Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3462451

Timestamp:

02/16/2026 11:43:16 AM (7 weeks ago)

Author:

easypayment

Message:

tags/1.0.8

Location:

payment-gateway-for-authorize-net-for-woocommerce

Files:

: 61 added
: 6 edited

tags/1.0.8 (added)
tags/1.0.8/LICENSE.txt (added)
tags/1.0.8/assets (added)
tags/1.0.8/assets/css (added)
tags/1.0.8/assets/css/admin.css (added)
tags/1.0.8/assets/css/credit-cards (added)
tags/1.0.8/assets/css/credit-cards/amex.svg (added)
tags/1.0.8/assets/css/credit-cards/diners.svg (added)
tags/1.0.8/assets/css/credit-cards/discover.svg (added)
tags/1.0.8/assets/css/credit-cards/elo.svg (added)
tags/1.0.8/assets/css/credit-cards/hiper.svg (added)
tags/1.0.8/assets/css/credit-cards/jcb.svg (added)
tags/1.0.8/assets/css/credit-cards/maestro.svg (added)
tags/1.0.8/assets/css/credit-cards/mastercard.svg (added)
tags/1.0.8/assets/css/credit-cards/visa.svg (added)
tags/1.0.8/assets/css/public.css (added)
tags/1.0.8/assets/images (added)
tags/1.0.8/assets/images/brands (added)
tags/1.0.8/assets/images/brands/google-pay.svg (added)
tags/1.0.8/assets/images/check-routing-account.png (added)
tags/1.0.8/assets/js (added)
tags/1.0.8/assets/js/acceptjs-echeck-handler.js (added)
tags/1.0.8/assets/js/acceptjs-handler.js (added)
tags/1.0.8/assets/js/blocks (added)
tags/1.0.8/assets/js/blocks-authorizenet.js (added)
tags/1.0.8/assets/js/blocks/authorizenet-card.js (added)
tags/1.0.8/assets/js/blocks/authorizenet-echeck.js (added)
tags/1.0.8/assets/js/blocks/authorizenet-googlepay.js (added)
tags/1.0.8/assets/js/blocks/blocks-common.js (added)
tags/1.0.8/assets/js/easyauthnet-authorizenet-admin.js (added)
tags/1.0.8/assets/js/easyauthnet-review-ajax.js (added)
tags/1.0.8/assets/js/googlepay-express.js (added)
tags/1.0.8/assets/js/googlepay-handler.js (added)
tags/1.0.8/feedback (added)
tags/1.0.8/feedback/css (added)
tags/1.0.8/feedback/css/deactivation-feedback-modal.css (added)
tags/1.0.8/feedback/deactivation-feedback-form.php (added)
tags/1.0.8/feedback/fonts (added)
tags/1.0.8/feedback/fonts/icomoon.eot (added)
tags/1.0.8/feedback/fonts/icomoon.svg (added)
tags/1.0.8/feedback/fonts/icomoon.ttf (added)
tags/1.0.8/feedback/fonts/icomoon.woff (added)
tags/1.0.8/feedback/js (added)
tags/1.0.8/feedback/js/deactivation-feedback-modal.js (added)
tags/1.0.8/includes (added)
tags/1.0.8/includes/class-api-handler.php (added)
tags/1.0.8/includes/class-easy-payment-authorizenet-echeck-gateway.php (added)
tags/1.0.8/includes/class-easy-payment-authorizenet-gateway.php (added)
tags/1.0.8/includes/class-easy-payment-authorizenet-googlepay-gateway.php (added)
tags/1.0.8/includes/class-webhook-handler.php (added)
tags/1.0.8/includes/compatibility (added)
tags/1.0.8/includes/compatibility/class-block-support.php (added)
tags/1.0.8/includes/compatibility/class-easyauthnet-subscription-helper.php (added)
tags/1.0.8/includes/compatibility/class-preorders-compat.php (added)
tags/1.0.8/languages (added)
tags/1.0.8/languages/easyauthnet-payment-authorizenet.pot (added)
tags/1.0.8/languages/payment-gateway-for-authorize-net-for-woocommerce.pot (added)
tags/1.0.8/payment-gateway-for-authorizenet-for-woocommerce-admin.php (added)
tags/1.0.8/payment-gateway-for-authorizenet-for-woocommerce.php (added)
tags/1.0.8/readme.txt (added)
tags/1.0.8/uninstall.php (added)
trunk/includes/class-api-handler.php (modified) (11 diffs)
trunk/includes/class-easy-payment-authorizenet-echeck-gateway.php (modified) (3 diffs)
trunk/includes/class-easy-payment-authorizenet-gateway.php (modified) (19 diffs)
trunk/includes/class-easy-payment-authorizenet-googlepay-gateway.php (modified) (4 diffs)
trunk/payment-gateway-for-authorizenet-for-woocommerce.php (modified) (2 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-api-handler.php

-                      r3440293
+                      r3462451
             ]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($message);
+            throw new Exception($message);
+        }
         if (isset($response['transactionResponse']['responseCode']) && (string) $response['transactionResponse']['responseCode'] !== '1') {
 …
             self::log(__METHOD__, 'Transaction failed', [
                 'response_code' => $response['transactionResponse']['responseCode'],
-                'response_code' => (string) $response['transactionResponse']['responseCode'],
                 'error_code' => $error_code,
                 'error_message' => $message,
 …
             self::log(__METHOD__, $error_msg, ['order_id' => $order->get_id()]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error_msg);
+            throw new Exception($error_msg);
+        }
         $endpoint = self::get_api_endpoint();
 …
         if (!$trans_id) {
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception('easyauthnet_no_trans_id', __('Missing transaction ID.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            throw new Exception('easyauthnet_no_trans_id', __('Missing transaction ID.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+        }
         self::log(__METHOD__, 'Checking whether to refund or void', ['order_id' => $order->get_id(), 'transaction_id' => $trans_id, 'amount' => $amount, 'reason' => $reason]);
 …
         if (!$order) {
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception(__('Invalid order.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            throw new Exception(__('Invalid order.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+        }
         self::log(__METHOD__, 'Processing payment refund/void', ['order_id' => $order->get_id(), 'amount' => $amount, 'reason' => $reason]);
 …
         if (!$trans_id) {
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception(__('Missing transaction ID.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            throw new Exception(__('Missing transaction ID.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+        }
         $endpoint = self::get_api_endpoint();
 …
             self::log(__METHOD__, $error, ['has_customer_profile' => (bool) $customer_profile_id, 'has_payment_profile' => (bool) $payment_profile_id]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $request = [
 …
             self::log(__METHOD__, $error);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $customer_profile_id = get_user_meta($user_id, self::$customer_profile_id, true);
 …
         self::log(__METHOD__, $error, ['response' => $result]);
         // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
         return throw new Exception($error);
+        throw new Exception($error);
+    }
 …
             self::log(__METHOD__, $error, ['user_id' => $user_id]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $customer_profile_id = get_user_meta($user_id, self::$customer_profile_id, true);
 …
             self::log(__METHOD__, 'Capture failed', ['response_code' => $response['transactionResponse']['responseCode'] ?? 'none', 'error' => $error]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         self::log(__METHOD__, 'Successfully captured transaction', ['transaction_id' => $response['transactionResponse']['transId'] ?? $transaction_id, 'auth_code' => $response['transactionResponse']['authCode'] ?? '']);

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-echeck-gateway.php

-                      r3440293
+                      r3462451
         if (is_checkout() || is_checkout_pay_page() || is_account_page()) {
             $merchant_data = EASYAUTHNET_AuthorizeNet_API_Handler::fetch_merchant_details(
                     $this->api_login_id,
                     $this->transaction_key,
                     $this->signature_key,
                     $this->environment !== 'live'
+                            $this->api_login_id,
+                            $this->transaction_key,
+                            $this->signature_key,
+                            $this->environment !== 'live'
             );
             if (!is_wp_error($merchant_data) && isset($merchant_data['publicClientKey'])) {
 …
+    }
+    protected function is_store_api_request(): bool {
+        if (defined('REST_REQUEST') && REST_REQUEST) {
+            // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+            $uri = isset($_SERVER['REQUEST_URI']) ? (string) $_SERVER['REQUEST_URI'] : '';
+            return ($uri && strpos($uri, '/wc/store/') !== false);
+        }
+        return false;
+    }
+    protected function maybe_mark_order_failed(WC_Order $order, string $message): void {
+        if ($order->has_status(['processing', 'completed', 'cancelled', 'refunded'])) {
+            return;
+        }
+        $note = sprintf(
+                __('Authorize.Net payment failed: %s', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                wp_strip_all_tags($message)
+        );
+        if (!$order->has_status('failed')) {
+            $order->update_status('failed', $note);
+        } else {
+            $order->add_order_note($note);
+        }
+        $order->save();
+    }
+    protected function fail_with_error(WC_Order $order, $error) {
+        $message = is_wp_error($error) ? (string) $error->get_error_message() : (string) $error;
+        $message = wp_strip_all_tags($message);
+        $this->maybe_mark_order_failed($order, $message);
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
+    protected function handle_payment_exception(WC_Order $order, Exception $e) {
+        $message = wp_strip_all_tags((string) $e->getMessage());
+        $this->maybe_mark_order_failed($order, $message);
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
     public function process_payment($order_id) {
         $order = wc_get_order($order_id);
 …
+        }
+        // eCheck (ACH) is available for USD only.
+        $allowed_currency = strtoupper((string) apply_filters('easyauthnet_authorizenet_echeck_allowed_currency', 'USD'));
+        if (strtoupper((string) $order->get_currency()) !== $allowed_currency) {
+            wc_add_notice(
+        try {
+            // eCheck (ACH) is available for USD only.
+            $allowed_currency = strtoupper((string) apply_filters('easyauthnet_authorizenet_echeck_allowed_currency', 'USD'));
+            if (strtoupper((string) $order->get_currency()) !== $allowed_currency) {
+                return $this->fail_with_error(
+                    $order,
                     sprintf(
+                            // translators: %s is a currency code like USD.
+                            __('eCheck (ACH) is available for %s only.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                            esc_html($allowed_currency)
+                    ),
+                    'error'
+            );
+            return ['result' => 'failure'];
+        }
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing
+        $token = isset($_POST['easyauthnet_authorizenet_echeck_token']) ? sanitize_text_field(wp_unslash($_POST['easyauthnet_authorizenet_echeck_token'])) : '';
+        if (preg_match('/^"(.+)"$/', $token, $m)) {
+            $token = $m[1];
+        }
+        // phpcs:ignore WordPress.Security.NonceVerification.Missing
+        $posted_descriptor = isset($_POST['easyauthnet_authorizenet_echeck_descriptor']) ? sanitize_text_field(wp_unslash($_POST['easyauthnet_authorizenet_echeck_descriptor'])) : '';
+        if (preg_match('/^"(.+)"$/', $posted_descriptor, $m2)) {
+            $posted_descriptor = $m2[1];
+        }
+        if (empty($token)) {
+            wc_add_notice(__('Payment error: unable to tokenize bank details. Please try again.', 'payment-gateway-for-authorize-net-for-woocommerce'), 'error');
+            return ['result' => 'failure'];
+        }
+        EASYAUTHNET_AuthorizeNet_API_Handler::init();
+        // Accept.js should return COMMON.ACCEPT.INAPP.CHECK for eCheck tokens.
+        // However, some merchant setups can return COMMON.ACCEPT.INAPP.PAYMENT even for bank tokenization.
+        // To avoid Authorize.Net error 153 (Unable to decrypt data), we forward the descriptor returned by Accept.js
+        // after validating it against a strict allowlist.
+        $allowed_descriptors = [
+            'COMMON.ACCEPT.INAPP.CHECK',
+            'COMMON.ACCEPT.INAPP.PAYMENT',
+        ];
+        $descriptor = 'COMMON.ACCEPT.INAPP.CHECK';
+        if ($posted_descriptor && in_array($posted_descriptor, $allowed_descriptors, true)) {
+            $descriptor = $posted_descriptor;
+        }
+        $opaque_token = [
+            'dataDescriptor' => $descriptor,
+            'dataValue' => $token,
+        ];
+        $this->log('Processing eCheck payment', [
+            'order_id' => $order->get_id(),
+            'total' => $order->get_total(),
+            'environment' => $this->environment,
+        ]);
+        $response = EASYAUTHNET_AuthorizeNet_API_Handler::charge_transaction($order, $opaque_token, [
+            'transaction_type' => $this->echeck_transaction_type,
+            'statement_descriptor' => $this->statement_descriptor,
+        ]);
+        if (is_wp_error($response)) {
+            $this->log('eCheck charge failed', [
+                'error_code' => $response->get_error_code(),
+                'error_message' => $response->get_error_message(),
+                        /* translators: %s is a currency code like USD. */
+                        __('eCheck (ACH) is available for %s only.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                        esc_html($allowed_currency)
+                    )
+                );
+            }
+            // phpcs:ignore WordPress.Security.NonceVerification.Missing
+            $token = isset($_POST['easyauthnet_authorizenet_echeck_token']) ? sanitize_text_field(wp_unslash($_POST['easyauthnet_authorizenet_echeck_token'])) : '';
+            if (preg_match('/^"(.+)"$/', $token, $m)) {
+                $token = $m[1];
+            }
+            // phpcs:ignore WordPress.Security.NonceVerification.Missing
+            $posted_descriptor = isset($_POST['easyauthnet_authorizenet_echeck_descriptor']) ? sanitize_text_field(wp_unslash($_POST['easyauthnet_authorizenet_echeck_descriptor'])) : '';
+            if (preg_match('/^"(.+)"$/', $posted_descriptor, $m2)) {
+                $posted_descriptor = $m2[1];
+            }
+            if (empty($token)) {
+                return $this->fail_with_error($order, __('Payment error: unable to tokenize bank details. Please try again.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            }
+            EASYAUTHNET_AuthorizeNet_API_Handler::init();
+            // Accept.js should return COMMON.ACCEPT.INAPP.CHECK for eCheck tokens.
+            // However, some merchant setups can return COMMON.ACCEPT.INAPP.PAYMENT even for bank tokenization.
+            // To avoid Authorize.Net error 153 (Unable to decrypt data), we forward the descriptor returned by Accept.js
+            // after validating it against a strict allowlist.
+            $allowed_descriptors = [
+                'COMMON.ACCEPT.INAPP.CHECK',
+                'COMMON.ACCEPT.INAPP.PAYMENT',
+            ];
+            $descriptor = 'COMMON.ACCEPT.INAPP.CHECK';
+            if ($posted_descriptor && in_array($posted_descriptor, $allowed_descriptors, true)) {
+                $descriptor = $posted_descriptor;
+            }
+            $opaque_token = [
+                'dataDescriptor' => $descriptor,
+                'dataValue' => $token,
+            ];
+            $this->log('Processing eCheck payment', [
+                'order_id' => $order->get_id(),
+                'total' => $order->get_total(),
+                'environment' => $this->environment,
             ]);
+            wc_add_notice($response->get_error_message(), 'error');
+            return ['result' => 'failure'];
+        }
+        $transaction_id = $response['transaction_id'] ?? '';
+        if (!empty($transaction_id)) {
+            $order->update_meta_data('_easyauthnet_authorizenet_echeck_transaction_id', $transaction_id);
+            $order->save();
+        }
+        // For eCheck, settlement can be delayed. Keep it on the configured status (default: on-hold).
+        if ($order->has_status(['pending', 'failed'])) {
+            $status = str_replace('wc-', '', (string) $this->echeck_order_status);
+            if ($status === '') {
+                $status = 'on-hold';
+            }
+            $order->update_status($status, __('eCheck payment initiated. Awaiting settlement/confirmation.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+        }
+        WC()->cart->empty_cart();
+        return [
+            'result' => 'success',
+            'redirect' => $this->get_return_url($order),
+        ];
+            $response = EASYAUTHNET_AuthorizeNet_API_Handler::charge_transaction($order, $opaque_token, [
+                        'transaction_type' => $this->echeck_transaction_type,
+                        'statement_descriptor' => $this->statement_descriptor,
+            ]);
+            if (is_wp_error($response)) {
+                $this->log('eCheck charge failed', [
+                    'error_code' => $response->get_error_code(),
+                    'error_message' => $response->get_error_message(),
+                ]);
+                return $this->fail_with_error($order, $response);
+            }
+            if (!is_array($response)) {
+                return $this->fail_with_error($order, __('Transaction failed.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            }
+            $transaction_id = $response['transaction_id'] ?? '';
+            if (!empty($transaction_id)) {
+                $order->update_meta_data('_easyauthnet_authorizenet_echeck_transaction_id', $transaction_id);
+                $order->save();
+            }
+            // For eCheck, settlement can be delayed. Keep it on the configured status (default: on-hold).
+            if ($order->has_status(['pending', 'failed'])) {
+                $status = str_replace('wc-', '', (string) $this->echeck_order_status);
+                if ($status === '') {
+                    $status = 'on-hold';
+                }
+                $order->update_status($status, __('eCheck payment initiated. Awaiting settlement/confirmation.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+            }
+            if (function_exists('WC') && WC()->cart) {
+                WC()->cart->empty_cart();
+            }
+            return [
+                'result' => 'success',
+                'redirect' => $this->get_return_url($order),
+            ];
+        } catch (Exception $ex) {
+            if ($ex instanceof \Automattic\WooCommerce\StoreApi\Exceptions\RouteException) {
+                throw $ex;
+            }
+            return $this->handle_payment_exception($order, $ex);
+        }
+    }

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-gateway.php

-                      r3440293
+                      r3462451
     public function process_payment($order_id) {
         $order = wc_get_order($order_id);
+        if (! $order) {
+            if ($this->is_store_api_request()) {
+                throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', __('Invalid order.', 'payment-gateway-for-authorize-net-for-woocommerce'), 400);
+            }
+            wc_add_notice(__('Invalid order.', 'payment-gateway-for-authorize-net-for-woocommerce'), 'error');
+            return ['result' => 'failure'];
+        }
         try {
             $this->log_start_payment($order);
 …
             return $this->process_with_new_card($order);
         } catch (Exception $ex) {
+            return $this->handle_payment_exception($ex);
+            if ($ex instanceof \Automattic\WooCommerce\StoreApi\Exceptions\RouteException) {
+                throw $ex;
+            }
+            return $this->handle_payment_exception($order, $ex);
+        }
+    }
 …
         if (is_wp_error($response)) {
             $this->log("Failed to charge saved token", ['error_code' => $response->get_error_code(), 'error_message' => $response->get_error_message()]);
             return $this->fail_with_error($response);
+            return $this->fail_with_error($order, $response);
+        }
         $this->log("Successfully charged saved token", ['transaction_id' => $response['transaction_id'] ?? 'N/A', 'response_code' => $response['response_code'] ?? null, 'auth_code' => $response['auth_code'] ?? null]);
 …
         $is_subscription = $this->is_subscription_order($order);
+        // Default logic: user opted in OR it's a subscription
+        // Default logic: save only when explicitly required.
+        // - User opted in via the "Save payment method" checkbox, OR
+        // - Subscription order (requires a reusable token for renewals).
         $should_save = $user_opted_in || $is_subscription;
 …
          * @param EASYAUTHNET_AuthorizeNet_Gateway  $gateway     Gateway instance.
          */
         $should_save = (bool) apply_filters(
+        $filtered_should_save = (bool) apply_filters(
                         'easyauthnet_authorizenet_should_save_card',
                         $should_save,
 …
                 );
+        // Enterprise-safe guardrail:
+        // Never save a card for a non-subscription order unless the customer opted in.
+        // This avoids consuming the one-time opaque token on CIM operations for typical one-time checkouts.
+        if (!$user_opted_in && !$is_subscription) {
+            $should_save = false;
+        } else {
+            $should_save = $filtered_should_save;
+        }
         // Log debug values safely
         $this->log('Checking if should save card', [
 …
             'user_opted_in' => $user_opted_in,
             'is_subscription' => $is_subscription,
+            'filtered_should_save' => $filtered_should_save,
             'final_should_save' => $should_save,
         ]);
 …
         if (is_wp_error($token)) {
             $error_code = $token->get_error_code();
+            $error_data = $token->get_error_data();
+            $anet_code  = '';
+            if (is_array($error_data) && !empty($error_data['error_code'])) {
+                $anet_code = (string) $error_data['error_code'];
+            }
             $this->log("Failed to save payment token", ['error_code' => $error_code, 'error_message' => $token->get_error_message()]);
+            // Graceful fallback: intermittent Authorize.Net E00114 (Invalid OTS Token).
+            // In this scenario, the CIM save fails but we can still charge the order using opaque data.
+            // NOTE: For subscriptions, this will successfully charge the initial order but the card will NOT be saved
+            // for renewals; we add an order note so the merchant can follow up.
+            if ($anet_code === 'E00114' || stripos((string) $token->get_error_message(), 'Invalid OTS Token') !== false) {
+                $this->log('CIM save failed with Invalid OTS Token - falling back to one-time charge using opaque data', [
+                    'order_id' => $order->get_id(),
+                    'wp_error_code' => $error_code,
+                    'anet_error_code' => $anet_code ?: 'E00114',
+                    'is_subscription' => $this->is_subscription_order($order),
+                ]);
+                if ($order instanceof WC_Order) {
+                    $order->add_order_note(
+                        __('Authorize.Net: Card could not be saved to CIM (Invalid OTS Token). Order was charged as a one-time payment. Customer may need to re-add a saved payment method for future renewals.', 'payment-gateway-for-authorize-net-for-woocommerce')
+                    );
+                }
+                return $this->charge_without_saving($order, $opaque_data['gateway_token']);
+            }
             if ($error_code === 'easyauthnet_duplicate_payment_profile') {
 …
                     'card_type' => $opaque_data['card_type'] ?? 'none',
                 ]);
+                // If Authorize.Net returned the duplicate payment profile ID, charge via CIM profile.
+                // IMPORTANT: do NOT attempt to charge with opaque data here because the token may
+                // have already been consumed by the CIM validation step (leading to E00114).
+                $dup_customer_profile_id = is_array($error_data) ? ($error_data['customer_profile_id'] ?? '') : '';
+                $dup_payment_profile_id  = is_array($error_data) ? ($error_data['customer_payment_profile_id'] ?? '') : '';
+                if (!empty($dup_payment_profile_id)) {
+                    $user_id = (int) $order->get_user_id();
+                    // Try to locate an existing Woo token that matches this CIM payment profile.
+                    $existing_by_profile = null;
+                    if ($user_id > 0) {
+                        $tokens = WC_Payment_Tokens::get_customer_tokens($user_id, $this->id);
+                        foreach ($tokens as $t) {
+                            if ($t instanceof WC_Payment_Token && (string) $t->get_token() === (string) $dup_payment_profile_id) {
+                                $existing_by_profile = $t;
+                                break;
+                            }
+                        }
+                    }
+                    $token_to_use = $existing_by_profile;
+                    // If not found, create a Woo token so renewals/manual reuse can work.
+                    if (!$token_to_use && $user_id > 0) {
+                        $token_to_use = new WC_Payment_Token_CC();
+                        $token_to_use->set_token($dup_payment_profile_id);
+                        $token_to_use->set_gateway_id($this->id);
+                        $token_to_use->set_card_type(strtolower($opaque_data['card_type'] ?? ''));
+                        $token_to_use->set_last4($opaque_data['last4'] ?? '');
+                        $expiry = $opaque_data['expiry'] ?? '';
+                        if (preg_match('/^(\d{2})\/(\d{2})$/', $expiry, $m)) {
+                            $token_to_use->set_expiry_month($m[1]);
+                            $token_to_use->set_expiry_year('20' . $m[2]);
+                        }
+                        $token_to_use->set_user_id($user_id);
+                        $token_to_use->set_default(true);
+                        if (!empty($dup_customer_profile_id)) {
+                            $token_to_use->add_meta_data('customer_profile_id', $dup_customer_profile_id, true);
+                        }
+                        $token_to_use->add_meta_data('payment_profile_id', $dup_payment_profile_id, true);
+                        $token_to_use->add_meta_data('created_via_order_id', $order->get_id(), true);
+                        $token_to_use->save();
+                        $this->log('Created Woo token for duplicate CIM payment profile', [
+                            'token_id' => $token_to_use->get_id(),
+                            'payment_profile_id' => $this->mask_sensitive_data($dup_payment_profile_id),
+                        ]);
+                    }
+                    if ($token_to_use) {
+                        if ($this->is_subscription_order($order)) {
+                            EASYAUTHNET_Subscription_Helper::assign_token_to_order_and_subscriptions($order, $token_to_use);
+                        }
+                        $response = EASYAUTHNET_AuthorizeNet_API_Handler::charge_saved_token($order, $token_to_use);
+                        if (!is_wp_error($response)) {
+                            $this->log('Successfully charged using duplicate CIM payment profile', [
+                                'transaction_id' => $response['transaction_id'] ?? 'N/A',
+                            ]);
+                            EASYAUTHNET_AuthorizeNet_API_Handler::complete_payment($order, $response['transaction_id']);
+                            return $this->success_redirect($order);
+                        }
+                        $this->log('Charge using duplicate CIM payment profile failed', [
+                            'error_code' => $response->get_error_code(),
+                            'error_message' => $response->get_error_message(),
+                        ]);
+                        // Fall through to existing-token lookup below, then final fallback.
+                    }
+                }
                 // 1) Try to reuse an existing Woo token for the same card (best for subscriptions).
 …
+                }
+                // 2) Fallback: charge as a one-time payment (do not save).
+                // 2) Final fallback: as a last resort, attempt a one-time charge.
+                // NOTE: If CIM validation already consumed the token, this may still fail with E00114.
                 return $this->charge_without_saving($order, $opaque_data['gateway_token']);
+            }
             return $this->fail_with_error($token);
+            return $this->fail_with_error($order, $token);
+        }
 …
         if (is_wp_error($response)) {
             $this->log("Failed to charge after saving token", ['error_code' => $response->get_error_code(), 'error_message' => $response->get_error_message()]);
             return $this->fail_with_error($response);
+            return $this->fail_with_error($order, $response);
+        }
         $this->log("Successfully charged after saving token", ['transaction_id' => $response['transaction_id'] ?? 'N/A', 'response_code' => $response['response_code'] ?? null, 'auth_code' => $response['auth_code'] ?? null]);
 …
         if (is_wp_error($response)) {
             $this->log("Failed to process one-time payment", ['error_code' => $response->get_error_code(), 'error_message' => $response->get_error_message()]);
             return $this->fail_with_error($response);
+            return $this->fail_with_error($order, $response);
+        }
         $this->log("Successfully processed one-time payment", ['transaction_id' => $response['transaction_id'] ?? 'N/A', 'response_code' => $response['response_code'] ?? null, 'auth_code' => $response['auth_code'] ?? null]);
 …
+    }
+    protected function fail_with_error($error) {
+        $this->log("Payment processing failed", ['error_code' => $error->get_error_code(), 'error_message' => $error->get_error_message()]);
+        // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at REST output time.
+        throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $error->get_error_message(), 400);
+    protected function fail_with_error($order, $error) {
+        $message = is_wp_error($error) ? (string) $error->get_error_message() : (string) $error;
+        $code    = is_wp_error($error) ? (string) $error->get_error_code() : 'unknown';
+        $message = wp_strip_all_tags($message);
+        $this->log('Payment processing failed', [
+            'order_id' => $order instanceof WC_Order ? $order->get_id() : 0,
+            'error_code' => $code,
+            'error_message' => $message,
+            'is_store_api' => $this->is_store_api_request(),
+        ]);
+        if ($order instanceof WC_Order) {
+            $this->maybe_mark_order_failed($order, $message);
+        }
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
+    protected function maybe_mark_order_failed(WC_Order $order, $message) {
+        if ($order->has_status(['processing', 'completed', 'cancelled', 'refunded'])) {
+            return;
+        }
+        $note = sprintf(
+            __('Authorize.Net payment failed: %s', 'payment-gateway-for-authorize-net-for-woocommerce'),
+            wp_strip_all_tags((string) $message)
+        );
+        if (!$order->has_status('failed')) {
+            $order->update_status('failed', $note);
+        } else {
+            $order->add_order_note($note);
+        }
+        $order->save();
+    }
 …
         ];
+    }
+    protected function handle_payment_exception($e) {
+        $this->log("Payment processing exception", ['exception' => get_class($e), 'message' => $e->getMessage(), 'file' => $e->getFile(), 'line' => $e->getLine()]);
+        // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at REST output time.
+        throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $e->getMessage(), 400);
+    protected function is_store_api_request(): bool {
+        if (defined('REST_REQUEST') && REST_REQUEST) {
+            // Woo Store API endpoints usually include /wc/store/
+            // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+            $uri = isset($_SERVER['REQUEST_URI']) ? (string) $_SERVER['REQUEST_URI'] : '';
+            if ($uri && strpos($uri, '/wc/store/') !== false) {
+                return true;
+            }
+        }
+        return false;
+    }
+    protected function handle_payment_exception($order, $e) {
+        $message = $e instanceof Exception ? (string) $e->getMessage() : (string) $e;
+        $message = wp_strip_all_tags($message);
+        $this->log('Payment processing exception', [
+            'order_id' => $order instanceof WC_Order ? $order->get_id() : 0,
+            'exception' => is_object($e) ? get_class($e) : 'unknown',
+            'message' => $message,
+            'is_store_api' => $this->is_store_api_request(),
+        ]);
+        if ($order instanceof WC_Order) {
+            $this->maybe_mark_order_failed($order, $message);
+        }
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
 …
             $this->log("Cannot save token - missing requirements", ['error' => $error]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $customer_profile_id = get_user_meta($user_id, $this->customer_profile_id, true);
 …
             $customer_profile_id = '';
+        }
+        $payment_profile_id_from_create = '';
         if (!$customer_profile_id) {
             $create_result = EASYAUTHNET_AuthorizeNet_API_Handler::create_customer_profile($order, $payment_data['gateway_token']);
 …
                     'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
                 ]);
+                // IMPORTANT: createCustomerProfileRequest already includes a payment profile built from opaqueData.
+                // If Authorize.Net returns the created paymentProfileId(s), reuse the first one and DO NOT call
+                // createCustomerPaymentProfileRequest again (opaqueData tokens are one-time-use).
+                if (!empty($create_result['customerPaymentProfileIdList'])) {
+                    $list = $create_result['customerPaymentProfileIdList'];
+                    $candidate = '';
+                    if (is_array($list)) {
+                        // Authorize.Net may return { numericString: ["123"] } or a flat array.
+                        if (isset($list['numericString'])) {
+                            $ns = $list['numericString'];
+                            if (is_array($ns)) {
+                                $candidate = (string) reset($ns);
+                            } else {
+                                $candidate = (string) $ns;
+                            }
+                        } else {
+                            $candidate = (string) reset($list);
+                        }
+                    } else {
+                        $candidate = (string) $list;
+                    }
+                    if ($candidate !== '') {
+                        $payment_profile_id_from_create = $candidate;
+                        $this->log('Reusing payment profile id returned by createCustomerProfileRequest', [
+                            'payment_profile_id' => $this->mask_sensitive_data($payment_profile_id_from_create),
+                        ]);
+                    }
+                }
+            }
             update_user_meta($user_id, $this->customer_profile_id, $customer_profile_id);
+        }
+        // 2) ✅ Create a NEW payment profile (card) under the EXISTING customer profile
+        $this->log("Creating new CIM payment profile for saved card", [
+            'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+        ]);
+        $payment_profile_id = EASYAUTHNET_AuthorizeNet_API_Handler::create_customer_payment_profile(
+                $customer_profile_id,
+                $payment_data['gateway_token'],
+                $order
+        );
+        // 2) Create a NEW payment profile (card) under the EXISTING customer profile.
+        // If we JUST created the customer profile and Authorize.Net returned the paymentProfileId, reuse it.
+        if (!empty($payment_profile_id_from_create)) {
+            $payment_profile_id = $payment_profile_id_from_create;
+        } else {
+            $this->log("Creating new CIM payment profile for saved card", [
+                'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+            ]);
+            $payment_profile_id = EASYAUTHNET_AuthorizeNet_API_Handler::create_customer_payment_profile(
+                    $customer_profile_id,
+                    $payment_data['gateway_token'],
+                    $order
+            );
+        }
         if (is_wp_error($payment_profile_id)) {
             $this->log("Failed to create CIM payment profile", [
 …
             $this->log("No payment profile ID returned from CIM create", ['error' => $error]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $token = new WC_Payment_Token_CC();
 …
             $this->log("Capture failed - no transaction ID", ['error' => $error]);
             // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Exception message is sanitized and escaped at output time.
             return throw new Exception($error);
+            throw new Exception($error);
+        }
         $response = EASYAUTHNET_AuthorizeNet_API_Handler::capture_authorized_transaction($order, $transaction_id);

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-googlepay-gateway.php

-                      r3440293
+                      r3462451
         return true;
+    }
+    protected function is_store_api_request(): bool {
+        if (defined('REST_REQUEST') && REST_REQUEST) {
+            // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+            $uri = isset($_SERVER['REQUEST_URI']) ? (string) $_SERVER['REQUEST_URI'] : '';
+            return ($uri && strpos($uri, '/wc/store/') !== false);
+        }
+        return false;
+    }
+    protected function maybe_mark_order_failed(WC_Order $order, string $message): void {
+        if ($order->has_status(['processing', 'completed', 'cancelled', 'refunded'])) {
+            return;
+        }
+        $note = sprintf(
+            __('Authorize.Net payment failed: %s', 'payment-gateway-for-authorize-net-for-woocommerce'),
+            wp_strip_all_tags($message)
+        );
+        if (!$order->has_status('failed')) {
+            $order->update_status('failed', $note);
+        } else {
+            $order->add_order_note($note);
+        }
+        $order->save();
+    }
+    protected function fail_with_error(WC_Order $order, $error) {
+        $message = is_wp_error($error) ? (string) $error->get_error_message() : (string) $error;
+        $message = wp_strip_all_tags($message);
+        $this->maybe_mark_order_failed($order, $message);
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
+    protected function handle_payment_exception(WC_Order $order, Exception $e) {
+        $message = wp_strip_all_tags((string) $e->getMessage());
+        $this->maybe_mark_order_failed($order, $message);
+        if ($this->is_store_api_request()) {
+            // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
+            throw new \Automattic\WooCommerce\StoreApi\Exceptions\RouteException('AuthorizeNet_API', $message, 400);
+        }
+        wc_add_notice($message, 'error');
+        return ['result' => 'failure'];
+    }
     public function process_payment($order_id) {
 …
             if (is_wp_error($response)) {
                 throw new Exception($response->get_error_message() ?: __('Google Pay payment failed.', 'payment-gateway-for-authorize-net-for-woocommerce'));
+                return $this->fail_with_error($order, $response);
+            }
 …
             if (!$ok) {
                 $message = !empty($response['message']) ? $response['message'] : __('Transaction failed.', 'payment-gateway-for-authorize-net-for-woocommerce');
+                throw new Exception($message);
+                // Use the unified handler so order becomes Failed + note,
+                // and Blocks gets RouteException while Classic gets wc notice.
+                return $this->fail_with_error($order, $message);
+            }
 …
             ];
         } catch (Exception $e) {
+            wc_add_notice($e->getMessage(), 'error');
+            return ['result' => 'failure'];
+            if ($e instanceof \Automattic\WooCommerce\StoreApi\Exceptions\RouteException) {
+                throw $e;
+            }
+            return $this->handle_payment_exception($order, $e);
+        }
+    }

payment-gateway-for-authorize-net-for-woocommerce/trunk/payment-gateway-for-authorizenet-for-woocommerce.php

-                      r3440293
+                      r3462451
  * Author: easypayment
  * Author URI: https://profiles.wordpress.org/easypayment/
  * Version: 1.0.7
+ * Version: 1.0.8
  * Requires at least: 5.6
  * Tested up to: 6.9
+ * Tested up to: 6.9.1
  * Requires PHP: 7.4
  * Text Domain: payment-gateway-for-authorize-net-for-woocommerce
  * Domain Path: /languages/
  * WC requires at least: 6.0
  * WC tested up to: 10.4.3
+ * WC tested up to: 10.5.1
  * Requires Plugins: woocommerce
  * License: GPLv2 or later
 …
 if (!defined('EASYAUTHNET_AUTHORIZENET_VERSION')) {
     define('EASYAUTHNET_AUTHORIZENET_VERSION', '1.0.7');
+    define('EASYAUTHNET_AUTHORIZENET_VERSION', '1.0.8');
+}
 define('EASYAUTHNET_AUTHORIZENET_PLUGIN_FILE', __FILE__);

payment-gateway-for-authorize-net-for-woocommerce/trunk/readme.txt

-                      r3440293
+                      r3462451
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 1.0.7
+Stable tag: 1.0.8
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.0.8 =
+* Fixed – Intermittent checkout failures (E00114 Invalid OTS Token) and improved CIM card-saving flow stability.
 = 1.0.7 =
 * Added – Support for eCheck (ACH) payments.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3462451

Legend:

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-api-handler.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-echeck-gateway.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-gateway.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-googlepay-gateway.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/payment-gateway-for-authorizenet-for-woocommerce.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/readme.txt

Download in other formats: