woocommerce-plugin icon indicating copy to clipboard operation
woocommerce-plugin copied to clipboard

Published 20 hours ago verified publisher icon blockonomics

Coupon implementation on underpayment

Open anktd opened this issue 3 years ago • 2 comments

#282 Phase 1 - as discussed here on issue #282

Add automatically generated coupon on confirmed underpaid callback. Discount amount is calculated in 68c8396

image

Coupon menu in merchant dashboard image

Trying to add same coupon on another checkout throws usage limit error: 1010-000825

Now, if the order status is set to failed or cancelled, this coupon's usage/limit changes to 0/1, so it can be used one more time. If we want to prevent that, there are 2 ways:

  1. We can set auto-expiry to 1 hour (time after which woocommerce itself cancels the order), or
  2. We can write an action hook that will see if the order failed/cancelled had a coupon code starting with 'bck_' with total length = 10. - done in https://github.com/blockonomics/woocommerce-plugin/pull/291/commits/1f63c70c829088a1c6e2d01d79f109c231830af9 -- reverted in 04d696c as per discussion below.

Customer now sees the order with discount applied image

anktd avatar Oct 10 '22 09:10 anktd

Now, if the order status is set to failed or cancelled, this coupon's usage/limit changes to 0/1

This is not a big deal really and we can safely ignore. Few things:

  • Does the customer ever even see the coupon code to be able to use the exploit , no I guess ! I am not seeing it anywhere in the customer UI/emails
  • Logically if the order got cancelled, the customer is atleast entitled to the coupon for the BTC he spent

shivaenigma avatar Oct 13 '22 12:10 shivaenigma

Update on Phase 2: I have added a new field in blockonomics_orders table - timestamp. For a new order, timestamp records the time of order creation. Now, after confirmed underpaid callbacks:

  1. Coupon is applied to the order equal to amount received in the callback
  2. After applying coupon, new address is generated and a new row is added in the blockonomics_orders table. So on each underpaid callback the time is recorded on callback itself.
  3. Now customer can refresh the same checkout page to get updated information i.e. new address and remaining amount to be paid.
  4. It is applicable for any number of underpaid callbacks. Here is such an order which is underpaid thrice: image image

There are some issues/enhancement in this upon which I will update further:

  1. Order id is skipped as per the number of underpaid callbacks. For ex. in above Order id 108 is underpaid 3 times, so next order created has order id = 112
  2. If same Callback is hit again & again, it'll keep adding coupons.
  3. Pending changes in custom fields, as suggested here, i.e. remove paid_btc , expected_btc and add new custom field paid_order_amount.
  4. Multiple random string coupons can be confusing, so adding some details for the coupons in order notes.
  5. Automatically emailing the updated invoice to customer on underpayment.

Finally, here is a video of consecutive underpayments

https://user-images.githubusercontent.com/97018228/198191942-09fd0bea-76cd-4758-adee-f3f7b9b59165.mp4

anktd avatar Oct 27 '22 04:10 anktd

3 possible changes to DB discussed here: https://docs.google.com/document/d/1m2lX_ZMCupZHDvkjdauBEkb4fGhA5EWXTrvflDjuhhg/edit?usp=sharing

anktd avatar Nov 10 '22 05:11 anktd

Update: https://github.com/blockonomics/woocommerce-plugin/pull/291/commits/09db6e7cbb3d1e57d79ef4a6b9fe05f534bfb09c - Now customer automatically receives email on confirmed underpayment, with a link to pay for remaining amount. Email screenshot: image

https://user-images.githubusercontent.com/97018228/202644241-e46f0d1c-b24b-4624-b876-3eeeba3eea1f.mp4

anktd avatar Nov 18 '22 07:11 anktd

Not implementing . Closing in favour of https://github.com/blockonomics/woocommerce-plugin/pull/335

shivaenigma avatar Jul 25 '23 09:07 shivaenigma