[traceback] In-app payments returns a 500 if pre-auth is not set up



7 years ago
3 years ago


(Reporter: krupa.mozbugs, Assigned: andy+bugzilla)


Dependency tree / graph



(1 attachment)



7 years ago
steps to reproduce:
1. Log into Marketplace with an account which doesn't have preauth set up
2. Go to http://inapp-pay-test.farmdev.com/en-US/ and click the call mozmarket.buy() button
3. In the purchase modal, click the 0.99 USD button

observed behavior:
In-app payments returns a 500 if pre-auth is not set up

traceback details:
Traceback (most recent call last):

 File "/data/www/addons-dev.allizom.org/zamboni/vendor/src/django/django/core/handlers/base.py", line 111, in get_response
   response = callback(request, *callback_args, **callback_kwargs)

 File "/data/www/addons-dev.allizom.org/zamboni/vendor/src/commonware/commonware/response/decorators.py", line 18, in _wrapped_view
   response = view_fn(request, *args, **kwargs)

 File "/data/www/addons-dev.allizom.org/zamboni/mkt/inapp_pay/decorators.py", line 30, in wrapper
   return view(request, signed_req, req, *args, **kw)

 File "/data/www/addons-dev.allizom.org/zamboni/apps/amo/decorators.py", line 29, in wrapper
   return func(request, *args, **kw)

 File "/data/www/addons-dev.allizom.org/zamboni/apps/amo/decorators.py", line 50, in wrapper
   return f(request, *args, **kw)

 File "/data/www/addons-dev.allizom.org/zamboni/apps/amo/decorators.py", line 112, in wrapper
   return f(*args, **kw)

 File "/data/www/addons-dev.allizom.org/zamboni/apps/amo/decorators.py", line 104, in wrapper
   return f(*args, **kw)

 File "/data/www/addons-dev.allizom.org/zamboni/vendor/src/django-waffle/waffle/decorators.py", line 36, in _wrapped_view
   return view(request, *args, **kwargs)

 File "/data/www/addons-dev.allizom.org/zamboni/mkt/inapp_pay/views.py", line 146, in pay
   'user %s (status %s)' % (request.amo_user, status))

InappPaymentError: PayPal did not recognize preauth token for user 5540398: "'><script>alert('problem')</script> (status CREATED)


7 years ago
Assignee: nobody → amckay
Priority: -- → P1
kicking to next week since this is a blocker
Blocks: 698116
Target Milestone: --- → 6.5.2

Comment 2

7 years ago
Pre-auth can and will fail, so you need to handle this on the front end. It throws a 500 because @potch added that here:  


In purchasing when it fails, I just retry not using pre-auth. What would you like to happen. Catch the 500 in the client? I would presume you'll want an error status and string returned a 200?
when you say preauth can and will fail, do you mean it is an intermittent failure? Or is this something where we should say to the user "sorry, pre-auth failed, please set it up again."

Comment 4

7 years ago
I have seen intermittent failures on the sandbox, but that could be the sandbox. There are two kinds of failures:

- fatal, for example user goes to the paypal account and removes the pre-auth ability, we don't know that's failed, they have to set it up again. This class of errors includes pre-auth expired, pre-auth limit reached and so on.

- less fatal, for example: the currency that the user is using is not a currency that the developer accepts or the buyer just has no money in their account. In this case there may or may not be something the end user can figure out what to do.

We've got a list of status codes back from paypal, correctly predicting and categorizing the errors is a little hard for in-app. There's at least one bug to increase the visibility of these errors, bug 747057.
We used to handle this before by kicking the user over to the PayPal UI. We redirected to a PayPal URL here: https://github.com/mozilla/zamboni/commit/2ce9ab8dfd9cab7ed35e2a15e643d239dcdca2db#L16L137

Maybe we should put that redirect back if preauth fails *and* request.amo_user.get_preapproval() is True?

Comment 6

7 years ago
I think that's a good first start.

Comment 7

7 years ago
This was pushed and kumar added some bugs about cleaning up the UI.

Last Resolved: 7 years ago
Resolution: --- → FIXED


7 years ago

Comment 8

7 years ago
Created attachment 618284 [details]
Postfix Screenshot
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.