Project

General

Profile

Actions

Bug #9397

closed

Stripe: subscription create can be abused resulting in duplicate payments

Added by krileon 9 months ago. Updated 6 months ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Start date:
02 April 2024
Due date:
% Done:

100%

Estimated time:

Description

If the subscription creation payment processing handling is reloaded (e.g. user reloading for whatever reason) WHILE the payment is currently processing (before basket state could change) it can result in double subscriptions being created at Stripe. This is due to setup_intent being reusable as it has to be to be used for recurring payments so Stripe doesn't reject the duplicate subscription. Implement safe guards against this by trying to find an existing subscription before making one to ensure the intent has not be used yet. That chances of this happening are quite slim though as it's subject to user error.

Actions #1

Updated by krileon 9 months ago

  • Status changed from Assigned to Resolved
  • % Done changed from 0 to 100

Fixed in MR !335

Actions #2

Updated by beat 6 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF