This one is weird and might suggest an underlying?problem in the code. Somehow, a one-time donation became recurring between the form submission and us making API calls to Adyen.
In the logs, I see the following (recurring is empty):
Nov ?9 09:15:21 payments1007 adyen_gateway: 195292613:195292613.1 Redirecting for transaction:?{ ? ? "gateway_txn_id": false, ? ? "response": false, ? ? "gateway_account": "WikimediaDonations", ? ? "fee": 0, ? ? "contribution_tracking_id": "195292613", ? ? "utm_source": "Waystogive.default~default~default~default~control.cc", ? ? "utm_medium": "Waystogive", ? ? "utm_campaign": "C11_Waystogive", ? ? "language": "en", ? ? "email": "k*********@gmail.com", ? ? "first_name": "K*********", ? ? "last_name": "H*********", ? ? "street_address": "7*********", ? ? "country": "US", ? ? "postal_code": "*********", ? ? "gateway": "adyen", ? ? "order_id": "195292613.1", ? ? "recurring": "", ? ? "payment_method": "cc", ? ? "payment_submethod": "", ? ? "currency": "USD", ? ? "gross": "2.75", ? ? "user_ip": "*********", ? ? "date": 1699521321 }
but then further, we get recurring-specific exceptions such as
Nov ?9 09:15:22 payments1007 SmashPig-Adyen: adyen::195292613:195292613.1 ?| paymentResult element missing from Adyen createPayment response. | false |?
This is thrown in? \SmashPig\PaymentProviders\Adyen\CardPaymentProvider::createRecurringPaymentFromToken() here
Nov ?9 09:15:22 payments1007 SmashPig-Adyen: adyen::195292613:195292613.1 ?| SOAP authorise request threw exception! |?
This is thrown in ?\SmashPig\PaymentProviders\Adyen\Api::createPayment() here , which is only called within a recurring flow.?
One explanation?could be that Adyen did not send over the usual $params['encrypted_payment_data'] data, which would then cause a donation to be treated as recurring.
The donation is also suspicious, the amount and hit count, 6 attempts from the origin IP, stand out.
Happy hunting!
Thanks for all the context jgleeson. It sounds like it might be fraud, and that someone is directly hitting the API endpoint without including all of the expected parameters. We could potentially add more validation in the adyen adapter before making any API calls.
Change 998434 had a related patch set uploaded (by Ejegg; author: Ejegg):
[mediawiki/extensions/DonationInterface@master] Adyen: throw validation errors on missing card info
https://gerrit.wikimedia.org/r/998434
Change 998434 merged by jenkins-bot: