[Bug] Fix amount change on checkout #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

GSadee merged 1 commit into Sylius:1.6 from mpysiak:fix-amount-change

Mar 17, 2025

UPGRADE.md

-Original file line number
+Diff line change
@@ Expand Up / @@ -36,6 +36,36 @@ @@
         )
         ```
+       `Sylius\PayPalPlugin\Controller\ProcessPayPalOrderAction`:
+        ```diff
+        public function __construct(
+            private readonly OrderRepositoryInterface $orderRepository,
+            private readonly CustomerRepositoryInterface $customerRepository,
+            private readonly FactoryInterface $customerFactory,
+            private readonly AddressFactoryInterface $addressFactory,
+            private readonly ObjectManager $orderManager,
+            private readonly StateMachineFactoryInterface|StateMachineInterface $stateMachineFactory,
+            private readonly PaymentStateManagerInterface $paymentStateManager,
+            private readonly CacheAuthorizeClientApiInterface $authorizeClientApi,
+            private readonly OrderDetailsApiInterface $orderDetailsApi,
+            private readonly OrderProviderInterface $orderProvider,
+        +   private readonly ?PaymentAmountVerifierInterface $paymentAmountVerifier = null,
+        )
+        ```
+       `Sylius\PayPalPlugin\Controller\CompletePayPalOrderFromPaymentPageAction`:
+        ```diff
+        public function __construct(
+            private readonly PaymentStateManagerInterface $paymentStateManager,
+            private readonly UrlGeneratorInterface $router,
+            private readonly OrderProviderInterface $orderProvider,
+            private readonly FactoryInterface|StateMachineInterface $stateMachine,
+            private readonly ObjectManager $orderManager,
+        +   private readonly ?PaymentAmountVerifierInterface $paymentAmountVerifier = null,
+        +   private readonly ?OrderProcessorInterface $orderProcessor = null,
+        )
+        ```
     ### UPGRADE FROM 1.5.1 to 1.6.0
 . Support for Sylius 1.13 has been added, it is now the recommended Sylius version to use.
@@ Expand Down @@

spec/Payum/Action/CaptureActionSpec.php

-Original file line number
+Diff line change
@@ Expand Up @@
                 'status' => StatusAction::STATUS_CAPTURED,
                 'paypal_order_id' => '123123',
                 'reference_id' => 'UUID',
+                'payment_amount' => 1000,
             ])->shouldBeCalled();
             $this->execute($request);
@@ Expand Down @@

src/Controller/CompletePayPalOrderFromPaymentPageAction.php

-Original file line number
+Diff line change
@@ Expand Up / @@ -19,8 +19,11 @@ @@
     use Sylius\Abstraction\StateMachine\WinzouStateMachineAdapter;
     use Sylius\Component\Core\Model\PaymentInterface;
     use Sylius\Component\Core\OrderCheckoutTransitions;
+    use Sylius\Component\Order\Processor\OrderProcessorInterface;
+    use Sylius\PayPalPlugin\Exception\PaymentAmountMismatchException;
     use Sylius\PayPalPlugin\Manager\PaymentStateManagerInterface;
     use Sylius\PayPalPlugin\Provider\OrderProviderInterface;
+    use Sylius\PayPalPlugin\Verifier\PaymentAmountVerifierInterface;
     use Symfony\Component\HttpFoundation\JsonResponse;
     use Symfony\Component\HttpFoundation\Request;
     use Symfony\Component\HttpFoundation\Response;
@@ Expand All / @@ -34,6 +37,8 @@ public function __construct( @@
             private readonly OrderProviderInterface $orderProvider,
             private readonly FactoryInterface|StateMachineInterface $stateMachine,
             private readonly ObjectManager $orderManager,
+            private readonly ?PaymentAmountVerifierInterface $paymentAmountVerifier = null,
+            private readonly ?OrderProcessorInterface $orderProcessor = null,
         ) {
             if ($this->stateMachine instanceof FactoryInterface) {
                 trigger_deprecation(
@@ Expand All / @@ -46,6 +51,22 @@ public function __construct( @@
                     ),
                 );
             }
+            if (null === $this->paymentAmountVerifier) {
+                trigger_deprecation(
+                    'sylius/paypal-plugin',
+                    '1.6',
+                    'Not passing an instance of "%s" as the fifth argument is deprecated and will be prohibited in 3.0.',
+                    PaymentAmountVerifierInterface::class,
+                );
+            }
+            if (null === $this->orderProcessor) {
+                trigger_deprecation(
+                    'sylius/paypal-plugin',
+                    '1.6',
+                    'Not passing an instance of "%s" as the sixth argument is deprecated and will be prohibited in 3.0.',
+                    OrderProcessorInterface::class,
+                );
+            }
         }
         public function __invoke(Request $request): Response
@@ Expand All / @@ -56,6 +77,26 @@ public function __invoke(Request $request): Response @@
             /** @var PaymentInterface $payment */
             $payment = $order->getLastPayment(PaymentInterface::STATE_PROCESSING);
+            try {
+                if ($this->paymentAmountVerifier !== null) {
+                    $this->paymentAmountVerifier->verify($payment);
+                } else {
+                    $this->verify($payment);
+                }
+            } catch (PaymentAmountMismatchException) {
+                $this->paymentStateManager->cancel($payment);
+                $order->removePayment($payment);
+                if (null === $this->orderProcessor) {
+                    throw new \RuntimeException('Order processor is required to process the order.');
+                }
+                $this->orderProcessor->process($order);
+                return new JsonResponse([
+                    'return_url' => $this->router->generate('sylius_shop_checkout_complete', [], UrlGeneratorInterface::ABSOLUTE_URL),
+                ]);
+            }
             $this->paymentStateManager->complete($payment);
             $this->getStateMachine()->apply($order, OrderCheckoutTransitions::GRAPH, OrderCheckoutTransitions::TRANSITION_SELECT_PAYMENT);
@@ Expand All / @@ -78,4 +119,20 @@ private function getStateMachine(): StateMachineInterface @@
             return $this->stateMachine;
         }
+        private function verify(PaymentInterface $payment): void
+        {
+            $totalAmount = $this->getTotalPaymentAmountFromPaypal($payment);
+            if ($payment->getOrder()->getTotal() !== $totalAmount) {
+                throw new PaymentAmountMismatchException();
+            }
+        }
+        private function getTotalPaymentAmountFromPaypal(PaymentInterface $payment): int
+        {
+            $details = $payment->getDetails();
+            return $details['payment_amount'] ?? 0;
+        }
     }

src/Controller/ProcessPayPalOrderAction.php

-Original file line number
+Diff line change
@@ Expand Up / @@ -27,8 +27,10 @@ @@
     use Sylius\Component\Resource\Factory\FactoryInterface;
     use Sylius\PayPalPlugin\Api\CacheAuthorizeClientApiInterface;
     use Sylius\PayPalPlugin\Api\OrderDetailsApiInterface;
+    use Sylius\PayPalPlugin\Exception\PaymentAmountMismatchException;
     use Sylius\PayPalPlugin\Manager\PaymentStateManagerInterface;
     use Sylius\PayPalPlugin\Provider\OrderProviderInterface;
+    use Sylius\PayPalPlugin\Verifier\PaymentAmountVerifierInterface;
     use Symfony\Component\HttpFoundation\JsonResponse;
     use Symfony\Component\HttpFoundation\Request;
     use Symfony\Component\HttpFoundation\Response;
@@ Expand All / @@ -46,6 +48,7 @@ public function __construct( @@
             private readonly CacheAuthorizeClientApiInterface $authorizeClientApi,
             private readonly OrderDetailsApiInterface $orderDetailsApi,
             private readonly OrderProviderInterface $orderProvider,
+            private readonly ?PaymentAmountVerifierInterface $paymentAmountVerifier = null,
         ) {
             if ($this->stateMachineFactory instanceof StateMachineFactoryInterface) {
                 trigger_deprecation(
@@ Expand All / @@ -58,6 +61,16 @@ public function __construct( @@
                     ),
                 );
             }
+            if (null === $this->paymentAmountVerifier) {
+                trigger_deprecation(
+                    'sylius/paypal-plugin',
+                    '1.6',
+                    message: sprintf(
+                        'Not passing $paymentAmountVerifier to "%s" constructor is deprecated and will be prohibited in 3.0',
+                        self::class,
+                    ),
+                );
+            }
         }
         public function __invoke(Request $request): Response
@@ Expand Down Expand Up / @@ -112,6 +125,18 @@ public function __invoke(Request $request): Response @@
             $this->orderManager->flush();
+            try {
+                if ($this->paymentAmountVerifier !== null) {
+                    $this->paymentAmountVerifier->verify($payment, $data);
+                } else {
+                    $this->verify($payment, $data);
+                }
+            } catch (PaymentAmountMismatchException) {
+                $this->paymentStateManager->cancel($payment);
+                return new JsonResponse(['orderID' => $order->getId()]);
+            }
             $this->paymentStateManager->create($payment);
             $this->paymentStateManager->process($payment);
@@ Expand Down Expand Up / @@ -152,4 +177,30 @@ private function getStateMachine(): StateMachineInterface @@
             return $this->stateMachineFactory;
         }
+        private function verify(PaymentInterface $payment, array $paypalOrderDetails): void
+        {
+            $totalAmount = $this->getTotalPaymentAmountFromPaypal($paypalOrderDetails);
+            if ($payment->getAmount() !== $totalAmount) {
+                throw new PaymentAmountMismatchException();
+            }
+        }
+        private function getTotalPaymentAmountFromPaypal(array $paypalOrderDetails): int
+        {
+            if (!isset($paypalOrderDetails['purchase_units']) || !is_array($paypalOrderDetails['purchase_units'])) {
+                return 0;
+            }
+            $totalAmount = 0;
+            foreach ($paypalOrderDetails['purchase_units'] as $unit) {
+                $stringAmount = $unit['amount']['value'] ?? '0';
+                $totalAmount += (int) ($stringAmount * 100);
+            }
+            return $totalAmount;
+        }
     }

src/Exception/PaymentAmountMismatchException.php

-Original file line number
+Diff line change
@@ -0,0 +1,22 @@
+    <?php
+    /*
+     * This file is part of the Sylius package.
+     *
+     * (c) Sylius Sp. z o.o.
+     *
+     * For the full copyright and license information, please view the LICENSE
+     * file that was distributed with this source code.
+     */
+    declare(strict_types=1);
+    namespace Sylius\PayPalPlugin\Exception;
+    final class PaymentAmountMismatchException extends \Exception
+    {
+        public function __construct()
+        {
+            parent::__construct('Order payment amount does not match the total amount from PayPal payment.');
+        }
+    }

src/Payum/Action/CaptureAction.php

-Original file line number
+Diff line change
@@ Expand Up / @@ -60,6 +60,7 @@ public function execute($request): void @@
                     'status' => StatusAction::STATUS_CAPTURED,
                     'paypal_order_id' => $content['id'],
                     'reference_id' => $referenceId,
+                    'payment_amount' => $payment->getAmount(),
                 ]);
             }
         }
@@ Expand Down @@

src/Resources/config/services.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -270,5 +270,8 @@ @@
             <service id="Sylius\PayPalPlugin\Twig\OrderAddressExtension">
                 <tag name="twig.extension" />
             </service>
+            <service id="sylius_paypal.verifier.payment_amount" class="Sylius\PayPalPlugin\Verifier\PaymentAmountVerifier" />
+            <service id="Sylius\PayPalPlugin\Verifier\PaymentAmountVerifierInterface" alias="sylius_paypal.verifier.payment_amount" />
         </services>
     </container>

src/Resources/config/services/controller.xml

-Original file line number
+Diff line change
@@ Expand Up / @@ -114,6 +114,7 @@ @@
                 <argument type="service" id="Sylius\PayPalPlugin\Api\CacheAuthorizeClientApiInterface" />
                 <argument type="service" id="Sylius\PayPalPlugin\Api\OrderDetailsApiInterface" />
                 <argument type="service" id="Sylius\PayPalPlugin\Provider\OrderProviderInterface" />
+                <argument type="service" id="sylius_paypal.verifier.payment_amount" />
             </service>
             <service id="Sylius\PayPalPlugin\Controller\UpdatePayPalOrderAction">
@@ Expand All / @@ -131,6 +132,8 @@ @@
                 <argument type="service" id="Sylius\PayPalPlugin\Provider\OrderProviderInterface" />
                 <argument type="service" id="sylius_abstraction.state_machine" />
                 <argument type="service" id="sylius.manager.order" />
+                <argument type="service" id="sylius_paypal.verifier.payment_amount" />
+                <argument type="service" id="sylius.order_processing.order_processor" />
             </service>
             <service id="Sylius\PayPalPlugin\Controller\PayPalPaymentOnErrorAction">
@@ Expand Down @@

src/Verifier/PaymentAmountVerifier.php

-Original file line number
+Diff line change
@@ -0,0 +1,56 @@
+    <?php
+    /*
+     * This file is part of the Sylius package.
+     *
+     * (c) Sylius Sp. z o.o.
+     *
+     * For the full copyright and license information, please view the LICENSE
+     * file that was distributed with this source code.
+     */
+    declare(strict_types=1);
+    namespace Sylius\PayPalPlugin\Verifier;
+    use Sylius\Component\Core\Model\PaymentInterface;
+    use Sylius\PayPalPlugin\Exception\PaymentAmountMismatchException;
+    final class PaymentAmountVerifier implements PaymentAmountVerifierInterface
+    {
+        public function verify(PaymentInterface $payment, array $paypalOrderDetails = []): void
+        {
+            $totalAmount = $this->getTotalPaymentAmountFromPaypal($payment, $paypalOrderDetails);
+            if ($payment->getOrder()->getTotal() !== $totalAmount) {
+                throw new PaymentAmountMismatchException();
+            }
+        }
+        private function getTotalPaymentAmountFromPaypal(PaymentInterface $payment, array $paypalOrderDetails = []): int
+        {
+            if (empty($paypalOrderDetails)) {
+                return $this->getPaymentAmountFromDetails($payment);
+            }
+            if (!isset($paypalOrderDetails['purchase_units']) || !is_array($paypalOrderDetails['purchase_units'])) {
+                return 0;
+            }
+            $totalAmount = 0;
+            foreach ($paypalOrderDetails['purchase_units'] as $unit) {
+                $stringAmount = $unit['amount']['value'] ?? '0';
+                $totalAmount += (int) ($stringAmount * 100);
+            }
+            return $totalAmount;
+        }
+        private function getPaymentAmountFromDetails(PaymentInterface $payment): int
+        {
+            $details = $payment->getDetails();
+            return $details['payment_amount'] ?? 0;
+        }
+    }

src/Verifier/PaymentAmountVerifierInterface.php

-Original file line number
+Diff line change
@@ -0,0 +1,21 @@
+    <?php
+    /*
+     * This file is part of the Sylius package.
+     *
+     * (c) Sylius Sp. z o.o.
+     *
+     * For the full copyright and license information, please view the LICENSE
+     * file that was distributed with this source code.
+     */
+    declare(strict_types=1);
+    namespace Sylius\PayPalPlugin\Verifier;
+    use Sylius\Component\Core\Model\PaymentInterface;
+    interface PaymentAmountVerifierInterface
+    {
+        public function verify(PaymentInterface $payment, array $paypalOrderDetails = []): void;
+    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Fix amount change on checkout #346

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!