Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3491681

Timestamp:

03/26/2026 10:36:52 AM (8 days ago)

Author:

easypayment

Message:

tags/1.0.10

Location:

payment-gateway-for-authorize-net-for-woocommerce

Files:

: 63 added
: 5 edited

tags/1.0.10 (added)
tags/1.0.10/LICENSE.txt (added)
tags/1.0.10/assets (added)
tags/1.0.10/assets/css (added)
tags/1.0.10/assets/css/admin.css (added)
tags/1.0.10/assets/css/credit-cards (added)
tags/1.0.10/assets/css/credit-cards/amex.svg (added)
tags/1.0.10/assets/css/credit-cards/diners.svg (added)
tags/1.0.10/assets/css/credit-cards/discover.svg (added)
tags/1.0.10/assets/css/credit-cards/elo.svg (added)
tags/1.0.10/assets/css/credit-cards/hiper.svg (added)
tags/1.0.10/assets/css/credit-cards/jcb.svg (added)
tags/1.0.10/assets/css/credit-cards/maestro.svg (added)
tags/1.0.10/assets/css/credit-cards/mastercard.svg (added)
tags/1.0.10/assets/css/credit-cards/visa.svg (added)
tags/1.0.10/assets/css/public.css (added)
tags/1.0.10/assets/images (added)
tags/1.0.10/assets/images/brands (added)
tags/1.0.10/assets/images/brands/google-pay.svg (added)
tags/1.0.10/assets/images/check-routing-account.png (added)
tags/1.0.10/assets/js (added)
tags/1.0.10/assets/js/acceptjs-echeck-handler.js (added)
tags/1.0.10/assets/js/acceptjs-handler.js (added)
tags/1.0.10/assets/js/blocks (added)
tags/1.0.10/assets/js/blocks-authorizenet.js (added)
tags/1.0.10/assets/js/blocks/authorizenet-card.js (added)
tags/1.0.10/assets/js/blocks/authorizenet-echeck.js (added)
tags/1.0.10/assets/js/blocks/authorizenet-googlepay.js (added)
tags/1.0.10/assets/js/blocks/blocks-common.js (added)
tags/1.0.10/assets/js/easyauthnet-authorizenet-admin.js (added)
tags/1.0.10/assets/js/easyauthnet-review-ajax.js (added)
tags/1.0.10/assets/js/googlepay-express.js (added)
tags/1.0.10/assets/js/googlepay-handler.js (added)
tags/1.0.10/feedback (added)
tags/1.0.10/feedback/css (added)
tags/1.0.10/feedback/css/deactivation-feedback-modal.css (added)
tags/1.0.10/feedback/deactivation-feedback-form.php (added)
tags/1.0.10/feedback/fonts (added)
tags/1.0.10/feedback/fonts/icomoon.eot (added)
tags/1.0.10/feedback/fonts/icomoon.svg (added)
tags/1.0.10/feedback/fonts/icomoon.ttf (added)
tags/1.0.10/feedback/fonts/icomoon.woff (added)
tags/1.0.10/feedback/js (added)
tags/1.0.10/feedback/js/deactivation-feedback-modal.js (added)
tags/1.0.10/includes (added)
tags/1.0.10/includes/class-api-handler.php (added)
tags/1.0.10/includes/class-easy-payment-authorizenet-echeck-gateway.php (added)
tags/1.0.10/includes/class-easy-payment-authorizenet-gateway.php (added)
tags/1.0.10/includes/class-easy-payment-authorizenet-googlepay-gateway.php (added)
tags/1.0.10/includes/class-webhook-handler.php (added)
tags/1.0.10/includes/compatibility (added)
tags/1.0.10/includes/compatibility/class-block-support.php (added)
tags/1.0.10/includes/compatibility/class-easyauthnet-subscription-helper.php (added)
tags/1.0.10/includes/compatibility/class-funnelkit-compat.php (added)
tags/1.0.10/includes/compatibility/class-funnelkit-upsell-authorizenet.php (added)
tags/1.0.10/includes/compatibility/class-preorders-compat.php (added)
tags/1.0.10/languages (added)
tags/1.0.10/languages/easyauthnet-payment-authorizenet.pot (added)
tags/1.0.10/languages/payment-gateway-for-authorize-net-for-woocommerce.pot (added)
tags/1.0.10/payment-gateway-for-authorizenet-for-woocommerce-admin.php (added)
tags/1.0.10/payment-gateway-for-authorizenet-for-woocommerce.php (added)
tags/1.0.10/readme.txt (added)
tags/1.0.10/uninstall.php (added)
trunk/includes/class-api-handler.php (modified) (7 diffs)
trunk/includes/class-easy-payment-authorizenet-gateway.php (modified) (5 diffs)
trunk/includes/class-webhook-handler.php (modified) (6 diffs)
trunk/payment-gateway-for-authorizenet-for-woocommerce.php (modified) (2 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-api-handler.php

-                      r3473557
+                      r3491681
                 $meta_key = EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_' . $env;
                 update_user_meta($user_id, $meta_key, $dup_id);
+                $validation_list = $response['validationDirectResponseList'] ?? [];
+                $token_consumed  = !empty($validation_list) && $validation_list !== [];
                 self::log(__METHOD__, 'Duplicate profile detected; reusing existing profile id', [
                     'user_id' => $user_id,
                     'profile_id' => $dup_id,
                     'env' => $env,
+                    'token_consumed' => $token_consumed,
                 ]);
                 return [
 …
                         ],
                     ],
+                    'is_duplicate' => true,
+                    'is_duplicate'    => true,
+                    'token_consumed'  => $token_consumed,
                 ];
+            }
 …
+    }
+    /**
+     * Full list of Authorize.Net event types this plugin handles.
+     * Any change here is automatically applied to existing webhook registrations
+     * via update_webhook_event_types_if_needed().
+     */
+    protected static function get_required_webhook_event_types(): array {
+        return [
+            'net.authorize.payment.authcapture.created',
+            'net.authorize.payment.authorization.created',
+            'net.authorize.payment.priorAuthCapture.created',
+            'net.authorize.payment.void.created',
+            'net.authorize.payment.refund.created',
+            'net.authorize.customer.deleted',
+            'net.authorize.customer.paymentProfile.deleted',
+        ];
+    }
     public static function register_webhook() {
         self::init_settings();
 …
         self::log(__METHOD__, 'Checking existing webhook', ['option_key' => $option_key, 'existing_webhook_id' => $existing_webhook_id]);
         if ($existing_webhook_id) {
+            self::log(__METHOD__, 'Webhook already registered — skipping registration', ['webhook_id' => $existing_webhook_id]);
+            // Webhook already registered — ensure event types are up to date.
+            self::update_webhook_event_types_if_needed($existing_webhook_id, $is_sandbox);
             return;
+        }
 …
         $auth_header = 'Basic ' . base64_encode("{$api_login_id}:{$transaction_key}");
         $body = [
+            'url' => $webhook_url,
+            'eventTypes' => [
+                'net.authorize.payment.authcapture.created',
+                'net.authorize.payment.authorization.created',
+                'net.authorize.payment.priorAuthCapture.created',
+                'net.authorize.payment.void.created',
+                'net.authorize.payment.refund.created',
+            ],
+            'status' => 'active',
+            'url'        => $webhook_url,
+            'eventTypes' => self::get_required_webhook_event_types(),
+            'status'     => 'active',
         ];
         self::log(__METHOD__, 'Prepared REST request', ['endpoint' => $endpoint, 'webhook_url' => $webhook_url, 'event_types' => $body['eventTypes']]);
 …
         } catch (Exception $e) {
             self::log(__METHOD__, 'Webhook registration failed', ['message' => $e->getMessage()]);
+        }
+    }
+    /**
+     * Update an existing Authorize.Net webhook subscription if its event-type
+     * list differs from get_required_webhook_event_types(). This ensures that
+     * sites which registered the webhook with an older version of the plugin
+     * automatically receive any newly required events on the next settings save.
+     */
+    protected static function update_webhook_event_types_if_needed(string $webhook_id, bool $is_sandbox): void {
+        $api_login_id  = self::$api_login_id;
+        $transaction_key = self::$transaction_key;
+        $base_endpoint = $is_sandbox ? 'https://apitest.authorize.net/rest/v1/webhooks' : 'https://api.authorize.net/rest/v1/webhooks';
+        $auth_header   = 'Basic ' . base64_encode("{$api_login_id}:{$transaction_key}");
+        // Fetch the current webhook definition.
+        try {
+            $get_response = wp_remote_get("{$base_endpoint}/{$webhook_id}", [
+                'headers' => [
+                    'Content-Type' => 'application/json',
+                    'Authorization' => $auth_header,
+                    'User-Agent' => 'WooCommerce-Easy-Payment-AuthorizeNet/' . EASYAUTHNET_AUTHORIZENET_VERSION,
+                ],
+                'timeout' => 15,
+            ]);
+            if (is_wp_error($get_response)) {
+                throw new Exception($get_response->get_error_message());
+            }
+            $get_http_code = (int) wp_remote_retrieve_response_code($get_response);
+            $current = json_decode(wp_remote_retrieve_body($get_response), true);
+            // If the webhook no longer exists on Authorize.Net's side (404 or missing webhookId),
+            // clear the stored option so register_webhook() creates a fresh one next time.
+            if ($get_http_code !== 200 || empty($current['webhookId'])) {
+                $option_key = $is_sandbox ? 'easyauthnet_anet_webhook_id_sandbox' : 'easyauthnet_anet_webhook_id_live';
+                delete_option($option_key);
+                self::log(__METHOD__, 'Stored webhook no longer exists in Authorize.Net — cleared option for re-registration', [
+                    'webhook_id'  => $webhook_id,
+                    'http_status' => $get_http_code,
+                    'option_key'  => $option_key,
+                ]);
+                return;
+            }
+            $current_types = isset($current['eventTypes']) && is_array($current['eventTypes'])
+                ? $current['eventTypes']
+                : [];
+            $required_types = self::get_required_webhook_event_types();
+            $missing = array_diff($required_types, $current_types);
+            if (empty($missing)) {
+                self::log(__METHOD__, 'Webhook event types are already up to date', ['webhook_id' => $webhook_id]);
+                return;
+            }
+            self::log(__METHOD__, 'Updating webhook with missing event types', [
+                'webhook_id'    => $webhook_id,
+                'missing_types' => array_values($missing),
+            ]);
+            // PATCH the existing webhook with the full required list.
+            $patch_response = wp_remote_request("{$base_endpoint}/{$webhook_id}", [
+                'method'  => 'PUT',
+                'headers' => [
+                    'Content-Type' => 'application/json',
+                    'Authorization' => $auth_header,
+                    'User-Agent' => 'WooCommerce-Easy-Payment-AuthorizeNet/' . EASYAUTHNET_AUTHORIZENET_VERSION,
+                ],
+                'body'    => wp_json_encode([
+                    'url'        => isset($current['url']) ? $current['url'] : home_url('/wp-json/easyauthnet-authorizenet/v1/webhook'),
+                    'eventTypes' => $required_types,
+                    'status'     => 'active',
+                ]),
+                'timeout' => 20,
+            ]);
+            if (is_wp_error($patch_response)) {
+                throw new Exception($patch_response->get_error_message());
+            }
+            $http_code = wp_remote_retrieve_response_code($patch_response);
+            self::log(__METHOD__, 'Webhook update response', [
+                'webhook_id'  => $webhook_id,
+                'http_status' => $http_code,
+            ]);
+        } catch (Exception $e) {
+            self::log(__METHOD__, 'Failed to update webhook event types', [
+                'webhook_id' => $webhook_id,
+                'message'    => $e->getMessage(),
+            ]);
+        }
+    }
 …
             self::log(__METHOD__, 'Exception during profile validation', ['exception' => get_class($e), 'message' => $e->getMessage(), 'profile_id' => $customer_profile_id]);
             return false;
+        }
+    }
+    public static function delete_customer_profile_from_cim($customer_profile_id) {
+        self::init_settings();
+        $endpoint = self::get_api_endpoint();
+        self::log(__METHOD__, 'Deleting customer profile from CIM', [
+            'customer_profile_id' => $customer_profile_id,
+        ]);
+        try {
+            $request = [
+                'root_element' => 'deleteCustomerProfileRequest',
+                'merchantAuthentication' => [
+                    'name' => self::$api_login_id,
+                    'transactionKey' => self::$transaction_key,
+                ],
+                'customerProfileId' => $customer_profile_id,
+            ];
+            $response = self::send_request($endpoint, $request);
+            $result_code = $response['messages']['resultCode'] ?? '';
+            $message_code = $response['messages']['message']['code'] ?? '';
+            $message_text = $response['messages']['message']['text'] ?? '';
+            // E00040 = record not found — treat as success (already deleted on their side).
+            if ($result_code === 'Ok' || $message_code === 'E00040') {
+                self::log(__METHOD__, 'Customer profile delete treated as success', [
+                    'customer_profile_id' => $customer_profile_id,
+                    'message_code' => $message_code ?: 'I00001',
+                    'message_text' => $message_text,
+                ]);
+                return true;
+            }
+            self::log(__METHOD__, 'Customer profile delete failed', [
+                'customer_profile_id' => $customer_profile_id,
+                'result_code' => $result_code ?: 'none',
+                'message_code' => $message_code ?: 'none',
+                'message_text' => $message_text ?: __('Unknown error.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+            ]);
+            return new WP_Error(
+                'easyauthnet_delete_customer_profile_failed',
+                $message_text ?: __('Failed to delete customer profile from Authorize.Net CIM.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                [
+                    'customer_profile_id' => $customer_profile_id,
+                    'response' => $response,
+                ]
+            );
+        } catch (Exception $e) {
+            self::log(__METHOD__, 'Exception deleting customer profile', [
+                'customer_profile_id' => $customer_profile_id,
+                'exception' => get_class($e),
+                'message' => $e->getMessage(),
+            ]);
+            return new WP_Error('easyauthnet_delete_customer_profile_exception', $e->getMessage());
+        }
+    }
+    public static function delete_customer_payment_profile_from_cim($customer_profile_id, $payment_profile_id) {
+        self::init_settings();
+        $endpoint = self::get_api_endpoint();
+        self::log(__METHOD__, 'Deleting customer payment profile from CIM', [
+            'customer_profile_id' => $customer_profile_id,
+            'payment_profile_id' => $payment_profile_id,
+        ]);
+        try {
+            $request = [
+                'root_element' => 'deleteCustomerPaymentProfileRequest',
+                'merchantAuthentication' => [
+                    'name' => self::$api_login_id,
+                    'transactionKey' => self::$transaction_key,
+                ],
+                'customerProfileId' => $customer_profile_id,
+                'customerPaymentProfileId' => $payment_profile_id,
+            ];
+            $response = self::send_request($endpoint, $request);
+            $result_code = $response['messages']['resultCode'] ?? '';
+            $message_code = $response['messages']['message']['code'] ?? '';
+            $message_text = $response['messages']['message']['text'] ?? '';
+            if ($result_code === 'Ok' || $message_code === 'E00040') {
+                self::log(__METHOD__, 'Customer payment profile delete treated as success', [
+                    'customer_profile_id' => $customer_profile_id,
+                    'payment_profile_id' => $payment_profile_id,
+                    'message_code' => $message_code ?: 'I00001',
+                    'message_text' => $message_text,
+                ]);
+                return true;
+            }
+            self::log(__METHOD__, 'Customer payment profile delete failed', [
+                'customer_profile_id' => $customer_profile_id,
+                'payment_profile_id' => $payment_profile_id,
+                'result_code' => $result_code ?: 'none',
+                'message_code' => $message_code ?: 'none',
+                'message_text' => $message_text ?: __('Unknown error.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+            ]);
+            return new WP_Error(
+                'easyauthnet_delete_payment_profile_failed',
+                $message_text ?: __('Failed to delete payment profile from Authorize.Net CIM.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                [
+                    'customer_profile_id' => $customer_profile_id,
+                    'payment_profile_id' => $payment_profile_id,
+                    'response' => $response,
+                ]
+            );
+        } catch (Exception $e) {
+            self::log(__METHOD__, 'Exception deleting customer payment profile', [
+                'customer_profile_id' => $customer_profile_id,
+                'payment_profile_id' => $payment_profile_id,
+                'exception' => get_class($e),
+                'message' => $e->getMessage(),
+            ]);
+            return new WP_Error('easyauthnet_delete_payment_profile_exception', $e->getMessage());
+        }
+    }
+    public static function validate_customer_payment_profile($customer_profile_id, $payment_profile_id) {
+        self::init_settings();
+        $endpoint = self::get_api_endpoint();
+        self::log(__METHOD__, 'Validating customer payment profile', [
+            'customer_profile_id' => $customer_profile_id,
+            'payment_profile_id' => $payment_profile_id,
+        ]);
+        try {
+            $request = [
+                'root_element' => 'getCustomerPaymentProfileRequest',
+                'merchantAuthentication' => [
+                    'name' => self::$api_login_id,
+                    'transactionKey' => self::$transaction_key,
+                ],
+                'customerProfileId' => $customer_profile_id,
+                'customerPaymentProfileId' => $payment_profile_id,
+            ];
+            $response = self::send_request($endpoint, $request);
+            $result_code = $response['messages']['resultCode'] ?? '';
+            $message_code = $response['messages']['message']['code'] ?? '';
+            if ($result_code === 'Ok') {
+                self::log(__METHOD__, 'Customer payment profile exists', [
+                    'customer_profile_id' => $customer_profile_id,
+                    'payment_profile_id' => $payment_profile_id,
+                ]);
+                return true;
+            }
+            if ($message_code === 'E00040') {
+                self::log(__METHOD__, 'Customer payment profile not found', [
+                    'customer_profile_id' => $customer_profile_id,
+                    'payment_profile_id' => $payment_profile_id,
+                ]);
+                return false;
+            }
+            self::log(__METHOD__, 'Customer payment profile validation failed open after API response', [
+                'customer_profile_id' => $customer_profile_id,
+                'payment_profile_id' => $payment_profile_id,
+                'result_code' => $result_code ?: 'none',
+                'message_code' => $message_code ?: 'none',
+                'message_text' => $response['messages']['message']['text'] ?? '',
+            ]);
+            return true;
+        } catch (Exception $e) {
+            self::log(__METHOD__, 'Exception validating customer payment profile - failing open', [
+                'customer_profile_id' => $customer_profile_id,
+                'payment_profile_id' => $payment_profile_id,
+                'exception' => get_class($e),
+                'message' => $e->getMessage(),
+            ]);
+            return true;
+        }
+    }

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-gateway.php

-                      r3473557
+                      r3491681
     public $customer_profile_id;
     private static $easyauthnet_notice_rendered = false;
+    private static $cim_skip_token_ids = [];
+    /**
+     * Mark a token ID so that the woocommerce_payment_token_deleted hook will
+     * skip the CIM deletion for it. Used by the webhook handler when a profile
+     * has already been removed on the Authorize.Net side.
+     */
+    public static function skip_cim_sync_for_token(int $token_id): void {
+        self::$cim_skip_token_ids[$token_id] = true;
+    }
+    public static function unskip_cim_sync_for_token(int $token_id): void {
+        unset(self::$cim_skip_token_ids[$token_id]);
+    }
     protected const CUSTOMER_PROFILE_MIGRATION_FLAG = 'easyauthnet_authorizenet_profile_migration_v1';
 …
         add_filter('safe_style_css', array($this, 'easyauthnet_allowed_css_properties'));
         add_action('admin_notices', [$this, 'easyauthnet_cc_missing_creds_notice']);
+        add_action('woocommerce_payment_token_deleted', [$this, 'easyauthnet_sync_delete_cim_on_token_removed'], 10, 2);
+        add_action('woocommerce_account_payment_methods_endpoint', [$this, 'easyauthnet_prune_stale_tokens_on_account_page']);
+        add_action('before_delete_user', [$this, 'easyauthnet_delete_cim_profile_on_user_deleted']);
+    }
 …
             $this->log("Failed to save payment token", ['error_code' => $error_code, 'error_message' => $token->get_error_message()]);
+            if ($error_code === 'easyauthnet_ots_token_consumed') {
+                $this->log('OTS token was consumed by duplicate-profile check; direct charge not possible — asking customer to retry', [
+                    'order_id' => $order->get_id(),
+                ]);
+                wc_add_notice($token->get_error_message(), 'error');
+                return ['result' => 'failure'];
+            }
             // Graceful fallback: intermittent Authorize.Net E00114 (Invalid OTS Token).
             // In this scenario, the CIM save fails but we can still charge the order using opaque data.
 …
                 ]);
+                if (!empty($create_result['is_duplicate']) && !empty($create_result['token_consumed'])) {
+                    if ($user_id > 0) {
+                        update_user_meta($user_id, $this->customer_profile_id, $customer_profile_id);
+                    }
+                    if ($order instanceof WC_Order) {
+                        $order->update_meta_data('_easyauthnet_authorizenet_customer_profile_id', $customer_profile_id);
+                        $order->save();
+                    }
+                    if (!empty($create_result['customerPaymentProfileIdList'])) {
+                        $list      = $create_result['customerPaymentProfileIdList'];
+                        $candidate = '';
+                        if (is_array($list)) {
+                            if (isset($list['numericString'])) {
+                                $ns        = $list['numericString'];
+                                $candidate = is_array($ns) ? (string) reset($ns) : (string) $ns;
+                            } else {
+                                $candidate = (string) reset($list);
+                            }
+                        } else {
+                            $candidate = (string) $list;
+                        }
+                        if ($candidate !== '') {
+                            $payment_profile_id_from_create = $candidate;
+                            $this->log('OTS token consumed by duplicate-profile; reusing payment profile ID returned in response', [
+                                'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+                                'payment_profile_id'  => $this->mask_sensitive_data($payment_profile_id_from_create),
+                            ]);
+                            // Fall through — $payment_profile_id_from_create will be used below.
+                        }
+                    }
+                    if (empty($payment_profile_id_from_create)) {
+                        $this->log('OTS token consumed by duplicate-profile validation; cannot reuse for payment profile creation', [
+                            'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+                        ]);
+                        return new WP_Error(
+                            'easyauthnet_ots_token_consumed',
+                            __('Your payment session has expired. Please try again.', 'payment-gateway-for-authorize-net-for-woocommerce'),
+                            ['customer_profile_id' => $customer_profile_id]
+                        );
+                    }
+                }
                 if (!empty($create_result['customerPaymentProfileIdList'])) {
                     $list = $create_result['customerPaymentProfileIdList'];
 …
+    }
+    public function easyauthnet_sync_delete_cim_on_token_removed($token_id, $token) {
+        if (!$token instanceof WC_Payment_Token) {
+            $this->log('Skipping CIM delete for invalid token instance', ['token_id' => $token_id]);
+            return;
+        }
+        if ($token->get_gateway_id() !== $this->id) {
+            return;
+        }
+        if (!empty(self::$cim_skip_token_ids[$token_id])) {
+            $this->log('Skipping CIM delete for internally pruned token', ['token_id' => $token_id]);
+            return;
+        }
+        $customer_profile_id = (string) $token->get_meta('customer_profile_id');
+        $payment_profile_id = (string) $token->get_meta('payment_profile_id');
+        if ($payment_profile_id === '') {
+            $payment_profile_id = (string) $token->get_token();
+        }
+        if ($customer_profile_id === '' || $payment_profile_id === '') {
+            $this->log('Skipping CIM delete for legacy or incomplete token', [
+                'token_id' => $token_id,
+                'has_customer_profile_id' => $customer_profile_id !== '',
+                'has_payment_profile_id' => $payment_profile_id !== '',
+            ]);
+            return;
+        }
+        $result = EASYAUTHNET_AuthorizeNet_API_Handler::delete_customer_payment_profile_from_cim($customer_profile_id, $payment_profile_id);
+        if (is_wp_error($result)) {
+            $this->log('Failed deleting CIM payment profile after Woo token removal', [
+                'token_id' => $token_id,
+                'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+                'payment_profile_id' => $this->mask_sensitive_data($payment_profile_id),
+                'error_code' => $result->get_error_code(),
+                'error_message' => $result->get_error_message(),
+            ]);
+            return;
+        }
+        $this->log('Deleted CIM payment profile after Woo token removal', [
+            'token_id' => $token_id,
+            'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+            'payment_profile_id' => $this->mask_sensitive_data($payment_profile_id),
+        ]);
+        $this->maybe_delete_customer_profile_meta_if_unused($token->get_user_id(), $customer_profile_id);
+    }
+    public function easyauthnet_delete_cim_profile_on_user_deleted($user_id) {
+        $user_id = (int) $user_id;
+        if ($user_id <= 0) {
+            return;
+        }
+        $customer_profile_id = (string) get_user_meta($user_id, $this->customer_profile_id, true);
+        if ($customer_profile_id === '') {
+            return;
+        }
+        $result = EASYAUTHNET_AuthorizeNet_API_Handler::delete_customer_profile_from_cim($customer_profile_id);
+        if (is_wp_error($result)) {
+            $this->log('Failed deleting CIM customer profile after WP user deletion', [
+                'user_id' => $user_id,
+                'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+                'error_code' => $result->get_error_code(),
+                'error_message' => $result->get_error_message(),
+            ]);
+            return;
+        }
+        $this->log('Deleted CIM customer profile after WP user deletion', [
+            'user_id' => $user_id,
+            'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+        ]);
+    }
+    public function easyauthnet_prune_stale_tokens_on_account_page() {
+        if (!is_user_logged_in()) {
+            return;
+        }
+        $user_id = get_current_user_id();
+        $tokens = WC_Payment_Tokens::get_customer_tokens($user_id, $this->id);
+        if (empty($tokens)) {
+            return;
+        }
+        foreach ($tokens as $token) {
+            if (!$token instanceof WC_Payment_Token) {
+                continue;
+            }
+            $token_id = $token->get_id();
+            $customer_profile_id = (string) $token->get_meta('customer_profile_id');
+            $payment_profile_id = (string) $token->get_meta('payment_profile_id');
+            if ($payment_profile_id === '') {
+                $payment_profile_id = (string) $token->get_token();
+            }
+            if ($customer_profile_id === '' || $payment_profile_id === '') {
+                $this->log('Skipping stale token prune for legacy or incomplete token', [
+                    'token_id' => $token_id,
+                    'has_customer_profile_id' => $customer_profile_id !== '',
+                    'has_payment_profile_id' => $payment_profile_id !== '',
+                ]);
+                continue;
+            }
+            $exists = EASYAUTHNET_AuthorizeNet_API_Handler::validate_customer_payment_profile($customer_profile_id, $payment_profile_id);
+            if ($exists) {
+                continue;
+            }
+            $this->log('Pruning stale Woo token missing in CIM', [
+                'token_id' => $token_id,
+                'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+                'payment_profile_id' => $this->mask_sensitive_data($payment_profile_id),
+            ]);
+            self::$cim_skip_token_ids[$token_id] = true;
+            WC_Payment_Tokens::delete($token_id);
+            unset(self::$cim_skip_token_ids[$token_id]);
+            $this->maybe_delete_customer_profile_meta_if_unused($user_id, $customer_profile_id);
+        }
+    }
+    protected function maybe_delete_customer_profile_meta_if_unused($user_id, $customer_profile_id) {
+        $user_id = (int) $user_id;
+        if ($user_id <= 0 || $customer_profile_id === '') {
+            return;
+        }
+        $tokens = WC_Payment_Tokens::get_customer_tokens($user_id, $this->id);
+        foreach ($tokens as $token) {
+            if (!$token instanceof WC_Payment_Token) {
+                continue;
+            }
+            if ((string) $token->get_meta('customer_profile_id') === $customer_profile_id) {
+                return;
+            }
+        }
+        delete_user_meta($user_id, $this->customer_profile_id);
+        $this->log('Deleted stored CIM customer profile meta after last token removal', [
+            'user_id' => $user_id,
+            'customer_profile_id' => $this->mask_sensitive_data($customer_profile_id),
+        ]);
+    }
     public function process_refund($order_id, $amount = null, $reason = '') {
         try {

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-webhook-handler.php

-                      r3462451
+                      r3491681
         $status = str_replace('wc-', '', $status);
         return $status !== '' ? $status : 'on-hold';
+    }
+    protected static function force_delete_token_rows(int $token_id): void {
+        if ($token_id <= 0) {
+            return;
+        }
+        global $wpdb;
+        $wpdb->delete( // phpcs:ignore WordPress.DB.DirectDatabaseQuery
+            "{$wpdb->prefix}woocommerce_payment_tokenmeta",
+            ['payment_token_id' => $token_id],
+            ['%d']
+        );
+        $wpdb->delete( // phpcs:ignore WordPress.DB.DirectDatabaseQuery
+            "{$wpdb->prefix}woocommerce_payment_tokens",
+            ['token_id' => $token_id],
+            ['%d']
+        );
+    }
 …
         self::$transaction_type = isset($settings['transaction_type']) ? sanitize_text_field($settings['transaction_type']) : 'auth_capture';
-        // Note: Raw body must be read unmodified for signature verification.
         $raw_body = file_get_contents('php://input');
 …
         );
+        // Sanitize signature header
+        $signature_header = isset($_SERVER['HTTP_X_ANET_SIGNATURE']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_X_ANET_SIGNATURE'])) : '';
+        // Validate structure
+        $signature_header = isset($_SERVER['HTTP_X_ANET_SIGNATURE']) ? wp_unslash($_SERVER['HTTP_X_ANET_SIGNATURE']) : '';
         if (empty($data['eventType']) || empty($data['payload']) || empty($signature_header)) {
             return new WP_REST_Response(['status' => 'invalid_payload_or_signature'], 400);
+        }
-        // Verify signature
         if (!self::verify_signature($raw_body, $signature_header)) {
             self::log('Signature mismatch — webhook rejected', [], 'warning');
 …
                 self::handle_refund($payload);
                 break;
+            case 'net.authorize.customer.deleted':
+                self::handle_customer_deleted($payload);
+                break;
+            case 'net.authorize.customer.paymentProfile.deleted':
+                self::handle_payment_profile_deleted($payload);
+                break;
             default:
                 do_action('easyauthnet_authorizenet_webhook_' . $event_type, $payload);
 …
             if (in_array($current_status, ['pending', 'on-hold', 'processing'], true)) {
                 if (abs($capture_amount - $order_total) < 0.01) {
-                    // For eCheck (ACH), merchants often want to keep the order on-hold until they confirm settlement.
                     $new_status = $is_echeck ? $echeck_webhook_status : 'completed';
                     $order->update_status($new_status);
 …
+    }
+    protected static function handle_customer_deleted($payload) {
+        $customer_profile_id = sanitize_text_field($payload['id'] ?? $payload['customerProfileId'] ?? $payload['profileId'] ?? '');
+        if (empty($customer_profile_id)) {
+            self::log('Customer deleted webhook: missing customer profile ID in payload', [], 'warning');
+            return;
+        }
+        self::log('Customer deleted webhook received', ['customer_profile_id' => $customer_profile_id]);
+        $user_ids_live    = get_users([
+            'meta_key'   => EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_live',
+            'meta_value' => $customer_profile_id,
+            'fields'     => 'ID',
+            'number'     => -1,
+        ]);
+        $user_ids_sandbox = get_users([
+            'meta_key'   => EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_sandbox',
+            'meta_value' => $customer_profile_id,
+            'fields'     => 'ID',
+            'number'     => -1,
+        ]);
+        $user_ids = array_values(array_unique(array_merge(
+            array_map('intval', (array) $user_ids_live),
+            array_map('intval', (array) $user_ids_sandbox)
+        )));
+        $token_map         = [];
+        $affected_user_ids = [];
+        foreach ($user_ids as $user_id) {
+            if ($user_id <= 0) {
+                continue;
+            }
+            $affected_user_ids[] = $user_id;
+            $user_tokens = WC_Payment_Tokens::get_customer_tokens($user_id, 'easyauthnet_authorizenet');
+            foreach ($user_tokens as $token) {
+                if (!$token instanceof WC_Payment_Token) {
+                    continue;
+                }
+                if ((string) $token->get_meta('customer_profile_id') !== $customer_profile_id) {
+                    continue;
+                }
+                $token_map[(int) $token->get_id()] = $token;
+            }
+        }
+        if (empty($token_map)) {
+            self::log('Customer deleted webhook: no local tokens found for profile', ['customer_profile_id' => $customer_profile_id]);
+        }
+        foreach ($token_map as $token_id => $token) {
+            $token_id = (int) $token_id;
+            if (!$token instanceof WC_Payment_Token) {
+                self::force_delete_token_rows($token_id);
+                self::log('Force-deleted local token rows for customer-deleted webhook (invalid token object)', [
+                    'token_id'            => $token_id,
+                    'customer_profile_id' => $customer_profile_id,
+                ], 'warning');
+                continue;
+            }
+            $affected_user_ids[] = (int) $token->get_user_id();
+            if (class_exists('EASYAUTHNET_AuthorizeNet_Gateway')) {
+                EASYAUTHNET_AuthorizeNet_Gateway::skip_cim_sync_for_token($token_id);
+            }
+            WC_Payment_Tokens::delete($token_id);
+            if (class_exists('EASYAUTHNET_AuthorizeNet_Gateway')) {
+                EASYAUTHNET_AuthorizeNet_Gateway::unskip_cim_sync_for_token($token_id);
+            }
+            self::log('Deleted local token for Authorize.Net customer-deleted webhook', [
+                'token_id'            => $token_id,
+                'customer_profile_id' => $customer_profile_id,
+            ]);
+        }
+        foreach (array_unique($affected_user_ids) as $user_id) {
+            delete_user_meta($user_id, EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_live');
+            delete_user_meta($user_id, EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_sandbox');
+            self::log('Deleted customer profile user meta after Authorize.Net customer-deleted webhook', [
+                'user_id'             => $user_id,
+                'customer_profile_id' => $customer_profile_id,
+            ]);
+        }
+    }
+    protected static function handle_payment_profile_deleted($payload) {
+        $payment_profile_id  = sanitize_text_field($payload['id'] ?? '');
+        $customer_profile_id = sanitize_text_field($payload['customerProfileId'] ?? $payload['profileId'] ?? '');
+        if (empty($payment_profile_id)) {
+            self::log('Payment profile deleted webhook: missing payment profile ID in payload', [], 'warning');
+            return;
+        }
+        self::log('Payment profile deleted webhook received', [
+            'payment_profile_id'  => $payment_profile_id,
+            'customer_profile_id' => $customer_profile_id,
+        ]);
+        $matching_tokens = [];
+        if (!empty($customer_profile_id)) {
+            $user_ids_live    = get_users([
+                'meta_key'   => EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_live',
+                'meta_value' => $customer_profile_id,
+                'fields'     => 'ID',
+                'number'     => -1,
+            ]);
+            $user_ids_sandbox = get_users([
+                'meta_key'   => EASYAUTHNET_AUTHORIZENET_CUSTOMER_PROFILE_ID . '_sandbox',
+                'meta_value' => $customer_profile_id,
+                'fields'     => 'ID',
+                'number'     => -1,
+            ]);
+            $user_ids = array_values(array_unique(array_merge(
+                array_map('intval', (array) $user_ids_live),
+                array_map('intval', (array) $user_ids_sandbox)
+            )));
+            foreach ($user_ids as $user_id) {
+                if ($user_id <= 0) {
+                    continue;
+                }
+                foreach (WC_Payment_Tokens::get_customer_tokens($user_id, 'easyauthnet_authorizenet') as $token) {
+                    if (!$token instanceof WC_Payment_Token) {
+                        continue;
+                    }
+                    if (
+                        (string) $token->get_meta('payment_profile_id') === $payment_profile_id ||
+                        (string) $token->get_token() === $payment_profile_id
+                    ) {
+                        $matching_tokens[(int) $token->get_id()] = $token;
+                    }
+                }
+            }
+        } else {
+            foreach (WC_Payment_Tokens::get_tokens(['gateway_id' => 'easyauthnet_authorizenet']) as $token) {
+                if (!$token instanceof WC_Payment_Token) {
+                    continue;
+                }
+                if (
+                    (string) $token->get_meta('payment_profile_id') === $payment_profile_id ||
+                    (string) $token->get_token() === $payment_profile_id
+                ) {
+                    $matching_tokens[(int) $token->get_id()] = $token;
+                }
+            }
+        }
+        if (empty($matching_tokens)) {
+            self::log('Payment profile deleted webhook: no local tokens found for payment profile', [
+                'payment_profile_id' => $payment_profile_id,
+            ]);
+            return;
+        }
+        foreach ($matching_tokens as $token_id => $token) {
+            $token_id = (int) $token_id;
+            $user_id  = (int) $token->get_user_id();
+            if (class_exists('EASYAUTHNET_AuthorizeNet_Gateway')) {
+                EASYAUTHNET_AuthorizeNet_Gateway::skip_cim_sync_for_token($token_id);
+            }
+            WC_Payment_Tokens::delete($token_id);
+            if (class_exists('EASYAUTHNET_AuthorizeNet_Gateway')) {
+                EASYAUTHNET_AuthorizeNet_Gateway::unskip_cim_sync_for_token($token_id);
+            }
+            self::log('Deleted local token for Authorize.Net payment-profile-deleted webhook', [
+                'token_id'            => $token_id,
+                'payment_profile_id'  => $payment_profile_id,
+                'customer_profile_id' => $customer_profile_id,
+            ]);
+        }
+    }
     protected static function log($message, $context = [], $level = 'info') {
         if (!class_exists('WC_Logger')) {

payment-gateway-for-authorize-net-for-woocommerce/trunk/payment-gateway-for-authorizenet-for-woocommerce.php

-                      r3473557
+                      r3491681
  * Author: easypayment
  * Author URI: https://profiles.wordpress.org/easypayment/
  * Version: 1.0.9
+ * Version: 1.0.10
  * Requires at least: 5.6
  * Tested up to: 6.9.1
+ * Tested up to: 6.9.4
  * Requires PHP: 7.4
  * Text Domain: payment-gateway-for-authorize-net-for-woocommerce
  * Domain Path: /languages/
  * WC requires at least: 6.0
  * WC tested up to: 10.5.2
+ * WC tested up to: 10.6.1
  * Requires Plugins: woocommerce
  * License: GPLv2 or later
 …
 if (!defined('EASYAUTHNET_AUTHORIZENET_VERSION')) {
     define('EASYAUTHNET_AUTHORIZENET_VERSION', '1.0.9');
+    define('EASYAUTHNET_AUTHORIZENET_VERSION', '1.0.10');
+}
 define('EASYAUTHNET_AUTHORIZENET_PLUGIN_FILE', __FILE__);

payment-gateway-for-authorize-net-for-woocommerce/trunk/readme.txt

-                      r3473557
+                      r3491681
 Tags: authorize.net, credit card, visa
 Requires at least: 5.6
 Tested up to: 6.9.1
+Tested up to: 6.9.4
 Requires PHP: 7.4
 Stable tag: 1.0.9
+Stable tag: 1.0.10
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.0.10 =
+* Improved - Synchronization between Authorize.net CIM and WooCommerce saved payment methods.
 = 1.0.9 =
 * Added - FunnelKit compatible for upsell and cross-sell flows.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3491681

Legend:

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-api-handler.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-easy-payment-authorizenet-gateway.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/includes/class-webhook-handler.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/payment-gateway-for-authorizenet-for-woocommerce.php

payment-gateway-for-authorize-net-for-woocommerce/trunk/readme.txt

Download in other formats: