Page MenuHomePhabricator
Create Task
Maniphest T219536

Investigate possible bug in payment notification handler
Open, Needs TriagePublic5 Estimated Story Points
Actions

Description

Our finance department identified some PayPal payments, that are not represented in our database (and thus also not in our third-party software). It seems that the payment notifications (IPN) sent by PayPal just slipped through. Usually, the handler either updates the status of a data set (in case of a one-time payment and the initial payment subscription) or by creating a child data set (in case of a recurring payment). If an IPN can't be handled, it is written to the logs. For these missing cases, there is neither a data set nor a log entry.

PayPal only provides an IPN history for 28 days, so we can't look it up for most of the cases. I found a monthly donation, for which the IPN handling fails regularly. The content of the most recent IPN call can be found in ZeDa. I shared it with all FUN team members.

The first occurrence dates back to fall 2016, which is around the launch of the rewritten donation application.

Event Timeline

kai.nissen created this task.Mar 28 2019, 4:57 PM
Restricted Application added a project: WMDE-FUN-Team. · View Herald TranscriptMar 28 2019, 4:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
kai.nissen set the point value for this task to 8.Apr 1 2019, 10:16 AM
kai.nissen added a project: WMDE-FUN-Sprint-2019-04-15.Apr 15 2019, 1:45 PM
kai.nissen removed a project: WMDE-FUN-Sprint-2019-04-15.Apr 15 2019, 1:52 PM
kai.nissen moved this task from Backlog to Sprint ready on the WMDE-Fundraising-Tech board.Apr 15 2019, 2:21 PM
Tim_WMDE claimed this task.Sep 3 2019, 11:44 AM
Tim_WMDE added a project: WMDE-FUN-Sprint-2019-09-03.
Tim_WMDE moved this task from Todo to Doing on the WMDE-FUN-Sprint-2019-09-03 board.
Tim_WMDE added a comment.Sep 3 2019, 11:55 AM

@kai.nissen Can we get some sort of recent example here? I have tried to pick up this ticket but I cannot find any hint in the logs to get started with this, so a concrete case would help.

Tim_WMDE removed Tim_WMDE as the assignee of this task.Sep 3 2019, 11:55 AM
Tim_WMDE subscribed.
Tim_WMDE moved this task from Doing to Todo on the WMDE-FUN-Sprint-2019-09-03 board.Sep 3 2019, 11:59 AM
Tim_WMDE moved this task from Sprint ready to Current Sprint on the WMDE-Fundraising-Tech board.Sep 9 2019, 9:35 AM
kai.nissen added a comment.Sep 9 2019, 9:44 AM

Seeing nothing in the log files is part of the problem. A more recent example wouldn't help, I guess. When I wrote this ticket, I also sent (by email) the body of an IPN that was rejected by our server. I will search for it and forward it to you again. Maybe you can reproduce that on the test server using PayPal's IPN simulator.

kai.nissen added a comment.Sep 9 2019, 9:51 AM

Half a year ago... Sorry, I did not send it by mail, but shared it with you on ZeDa/Nextcloud:
https://zeda.wikimedia.de/index.php/f/1858079

kai.nissen added a comment.Sep 9 2019, 10:05 AM

Not sure if it helps, but maybe you can also debug locally by disabling the IPN verification (the one that sends the data back to PayPal).

Tim_WMDE added a comment.Sep 9 2019, 2:30 PM

After debugging this locally, it appears that the issue in this specific example comes from the fact that the first donation which started the recurring PayPal donation is missing the utoken in the database. The donation is an old recurring PayPal donation from 2013, so the data is likely messed up for some reason.

This means that the following if condition from vendor/wmde/fundraising-donations/src/UseCases/HandlePayPalPaymentNotification/HandlePayPalPaymentCompletionNotificationUseCase.php is true and no new donation is created:

		if ( !$this->authorizationService->systemCanModifyDonation( $request->getInternalId() ) ) {
			return $this->createUnhandledResponse( 'Wrong access code for donation' );
		}

However, for some reason the logs do not contain any mention of Wrong access code for donation which is a bit odd. We definitely need some more examples in order to be able to see if there is a pattern or if there are multiple issues spread out across all problematic cases. Since the PayPal login is not working right now, we will try again in a few days, alternatively it would be great if you had any more examples of this issue @kai.nissen.

Tim_WMDE moved this task from Todo to Blocked externally on the WMDE-FUN-Sprint-2019-09-03 board.Sep 9 2019, 2:40 PM
kai.nissen changed the point value for this task from 8 to 5.Sep 16 2019, 10:01 AM
kai.nissen claimed this task.Sep 16 2019, 10:03 AM

I can add more examples I got from finance.

kai.nissen added a project: WMDE-FUN-Sprint-2019-09-16.Sep 16 2019, 10:03 AM
kai.nissen moved this task from Todo to Blocked externally on the WMDE-FUN-Sprint-2019-09-16 board.Sep 16 2019, 10:21 AM
kai.nissen moved this task from Blocked externally to Todo on the WMDE-FUN-Sprint-2019-09-16 board.
kai.nissen moved this task from Current Sprint to Blocked on the WMDE-Fundraising-Tech board.Jul 20 2020, 4:14 PM
Aklapper removed kai.nissen as the assignee of this task.Mar 13 2022, 7:46 PM

Removing task assignee due to inactivity, as this open task has been assigned for more than two years. See the email sent to the task assignee on February 06th 2022 (and T295729).

Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome.

If this task has been resolved in the meantime, or should not be worked on ("declined"), please update its task status via "Add Action… 🡒 Change Status".

Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL