Merge pull request #199 from razorpay/webhook_issue_fix

Skip the webhook if not the valid data
razorpay · Jul 20, 2021 · f95a4fb · f95a4fb
2 parents f23648e + daf6321
commit f95a4fb
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/includes/razorpay-webhook.php b/includes/razorpay-webhook.php
@@ -29,6 +29,14 @@ class RZP_Webhook
     const REFUNDED_CREATED          = 'refund.created';
     const VIRTUAL_ACCOUNT_CREDITED  = 'virtual_account.credited';
 
+    protected $eventsArray = [
+        self::PAYMENT_AUTHORIZED, 
+        self::VIRTUAL_ACCOUNT_CREDITED, 
+        self::REFUNDED_CREATED, 
+        self::PAYMENT_FAILED, 
+        self::SUBSCRIPTION_CANCELLED
+    ];
+
     public function __construct()
     {
         $this->razorpay = new WC_Razorpay(false);
@@ -68,6 +76,12 @@ public function process()
         if (($enabled === 'yes') and
             (empty($data['event']) === false))
         {
+            // Skip the webhook if not the valid data and event
+            if ($this->shouldConsumeWebhook($data) === false)
+            {
+                return;
+            }
+
             if (isset($_SERVER['HTTP_X_RAZORPAY_SIGNATURE']) === true)
             {
                 $razorpayWebhookSecret = $this->razorpay->getSetting('webhook_secret');
@@ -147,7 +161,7 @@ protected function subscriptionCancelled(array $data)
      * @param array $data Webook Data
      */
     protected function paymentAuthorized(array $data)
-    {
+    {   
         // We don't process subscription/invoice payments here
         if (isset($data['payload']['payment']['entity']['invoice_id']) === true)
         {
@@ -331,6 +345,21 @@ protected function getPaymentEntity($razorpayPaymentId, $data)
         return $payment;
     }
 
+    /**
+     * Returns boolean false incase not proper webhook data
+     */
+    protected function shouldConsumeWebhook($data)
+    { 
+        if ((isset($data['event']) === true) and 
+            (in_array($data['event'], $this->eventsArray) === true) and 
+            isset($data['payload']['payment']['entity']['notes']['woocommerce_order_number']) === true)
+        {
+            return true;
+        }
+
+        return false;
+    }
+
     /**
      * Returns the order amount, rounded as integer
      * @param WC_Order $order WooCommerce Order instance

diff --git a/woo-razorpay.php b/woo-razorpay.php
@@ -239,7 +239,6 @@ public function init_form_fields()
                     'default'     => '',
                     'options'     => array(
                         RZP_Webhook::PAYMENT_AUTHORIZED        => 'payment.authorized',
-                        RZP_Webhook::PAYMENT_FAILED            => 'payment.failed',
                         RZP_Webhook::REFUNDED_CREATED          => 'refund.created',
                         RZP_Webhook::VIRTUAL_ACCOUNT_CREDITED  => 'virtual_account.credited',
                     ),