Change idempotency key to uuid v4

woocommerce · Feb 27, 2025 · 40f4b70 · 40f4b70
1 parent 55c841c
commit 40f4b70
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 16 deletions.
diff --git a/includes/class-wc-stripe-api.php b/includes/class-wc-stripe-api.php
@@ -124,16 +124,9 @@ public static function get_idempotency_key( $api, $method, $request ) {
 			$source   = ! empty( $request['source'] ) ? $request['source'] : $customer;
 			return $request['metadata']['order_id'] . '-' . $source;
 		} elseif ( 'payment_intents' === $api && 'POST' === $method ) {
-			if ( empty( $request['metadata']['signature'] ) ||
-				empty( $request['payment_method'] ) ) {
-				return null;
-			}
-			// Order signature is derived from the order id, order key, customer id,
-			// order total and currency. We add the payment method ID to the idempotency key
-			// to allow orders to be retried with a different payment method, e.g. card was
-			// declined, and the shopper retried using Klarna.
-			// TODO: check if billing/shipping details need to be added.
-			return $request['metadata']['signature'] . '-' . $request['payment_method'];
+			// https://docs.stripe.com/api/idempotent_requests suggests using
+			// v4 uuids for idempotency keys.
+			return wp_generate_uuid4();
 		}
 
 		return null;

diff --git a/tests/phpunit/test-wc-stripe-intent-controller.php b/tests/phpunit/test-wc-stripe-intent-controller.php
@@ -290,11 +290,7 @@ public function test_idempotency_key_for_create_and_confirm_payment_intent() {
 					],
 				],
 			],
-			'metadata'                      => [
-				'_stripe_metadata' => '123',
-				'order_id'         => $this->order->get_id(),
-				'signature'        => $this->order->get_id() . ':abc123',
-			],
+			'metadata'                      => [ '_stripe_metadata' => '123' ],
 			'order'                         => $this->order,
 			'payment_method'                => 'pm_mock',
 			'shipping'                      => [],
@@ -305,7 +301,7 @@ public function test_idempotency_key_for_create_and_confirm_payment_intent() {
 		];
 
 		$test_request = function ( $preempt, $parsed_args, $url ) {
-			$this->assertEquals( $this->order->get_id() . ':abc123-pm_mock', $parsed_args['headers']['Idempotency-Key'] );
+			$this->assertNotEmpty( $parsed_args['headers']['Idempotency-Key'] );
 
 			return [
 				'response' => 200,