fix: allow payment retry recovery for failed orders in classic checkout

jimmyn · jimmyn · commit 4f2adce86b63 · 2025-10-03T23:30:24.000+02:00
- Add 'failed' status to allowed order statuses in verify_and_complete_order()
- Enables order completion when users retry after initial payment failure
- Fixes race condition where orders show unpaid after successful retry
- Add null safety check for getNextAction() to prevent fatal errors
- Add orderId to completeUrl for consistent order identification
- Use PaymentStatus enum constants for type safety

This fixes classic checkout payment retry flow where:
1. First payment attempt fails (intentional 3DS failure)
2. Order marked as "failed"
3. User retries from order-pay page
4. Payment succeeds but order stays "failed"

The fix securely verifies payment via MONEI API with idempotency checks
and amount validation before completing the order.
diff --git a/includes/class-wc-monei-redirect-hooks.php b/includes/class-wc-monei-redirect-hooks.php
@@ -1,6 +1,7 @@
 <?php
 
 use Monei\Core\ContainerProvider;
+use Monei\Model\PaymentStatus;
 use Monei\Services\ApiKeyService;
 use Monei\Services\payment\MoneiPaymentServices;
 use Monei\Services\PaymentMethodFormatter;
@@ -28,8 +29,8 @@ class WC_Monei_Redirect_Hooks {
 	 */
 	public function __construct() {
 		add_action( 'woocommerce_cancelled_order', array( $this, 'add_notice_monei_order_cancelled' ) );
-		add_action( 'template_redirect', array( $this, 'add_notice_monei_order_failed' ) );
 		add_action( 'wp', array( $this, 'save_payment_token' ) );
+		add_action( 'template_redirect', array( $this, 'add_notice_monei_order_failed' ), 10 );
 		//TODO use the container
 		$apiKeyService                = new ApiKeyService();
 		$sdkClient                    = new MoneiSdkClientFactory( $apiKeyService );
@@ -206,19 +207,20 @@ private function verify_and_complete_order( $order_id, $payment ) {
 			return;
 		}
 
+		/** @var string $payment_status */
 		$payment_status = $payment->getStatus();
 		$order_status   = $order->get_status();
 
 		WC_Monei_Logger::log( sprintf( '[MONEI] Redirect verification [payment_id=%s, order_id=%s, payment_status=%s, order_status=%s]', $payment->getId(), $order_id, $payment_status, $order_status ), 'debug' );
 
-		// Only process if order is still pending/on-hold and payment succeeded
-		if ( ! in_array( $order_status, array( 'pending', 'on-hold' ), true ) ) {
+		// Only process if order is still pending/on-hold/failed and payment succeeded
+		if ( ! in_array( $order_status, array( 'pending', 'on-hold', 'failed' ), true ) ) {
 			WC_Monei_Logger::log( sprintf( '[MONEI] Order already processed, skipping [order_id=%s, status=%s]', $order_id, $order_status ), 'debug' );
 			return;
 		}
 
 		// If payment is SUCCEEDED or AUTHORIZED, complete the order
-		if ( 'SUCCEEDED' === $payment_status || 'AUTHORIZED' === $payment_status ) {
+		if ( PaymentStatus::SUCCEEDED === $payment_status || PaymentStatus::AUTHORIZED === $payment_status ) {
 			$amount      = $payment->getAmount();
 			$order_total = $order->get_total();
 
@@ -250,7 +252,7 @@ private function verify_and_complete_order( $order_id, $payment ) {
 				$order->update_meta_data( '_monei_payment_method_display', $payment_method_display );
 			}
 
-			if ( 'AUTHORIZED' === $payment_status ) {
+			if ( PaymentStatus::AUTHORIZED === $payment_status ) {
 				$order->update_meta_data( '_payment_not_captured_monei', 1 );
 				$order_note  = __( 'Payment verified via redirect - <strong>Payment Authorized</strong>', 'monei' ) . '. <br><br>';
 				$order_note .= __( 'MONEI Transaction id: ', 'monei' ) . $payment->getId() . '. <br><br>';
diff --git a/src/Gateways/Abstracts/WCMoneiPaymentGatewayComponent.php b/src/Gateways/Abstracts/WCMoneiPaymentGatewayComponent.php
@@ -4,6 +4,7 @@
 
 use Exception;
 use Monei\ApiException;
+use Monei\Model\PaymentStatus;
 use WC_Geolocation;
 use MoneiPaymentServices;
 use WC_Order;
@@ -91,7 +92,33 @@ public function process_payment( $order_id, $allowed_payment_method = null ) {
 			/**
 			 * Depends if we came in 1 step or 2.
 			 */
-			$next_action_redirect = ( $confirm_payment ) ? $confirm_payment->getNextAction()->getRedirectUrl() : $create_payment->getNextAction()->getRedirectUrl();
+			$payment_result = $confirm_payment ?: $create_payment;
+			// Get redirect URL from nextAction, or fall back to order received page
+			$next_action = $payment_result->getNextAction();
+			if ( $next_action && $next_action->getRedirectUrl() ) {
+				$next_action_redirect = $next_action->getRedirectUrl();
+			} else {
+				// If no redirect URL from MONEI (e.g., immediately successful payment with saved card),
+				// redirect to order received page
+				$next_action_redirect = $this->get_return_url( $order );
+			}
+
+			// Add payment ID and status to redirect URL for order verification (similar to blocks checkout)
+			// This ensures order is marked as paid even if IPN hasn't arrived yet (race condition fix)
+			/** @var string $payment_status */
+			$payment_status = $payment_result->getStatus();
+			if ( PaymentStatus::SUCCEEDED === $payment_status || PaymentStatus::AUTHORIZED === $payment_status || PaymentStatus::PENDING === $payment_status ) {
+				$redirect_url         = add_query_arg(
+					array(
+						'id'      => $payment_result->getId(),
+						'orderId' => $order_id,
+						'status'  => $payment_status,
+					),
+					$next_action_redirect
+				);
+				$next_action_redirect = $redirect_url;
+			}
+
 			return array(
 				'result'   => 'success',
 				'redirect' => $next_action_redirect,
@@ -151,7 +178,17 @@ public function create_payload( $order, $allowed_payment_method = null ) {
 		/**
 		 * The URL the customer will be directed to after transaction completed (successful or failed).
 		 */
-		$complete_url = wp_sanitize_redirect( esc_url_raw( add_query_arg( 'utm_nooverride', '1', $this->get_return_url( $order ) ) ) );
+		$complete_url = wp_sanitize_redirect(
+			esc_url_raw(
+				add_query_arg(
+					array(
+						'utm_nooverride' => '1',
+						'orderId'        => $order_id,
+					),
+					$this->get_return_url( $order )
+				)
+			)
+		);
 
 		/**
 		 * Create Payment Payload
