Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignored rate limiter in "Add payment method" page #3794

Open
frosso opened this issue Jan 29, 2025 · 0 comments · May be fixed by #3810
Open

Ignored rate limiter in "Add payment method" page #3794

frosso opened this issue Jan 29, 2025 · 0 comments · May be fixed by #3810
Labels
type: bug The issue is a confirmed bug.

Comments

@frosso
Copy link
Contributor

frosso commented Jan 29, 2025

Describe the bug

WC Core doesn’t allow storing two cards within 20 seconds ( https://github.com/woocommerce/woocommerce/blob/d252c8a1d080a00034597562157ddc35f1132aed/plugins/woocommerce/includes/class-wc-form-handler.php#L508 ), showing an error saying, "You cannot add a new payment method so soon after the previous one. Please wait for 20 seconds.".

However, despite presenting this error on the UI, WC Stripe will still actually save the card, bypassing the WC rate-limit limitation.

To Reproduce
Steps to reproduce the behavior:

  1. As a registered customer, navigate to My account > Payment methods
  2. Take note of the payment methods present (ideally none, just to make things clearer)
  3. Click "Add payment method"
  4. Use the 4242424242424242 card, any future expiry, any CVC
  5. Save the card
  6. Within 20 seconds, click again "Add payment method" and use the 5555555555554444 card, any future expiry, any CVC
  7. You'll notice the error message appear
  8. Navigate again to My account > Payment methods
  9. Take note of how many payment methods are saved on the page

Expected behavior
The rate limiter should not be ignored, and the payment method should not be saved within the rate limit

Screenshots

Environment (please complete the following information):

Additional context

p1738165444642259-slack-C055WHLA98D

Automattic/woocommerce-payments#10257

@frosso frosso added the type: bug The issue is a confirmed bug. label Jan 29, 2025
@frosso frosso linked a pull request Jan 30, 2025 that will close this issue
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: bug The issue is a confirmed bug.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant