I'm using a fresh install of commerce paypal wps with commerce 1.1.
After being redirected to paypal and successfully paying, if I wait for paypal to automatically redirect me back to my commerce site I am redirected back to the checkout/review page. The payment is deducted from my paypal account, and I receive the expected notification from paypal. However, commerce doesn't recognize the payment and watchdog shows the following error:
IPN rejected: invalid receiver e-mail specified (email@commerce_site.com)
If, instead of waiting to be automatically redirected, I click the link to return to the site (from paypal), I get the order completion page, the same expected response email from paypal (as above), and the order payment is registered by commerce, all as expected.
Any help appreciated.
Comment | File | Size | Author |
---|---|---|---|
#19 | 1418030.paypal_wps_receiver_email_addresses.patch | 3.59 KB | rszrama |
#3 | 1418030-commerce_paypal-email-validation.patch | 939 bytes | mrfelton |
#1 | ipn-1.png | 49.63 KB | starsinmypockets |
#1 | ipn-2.png | 37.81 KB | starsinmypockets |
Comments
Comment #1
starsinmypockets CreditAttribution: starsinmypockets commentedI upgraded the status as this seems fairly serious. I've attached screenshots showing the discrepancy. Will continue debugging this.
Comment #2
starsinmypockets CreditAttribution: starsinmypockets commentedMy receiver email didn't in the payment method rule settings was wrong...
Comment #3
mrfelton CreditAttribution: mrfelton commentedThis problem can manifest if you don't enter the paypal email address in the commerce_paypal rules config exactly as per how you entered it in your paypal account. Email is not case sensitive, so commerce_paypal should ignore case when running this check. Attached patch wraps the checks in
strtolower()
ensuring that you dont get a failure just because you used a different case on one side or the other.Comment #4
noahott CreditAttribution: noahott commentedI was having this same issue but noticed that paypal will always send back IPN information using the primary email address associated with the paypal account. If the email address entered into Paypal Commerce is an email address that is associated with the paypal account, but not the primary, the transaction will go through, but drupal will reject the IPN.
Comment #5
guy_schneerson CreditAttribution: guy_schneerson commented@mrfelton, noahott i cant recreate this issue:
After making the paypal payment I am not redirected back to the site and instead get a paypal thank you page with a link back to the site.
If i click the link i am back on the site order complete page.
at no point is commerce_paypal_wps_paypal_ipn_validate() called only commerce_paypal_wps_redirect_form_validate()
Is this a wps and not wpp?
can you provide instructions on how you managed to get this?
Comment #6
guy_schneerson CreditAttribution: guy_schneerson commentedfound a duplicate of this issue so closing it and linking it in http://drupal.org/node/1552478
Comment #7
jakew CreditAttribution: jakew commentedConfirmed, same problem. It has nothing to do with case; it has to do with the primary/non-primary thing. We're using a non-primary address in the Commerce PayPal WPS config.
In the PayPal page, if I click on the "click here if you're not redirected within 10 seconds" link, it works and I see a Checkout Complete page on my client's site, but if I wait for it to redirect itself, I'm back at the Review Order page, and the log has the message: "IPN rejected: invalid receiver e-mail specified ([primary PayPal email]).
Comment #8
andyg5000Since the issue appears to be related to primary/non-primary PayPal email address and there is nothing this module can do about it, I suggest we move this the the documentation task queue.
Comment #9
rszrama CreditAttribution: rszrama commentedI think we need to document the issue, but we can also commit the patch in #3 with additional code to trim whitespace. We can probably also just add an option to allow incoming IPNs for PayPal WPS from other e-mail addresses. I'm not sure how far down the rabbit hole we need to go, i.e. letting users enter multiple supported addresses, but for now I'll be happy with a flat "only support the listed address vs. support any address" assuming that doesn't expose the site to risk; I don't think it should, since the site still must validate the IPN, but it needs to be researched.
Comment #10
rszrama CreditAttribution: rszrama commentedActually, it does appear part of the IPN validation process involves ensuring the e-mail address is our own. See my comments in the original post of #910344: Add validated IPN support. That tells me we may in fact need a whitelist of acceptable e-mail addresses, and we can just combine that with a hook to let modules respond with additional supported e-mail addresses (in the event that payments are being submitted directly to other users, such as in a marketplace site).
In fact, thinking about it now, this is essential to prevent someone with a PayPal WPS account from submitting a payment to themselves for an order on your site and having the IPN sent to your listener. That would be awkward now, wouldn't it? : P
Comment #11
rszrama CreditAttribution: rszrama commentedOk, I've implemented the intermediate fix as mentioned above, trimming and converting to lower case e-mail addresses before comparing them in IPN validation. We can follow this up after the release with the whitelist feature / hook to support payments from multiple PayPal e-mail addresses.
Commit: http://drupalcode.org/project/commerce_paypal.git/commitdiff/c87926f
Comment #12
rszrama CreditAttribution: rszrama commentedJust updating this to say the feature request is still alive. I'd be happy to commit it in a minor update after the 1.0 release.
Comment #13
rszrama CreditAttribution: rszrama commentedAdding again to say that I've implemented the "multiple acceptable receiver e-mail addresses" feature for the Express Checkout module in the 2.x branch. Let's fix this for WPS in the 2.x branch and then backport to 1.x for a 1.1 release.
Comment #14
kristianb21 CreditAttribution: kristianb21 commentedWas this fixed in the 2.x branch for WPS yet? I currently have commerce_paypal 7.x-2.0-beta1 and I am experiencing the same issues of redirect to the review page even after accepting the payments. On sandbox in the other hand I get the correct results and redirect.
Comment #15
rszrama CreditAttribution: rszrama commentedNope, this issue is still active. When it's fixed, this will be marked fixed or closed (fixed).
Comment #16
kristianb21 CreditAttribution: kristianb21 commentedok cool, I took a look the paypal checkout express and its work really great! ty! let me know if you need any testers for wps.
Comment #17
attiks CreditAttribution: attiks commentedI ran into the same problem, is there a reason why the check is that strict, isn't it possible to allow checking the domain name only? Or disable the check on email all together?
Comment #18
rszrama CreditAttribution: rszrama commentedIt's not possible to do anything other than what I've recommended in #13. This is a requirement of PayPal IPN validation, and it wouldn't be smart for us to fake it or disable it.
Comment #19
rszrama CreditAttribution: rszrama commentedPatch attached for testing.
Comment #20
rszrama CreditAttribution: rszrama commentedWorked good. Committed to 2.x, moving this to backport for 1.x.
Comment #22
cebab54 CreditAttribution: cebab54 as a volunteer commentedMy problem is the same, but I am using Stripe