PPv2: Fix incomplete validation of capture status

2026-05-03 14:54:04 +00:00 · 2022-12-20 14:53:43 +01:00
parent 8be09ee937
commit c4aed04a18
2 changed files with 23 additions and 6 deletions
--- a/src/pretix/plugins/paypal2/payment.py
+++ b/src/pretix/plugins/paypal2/payment.py
@@ -698,7 +698,7 @@ class PaypalMethod(BasePaymentProvider):
                        except ReferencedPayPalObject.MultipleObjectsReturned:
                            pass

-                        if capture.status == 'PENDING':
+                        if capture.status != 'COMPLETED':
                            messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as '
                                                        'soon as the payment completed.'))
                            payment.info = json.dumps(pp_captured_order.dict())
--- a/src/pretix/plugins/paypal2/views.py
+++ b/src/pretix/plugins/paypal2/views.py
@@ -426,7 +426,10 @@ def webhook(request, *args, **kwargs):
    if not payment:
        return HttpResponse('Payment not found', status=200)

-    payment.order.log_action('pretix.plugins.paypal.event', data=event_json)
+    payment.order.log_action('pretix.plugins.paypal.event', data={
+        'event': event_json,
+        'sale': sale,
+    })

    if payment.state == OrderPayment.PAYMENT_STATE_CONFIRMED and sale['status'] in ('PARTIALLY_REFUNDED', 'REFUNDED', 'COMPLETED'):
        if event_json['resource_type'] == 'refund':
@@ -470,10 +473,24 @@ def webhook(request, *args, **kwargs):
    elif payment.state in (OrderPayment.PAYMENT_STATE_PENDING, OrderPayment.PAYMENT_STATE_CREATED,
                           OrderPayment.PAYMENT_STATE_CANCELED, OrderPayment.PAYMENT_STATE_FAILED) \
            and sale['status'] == 'COMPLETED':
-        try:
-            payment.confirm()
-        except Quota.QuotaExceededException:
-            pass
+        capture_completed = True
+        for purchaseunit in sale['purchase_units']:
+            for capture in purchaseunit['payments']['captures']:
+                try:
+                    ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment,
+                                                                 reference=capture['id'])
+                except ReferencedPayPalObject.MultipleObjectsReturned:
+                    pass
+
+                if capture['status'] not in ('COMPLETED', 'REFUNDED', 'PARTIALLY_REFUNDED'):
+                    capture_completed = False
+        if capture_completed:
+            try:
+                payment.info = json.dumps(sale)
+                payment.save(update_fields=['info'])
+                payment.confirm()
+            except Quota.QuotaExceededException:
+                pass

    return HttpResponse(status=200)