Stripe causing double payments

Cool. I’ll download it and review the change and let you know if I see anything.

The fix is a good idea but like the other fix it doesn’t fully solve the problem.

The flaw is based on a fundamental change in how Stripe handles subscriptions as of release 2019-03-14

[Major] Creating a subscription succeeds even when the first payment fails. The subscription will be created in an incomplete status, where it will remain for up to 23 hours. During that time period, it can be moved into an active state by paying the first invoice. If no successful payment is made, the subscription will move into a final incomplete_expired state. Updates to a non-incomplete subscription that require a payment will also succeed regardless of the payment status. Prior to this version, all creations or updates would fail if the corresponding payment failed.

See https://stripe.com/docs/billing/subscriptions/overview#incomplete

If you delete the subscription object in s2member on exception (which is the fix you propose), Stripe still thinks this is an active subscription request and I am not convinced that subsequent attempts by the user won’t just get re-absorbed by the pending Stripe subscription. We have an unrelated second bug that looks like a JavaScript error whereby two sequential requests with the same information and different IDs is getting translated by Stripe into two payments and one combined subscription at the single rate!

I’ll read through the Stripe logic and the s2member logic further to deduce how the logic needs to be adjusted to deal with this new Stripe subscription reality.

UPDATE:

The best “quick fix” appears to be to add payment_behavior=error_if_incomplete `` flag on all API calls that create and update subscriptions. This would restore Stripe behavior to a legacy s2member-stripe-logic compliant form. CAVEAT: This obviates mandatory EEA support for SCA but the current s2member-stripe-logic is not SCA compliant anyway. So once this fix is put in place to get everyone’s Stripe working correctly again, we can table an enhancement for a subsequent release for SCA support.

What I’m fixing with that, is avoiding the duplicate charge for a paid trial because of accumulated invoice items after failed subscription attempts.

I’m removing the invoice item if the subscription was not created, which means that despite a failed payment, the subscription was not created.

So the possible scenario you describe, doesn’t seem to be the case or a problem here.

Please re-read my detailed description of the problem and solution above.

Summary:

• Stripe subscription remains active on failure unless payment_behavior=error_if_incomplete `` flag is added on all API calls that create and update subscriptions to restore operations to be compliant with current s2 logic until SCA-compliant loigc is added to S2.
• S2 / Stripe has a Javascript bug that allows two payments to be made with independent IDs yet somehow manage to end up with only one subscription. So if you delete the s2 object on subscription failure subseuqnet retry on the S2 side may get attached to that pending subscription…because that is what the SCA is all about…a failed subscription that is subsequently corrected.
• SCA requires new UI back to the user to prompt them for manual authorisation…that is new logic for S2 is it not?

Have a read of https://stripe.com/docs/strong-customer-authentication/migration and https://stripe.com/docs/strong-customer-authentication and https://stripe.com/au/guides/strong-customer-authentication. This looks to me like it is going to require adjustments on the s2member side to comply. And it’s not a future issue…SCA legislation passed last Sept.

S2member was designed assuming that a failed Stripe subscription failed if the initial payment failed. Now the Stripe logic is that the transaction remains pending and associates subsequent payment requests to the pending subscription. That’s the bug we have.

So glad that powerful minds are working on this. I’ve just been threatened with legal action by a member who was still being charged when I thought I’d cancelled their trial subscription. It turns out that two subscriptions were made for the same s2_plan_ identification. I’ve calmed the person down, but I’d have been angry too, if I was them and being charged twice!

I hope this will get sorted out super quickly as it’s causing major on-going problems and is losing us reputation and actual money and actual members.

Any updates to this. It would also be good if there was a way to block duplicate payments - e.g. payment for the same amount within XX minutes. That also happens sometimes and since April stripe does not refund the fixed payment fee anymore in Europe just like paypal - so it’s more annoying than before.

I can’t speak for @clavaque but I got caught up with client needs and EOY tax filing. I won’t get a chance to look at this again for 2 weeks.

Undoubtedly related, I’m seeing payments in Stripe which are status “Retrying”, and have tried over multiple days (eg. 24 apr, 27 apr, 2 may) and each time they’re saying “failed” but the person is still an active member on the site.

Thanks for the update Tim. All the issues relate to a failed payment attempt. If the user puts in their card info properly and the card is valid then the transactions work fine. If the person puts in their details incorrectly or the card is not valid then we see the problems.

@clavaque Are there any plans to make a new version of stripe-utilities.inc based on onepresstech’s advice, or do you believe that the [200422a-stripe-utilities.inc.zip] file will solve the problem? Thank you for working on this issue!

Would love a status update on this please??

@clavaque appears to have gone into hibernation again. I’ve been flat out with client deliverables and haven’t got back to trying to fix this in the absence of a fix from @clavaque.

I haven’t forgotten this issue though since it is still a problem I need to fix or get fixed for my clients sooner rather than later.

So many things to do in life…so little time.

Anyone have thoughts on how to go about next steps with this? It’s becoming a huge issue.

At the risk of stating the obvious…someone has to take the initiative and test / reproduce / fix the bugs. I’ll get around to it if no one else does but only after I get through my client deliverables. So I’m not going to be able to fix it for 3-4 weeks.

Tim, do you have any insight into the future of s2Member? The lack of a fix on this major issue makes me concerend that this plugin does not have a future.

No idea. Only @clavaque knows.

Frustration… obviously not your fault though onepresstech as I presume you’re just a user of the software like us? As paid-up members we need these major issues which cost us money and reputation fixed quickly. @clavaque needs to get onto this urgently!

@onepresstech, thanks. As said by @madeglobal, this is obviously not frustration towards you. I thought maybe you had a better way to connect with the plugin owners since I have seen you on here a lot.

@onepresstech (or anyone else), have you tested the 200422a-stripe-utilities.inc.zip update enough to confirm with some confidence there are no issues? It seems like this is a decent fix for most of the issues I am having but I am always a little concerend with adding in new code that is not part of a tested update.

@clavaque, can you please update us on this? As well as give us some idea on the future of S2Member? Avoiding a fix to this issue seems to point to no future development and it would just be good to know that.

Just to repeat something I mentioned before, double payments are not exclusive to Stripe. I use PayPal with s2Member Pro and I have seen two double payments go through in the past 24 hours.

I’ve been seeing occasional double payments for years, although they are usually months apart. The fact that it has happened twice within the past 24 hours has me a bit concerned.

I find it very frustrating that this plugin, which seems to be the best plugin of its kind, gets such little support. My business relies on this plugin, and yet I always feel like I’m on the Titanic heading for the iceberg. And there never seems to be anyone steering the ship.