You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On #180, we're handling the charge.refunded webhook event to generate a Spree::Refund copy. However, we're not checking whether the incoming webhook has already been processed in the past.
Although we're skipping the processing when the associated payment has already been fully refunded, it might be the case that we handle twice a partial amount refund. As noted in a comment from the referenced issue, we can't use the transaction ARN as that's something not always available at the moment the event is created.
Specifically, as another layer of security, associating every created refund with the charge id in another database table.
Another scenario for a duplicated refund would be one that has been initiated by Solidus, calling the Stripe API and getting the corresponding webhook event.
On #180, we're handling the
charge.refundedwebhook event to generate aSpree::Refundcopy. However, we're not checking whether the incoming webhook has already been processed in the past.Although we're skipping the processing when the associated payment has already been fully refunded, it might be the case that we handle twice a partial amount refund. As noted in a comment from the referenced issue, we can't use the transaction ARN as that's something not always available at the moment the event is created.
There're two ways to handle that:
Another scenario for a duplicated refund would be one that has been initiated by Solidus, calling the Stripe API and getting the corresponding webhook event.