Magento2: LocalizedException is catched and overwritten with a generalized one in placeOrder

Hi, @rzinnatullin, Magento provides the only general error message for exceptions. On the one hand, it allows making an application more secure on the other hand customer can't see useful error details like incorrect address or credit card number.

If I'm doing this wrong, can you please suggest a good way to show validation errors to the user.

You can add own implementation of \Magento\Checkout\Api\PaymentInformationManagementInterface and \Magento\Checkout\Api\GuestPaymentInformationManagementInterface, override preference for them and show error messages at your own risk.

This issue the same as https://github.com/magento/magento2/issues/9003.

I think this duplicates https://github.com/magento/magento2/issues/6795 and https://github.com/magento/magento2/issues/6246
In the second one, you can find a commit where they have it already fixed on the develop branch, but I don't think it's already backported to 2.1.x

@hostep, the develop branch does not have any fixes for this behavior only logging of original exception was added.

@joni-jones: Ok thanks for the clarification, good to know!

Hi @joni-jones,

You can add own implementation of \Magento\Checkout\Api\PaymentInformationManagementInterface and \Magento\Checkout\Api\GuestPaymentInformationManagementInterface, override preference for them and show error messages at your own risk.

Is there any other way to do Address validation during Checkout? I don't want to replace Magento's functionality, I want to extend it.

You can try to use plugins for savePaymentInformationAndPlaceOrder to analyze original exception and process customizations.

Thanks @joni-jones, I've got your idea.

Regarding the original issue - as I understand Magento 2 developers are not going to do something similar to what I did (rethrow LocalizedException)? I'm asking because I thought that LocalizedException has been introduced specifically to add an ability to send a error message to frontend (a user).

It is a kind of a bug - affects many developers and increases debugging time.

Thanks @piotrekkaminski!

@piotrekkaminski, the current implementation rethrows an original LocalizedException and logs all \Exceptions, it allows showing safe error messages and logging all other, so customers would see errors like validation, etc. and developers can get an original exception from the exception log.

@joni-jones Hmm, that does seem to be reasonable behavior. I think @hostep and myself were thrown off by this comment you had made earlier:

@hostep, the develop branch does not have any fixes for this behavior only logging of original exception was added.

I guess there was more than logging added: as it is, a new exception is throw, but with the original message. That will fix this issue in most cases for safe messages.

The one side case which was reported in #9003 is that Braintree validation messages will sometimes reach savePaymentInformationAndPlaceOrder() as a Braintree SDK exception class (Braintree_Exception) rather than a LocalizedException. Given the change you point out above, would the correct fix be to update the Magento_Braintree module to make sure that any Braintree SDK exception are caught & rethrown as a LocalizedException when safe to do so?

@scottsb, about my comment:

@hostep, the develop branch does not have any fixes for this behavior only logging of original exception was added.

I meant, the general behavior wasn't reworked and original errors are still not available for customers but an original exception can be found in the exception log, sorry if it was not clear.

Given the change you point out above, would the correct fix be to update the Magento_Braintree module to make sure that any Braintree SDK exception are caught & rethrown as a LocalizedException when safe to do so?

If you open Braintree errors codes list, you will find what a lot of codes should not be shown for a customer because containing sensitive or integration-specific information.

Another point, the current Payment Gateway infrastructure designed to catch all validation failures and throws a general exception. This behavior could be reworked and Magento could "trust" built-in payment integrations, which would return only "safe" errors, but there a lot of payment extensions and in that case, it could be a place for potential vulnerabilities.

Yes, I understand you wouldn't want to pass all Braintree executions through. I will to try to reproduce again, but I believe there were Braintree validation exceptions that weren't intercepted with a CommandException.

@rzinnatullin, thank you for your report.
We've created internal ticket(s) MAGETWO-84248 to track progress on the issue.

Added customization point in 2.2.4 release.