MC-33117: PayPal payflow pro cancel fraud transaction on paypal no reference to Magento

serhii-balko · serhii-balko · commit c2515ccb2175 · 2020-04-08T14:41:14.000+03:00
diff --git a/app/code/Magento/Paypal/Model/Payflow/Transparent.php b/app/code/Magento/Paypal/Model/Payflow/Transparent.php
@@ -61,7 +61,7 @@ class Transparent extends Payflowpro implements TransparentInterface
      *
      * @var bool
      */
-    protected $_canFetchTransactionInfo = false;
+    protected $_canFetchTransactionInfo = true;
 
     /**
      * @var ResponseValidator
@@ -355,11 +355,11 @@ public function capture(InfoInterface $payment, $amount)
      *
      * @param InfoInterface $payment
      * @return bool
-     * @throws InvalidTransitionException
      * @throws LocalizedException
      */
     public function acceptPayment(InfoInterface $payment)
     {
+        $this->validatePaymentTransaction($payment);
         if ($this->getConfigPaymentAction() === MethodInterface::ACTION_AUTHORIZE_CAPTURE) {
             $invoices = iterator_to_array($payment->getOrder()->getInvoiceCollection());
             $invoice = count($invoices) ? reset($invoices) : null;
@@ -387,6 +387,20 @@ public function denyPayment(InfoInterface $payment)
         return true;
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function fetchTransactionInfo(InfoInterface $payment, $transactionId)
+    {
+        $result = parent::fetchTransactionInfo($payment, $transactionId);
+        $this->_canFetchTransactionInfo = false;
+        if ($payment->getIsTransactionApproved()) {
+            $this->acceptPayment($payment);
+        }
+
+        return $result;
+    }
+
     /**
      * Marks payment as fraudulent.
      *
@@ -444,4 +458,24 @@ private function getZeroAmountAuthorizationId(InfoInterface $payment): string
     {
         return (string)$payment->getAdditionalInformation(self::PNREF);
     }
+
+    /**
+     * Validates payment transaction status on PayPal.
+     *
+     * @param InfoInterface $payment
+     * @throws LocalizedException
+     */
+    private function validatePaymentTransaction(InfoInterface $payment): void
+    {
+        if ($payment->canFetchTransactionInfo()) {
+            $transactionId = $payment->getLastTransId();
+            parent::fetchTransactionInfo($payment, $transactionId);
+            $this->_canFetchTransactionInfo = false;
+            if ($payment->getIsTransactionDenied()) {
+                throw new LocalizedException(
+                    __('Payment can\'t be accepted since transaction was rejected by merchant.')
+                );
+            }
+        }
+    }
 }
diff --git a/app/code/Magento/Paypal/i18n/en_US.csv b/app/code/Magento/Paypal/i18n/en_US.csv
@@ -739,3 +739,4 @@ User,User
 "Elektronisches Lastschriftverfahren - German ELV","Elektronisches Lastschriftverfahren - German ELV"
 "Please enter at least 0 and at most 65535","Please enter at least 0 and at most 65535"
 "Order is suspended as an account verification transaction is suspected to be fraudulent.","Order is suspended as an account verification transaction is suspected to be fraudulent."
+"Payment can't be accepted since transaction was rejected by merchant.","Payment can't be accepted since transaction was rejected by merchant."
diff --git a/app/code/Magento/Sales/Controller/Adminhtml/Order/ReviewPayment.php b/app/code/Magento/Sales/Controller/Adminhtml/Order/ReviewPayment.php
@@ -8,7 +8,6 @@
 
 namespace Magento\Sales\Controller\Adminhtml\Order;
 
-use Magento\Backend\App\Action;
 use Magento\Framework\App\Action\HttpGetActionInterface as HttpGetActionInterface;
 
 /**
@@ -63,17 +62,20 @@ public function execute()
                 }
                 $this->orderRepository->save($order);
                 $this->messageManager->addSuccessMessage($message);
-                $resultRedirect->setPath('sales/order/view', ['order_id' => $order->getEntityId()]);
-            } else {
-                $resultRedirect->setPath('sales/*/');
-                return $resultRedirect;
             }
             // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\Exception\LocalizedException $e) {
+            $this->messageManager->addErrorMessage($e->getMessage());
             $this->messageManager->addErrorMessage(__('We can\'t update the payment right now.'));
             $this->logger->critical($e);
+        }
+
+        if ($order) {
+            $resultRedirect->setPath('sales/order/view', ['order_id' => $order->getEntityId()]);
+        } else {
             $resultRedirect->setPath('sales/*/');
         }
+
         return $resultRedirect;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@`
`8`	`8`
`9`	`9`	`namespace Magento\Sales\Controller\Adminhtml\Order;`
`10`	`10`
`11`		`-use Magento\Backend\App\Action;`
`12`	`11`	`use Magento\Framework\App\Action\HttpGetActionInterface as HttpGetActionInterface;`
`13`	`12`
`14`	`13`	`/**`
`@@ -63,17 +62,20 @@ public function execute()`
`63`	`62`	`}`
`64`	`63`	`$this->orderRepository->save($order);`
`65`	`64`	`$this->messageManager->addSuccessMessage($message);`
`66`		`- $resultRedirect->setPath('sales/order/view', ['order_id' => $order->getEntityId()]);`
`67`		`- } else {`
`68`		`- $resultRedirect->setPath('sales/*/');`
`69`		`- return $resultRedirect;`
`70`	`65`	`}`
`71`	`66`	`// phpcs:ignore Magento2.Exceptions.ThrowCatch`
`72`	`67`	`} catch (\Magento\Framework\Exception\LocalizedException $e) {`
	`68`	`+ $this->messageManager->addErrorMessage($e->getMessage());`
`73`	`69`	`$this->messageManager->addErrorMessage(__('We can\'t update the payment right now.'));`
`74`	`70`	`$this->logger->critical($e);`
	`71`	`+ }`
	`72`	`+`
	`73`	`+ if ($order) {`
	`74`	`+ $resultRedirect->setPath('sales/order/view', ['order_id' => $order->getEntityId()]);`
	`75`	`+ } else {`
`75`	`76`	`$resultRedirect->setPath('sales/*/');`
`76`	`77`	`}`
	`78`	`+`
`77`	`79`	`return $resultRedirect;`
`78`	`80`	`}`
`79`	`81`	`}`