Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code relying on payment.change_status to save whole payment object fails #309

Open
stefanw opened this issue Mar 24, 2022 · 4 comments · Fixed by PetrDlouhy/django-payments-payu#9 · May be fixed by #412
Open

Code relying on payment.change_status to save whole payment object fails #309

stefanw opened this issue Mar 24, 2022 · 4 comments · Fixed by PetrDlouhy/django-payments-payu#9 · May be fixed by #412
Labels
bug

Comments

@stefanw
Copy link

stefanw commented Mar 24, 2022

b1dc16c made change_status 'safer' by not saving the whole payment object but just some fields.

This backwards incompatible change got me a while ago and I fixed it in my own implementation, but it looks like code in this project also has not been adapted to this new behaviour.

One example is the Paypal provider:

django-payments/payments/paypal/__init__.py

Lines 252 to 258 in 38dae99

payment.attrs.payer_info = executed_payment["payer"]["payer_info"]
if self._capture:
payment.captured_amount = payment.total
payment.change_status(PaymentStatus.CONFIRMED)
else:
payment.change_status(PaymentStatus.PREAUTH)
return redirect(success_url)

payment.attrs and payment.captured_amount are NOT saved due to change_status only doing: self.save(update_fields=["status", "message"]). Or am I missing something?
@WhyNotHugo
Copy link
Member

Right, this is a real issue.

Context for the change in change_status: sometimes users were redirected back, and while unrelated operations were happening to the payment object, a second provider notification came in, and the concurrent updates left the payment object in a borked state.

In other words, it prevents issues with concurrent editions of the Payment object, but the approach has not been ideal. I think locking the row while processing callbacks and alike would be best. Applications should also lock the row to edit it to avoid issues too.

Or maybe applications should avoid mutating Payment objects themselves as a rule. 🤔

@WhyNotHugo WhyNotHugo added the bug label Mar 24, 2022
@blayzen-w
Copy link

The change to change_status also caused problems for us. We were relying on it to save the entire object so we didn't need to call save twice.

Adding this backwards incompatible change in the change log file would help other people with upgrading the version.

WhyNotHugo pushed a commit that referenced this issue Apr 18, 2022
Add missing changelog entry for 0.15.0
590c683 
See #309
@WhyNotHugo WhyNotHugo pinned this issue May 17, 2022
WhyNotHugo pushed a commit that referenced this issue May 21, 2022
Add warning on concurrent updates
5cfd13e 
See: #309
@WhyNotHugo WhyNotHugo mentioned this issue May 21, 2022
Merged
WhyNotHugo pushed a commit that referenced this issue May 21, 2022
Add warning on concurrent updates
234e372 
See: #309
@WhyNotHugo
Copy link
Member

WhyNotHugo commented May 21, 2022
edited

I'm aiming to stabilise this again for the next release. I'll revert the offending commit.

I've also added some docs on good practices to avoid the issue that the original commit/change intended to address: #318

mike70193 added a commit to mike70193/django-payments that referenced this issue Jun 22, 2023
@mike70193
Add warning on concurrent updates
82d0264 
See: jazzband/django-payments#309
@radekholy24 radekholy24 mentioned this issue Apr 30, 2024
Open
radekholy24 added a commit to radekholy24/django-payments that referenced this issue Apr 30, 2024
@radekholy24
PayPal: Save captured_amount when processing data
42d86dc 
Partially fixes: jazzband#309
@radekholy24 radekholy24 mentioned this issue Apr 30, 2024
Merged
radekholy24 added a commit to radekholy24/django-payments-payu that referenced this issue May 13, 2024
@radekholy24
fix captured_amount not being saved when processing data
de4b4d1 
Partially fixes: jazzband/django-payments#309
@radekholy24 radekholy24 mentioned this issue May 13, 2024
Merged
radekholy24 added a commit to radekholy24/django-payments that referenced this issue May 13, 2024
@radekholy24
PayPal: Save captured_amount when processing data
7341472 
Partially fixes: jazzband#309
@radekholy24 radekholy24 mentioned this issue May 14, 2024
Open
radekholy24 added a commit to radekholy24/django-payments that referenced this issue May 14, 2024
@radekholy24
PayPal: Save captured_amount when processing data
74200df 
Partially fixes: jazzband#309
@radekholy24 radekholy24 linked a pull request May 14, 2024 that will close this issue
Open
radekholy24 added a commit to radekholy24/django-payments that referenced this issue May 14, 2024
@radekholy24
PayPal: Save captured_amount when processing data
a0df54e 
Partially fixes: jazzband#309
radekholy24 added a commit to radekholy24/django-payments that referenced this issue May 14, 2024
@radekholy24
PayPal: Save captured_amount when processing data
ac0166f 
Partially fixes: jazzband#309
radekholy24 added a commit to radekholy24/django-payments that referenced this issue May 16, 2024
@radekholy24
PayPal: Save captured_amount when processing data
ceecbad 
Partially fixes: jazzband#309
@radekholy24
Copy link

radekholy24 commented May 16, 2024
edited

@PetrDlouhy, I believe this got closed accidentally by merging my PR into your PayU provider. Can you reopen this?

BTW: Here, is my PR to this repo to fix one part of this issue: #412 Similar work needs to be done on multiple places though but this particular part prevents us from performing proper refunds.

@PetrDlouhy PetrDlouhy reopened this May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
5 participants
@stefanw @PetrDlouhy @WhyNotHugo @radekholy24 @blayzen-w