Release 6.2.6

.github/.htaccess

@@ -0,0 +1,10 @@
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Order deny,allow
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>

changelog.md

@@ -2,6 +2,10 @@
 
 # Changelog #
 
+## Changes in release 6.2.6 ##
++ Improved checkout process
++ Fixed duplicate order status issue
+
 ## Changes in release 6.2.5 ##
 + Fixed issue with order status on multishop
 + Phone number validation improvements

controllers/front/return.php

@@ -115,7 +115,8 @@ public function initContent()
                 $this->setWarning($data['msg_details']);
 
                 Tools::redirect(Context::getContext()->link->getPageLink('cart', true));
-            } elseif (PaymentMethod::BANKTRANSFER === $data['mollie_info']['method']
+            } elseif (isset($data['mollie_info']['method'])
+                && PaymentMethod::BANKTRANSFER === $data['mollie_info']['method']
                 && PaymentStatus::STATUS_OPEN === $data['mollie_info']['bank_status']
             ) {
                 $data['msg_details'] = $this->module->l('The payment is still being processed. You\'ll be notified when the bank or merchant confirms the payment./merchant.', self::FILE_NAME);
@@ -141,7 +142,7 @@ public function initContent()
                     [
                         'ajax' => 1,
                         'action' => 'getStatus',
-                        'transaction_id' => $data['mollie_info']['transaction_id'],
+                        'transaction_id' => $data['mollie_info']['transaction_id'] ?? null,
                         'key' => $key,
                         'cart_id' => $idCart,
                         'order_number' => $orderNumber,

controllers/front/webhook.php

@@ -67,6 +67,15 @@ public function initContent(): void
             ));
         }
 
+        if (!$tools->getValue('security_token')) {
+            $logger->debug(sprintf('Missing security token in %s', self::FILE_NAME));
+
+            $this->ajaxResponse(JsonResponse::error(
+                $this->module->l('Missing security token', self::FILE_NAME),
+                HttpStatusCode::HTTP_BAD_REQUEST
+            ));
+        }
+
         $transactionId = (string) $tools->getValue('id');
 
         if (!$transactionId) {
@@ -81,7 +90,7 @@ public function initContent(): void
         $lockResult = $this->applyLock(sprintf(
             '%s-%s',
             self::FILE_NAME,
-            $transactionId
+            $tools->getValue('security_token')
         ));
 
         if (!$lockResult->isSuccessful()) {

mollie.php

@@ -90,7 +90,7 @@ public function __construct()
     {
         $this->name = 'mollie';
         $this->tab = 'payments_gateways';
-        $this->version = '6.2.5';
+        $this->version = '6.2.6';
         $this->author = 'Mollie B.V.';
         $this->need_instance = 1;
         $this->bootstrap = true;

src/Service/MollieOrderCreationService.php

@@ -21,7 +21,6 @@
 use Mollie\Config\Config;
 use Mollie\DTO\OrderData;
 use Mollie\DTO\PaymentData;
-use Mollie\Errors\Http\HttpStatusCode;
 use Mollie\Exception\OrderCreationException;
 use Mollie\Handler\ErrorHandler\ErrorHandler;
 use Mollie\Handler\Exception\OrderExceptionHandler;
@@ -66,11 +65,9 @@ public function createMollieOrder($data, MolPaymentMethod $paymentMethodObj)
             try {
                 $apiPayment = $this->createPayment($data, $paymentMethodObj->method);
             } catch (OrderCreationException $e) {
-                $errorHandler = ErrorHandler::getInstance();
-                $errorHandler->handle($e, HttpStatusCode::HTTP_BAD_REQUEST, true);
+                throw $e;
             } catch (Exception $e) {
-                $errorHandler = ErrorHandler::getInstance();
-                $errorHandler->handle($e, HttpStatusCode::HTTP_INTERNAL_SERVER_ERROR, true);
+                throw $e;
             }
         }
 

src/Service/MolliePaymentMailService.php

@@ -21,6 +21,7 @@
 use Mollie\Api\Resources\Payment;
 use Mollie\Api\Types\PaymentStatus;
 use Mollie\Repository\PaymentMethodRepository;
+use Mollie\Utility\HashUtility;
 use Mollie\Utility\SecureKeyUtility;
 use Mollie\Utility\TransactionUtility;
 use Order;
@@ -185,7 +186,9 @@ public function sendSecondChanceMailWithPaymentApi(MollieApiClient $api, $transa
         $paymentData['webhookUrl'] = $context->link->getModuleLink(
             'mollie',
             'webhook',
-            [],
+            [
+                'security_token' => HashUtility::hash($cart->secure_key),
+            ],
             true,
             null,
             $cart->id_shop

src/Service/OrderStatusService.php

@@ -84,7 +84,13 @@ public function setOrderStatus($orderId, $statusId, $useExistingPayment = null,
         if (0 === (int) $statusId) {
             return;
         }
+
         $order = new Order((int) $orderId);
+        $orderHistory = $order->getHistory($order->id_lang, $statusId);
+
+        if (!empty($orderHistory)) {
+            return;
+        }
 
         if (!Validate::isLoadedObject($order)) {
             return;

src/Service/PaymentMethodService.php

@@ -47,6 +47,7 @@
 use Mollie\Subscription\Validator\SubscriptionOrderValidator;
 use Mollie\Utility\CustomLogoUtility;
 use Mollie\Utility\EnvironmentUtility;
+use Mollie\Utility\HashUtility;
 use Mollie\Utility\LocaleUtility;
 use Mollie\Utility\SecureKeyUtility;
 use Mollie\Utility\TextFormatUtility;
@@ -316,7 +317,9 @@ public function getPaymentData(
         $webhookUrl = $this->context->getModuleLink(
             'mollie',
             'webhook',
-            [],
+            [
+                'security_token' => HashUtility::hash($cart->secure_key),
+            ],
             true
         );
 
@@ -451,7 +454,9 @@ public function getPaymentData(
             $payment->setWebhookUrl($this->context->getModuleLink(
                 'mollie',
                 'webhook',
-                [],
+                [
+                    'security_token' => HashUtility::hash($cart->secure_key),
+                ],
                 true
             ));
 

src/Service/TransactionService.php

@@ -145,7 +145,7 @@ public function processTransaction($apiPayment)
         }
 
         /** @var int $orderId */
-        $orderId = Order::getOrderByCartId((int) $apiPayment->metadata->cart_id);
+        $orderId = Order::getIdByCartId((int) $apiPayment->metadata->cart_id);
 
         $cart = new Cart($apiPayment->metadata->cart_id);
 
@@ -213,7 +213,7 @@ public function processTransaction($apiPayment)
                         $this->orderStatusService->setOrderStatus($orderId, $apiPayment->status);
                     }
 
-                    $orderId = Order::getOrderByCartId((int) $apiPayment->metadata->cart_id);
+                    $orderId = Order::getIdByCartId((int) $apiPayment->metadata->cart_id);
                 }
                 break;
             case Config::MOLLIE_API_STATUS_ORDER:
@@ -295,7 +295,7 @@ public function processTransaction($apiPayment)
                     }
                 }
 
-                $orderId = Order::getOrderByCartId((int) $apiPayment->metadata->cart_id);
+                $orderId = Order::getIdByCartId((int) $apiPayment->metadata->cart_id);
         }
 
         if (!$orderId) {
@@ -507,7 +507,7 @@ private function handlePaymentDescription(Payment $apiPayment)
     {
         $paymentMethod = $this->paymentMethodRepository->getPaymentBy('order_reference', $apiPayment->description);
         if ($paymentMethod) {
-            $orderId = Order::getOrderByCartId($paymentMethod['cart_id']);
+            $orderId = Order::getIdByCartId($paymentMethod['cart_id']);
             if (!$orderId) {
                 return;
             }
@@ -523,7 +523,7 @@ private function handleOrderDescription(MollieOrderAlias $apiPayment)
     {
         $paymentMethod = $this->paymentMethodRepository->getPaymentBy('order_reference', $apiPayment->orderNumber);
         if ($paymentMethod) {
-            $orderId = Order::getOrderByCartId($paymentMethod['cart_id']);
+            $orderId = Order::getIdByCartId($paymentMethod['cart_id']);
             if (!$orderId) {
                 return;
             }