Project

General

Profile

Actions
Copy link

Bug #9397

open

Stripe: subscription create can be abused resulting in duplicate payments

Added by krileon 27 days ago. Updated 27 days ago.

Status:
Resolved
Priority:
High
Assignee:
krileon
Target version:
4.7.1
Start date:
02 April 2024
Due date:
% Done:

100%

Estimated time:

Description

If the subscription creation payment processing handling is reloaded (e.g. user reloading for whatever reason) WHILE the payment is currently processing (before basket state could change) it can result in double subscriptions being created at Stripe. This is due to setup_intent being reusable as it has to be to be used for recurring payments so Stripe doesn't reject the duplicate subscription. Implement safe guards against this by trying to find an existing subscription before making one to ensure the intent has not be used yet. That chances of this happening are quite slim though as it's subject to user error.

Actions
Copy link
 #1

Updated by krileon 27 days ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !335

Actions
Copy link

Also available in: Atom PDF