Failed payments are treated as successful
Steps to replicate
- Install D9, webform, webform_civicrm, mjwshared and authnet.
- Create any form that can accept a contribution (set in test mode).
- Submit a card with an expiration date in the past.
Expected Behavior
- Card is declined, contribution isn't recorded, user receives an on-screen error.
Actual behavior
- Card is declined, contribution is recorded as "Complete" in CiviCRM, user receives a message that their transaction is complete.
I traced this down to the "@fixme - Throw an exception" in the handleError() method. I made what I believe are the necessary changes in authnet, mjwshared, and stripe. I can confirm that this fixes my scenario, but I wanted to get feedback on whether I was missing something obvious, because it seems like the sort of thing that you would've done if it was straightforward.
Merge request reports
Activity
mentioned in merge request authnet!20 (closed)
mentioned in merge request stripe!179 (closed)
@JonGold I think I added that comment when fixing a similar issue in Stripe. As it's a shared library I'm more cautious about making changes that might affect other payment processors.
That said, I can't actually see how the changes you've made work (looking at both PRs)? Because the end-result would still be throwing a PaymentProcessorException which would be identical to the calling code?
There are 3 PRs - but my issue was with this line at the end of the Authnet doPayment. If
handleError()doesn't throw an error, thendoPayment()will simply finish processing the transaction.mentioned in merge request authnet!21 (merged)
added 2 commits