Magento 2 Critical Bug Alert: Async Emails Trigger Duplicate Gift Card Refunds
Magento 2 Critical Bug Alert: Async Emails Trigger Duplicate Gift Card Refunds
As e-commerce migration experts at Shopping Mover, we constantly monitor the Magento ecosystem for critical issues that can impact merchants and developers. A recent GitHub issue (#40473) has surfaced, highlighting a severe bug within Magento 2.4.8-p3 that can lead to significant financial discrepancies: duplicate gift card refunds when asynchronous email sending is enabled.
The Problem: Doubled Gift Card Balances on Refund
The core of the issue lies in how Magento handles gift card refunds when the sales_email/general/async_sending configuration is set to 1 (enabled). Under these specific conditions, refunding an order that was paid for, either partially or fully, with a gift card results in the gift card's balance being credited twice the original refunded amount. For example, if a customer used a 20 euro gift card and then received a full refund, their gift card balance would incorrectly show 40 euros instead of the original 20 euros.
Steps to Reproduce the Bug
The issue author, LeanderFS, meticulously outlined the steps required to replicate this critical bug:
- Ensure your Magento 2 instance is running version 2.4.8-p3.
- Verify that asynchronous sales email sending is enabled (
sales_email/general/async_sendingset to1). - As a guest user, create a new gift card account with any amount.
- Order a product and use the newly created gift card account for payment (either partial or full).
- Create a credit memo to refund the order.
- Manually execute the
sales_send_order_creditmemo_emailscron job.
Following these steps, the expected result would be the gift card balance returning to its initial state before the purchase. However, the actual result is a balance that is twice the original amount, indicating a double refund.
The Technical Root Cause: Observer Triggering and Missing Guards
The issue description provides a clear explanation of the underlying technical flaw. When asynchronous email sending is active, the process of sending credit memo emails inadvertently triggers the sales_order_creditmemo_save_after event observer a second time. This happens because of the email_sent flag, which, in an async context, causes the system to re-evaluate or re-process aspects related to the credit memo save event.
The critical vulnerability lies within the \Magento\GiftCardAccount\Observer\CreditmemoSaveAfter observer. This specific observer is responsible for adjusting gift card balances after a credit memo is saved. However, it currently lacks a crucial "guarding mechanism." This means it does not check whether a gift card has already been refunded for a particular credit memo. Consequently, when the sales_order_creditmemo_save_after event is triggered a second time due to async email processing, the observer processes the refund again, leading to the erroneous doubling of the gift card balance.
This oversight can have significant financial implications for merchants, potentially leading to substantial losses if not addressed promptly.
Community Response and Next Steps
At the time of this insight, the GitHub issue has received an automated response from the m2-assistant[bot], requesting confirmation of reproducibility on a vanilla Magento instance and providing guidance on the contribution process. While this is a standard procedure for new bug reports, it highlights that a community-contributed fix or an official patch is still pending.
For merchants and developers running Magento 2.4.8-p3 with asynchronous email sending and gift card functionality, this bug represents a critical concern. Monitoring this GitHub issue (#40473) for updates, potential workarounds, or official patches will be crucial. Until a fix is available, businesses relying heavily on gift cards and async email functionality might need to consider temporary workarounds or disable async email sending for sales emails if the risk is too high.
Shopping Mover will continue to track this and other vital Magento issues, providing timely insights to help the community navigate the complexities of the platform.