Avoid returning Stripe error message when capturing more than order a…

…mount (#7581)

changelog/update-7029-avoid-returning-stripe-error-message-when-capturing-more-than-order-amount

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Redact Stripe support contact prompt from error message when capturing amounts greater than authorized.

includes/class-wc-payments.php

@@ -417,6 +417,7 @@ public static function init() {
 		include_once __DIR__ . '/class-wc-payments-woopay-button-handler.php';
 		include_once __DIR__ . '/class-wc-payments-apple-pay-registration.php';
 		include_once __DIR__ . '/exceptions/class-add-payment-method-exception.php';
+		include_once __DIR__ . '/exceptions/class-amount-too-large-exception.php';
 		include_once __DIR__ . '/exceptions/class-amount-too-small-exception.php';
 		include_once __DIR__ . '/exceptions/class-intent-authentication-exception.php';
 		include_once __DIR__ . '/exceptions/class-invalid-payment-method-exception.php';

includes/exceptions/class-amount-too-large-exception.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Class Amount_Too_Large_Exception
+ *
+ * @package WooCommerce\Payments
+ */
+
+namespace WCPay\Exceptions;
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Class representing Amount_Too_Large_Exception
+ */
+class Amount_Too_Large_Exception extends API_Exception {
+
+	/**
+	 * Constructor
+	 *
+	 * @param string $message        The Exception message to throw.
+	 * @param int    $http_code      HTTP response code.
+	 */
+	public function __construct( $message, $http_code ) {
+		parent::__construct( $message, 'amount_too_large', $http_code, null, null );
+	}
+}

includes/wc-payment-api/class-wc-payments-api-client.php

@@ -10,6 +10,7 @@
 use WCPay\Constants\Intent_Status;
 use WCPay\Exceptions\API_Exception;
 use WCPay\Exceptions\Amount_Too_Small_Exception;
+use WCPay\Exceptions\Amount_Too_Large_Exception;
 use WCPay\Exceptions\Connection_Exception;
 use WCPay\Fraud_Prevention\Fraud_Prevention_Service;
 use WCPay\Fraud_Prevention\Buyer_Fingerprinting_Service;
@@ -1919,10 +1920,22 @@ protected function check_response_for_errors( $response ) {
 					$response_code
 				);
 			} elseif ( isset( $response_body['error'] ) ) {
+				$response_body_error_code = $response_body['error']['code'] ?? null;
+				$payment_intent_status    = $response_body['error']['payment_intent']['status'] ?? null;
+
+				// We redact the API error message to prevent prompting the merchant to contact Stripe support
+				// when attempting to manually capture an amount greater than what's authorized. Contacting support is unnecessary in this scenario.
+				if ( 'amount_too_large' === $response_body_error_code && Intent_Status::REQUIRES_CAPTURE === $payment_intent_status ) {
+					throw new Amount_Too_Large_Exception(
+						// translators: This is an error API response.
+						__( 'Error: The payment could not be captured because the requested capture amount is greater than the amount you can capture for this charge.', 'woocommerce-payments' ),
+						$response_code
+					);
+				}
 				$decline_code = $response_body['error']['decline_code'] ?? '';
 				$this->maybe_act_on_fraud_prevention( $decline_code );
 
-				$error_code    = $response_body['error']['code'] ?? $response_body['error']['type'] ?? null;
+				$error_code    = $response_body_error_code ?? $response_body['error']['type'] ?? null;
 				$error_message = $response_body['error']['message'] ?? null;
 				$error_type    = $response_body['error']['type'] ?? null;
 			} elseif ( isset( $response_body['code'] ) ) {