Open-event-server: Paid tickets can be received without actually paying

Created on 30 Jul 2019  路  7Comments  路  Source: fossasia/open-event-server

Describe the bug
Under certain circumstances, the payment checkout is skipped, and paid tickets are issued without charging money

To Reproduce
Environment: backend 1.3.0 + frontend 1.1.0.
Browsers used: Safari and Chrome on OS/X

Steps to reproduce the behaviour:

  1. Set-up Stripe in the system settings as a payment gateway, with a test set of client-id and keys
  2. Create an event with 1 or more tiers of paid tickets, and with Stripe as the only means of payment. _Don't connect it to your Stripe account_, however.
  3. Purchase a ticket for the event, and go to checkout. A ticket will be issued without taking the user to the payment page.

Expected behaviour
Give the user an error. e.g. that the payment processor couldn't be reached.

Additional detail:
You're very welcome to register on my staging server and reproduce it there:
https://open-event-server.casapu.pro/ or deploy a compatible environment from: https://github.com/yitzikc/open-event-integration

URGENT bug
Source
picture yitzikc

All 7 comments

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.99. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

issue-label-bot[bot] picture issue-label-bot[bot] on 30 Jul 2019
👍1

I explored the issue and its possible fixes. I found few things -

  • We should force stripe authorization if we select it as a possible payment method. Currently, it is not there
  • We already have a function to check if we have a payment method enabled if we have a paid ticket. It just needs to include stripe authorization.
  • FE also needs a few changes. Tickets are saved before stripe authorization in FE, which needs to be changed to be able to check for stripe authorization while creating a ticket.

@iamareebjamal should I start with this approach?

shreyanshdwivedi picture shreyanshdwivedi on 30 Jul 2019

Thanks for the quick response! I believe the issue could be broader and affect PayPal as well, although I haven't finalised the PayPal setup so I'm not sure about that.

yitzikc picture yitzikc on 30 Jul 2019

@shreyanshdwivedi This should be mostly handled on server without any complex check. Before issuing any paid ticket, simply check the payment mode and use the API stripe/paypal to confirm that the payment has actually been made.

iamareebjamal picture iamareebjamal on 30 Jul 2019
👍1

@yitzikc can you please add a gif or screenshot of the page you are finally getting to

shreyanshdwivedi picture shreyanshdwivedi on 30 Jul 2019

I can later (tonight your time). In the meantime you're very much invited to try this use-case on my staging site, at the link I provided in the ticket.

yitzikc picture yitzikc on 30 Jul 2019
👍1

Thanks. Have checked it out on your site. Saw your error
Will work on the fix right away

shreyanshdwivedi picture shreyanshdwivedi on 30 Jul 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mariobehling picture mariobehling  路  4Comments
SaptakS picture SaptakS  路  3Comments
iamareebjamal picture iamareebjamal  路  4Comments
CosmicCoder96 picture CosmicCoder96  路  4Comments
shubham-padia picture shubham-padia  路  4Comments