Only Stripe card errors should ever be shown to the user
Stripe has several types of error, and in the PHP library these are identified through different Exception classes:
\Stripe\Exception\CardException
\Stripe\Exception\RateLimitException
\Stripe\Exception\InvalidRequestException
\Stripe\Exception\AuthenticationException
\Stripe\Exception\ApiConnectionException
\Stripe\Exception\ApiErrorException
Stripe's documentation states that only CardException messages are suitable to be shown to customers, and for all other errors a generic message should be shown. (although with the exception logged for developers). This tallies with my experience - in the case of other exception types the error messages can be very technical and not user friendly.
Currently this library does not look at the type of Exception and the message is always passed to CRM_Core_Error::statusBounce
(via MJWTrait::handleError
).
We have noticed that this can lead to undesirable warnings being shown to the user. For example, if the paymentIntent is cancelled (by the scheduled job or manually) before the user clicks confirm, they will get a warning that the the paymentIntent could not be updated, along with a couple of sentences of technical detail about why. It would be better if a generic message was shown indicating that the payment had expired and that they should try again. Ideally different generic messages would be shown for each error type. (Although this specific case of the PaymentIntent being cancelled possibly wants its own checks too - i.e. ensure the Intent is active before trying to interact with it).
More details of error handling in Stripe can be found here: https://stripe.com/docs/api/errors/handling