Closed Bug 746460 Opened 10 years ago Closed 10 years ago

[traceback] In-app payments returns a 500 if pre-auth is not set up


( Graveyard :: Public Pages, defect, P1)



(Not tracked)



(Reporter: krupa.mozbugs, Assigned: andy+bugzilla)




(1 file)

steps to reproduce:
1. Log into Marketplace with an account which doesn't have preauth set up
2. Go to and click the call button
3. In the purchase modal, click the 0.99 USD button

observed behavior:
In-app payments returns a 500 if pre-auth is not set up

traceback details:
Traceback (most recent call last):

 File "/data/www/", line 111, in get_response
   response = callback(request, *callback_args, **callback_kwargs)

 File "/data/www/", line 18, in _wrapped_view
   response = view_fn(request, *args, **kwargs)

 File "/data/www/", line 30, in wrapper
   return view(request, signed_req, req, *args, **kw)

 File "/data/www/", line 29, in wrapper
   return func(request, *args, **kw)

 File "/data/www/", line 50, in wrapper
   return f(request, *args, **kw)

 File "/data/www/", line 112, in wrapper
   return f(*args, **kw)

 File "/data/www/", line 104, in wrapper
   return f(*args, **kw)

 File "/data/www/", line 36, in _wrapped_view
   return view(request, *args, **kwargs)

 File "/data/www/", line 146, in pay
   'user %s (status %s)' % (request.amo_user, status))

InappPaymentError: PayPal did not recognize preauth token for user 5540398: "'><script>alert('problem')</script> (status CREATED)
Assignee: nobody → amckay
Priority: -- → P1
kicking to next week since this is a blocker
Blocks: 698116
Target Milestone: --- → 6.5.2
Pre-auth can and will fail, so you need to handle this on the front end. It throws a 500 because @potch added that here:

In purchasing when it fails, I just retry not using pre-auth. What would you like to happen. Catch the 500 in the client? I would presume you'll want an error status and string returned a 200?
when you say preauth can and will fail, do you mean it is an intermittent failure? Or is this something where we should say to the user "sorry, pre-auth failed, please set it up again."
I have seen intermittent failures on the sandbox, but that could be the sandbox. There are two kinds of failures:

- fatal, for example user goes to the paypal account and removes the pre-auth ability, we don't know that's failed, they have to set it up again. This class of errors includes pre-auth expired, pre-auth limit reached and so on.

- less fatal, for example: the currency that the user is using is not a currency that the developer accepts or the buyer just has no money in their account. In this case there may or may not be something the end user can figure out what to do.

We've got a list of status codes back from paypal, correctly predicting and categorizing the errors is a little hard for in-app. There's at least one bug to increase the visibility of these errors, bug 747057.
We used to handle this before by kicking the user over to the PayPal UI. We redirected to a PayPal URL here:

Maybe we should put that redirect back if preauth fails *and* request.amo_user.get_preapproval() is True?
I think that's a good first start.
This was pushed and kumar added some bugs about cleaning up the UI.
Closed: 10 years ago
Resolution: --- → FIXED
Attached image Postfix Screenshot
UI cleanup will be in bug 748137
Product: → Graveyard
You need to log in before you can comment on or make changes to this bug.