MAGETWO-69110: Incorrect status for order placed within Authorize.net with Fraud Filters Triggered (Filter Actions = Process as normal and report filter(s) triggered)

- Added check for FDSFilterAction

Author: viktym

app/code/Magento/Authorizenet/Model/Directpost.php

@@ -744,7 +744,11 @@ protected function processPaymentFraudStatus(\Magento\Sales\Model\Order\Payment
                 return $this;
             }
 
-            $payment->setIsFraudDetected(true);
+            $fdsFilterAction = (string)$fraudDetailsResponse->getFdsFilterAction();
+            if ($this->fdsFilterActionIsReportOnly($fdsFilterAction) === false) {
+                $payment->setIsFraudDetected(true);
+            }
+
             $payment->setAdditionalInformation('fraud_details', $fraudData);
         } catch (\Exception $e) {
             //this request is optional
@@ -989,4 +993,16 @@ private function getPsrLogger()
         }
         return $this->psrLogger;
     }
+
+    /**
+     * Checks if filter action is Report Only. Transactions that trigger this filter are processed as normal,
+     * but are also reported in the Merchant Interface as triggering this filter.
+     *
+     * @param string $fdsFilterAction
+     * @return bool
+     */
+    private function fdsFilterActionIsReportOnly($fdsFilterAction)
+    {
+        return $fdsFilterAction === (string)$this->dataHelper->getFdsFilterActionLabel('report');
+    }
 }

dev/tests/integration/testsuite/Magento/Authorizenet/Model/DirectpostTest.php

@@ -5,13 +5,15 @@
  */
 namespace Magento\Authorizenet\Model;
 
+use Magento\Framework\Simplexml\Element;
 use Magento\Framework\Api\FilterBuilder;
 use Magento\Framework\Api\SearchCriteriaBuilder;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\HTTP\ZendClient;
 use Magento\Framework\HTTP\ZendClientFactory;
 use Magento\Sales\Api\Data\OrderInterface;
 use Magento\Sales\Api\OrderRepositoryInterface;
+use Magento\Sales\Model\Order;
 use Magento\Sales\Model\Order\Payment;
 use Magento\TestFramework\Helper\Bootstrap;
 use PHPUnit_Framework_MockObject_MockObject as MockObject;
@@ -59,7 +61,7 @@ public function testCapture()
     {
         $amount = 120.15;
         /** @var Payment $payment */
-        $payment = $this->getPayment();
+        $payment = $this->getPayment('100000002');
         $transactionId = '106235225';
 
         /** @var ZendClient|MockObject $httpClient */
@@ -99,17 +101,114 @@ public function testCapture()
         static::assertEquals('UK', $payment->getOrder()->getShippingAddress()->getCountryId());
     }
 
+
+    /**
+     * Verifies that order is placed in correct state according the action taken for a transaction that
+     * triggered one or more of the Advanced Fraud Detection Suite filters.
+     *
+     * @param string $filterAction
+     * @param string $orderId
+     * @param string $expectedOrderState
+     *
+     * @magentoConfigFixture current_store payment/authorizenet_directpost/trans_md5 TestHash
+     * @magentoConfigFixture current_store payment/authorizenet_directpost/login TestLogin
+     * @magentoDataFixture Magento/Authorizenet/_files/order.php
+     * @dataProvider fdsFilterActionDataProvider
+     */
+    public function testProcessWithFdsFilterActionReportOnly($filterAction, $orderId, $expectedOrderState)
+    {
+        $responseBody = $this->getSuccessResponse($orderId);
+        $transactionService = $this->getTransactionService($filterAction);
+        $this->objectManager->addSharedInstance($transactionService, TransactionService::class);
+
+        $this->directPost->process($responseBody);
+
+        /** @var Payment $payment */
+        $payment = $this->getPayment($orderId);
+        $this->objectManager->removeSharedInstance(TransactionService::class);
+
+        static::assertEquals($expectedOrderState, $payment->getOrder()->getState());
+    }
+
+    /**
+     * @return array
+     */
+    public function fdsFilterActionDataProvider()
+    {
+        return [
+            ['filter_action' => 'authAndHold', 'order_id' => '100000003', 'expected_order_state' => Order::STATE_PAYMENT_REVIEW],
+            ['filter_action' => 'report', 'order_id' => '100000004', 'expected_order_state' => Order::STATE_PROCESSING],
+        ];
+    }
+
     /**
-     * Get order payment
+     * @param string $orderId
+     * @return array
+     */
+    private function getSuccessResponse($orderId)
+    {
+        return [
+            'x_response_code' => '1',
+            'x_response_reason_code' => '1',
+            'x_response_reason_text' => 'This transaction has been approved.',
+            'x_avs_code' => 'Y',
+            'x_auth_code' => 'YWO2E2',
+            'x_trans_id' => '40004862720',
+            'x_method' => 'CC',
+            'x_card_type' => 'Visa',
+            'x_account_number' => 'XXXX1111',
+            'x_first_name' => 'John',
+            'x_last_name' => 'Smith',
+            'x_company' => 'CompanyName',
+            'x_address' => 'Green str, 67',
+            'x_city' => 'CityM',
+            'x_state' => 'Alabama',
+            'x_zip' => '93930',
+            'x_country' => 'US',
+            'x_phone' => '3468676',
+            'x_fax' => '04040404',
+            'x_email' => 'user_1@example.com',
+            'x_invoice_num' => $orderId,
+            'x_description' => '',
+            'x_type' => 'auth_only',
+            'x_cust_id' => '',
+            'x_ship_to_first_name' => 'John',
+            'x_ship_to_last_name' => 'Smith',
+            'x_ship_to_company' => 'CompanyName',
+            'x_ship_to_address' => 'Green str, 67',
+            'x_ship_to_city' => 'CityM',
+            'x_ship_to_state' => 'Alabama',
+            'x_ship_to_zip' => '93930',
+            'x_ship_to_country' => 'US',
+            'x_amount' => '120.15',
+            'x_tax' => '0.00',
+            'x_duty' => '0.00',
+            'x_freight' => '5.00',
+            'x_tax_exempt' => 'FALSE',
+            'x_po_num' => '',
+            'x_MD5_Hash' => 'C1CC5AB9D6F0481E240AD74DFF624584',
+            'x_SHA2_Hash' => '',
+            'x_cvv2_resp_code' => 'P',
+            'x_cavv_response' => '2',
+            'x_test_request' => 'false',
+            'controller_action_name' => 'directpost_payment',
+            'is_secure' => '1',
+        ];
+    }
+
+    /**
+     * Get order payment.
+     *
+     * @param string $orderId
      * @return Payment
      */
-    private function getPayment()
+    private function getPayment($orderId)
     {
         /** @var FilterBuilder $filterBuilder */
         $filterBuilder = $this->objectManager->get(FilterBuilder::class);
         $filters = [
             $filterBuilder->setField(OrderInterface::INCREMENT_ID)
-                ->setValue('100000002')
+                ->setValue($orderId)
                 ->create()
         ];
 
@@ -126,4 +225,29 @@ private function getPayment()
         $order = array_pop($orders);
         return $order->getPayment();
     }
+
+    /**
+     * Returns TransactionService mocked object with authorize predefined response.
+     *
+     * @param string $filterAction
+     * @return TransactionService|MockObject
+     */
+    private function getTransactionService($filterAction)
+    {
+        $response = str_replace(
+            '{filterAction}',
+            $filterAction,
+            file_get_contents(__DIR__ . '/../_files/transaction_details.xml')
+        );
+
+        $transactionService = $this->getMockBuilder(TransactionService::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $transactionService->method('getTransactionDetails')
+            ->willReturn(
+                new Element($response)
+            );
+
+        return $transactionService;
+    }
 }

dev/tests/integration/testsuite/Magento/Authorizenet/_files/order.php

@@ -14,7 +14,7 @@
 $amount = 120.15;
 
 /** @var Payment $payment */
-$payment = $objectManager->get(Payment::class);
+$payment = $objectManager->create(Payment::class);
 $payment
     ->setMethod('authorizenet_directpost')
     ->setAnetTransType('AUTH_ONLY')
@@ -68,3 +68,19 @@
 /** @var OrderRepositoryInterface $orderRepository */
 $orderRepository = $objectManager->get(OrderRepositoryInterface::class);
 $orderRepository->save($order);
+
+$clonedOrder = clone $order;
+$clonedOrder->setIncrementId('100000003')
+    ->setId(null)
+    ->setBillingAddress($billingAddress->setId(null))
+    ->setShippingAddress($shippingAddress->setId(null))
+    ->setPayment($payment->setId(null));
+$orderRepository->save($clonedOrder);
+
+$clonedOrder = clone $order;
+$clonedOrder->setIncrementId('100000004')
+    ->setId(null)
+    ->setBillingAddress($billingAddress->setId(null))
+    ->setShippingAddress($shippingAddress->setId(null))
+    ->setPayment($payment->setId(null));
+$orderRepository->save($clonedOrder);

dev/tests/integration/testsuite/Magento/Authorizenet/_files/transaction_details.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<getTransactionDetailsResponse>
+    <messages>
+        <resultCode>Ok</resultCode>
+        <message>
+            <code>I00001</code>
+            <text>Successful.</text>
+        </message>
+    </messages>
+    <transaction>
+        <transId>40004862720</transId>
+        <submitTimeUTC>2017-06-12T13:33:10.1Z</submitTimeUTC>
+        <submitTimeLocal>2017-06-12T06:33:10.1</submitTimeLocal>
+        <transactionType>authOnlyTransaction</transactionType>
+        <transactionStatus>authorizedPendingCapture</transactionStatus>
+        <responseCode>1</responseCode>
+        <responseReasonCode>1</responseReasonCode>
+        <responseReasonDescription>Approval</responseReasonDescription>
+        <authCode>YWO2E2</authCode>
+        <AVSResponse>Y</AVSResponse>
+        <cardCodeResponse>P</cardCodeResponse>
+        <FDSFilterAction>{filterAction}</FDSFilterAction>
+        <FDSFilters>
+            <FDSFilter>
+                <name>Amount Filter</name>
+                <action>{filterAction}</action>
+            </FDSFilter>
+        </FDSFilters>
+        <order>
+            <invoiceNumber>100000002</invoiceNumber>
+        </order>
+        <authAmount>120.15</authAmount>
+        <settleAmount>120.15</settleAmount>
+        <shipping>
+            <amount>5.00</amount>
+        </shipping>
+        <taxExempt>false</taxExempt>
+        <payment>
+            <creditCard>
+                <cardNumber>XXXX1111</cardNumber>
+                <expirationDate>XXXX</expirationDate>
+                <cardType>Visa</cardType>
+            </creditCard>
+        </payment>
+        <customer>
+            <email>user_1@example.com</email>
+        </customer>
+        <billTo>
+            <firstName>John</firstName>
+            <lastName>Smith</lastName>
+            <company>CompanyName</company>
+            <address>Green str, 67</address>
+            <city>CityM</city>
+            <state>Alabama</state>
+            <zip>93930</zip>
+            <country>US</country>
+            <phoneNumber>3468676</phoneNumber>
+            <faxNumber>04040404</faxNumber>
+        </billTo>
+        <shipTo>
+            <firstName>John</firstName>
+            <lastName>Smith</lastName>
+            <company>CompanyName</company>
+            <address>Green str, 67</address>
+            <city>CityM</city>
+            <state>Alabama</state>
+            <zip>93930</zip>
+            <country>US</country>
+        </shipTo>
+        <recurringBilling>false</recurringBilling>
+        <customerIP>195.14.124.5</customerIP>
+        <product>Card Not Present</product>
+        <marketType>eCommerce</marketType>
+    </transaction>
+</getTransactionDetailsResponse>