Coupon Issues: Customer get charged, Order fails and go to missing orders

When a customer uses a coupon code (or store credit), the payment goes through to the payment merchant, however, the customer received an order failure message. Requesting them to try again, only for them to get charged all over again. In Admin, the order goes to missing orders.

I suspect a mismatch in the expected total and the discounted total may be triggering the anti-fraud mechanism.
Please how do I solve this? I had thought purchasing a coupon code extension will fix this, but it did not. ($44 dollars purchase not justified )

Version 3.0.3.2

More likely to be an issue with the payment module. Which one are you using?

I am using SQUARE which is inbuilt with the Version 3.0.3.2. If no coupon or any form of discount (store credit, voucher, etc) is used then everything is fine. I had this issue when I was using Braintree as well.

Could this have anything to do with anti-fraud getting triggered as been discussed on this thread...
(https://github.com/opencart/opencart/issues/3657)

I enable debug on Square. I pasted it below. Does it give an indication what the problem is? I cant figure out anything from it

Below is from the error log:
2020-06-29 19:31:03 - SQUAREUP DEBUG START...
2020-06-29 19:31:03 - SQUAREUP ENDPOINT: https://connect.squareup.com/v2/locatio ... ansactions
2020-06-29 19:31:03 - SQUAREUP HEADERS: Array
(
[0] => Authorization: Bearer EAAAEOhBJTifYE8c2OGJ-Iik8D9lThKw31-XqU51oJ-WgHw06Tm5NsXJhwW
[1] => Content-Type: application/json
[2] => Square-Version: 2018-09-18
)

2020-06-29 19:31:03 - SQUAREUP PARAMS: {"note":"Order #360","reference_id":"360","idempotency_key":"5efa417797","amount_money":{"amount":1447,"currency":"GBP"},"billing_address":{"first_name":"A","last_name":"A","address_line_1":"FLAT 1, ","address_line_2":"B","locality":"M KEYNES","sublocality":"Buckinghamshire","postal_code":"MK2","country":"GB","organization":"A"},"buyer_email_address":"admin@co.uk","delay_capture":false,"integration_id":"sqi_65a5ac54459940e3600a8561829","shipping_address":{"first_name":"S ","last_name":"A","address_line_1":"5 , ","address_line_2":"S,","locality":"R,","sublocality":"Berkshire","postal_code":"RG7","country":"GB","organization":""},"card_nonce":"cnon:CBESEPYVmjHBrDFO8OC7v0"}
2020-06-29 19:31:05 - SQUAREUP VERBOSE LOG:
* Trying 74.122.189.132:443...
* Connected to connect.squareup.com (74.123.189.152) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Square, Inc.; CN=*.squareup.com
* start date: Dec 4 19:05:22 2019 GMT
* expire date: Dec 3 19:35:22 2020 GMT
* subjectAltName: host "connect.squareup.com" matched cert's "*.squareup.com"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x559eace90e80)
> POST /v2/locations/1WHB8909E6AR4/transactions HTTP/2
Host: connect.squareup.com
accept: */*
authorization: Bearer EAAAEOhBJTifYE8c2OGJ-Iik8D9lThKw31-XqU51oJ-WgHw06Tm5NsXJhw
content-type: application/json
square-version: 2018-09-18
content-length: 799

* We are completely uploaded and fine
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< content-type: application/json
< square-version: 2018-09-18
< vary: Origin, Accept-Encoding
< x-content-type-options: nosniff
< x-download-options: noopen
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-xss-protection: 1; mode=block
< date: Mon, 29 Jun 2020 19:31:05 GMT
< content-length: 603
< strict-transport-security: max-age=631152000; includeSubDomains; preload
<
* Connection #0 to host connect.squareup.com left intact
=========
2020-06-29 19:31:05 - SQUAREUP RESULT: {"transaction":{"id":"F3CZpj5Gn1S69ta5EiBm","location_id":"1WHB8909E","created_at":"2020-06-29T19:31:05Z","tenders":[{"id":"3jGBOVepJkBF691oGpZekcCCvaB","location_id":"1WHB8909E6","transaction_id":"F3CZpj5Gn1S69ta5EiBmC","created_at":"2020-06-29T19:31:04Z","note":"Order #360","amount_money":{"amount":1447,"currency":"GBP"},"type":"CARD","card_details":{"status":"CAPTURED","card":{"card_brand":"MASTERCARD","last_4":"2000","fingerprint":"sq-1-31J68_SYUTZqFCP3DSCkrQX92FeNfcmgPUlGUg0zV_ybSm4gFM1Cq6aI5l"},"entry_method":"KEYED"}}],"reference_id":"360","product":"EXTERNAL_API"}}

That issue was supposedly fixed in 3.x. It would only affect payment modules that uses a callback, which I don't think Squareup does (the customer probably wouldn't get an error message). The issue suggests that the the order will not be missing but just have the status set to the Fraud Order Status setting. However that doesn't mean it's not related.

What is the Fraud Order Status set to in the settings?
Does your theme change the check out in anyway?
Do you get the issue using the default theme?
What extensions are you using that could affect the checkout or coupons?
What is the exact error message the customer sees?

Thank you for getting back to me:

After making payments, it comes back with error " Unexpected website error. Please contact the store owner on +44 1234567 or e-mail admin@gmail.com. Note that your transaction may be processed." And then it goes ahead to charge their card while the order is sent to missing (cancelled) order. (I have been testing this with my card. Square doesn't have sandbox). If no coupon, store credit or voucher is used, everything is fine.

What is the Fraud Order Status set to in the settings? It is sent to Pending ( Previously on cancelled).
Does your theme change the check out in any way? No, it does not. I am using the default Opencart setup
Do you get the issue using the default theme? I am using the default theme
What extensions are you using that could affect the checkout or coupons?: I do not have any extra extensions for coupons or checkout. It is all basic, I had thought buying a coupon extension will probably override any bug, but it comes back the same.
What is the exact error message the customer sees? " Unexpected website error. Please contact the store owner.... Note that your transaction may be processed."

From your description and logs posted, it looks like the transaction is added and payment made. https://github.com/opencart/opencart/bl ... p.php#L165

But is not reaching or completing the point where the order is moved from missing to complete by add to the history.
https://github.com/opencart/opencart/bl ... p.php#L224

Some more question that may help you work out where the problem is.
What version of PHP?
Has the Squareup payment module been updated or modified from? Just asking as I can't see the output for SQUAREUP VERBOSE LOG in the 3.0.3.2 code.
Is there any difference in the SQUAPEUP log data between completed and failed order?
Do you see any entry for the missing orders in the oc_squareup_transaction table in your database?
Are there any errors that could be related in your OpenCart error log?
Are there any errors could be related in your PHP error log? Maybe a error_log file in public_html or in a logs directory one level up.
In your web access logs at the time of the failed orders, do the entries for POST index.php?route=extension/payment/squareup/checkout always have a 200 status?

So i asked iSenselab the developer for Square extension if Square is using call back function. Think it might be.
=======================
Thank you for the reply,

Once the order is confirmed by square a response is sent back to the extension as well.

Hope this answers your question.