feat(stripe): refunds, webhook retry sweep, and one-off settlement fix#242
feat(stripe): refunds, webhook retry sweep, and one-off settlement fix#242Tarunkumar0601 wants to merge 8 commits into
Conversation
|
Tick the box to add this pull request to the merge queue (same as
|
Confidence Score: 4/5The major correctness fixes all land correctly; the only new finding is a misleading audit-trail comment in process_refund. All previously raised blocking issues appear addressed in this diff — permission check is present on refund_payment_entry, amounts are read server-side, handle_event elevates to Administrator before routing, and subscription sessions now resolve the first invoice PaymentIntent. The one new finding is that process_refund stamps the cumulative amount_refunded rather than the per-event refund amount, which misleads the audit comment for multiple partial refunds but does not affect financial correctness. payments/payment_gateways/stripe_reconcile.py (process_refund cumulative amount comment) Reviews (30): Last reviewed commit: "fix(stripe): settle payment request as a..." | Re-trigger Greptile |
af856ec to
8f72afa
Compare
8f72afa to
cf49077
Compare
cf49077 to
75ecbca
Compare
75ecbca to
6408ced
Compare
17a67dc to
32adefe
Compare
32adefe to
45d9688
Compare
45d9688 to
8e5105f
Compare
8e5105f to
af7b163
Compare
af7b163 to
6e4e222
Compare
63aa968 to
0d769c8
Compare
3afc9ec to
1ccf04d
Compare
6eef548 to
72b8a32
Compare
dc33c29 to
2f9182b
Compare
509d35c to
3b7a6ff
Compare
4639aa7 to
26ddf20
Compare
26ddf20 to
2a6568e
Compare
|
|
||
| # Don't leak another entity's success message to a logged-in caller who has | ||
| # no read access. Guests (who just completed the payment) can't hold doc | ||
| # permissions, so the existence check above is their guard. |
There was a problem hiding this comment.
Could you please check this condition? As far as I understand, this endpoint is always accessed by a Guest user when the payment gateway redirects from the bank back to ERPNext. In that case, could you verify whether the mentioned permission check is actually required?
Adds refunds from within ERPNext, makes failed webhooks self-heal, and ensures one-off Stripe payments settle into a refundable
Payment Entry.
auto credit note)
Depends on feat/stripe-subscriptions.
Backport Needed: V15 & V16