Update PaymentIntent amount if cart changed on retry

Moved fee calculation before PI check so we can compare amounts. If existing PaymentIntent has different amount than current cart, update it via Stripe API before returning. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-17 19:06:01 -08:00 · 2026-02-17 19:06:01 -08:00 · bbfbbf1963
commit bbfbbf1963
parent d0f0f86176
1 changed files with 53 additions and 39 deletions
--- a/api/stripe/createPaymentIntent.cfm
+++ b/api/stripe/createPaymentIntent.cfm
@ -83,45 +83,6 @@ try {
        WHERE o.ID = :orderID
    ", { orderID: orderID }, { datasource: "payfrit" });

-    // Check if order already has a PaymentIntent - retrieve and reuse if still valid
-    existingPiId = qOrder.StripePaymentIntentID ?: "";
-    if (qOrder.recordCount > 0 && len(trim(existingPiId)) > 0) {
-        // Retrieve existing PaymentIntent from Stripe
-        piRetrieve = new http();
-        piRetrieve.setMethod("GET");
-        piRetrieve.setUrl("https://api.stripe.com/v1/payment_intents/#existingPiId#");
-        piRetrieve.setUsername(stripeSecretKey);
-        piRetrieve.setPassword("");
-        piResult = piRetrieve.send().getPrefix();
-        existingPi = deserializeJSON(piResult.fileContent);
-
-        if (!structKeyExists(existingPi, "error")) {
-            piStatus = existingPi.status ?: "";
-            // Reusable states: can still complete payment
-            if (listFindNoCase("requires_payment_method,requires_confirmation,requires_action", piStatus)) {
-                // Return existing PaymentIntent - user can retry with same one
-                response["OK"] = true;
-                response["CLIENT_SECRET"] = existingPi.client_secret;
-                response["PAYMENT_INTENT_ID"] = existingPi.id;
-                response["PUBLISHABLE_KEY"] = application.stripePublishableKey ?: "pk_test_sPBNzSyJ9HcEPJGC7dSo8NqN";
-                response["REUSED"] = true;
-                writeOutput(serializeJSON(response));
-                abort;
-            } else if (piStatus == "succeeded") {
-                // Already paid - don't create another
-                response["OK"] = false;
-                response["ERROR"] = "already_paid";
-                response["MESSAGE"] = "This order has already been paid.";
-                writeOutput(serializeJSON(response));
-                abort;
-            }
-            // Other terminal states (canceled, etc.) - clear and create new
-        }
-        // PaymentIntent not found or terminal - clear it from order
-        queryExecute("UPDATE Orders SET StripePaymentIntentID = NULL WHERE ID = :orderID",
-            { orderID: orderID }, { datasource: "payfrit" });
-    }
-
    deliveryFee = 0;
    if (qOrder.recordCount > 0 && qOrder.OrderTypeID == 3) {
        deliveryFee = val(qOrder.DeliveryFee);
@ -169,6 +130,59 @@ try {
    totalAmountCents = round(totalCustomerPays * 100);
    totalPlatformFeeCents = round((payfritCustomerFee + payfritBusinessFee) * 100);

+    // ============================================================
+    // CHECK FOR EXISTING PAYMENTINTENT - REUSE OR UPDATE IF VALID
+    // ============================================================
+    existingPiId = qOrder.StripePaymentIntentID ?: "";
+    if (qOrder.recordCount > 0 && len(trim(existingPiId)) > 0) {
+        // Retrieve existing PaymentIntent from Stripe
+        piRetrieve = new http();
+        piRetrieve.setMethod("GET");
+        piRetrieve.setUrl("https://api.stripe.com/v1/payment_intents/#existingPiId#");
+        piRetrieve.setUsername(stripeSecretKey);
+        piRetrieve.setPassword("");
+        piResult = piRetrieve.send().getPrefix();
+        existingPi = deserializeJSON(piResult.fileContent);
+
+        if (!structKeyExists(existingPi, "error")) {
+            piStatus = existingPi.status ?: "";
+            // Reusable states: can still complete payment
+            if (listFindNoCase("requires_payment_method,requires_confirmation,requires_action", piStatus)) {
+                // Check if amount changed (cart modified)
+                if (existingPi.amount != totalAmountCents) {
+                    // Update the PaymentIntent with new amount
+                    piUpdate = new http();
+                    piUpdate.setMethod("POST");
+                    piUpdate.setUrl("https://api.stripe.com/v1/payment_intents/#existingPiId#");
+                    piUpdate.setUsername(stripeSecretKey);
+                    piUpdate.setPassword("");
+                    piUpdate.addParam(type="formfield", name="amount", value=totalAmountCents);
+                    piUpdateResult = piUpdate.send().getPrefix();
+                    existingPi = deserializeJSON(piUpdateResult.fileContent);
+                }
+                // Return existing PaymentIntent
+                response["OK"] = true;
+                response["CLIENT_SECRET"] = existingPi.client_secret;
+                response["PAYMENT_INTENT_ID"] = existingPi.id;
+                response["PUBLISHABLE_KEY"] = application.stripePublishableKey ?: "pk_test_sPBNzSyJ9HcEPJGC7dSo8NqN";
+                response["REUSED"] = true;
+                writeOutput(serializeJSON(response));
+                abort;
+            } else if (piStatus == "succeeded") {
+                // Already paid - don't create another
+                response["OK"] = false;
+                response["ERROR"] = "already_paid";
+                response["MESSAGE"] = "This order has already been paid.";
+                writeOutput(serializeJSON(response));
+                abort;
+            }
+            // Other terminal states (canceled, etc.) - clear and create new
+        }
+        // PaymentIntent not found or terminal - clear it from order
+        queryExecute("UPDATE Orders SET StripePaymentIntentID = NULL WHERE ID = :orderID",
+            { orderID: orderID }, { datasource: "payfrit" });
+    }
+
    // ============================================================
    // STRIPE CUSTOMER (for saving payment methods)
    // ============================================================