @param string $group
-	 * @return bool
-	 */
-	function wp_cache_delete( $key, $group = '' ) {
-		return true;
-	}
-}
-
 if ( ! function_exists( 'get_transient' ) ) {
 	/**
 	 * @param string $transient
