Skip to content

feat(stripe): refunds, webhook retry sweep, and one-off settlement fix#242

Open
Tarunkumar0601 wants to merge 8 commits into
frappe:developfrom
aerele:feat/stripe-refunds
Open

feat(stripe): refunds, webhook retry sweep, and one-off settlement fix#242
Tarunkumar0601 wants to merge 8 commits into
frappe:developfrom
aerele:feat/stripe-refunds

Conversation

@Tarunkumar0601

Copy link
Copy Markdown

Adds refunds from within ERPNext, makes failed webhooks self-heal, and ensures one-off Stripe payments settle into a refundable
Payment Entry.

  • Refund via Stripe button on Stripe-originated Payment Entries (full/partial); charge.refunded records the refund as a comment (no
    auto credit note)
  • Hourly sweep retries Failed webhook log events
  • Settles the Payment Request as Administrator (the Guest checkout return / webhook can't read the Sales Invoice)
  • Stamps the PaymentIntent onto the one-off Payment Entry so refunds work

Depends on feat/stripe-subscriptions.

Backport Needed: V15 & V16

@Tarunkumar0601 Tarunkumar0601 marked this pull request as ready for review July 1, 2026 10:35
@mergify

mergify Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Confidence Score: 4/5

The major correctness fixes all land correctly; the only new finding is a misleading audit-trail comment in process_refund.

All previously raised blocking issues appear addressed in this diff — permission check is present on refund_payment_entry, amounts are read server-side, handle_event elevates to Administrator before routing, and subscription sessions now resolve the first invoice PaymentIntent. The one new finding is that process_refund stamps the cumulative amount_refunded rather than the per-event refund amount, which misleads the audit comment for multiple partial refunds but does not affect financial correctness.

payments/payment_gateways/stripe_reconcile.py (process_refund cumulative amount comment)

Reviews (30): Last reviewed commit: "fix(stripe): settle payment request as a..." | Re-trigger Greptile

Comment thread payments/templates/pages/stripe_checkout.py
Comment thread payments/payment_gateways/stripe_subscription_sync.py
Comment thread payments/payment_gateways/stripe_utils.py
Comment thread payments/payment_gateways/stripe_reconcile.py
Comment thread payments/payment_gateways/stripe_reconcile.py
Comment thread payments/payment_gateways/stripe_utils.py Outdated
Comment thread payments/payment_gateways/stripe_integration.py Outdated
Comment thread payments/templates/pages/stripe_checkout.py
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 4 times, most recently from 17a67dc to 32adefe Compare July 2, 2026 07:16
Comment thread payments/payment_gateways/stripe_integration.py Outdated
Comment thread payments/payment_gateways/stripe_reconcile.py
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 2 times, most recently from 63aa968 to 0d769c8 Compare July 3, 2026 06:02
Comment thread payments/payment_gateways/stripe_utils.py
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 2 times, most recently from 3afc9ec to 1ccf04d Compare July 3, 2026 06:44
Comment thread payments/payment_gateways/stripe_utils.py
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 3 times, most recently from 6eef548 to 72b8a32 Compare July 3, 2026 08:25
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 2 times, most recently from dc33c29 to 2f9182b Compare July 3, 2026 09:27
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 4 times, most recently from 509d35c to 3b7a6ff Compare July 3, 2026 10:43
Comment thread payments/payment_gateways/stripe_integration.py
@Tarunkumar0601 Tarunkumar0601 force-pushed the feat/stripe-refunds branch 3 times, most recently from 4639aa7 to 26ddf20 Compare July 3, 2026 11:49

# Don't leak another entity's success message to a logged-in caller who has
# no read access. Guests (who just completed the payment) can't hold doc
# permissions, so the existence check above is their guard.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please check this condition? As far as I understand, this endpoint is always accessed by a Guest user when the payment gateway redirects from the bank back to ERPNext. In that case, could you verify whether the mentioned permission check is actually required?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants