I'm using a fresh install of commerce paypal wps with commerce 1.1.

After being redirected to paypal and successfully paying, if I wait for paypal to automatically redirect me back to my commerce site I am redirected back to the checkout/review page. The payment is deducted from my paypal account, and I receive the expected notification from paypal. However, commerce doesn't recognize the payment and watchdog shows the following error:

IPN rejected: invalid receiver e-mail specified (email@commerce_site.com)

If, instead of waiting to be automatically redirected, I click the link to return to the site (from paypal), I get the order completion page, the same expected response email from paypal (as above), and the order payment is registered by commerce, all as expected.

Any help appreciated.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

starsinmypockets’s picture

Priority: Normal » Major
FileSize
37.81 KB
49.63 KB

I upgraded the status as this seems fairly serious. I've attached screenshots showing the discrepancy. Will continue debugging this.

starsinmypockets’s picture

Status: Active » Closed (works as designed)

My receiver email didn't in the payment method rule settings was wrong...

mrfelton’s picture

Status: Closed (works as designed) » Needs review
FileSize
939 bytes

This problem can manifest if you don't enter the paypal email address in the commerce_paypal rules config exactly as per how you entered it in your paypal account. Email is not case sensitive, so commerce_paypal should ignore case when running this check. Attached patch wraps the checks in strtolower() ensuring that you dont get a failure just because you used a different case on one side or the other.

noahott’s picture

I was having this same issue but noticed that paypal will always send back IPN information using the primary email address associated with the paypal account. If the email address entered into Paypal Commerce is an email address that is associated with the paypal account, but not the primary, the transaction will go through, but drupal will reject the IPN.

guy_schneerson’s picture

@mrfelton, noahott i cant recreate this issue:
After making the paypal payment I am not redirected back to the site and instead get a paypal thank you page with a link back to the site.
If i click the link i am back on the site order complete page.

at no point is commerce_paypal_wps_paypal_ipn_validate() called only commerce_paypal_wps_redirect_form_validate()

Is this a wps and not wpp?
can you provide instructions on how you managed to get this?

guy_schneerson’s picture

found a duplicate of this issue so closing it and linking it in http://drupal.org/node/1552478

jakew’s picture

Confirmed, same problem. It has nothing to do with case; it has to do with the primary/non-primary thing. We're using a non-primary address in the Commerce PayPal WPS config.

In the PayPal page, if I click on the "click here if you're not redirected within 10 seconds" link, it works and I see a Checkout Complete page on my client's site, but if I wait for it to redirect itself, I'm back at the Review Order page, and the log has the message: "IPN rejected: invalid receiver e-mail specified ([primary PayPal email]).

andyg5000’s picture

Component: PayPal WPS » Documentation
Category: bug » task
Priority: Major » Normal

Since the issue appears to be related to primary/non-primary PayPal email address and there is nothing this module can do about it, I suggest we move this the the documentation task queue.

rszrama’s picture

Title: IPN rejected: invalid receiver email specified when automatically redirected from PayPal back to commerce site » Better support business e-mail address comparison / acceptance
Component: Documentation » PayPal WPS
Status: Needs review » Active

I think we need to document the issue, but we can also commit the patch in #3 with additional code to trim whitespace. We can probably also just add an option to allow incoming IPNs for PayPal WPS from other e-mail addresses. I'm not sure how far down the rabbit hole we need to go, i.e. letting users enter multiple supported addresses, but for now I'll be happy with a flat "only support the listed address vs. support any address" assuming that doesn't expose the site to risk; I don't think it should, since the site still must validate the IPN, but it needs to be researched.

rszrama’s picture

Actually, it does appear part of the IPN validation process involves ensuring the e-mail address is our own. See my comments in the original post of #910344: Add validated IPN support. That tells me we may in fact need a whitelist of acceptable e-mail addresses, and we can just combine that with a hook to let modules respond with additional supported e-mail addresses (in the event that payments are being submitted directly to other users, such as in a marketplace site).

In fact, thinking about it now, this is essential to prevent someone with a PayPal WPS account from submitting a payment to themselves for an order on your site and having the IPN sent to your listener. That would be awkward now, wouldn't it? : P

rszrama’s picture

Category: task » feature

Ok, I've implemented the intermediate fix as mentioned above, trimming and converting to lower case e-mail addresses before comparing them in IPN validation. We can follow this up after the release with the whitelist feature / hook to support payments from multiple PayPal e-mail addresses.

Commit: http://drupalcode.org/project/commerce_paypal.git/commitdiff/c87926f

rszrama’s picture

Just updating this to say the feature request is still alive. I'd be happy to commit it in a minor update after the 1.0 release.

rszrama’s picture

Version: 7.x-1.x-dev » 7.x-2.x-dev

Adding again to say that I've implemented the "multiple acceptable receiver e-mail addresses" feature for the Express Checkout module in the 2.x branch. Let's fix this for WPS in the 2.x branch and then backport to 1.x for a 1.1 release.

kristianb21’s picture

Was this fixed in the 2.x branch for WPS yet? I currently have commerce_paypal 7.x-2.0-beta1 and I am experiencing the same issues of redirect to the review page even after accepting the payments. On sandbox in the other hand I get the correct results and redirect.

rszrama’s picture

Nope, this issue is still active. When it's fixed, this will be marked fixed or closed (fixed).

kristianb21’s picture

ok cool, I took a look the paypal checkout express and its work really great! ty! let me know if you need any testers for wps.

attiks’s picture

I ran into the same problem, is there a reason why the check is that strict, isn't it possible to allow checking the domain name only? Or disable the check on email all together?

rszrama’s picture

It's not possible to do anything other than what I've recommended in #13. This is a requirement of PayPal IPN validation, and it wouldn't be smart for us to fake it or disable it.

rszrama’s picture

Status: Active » Needs review
FileSize
3.59 KB

Patch attached for testing.

rszrama’s picture

Version: 7.x-2.x-dev » 7.x-1.x-dev
Status: Needs review » Patch (to be ported)

Worked good. Committed to 2.x, moving this to backport for 1.x.

  • rszrama committed c87926f on 8.x-1.x
    Issue #1418030 by mrfelton, rszrama: trim whitespace and convert to...
  • rszrama committed 3731d20 on 8.x-1.x
    Issue #1418030 by rszrama: allow additional receiver e-mail addresses...
cebab54’s picture

Issue summary: View changes

My problem is the same, but I am using Stripe