Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The quantities in stock are not verified in case of payment with PayPal #325

Open
Codencode opened this issue Apr 22, 2024 · 2 comments · May be fixed by #365
Open

The quantities in stock are not verified in case of payment with PayPal #325

Codencode opened this issue Apr 22, 2024 · 2 comments · May be fixed by #365
Assignees
@bogdan202
Labels
bug

Comments

@Codencode
Copy link

Describe the bug and add screenshots

As the remaining quantity in stock is not checked when paying with PayPal or other forms that require a gateway payment, it is possible to complete the order and pay for an out-of-stock product even if this is not permitted.

I attach a video of the problem
01 - screen-capture.webm.webm
02 - screen-capture.webm.webm

The problem also occurs when paying using the payment buttons in the cart and on the product page.

Expected behavior

Payment should not be allowed

Steps to reproduce

  1. Set a product quantity to 2 in the BO
  2. Add this product to cart, 2 units
  3. Go to the last step of the checkout (payment), just before you click "Confirm with an obligation to pay"
  4. Now, change quantity of the product to 1 in back-office
  5. Click "Confirm with an obligation to pay" on last step of the checkout (payment), però selezionando il pagamento con PayPal
  6. You are now able to pay while you shouldn't

PrestaShop version(s) where the bug happened

8.0

PHP version(s) where the bug happened

all
@clotairer
Copy link
Collaborator

Linked to #PrestaShop/PrestaShop/issues/35984

@clotairer clotairer added the bug label Apr 22, 2024
@Codencode Codencode mentioned this issue Apr 22, 2024
Open
2 tasks
@clotairer
Copy link
Collaborator

Thank you for your report and your analysis on the PrestaShop issue I recopy here:

I understand the issue with a Paypal module payment, but, that not the role of a payment gateway to manage the availability of the stocks but to the core. Only the core of PrestaShop sould manage if it's OK to create an order or not in this condition during the "validateOrder" action of the PaymentModule class.
Nevertheless, all payment gateways (I don't speak about PayPal only) cannot manage a refund after valid payment if the order failed for any reason. I suppose, it kindly helpfull to create an order without enough stock instead of an orphelin payment without order on PrestaShop ? Perhaps that's the reason why the core doesn't stop teh order creation. Not sure of that.
At least, there always was a timelaps between the user payment on the "bank portal" and its return on the shop. But, in a regular way, an order is created with a "reserved stock" different of the "physical stock". If you deduce a stock manually in the backoffice you deduce directly from the physical stock you increase the probability of this issue.

Hi @clotairer, the problem is that checking ValidateOrder would be useless as the payment has already been made. Basically Prestashop, from version 8, when you click on the order confirmation button, checks the quantity of products in the cart, it does so by executing an ajax call to the endpoint stored in the "window.prestashop.urls.pages.order" variable and passing as parameter "action" => "checkCartStillOrderable", here is the code I am referring to:

https://github.com/PrestaShop/PrestaShop/blob/2937cae599dcf5b4ada6914925eccdb2fa6cbfc3/themes/_core/js/checkout-payment.js#L173

The PayPal module should do the same thing as the ps_checkout module which checks the quantities before confirming the payment. Here is the module code I am referring to: https://github.com/PrestaShopCorp/ps_checkout/blob/6bba634f4ccdd5d0a01f2879f3073f963f9040e8/controllers/front/validate.php#L52

This method, in case of invalid quantities, raises an exception that prints an error in the cart, https://github.com/PrestaShopCorp/ps_checkout/blob/6bba634f4ccdd5d0a01f2879f3073f963f9040e8/controllers/front/validate.php#L312C1-L315C27

@Codencode Codencode linked a pull request Sep 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bogdan202 bogdan202

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: The quantities in stock are not verified in case of payment with PayPal Codencode/paypal
3 participants
@Codencode @bogdan202 @clotairer