create_payment() is run when a webhook is received on a completed payment
This is a generalized version of #3 (closed), and the side effects are more severe than I'd originally realized.
Whenever a "completed payment" webhook is fired from Stripe or Auth.net, the create_payment()
function fires, regardless of whether the function has fired on that contribution previously.
This has the following ill effects:
- Multiple payments are logged for the same contribution (note identical transaction ID):
- Any hooks that fire on completed contributions fire multiple times.
- If the payment has a soft credit, the soft credit is repeated.
Here are the scenarios where I've seen this occur:
-
Multiple webhooks are configured to go to the same Civi instance. Before my last patch to the Auth.net extension, this happened automatically on multisites (https://site1.example.org/civicrm/ipn/1, https://site2.example.org/civicrm/ipn/1, etc.).
-
Auth.net's security team reversed completed payments after they'd gone through. My client successfully argued for the release of the payments. This fired the webhook a second time.
-
This happens every time a recurring contribution is made on Stripe (unsure re: Auth.net)
I'm going to take an initial crack at this. I'm going to do a check if the contribution is completed before running create_payment()
but I'm not sure if I'm not considering some edge case dealing with partial payments, refunds etc. where that's incorrect behavior, so please share thoughts!