OrderController.php — WooCommerce 10.3.0-beta.2

woocommerce / src / StoreApi / Utilities / OrderController.php

woocommerce / src / StoreApi / Utilities Last commit date

ArrayUtils.php 2 years ago CartController.php 8 months ago CartTokenUtils.php 11 months ago CheckoutTrait.php 11 months ago DraftOrderTrait.php 1 year ago JsonWebToken.php 10 months ago LocalPickupUtils.php 1 year ago NoticeHandler.php 1 year ago OrderAuthorizationTrait.php 2 years ago OrderController.php 8 months ago Pagination.php 2 years ago PaymentUtils.php 1 year ago ProductItemTrait.php 10 months ago ProductQuery.php 8 months ago ProductQueryFilters.php 10 months ago QuantityLimits.php 10 months ago RateLimits.php 1 year ago SanitizationUtils.php 2 years ago ValidationUtils.php 2 years ago

OrderController.php

872 lines

1	<?php
2	declare( strict_types = 1 );
3	namespace Automattic\WooCommerce\StoreApi\Utilities;
4
5	use Automattic\WooCommerce\Blocks\Domain\Services\CheckoutFields;
6	use Automattic\WooCommerce\Blocks\Package;
7	use Automattic\WooCommerce\Internal\Customers\SearchService as CustomerSearchService;
8	use Automattic\WooCommerce\StoreApi\Exceptions\RouteException;
9	use Automattic\WooCommerce\Utilities\ArrayUtil;
10	use Automattic\WooCommerce\Utilities\DiscountsUtil;
11	use Automattic\WooCommerce\Utilities\ShippingUtil;
12	use Exception;
13
14	/**
15	* OrderController class.
16	* Helper class which creates and syncs orders with the cart.
17	*/
18	class OrderController {
19
20	/**
21	* Checkout fields controller.
22	*
23	* @var CheckoutFields
24	*/
25	private CheckoutFields $additional_fields_controller;
26
27	/**
28	* Constructor.
29	*/
30	public function __construct() {
31	$this->additional_fields_controller = Package::container()->get( CheckoutFields::class );
32	}
33
34	/**
35	* Create order and set props based on global settings.
36	*
37	* @throws RouteException Exception if invalid data is detected.
38	*
39	* @return \WC_Order A new order object.
40	*/
41	public function create_order_from_cart() {
42	if ( wc()->cart->is_empty() ) {
43	throw new RouteException(
44	'woocommerce_rest_cart_empty',
45	__( 'Cannot create order from empty cart.', 'woocommerce' ),
46	400
47	);
48	}
49
50	add_filter( 'woocommerce_default_order_status', array( $this, 'default_order_status' ) );
51
52	$order = new \WC_Order();
53	$order->set_status( 'checkout-draft' );
54	$order->set_created_via( 'store-api' );
55	$this->update_order_from_cart( $order );
56
57	remove_filter( 'woocommerce_default_order_status', array( $this, 'default_order_status' ) );
58
59	return $order;
60	}
61
62	/**
63	* Update an order using data from the current cart.
64	*
65	* @param \WC_Order $order The order object to update.
66	* @param boolean $update_totals Whether to update totals or not.
67	*/
68	public function update_order_from_cart( \WC_Order $order, $update_totals = true ) {
69	/**
70	* This filter ensures that local pickup locations are still used for order taxes by forcing the address used to
71	* calculate tax for an order to match the current address of the customer.
72	*
73	* - The method `$customer->get_taxable_address()` runs the filter `woocommerce_customer_taxable_address`.
74	* - While we have a session, our `ShippingController::filter_taxable_address` function uses this hook to set
75	* the customer address to the pickup location address if local pickup is the chosen method.
76	*
77	* Without this code in place, `$customer->get_taxable_address()` is not used when order taxes are calculated,
78	* resulting in the wrong taxes being applied with local pickup.
79	*
80	* The alternative would be to instead use `woocommerce_order_get_tax_location` to return the pickup location
81	* address directly, however since we have the customer filter in place we don't need to duplicate effort.
82	*
83	* @see \WC_Abstract_Order::get_tax_location()
84	*/
85	add_filter(
86	'woocommerce_order_get_tax_location',
87	function ( $location ) {
88
89	if ( ! is_null( wc()->customer ) ) {
90
91	$taxable_address = wc()->customer->get_taxable_address();
92
93	$location = array(
94	'country' => $taxable_address[0],
95	'state' => $taxable_address[1],
96	'postcode' => $taxable_address[2],
97	'city' => $taxable_address[3],
98	);
99	}
100
101	return $location;
102	}
103	);
104
105	// Ensure cart is current.
106	if ( $update_totals ) {
107	wc()->cart->calculate_totals();
108	}
109
110	// Update the current order to match the current cart.
111	$this->update_line_items_from_cart( $order );
112	$this->update_addresses_from_cart( $order );
113	$order->set_currency( get_woocommerce_currency() );
114	$order->set_prices_include_tax( 'yes' === get_option( 'woocommerce_prices_include_tax' ) );
115	$order->set_customer_id( get_current_user_id() );
116	$order->set_customer_ip_address( \WC_Geolocation::get_ip_address() );
117	$order->set_customer_user_agent( wc_get_user_agent() );
118	$order->set_payment_method( PaymentUtils::get_default_payment_method() );
119	$order->update_meta_data( 'is_vat_exempt', wc_bool_to_string( wc()->cart->get_customer()->get_is_vat_exempt() ) );
120	$order->calculate_totals();
121	}
122
123	/**
124	* Copies order data to customer object (not the session), so values persist for future checkouts.
125	*
126	* @param \WC_Order $order Order object.
127	*/
128	public function sync_customer_data_with_order( \WC_Order $order ) {
129	if ( $order->get_customer_id() ) {
130	$customer = new \WC_Customer( $order->get_customer_id() );
131	$customer->set_props(
132	array(
133	'billing_first_name' => $order->get_billing_first_name(),
134	'billing_last_name' => $order->get_billing_last_name(),
135	'billing_company' => $order->get_billing_company(),
136	'billing_address_1' => $order->get_billing_address_1(),
137	'billing_address_2' => $order->get_billing_address_2(),
138	'billing_city' => $order->get_billing_city(),
139	'billing_state' => $order->get_billing_state(),
140	'billing_postcode' => $order->get_billing_postcode(),
141	'billing_country' => $order->get_billing_country(),
142	'billing_email' => $order->get_billing_email(),
143	'billing_phone' => $order->get_billing_phone(),
144	'shipping_first_name' => $order->get_shipping_first_name(),
145	'shipping_last_name' => $order->get_shipping_last_name(),
146	'shipping_company' => $order->get_shipping_company(),
147	'shipping_address_1' => $order->get_shipping_address_1(),
148	'shipping_address_2' => $order->get_shipping_address_2(),
149	'shipping_city' => $order->get_shipping_city(),
150	'shipping_state' => $order->get_shipping_state(),
151	'shipping_postcode' => $order->get_shipping_postcode(),
152	'shipping_country' => $order->get_shipping_country(),
153	'shipping_phone' => $order->get_shipping_phone(),
154	)
155	);
156
157	$this->additional_fields_controller->sync_customer_additional_fields_with_order( $order, $customer );
158
159	$customer->save();
160	}
161	}
162
163	/**
164	* Final validation ran before payment is taken.
165	*
166	* By this point we have an order populated with customer data and items.
167	*
168	* @throws RouteException Exception if invalid data is detected.
169	* @param \WC_Order $order Order object.
170	*/
171	public function validate_order_before_payment( \WC_Order $order ) {
172	$needs_shipping = wc()->cart->needs_shipping();
173	$chosen_shipping_methods = wc()->session->get( 'chosen_shipping_methods', [] );
174
175	$this->validate_coupons( $order );
176	$this->validate_email( $order );
177	$this->validate_selected_shipping_methods( $needs_shipping, $chosen_shipping_methods );
178	$this->validate_addresses( $order, $needs_shipping );
179
180	// Perform custom validations.
181	$this->perform_custom_order_validation( $order );
182	}
183
184	/**
185	* Final validation for existing orders, ran before payment is taken.
186	*
187	* By this point we have an order populated with customer data and items.
188	*
189	* Since the cart is not involved, we don't validate shipping methods and assume the order already
190	* contains the correct shipping items.
191	*
192	* @throws RouteException Exception if invalid data is detected.
193	* @param \WC_Order $order Order object.
194	*/
195	public function validate_existing_order_before_payment( \WC_Order $order ) {
196	$needs_shipping = $order->needs_shipping();
197
198	$this->validate_coupons( $order, true );
199	$this->validate_email( $order );
200	$this->validate_addresses( $order, $needs_shipping );
201
202	// Perform custom validations.
203	$this->perform_custom_order_validation( $order );
204	}
205
206	/**
207	* Perform custom order validation via WooCommerce hooks.
208	*
209	* Allows plugins to perform custom validation before payment.
210	*
211	* @param \WC_Order $order Order object.
212	* @throws RouteException Exception if validation fails.
213	*/
214	protected function perform_custom_order_validation( \WC_Order $order ) {
215	$validation_errors = new \WP_Error();
216
217	/**
218	* Allow plugins to perform custom validation before payment.
219	*
220	* Plugins can add errors to the $validation_errors object.
221	*
222	* @param \WC_Order $order The order object.
223	* @param \WP_Error $validation_errors WP_Error object to add custom errors to.
224	* @since 9.9.0
225	*/
226	do_action( 'woocommerce_checkout_validate_order_before_payment', $order, $validation_errors );
227
228	// Check if there are any errors after custom validation.
229	if ( $validation_errors->has_errors() ) {
230	throw new RouteException(
231	'woocommerce_rest_checkout_custom_validation_error',
232	esc_html( implode( ' ', $validation_errors->get_error_messages() ) ),
233	400
234	);
235	}
236	}
237
238	/**
239	* Convert a coupon code to a coupon object.
240	*
241	* @param string $coupon_code Coupon code.
242	* @return \WC_Coupon Coupon object.
243	*/
244	protected function get_coupon( $coupon_code ) {
245	return new \WC_Coupon( $coupon_code );
246	}
247
248	/**
249	* Validate coupons applied to the order and remove those that are not valid.
250	*
251	* @throws RouteException Exception if invalid data is detected.
252	* @param \WC_Order $order Order object.
253	* @param bool $use_order_data Whether to use order data or cart data.
254	*/
255	protected function validate_coupons( \WC_Order $order, bool $use_order_data = false ) {
256	$coupon_codes = $order->get_coupon_codes();
257	$coupons = array_filter( array_map( array( $this, 'get_coupon' ), $coupon_codes ) );
258	$validators = array( 'validate_coupon_email_restriction', 'validate_coupon_usage_limit' );
259	$coupon_errors = array();
260
261	foreach ( $coupons as $coupon ) {
262	try {
263	array_walk(
264	$validators,
265	function ( $validator, $index, $params ) {
266	call_user_func_array( array( $this, $validator ), $params );
267	},
268	array( $coupon, $order )
269	);
270	} catch ( Exception $error ) {
271	$coupon_errors[ $coupon->get_code() ] = $error->getMessage();
272	}
273	}
274
275	if ( $coupon_errors ) {
276	// Remove all coupons that were not valid.
277	if ( $use_order_data ) {
278	$error_code = 'woocommerce_rest_order_coupon_errors';
279
280	foreach ( $coupon_errors as $coupon_code => $message ) {
281	$order->remove_coupon( $coupon_code );
282	}
283
284	// Recalculate totals.
285	$order->calculate_totals();
286	} else {
287	$error_code = 'woocommerce_rest_cart_coupon_errors';
288
289	foreach ( $coupon_errors as $coupon_code => $message ) {
290	wc()->cart->remove_coupon( $coupon_code );
291	}
292
293	// Recalculate totals.
294	wc()->cart->calculate_totals();
295
296	// Re-sync order with cart.
297	$this->update_order_from_cart( $order );
298	}
299
300	// Return exception so customer can review before payment.
301	if ( 1 === count( $coupon_errors ) && $use_order_data ) {
302	$error_message = sprintf(
303	/* translators: %1$s Coupon codes, %2$s Reason */
304	__( '"%1$s" was removed from the order. %2$s', 'woocommerce' ),
305	array_keys( $coupon_errors )[0],
306	array_values( $coupon_errors )[0],
307	);
308	} elseif ( 1 === count( $coupon_errors ) ) {
309	$error_message = sprintf(
310	/* translators: %1$s Coupon codes, %2$s Reason */
311	__( '"%1$s" was removed from the cart. %2$s', 'woocommerce' ),
312	array_keys( $coupon_errors )[0],
313	array_values( $coupon_errors )[0],
314	);
315	} elseif ( $use_order_data ) {
316	$error_message = sprintf(
317	/* translators: %s Coupon codes. */
318	__( 'Invalid coupons were removed from the order: "%s"', 'woocommerce' ),
319	implode( '", "', array_keys( $coupon_errors ) )
320	);
321	} else {
322	$error_message = sprintf(
323	/* translators: %s Coupon codes. */
324	__( 'Invalid coupons were removed from the cart: "%s"', 'woocommerce' ),
325	implode( '", "', array_keys( $coupon_errors ) )
326	);
327	}
328
329	throw new RouteException( $error_code, $error_message, 409, array( 'removed_coupons' => $coupon_errors ) ); // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
330	}
331	}
332
333	/**
334	* Validates the customer email. This is a required field.
335	*
336	* @throws RouteException Exception if invalid data is detected.
337	* @param \WC_Order $order Order object.
338	*/
339	protected function validate_email( \WC_Order $order ) {
340	$email = $order->get_billing_email();
341
342	if ( empty( $email ) ) {
343	throw new RouteException(
344	'woocommerce_rest_missing_email_address',
345	__( 'A valid email address is required', 'woocommerce' ),
346	400
347	);
348	}
349
350	if ( ! is_email( $email ) ) {
351	throw new RouteException(
352	'woocommerce_rest_invalid_email_address',
353	sprintf(
354	/* translators: %s provided email. */
355	__( 'The provided email address (%s) is not valid—please provide a valid email address', 'woocommerce' ),
356	esc_html( $email )
357	),
358	400
359	);
360	}
361	}
362
363	/**
364	* Validates customer address data based on the locale to ensure required fields are set.
365	*
366	* @throws RouteException Exception if invalid data is detected.
367	* @param \WC_Order $order Order object.
368	* @param bool $needs_shipping Whether the order needs shipping.
369	*/
370	protected function validate_addresses( \WC_Order $order, bool $needs_shipping ) {
371	$errors = new \WP_Error();
372	$billing_country = $order->get_billing_country();
373	$shipping_country = $order->get_shipping_country();
374
375	if ( $needs_shipping ) {
376	$local_pickup_method_ids = LocalPickupUtils::get_local_pickup_method_ids();
377	$selected_shipping_rates = ShippingUtil::get_selected_shipping_rates_from_packages( WC()->shipping()->get_packages() );
378	$selected_shipping_rates_are_all_local_pickup = ArrayUtil::array_all(
379	$selected_shipping_rates,
380	function ( $rate ) use ( $local_pickup_method_ids ) {
381	return in_array( $rate->get_method_id(), $local_pickup_method_ids, true );
382	}
383	);
384
385	// If only local pickup is selected, we don't need to validate the shipping country.
386	if ( ! $selected_shipping_rates_are_all_local_pickup && ! $this->validate_allowed_country( $shipping_country, (array) wc()->countries->get_shipping_countries() ) ) {
387	throw new RouteException(
388	'woocommerce_rest_invalid_address_country',
389	sprintf(
390	/* translators: %s country code. */
391	esc_html__( 'Sorry, we do not ship orders to the provided country (%s)', 'woocommerce' ),
392	esc_html( $shipping_country )
393	),
394	400,
395	array(
396	'allowed_countries' => array_map( 'esc_html', array_keys( wc()->countries->get_shipping_countries() ) ),
397	)
398	);
399	}
400	}
401
402	if ( ! $this->validate_allowed_country( $billing_country, (array) wc()->countries->get_allowed_countries() ) ) {
403	throw new RouteException(
404	'woocommerce_rest_invalid_address_country',
405	sprintf(
406	/* translators: %s country code. */
407	esc_html__( 'Sorry, we do not allow orders from the provided country (%s)', 'woocommerce' ),
408	esc_html( $billing_country )
409	),
410	400,
411	array(
412	'allowed_countries' => array_map( 'esc_html', array_keys( wc()->countries->get_allowed_countries() ) ),
413	)
414	);
415	}
416
417	if ( $needs_shipping ) {
418	$this->validate_address_fields( $order, 'shipping', $errors );
419	}
420	$this->validate_address_fields( $order, 'billing', $errors );
421
422	if ( ! $errors->has_errors() ) {
423	return;
424	}
425
426	$errors_by_code = array();
427	$error_codes = $errors->get_error_codes();
428
429	foreach ( $error_codes as $code ) {
430	$errors_by_code[ $code ] = $errors->get_error_messages( $code );
431	}
432
433	// Surface errors from first code.
434	foreach ( $errors_by_code as $code => $error_messages ) {
435	throw new RouteException(
436	'woocommerce_rest_invalid_address',
437	sprintf(
438	/* translators: %s Address type. */
439	esc_html__( 'There was a problem with the provided %s:', 'woocommerce' ) . ' ' . esc_html( implode( ', ', $error_messages ) ),
440	'shipping' === $code ? esc_html__( 'shipping address', 'woocommerce' ) : esc_html__( 'billing address', 'woocommerce' )
441	),
442	400,
443	array(
444	'errors' => $errors_by_code, // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
445	)
446	);
447	}
448	}
449
450	/**
451	* Check all required address fields are set and return errors if not.
452	*
453	* @param string $country Country code.
454	* @param array $allowed_countries List of valid country codes.
455	* @return boolean True if valid.
456	*/
457	protected function validate_allowed_country( $country, array $allowed_countries ) {
458	return array_key_exists( $country, $allowed_countries );
459	}
460
461	/**
462	* Check all required address fields are set and return errors if not.
463	*
464	* @param \WC_Order $order Order object.
465	* @param string $address_type billing or shipping address, used in error messages.
466	* @param \WP_Error $errors Error object.
467	*/
468	protected function validate_address_fields( \WC_Order $order, $address_type, \WP_Error $errors ) {
469	$all_locales = wc()->countries->get_country_locale();
470	$address = $order->get_address( $address_type );
471	$current_locale = $all_locales[ $address['country'] ] ?? [];
472
473	foreach ( $all_locales['default'] as $key => $value ) {
474	// If $current_locale[ $key ] is not empty, merge it with locale default, otherwise just use default locale.
475	$current_locale[ $key ] = ! empty( $current_locale[ $key ] )
476	? wp_parse_args( $current_locale[ $key ], $value )
477	: $value;
478	}
479
480	$additional_fields = $this->additional_fields_controller->get_all_fields_from_object( $order, $address_type );
481
482	$address = array_merge( $address, $additional_fields );
483
484	foreach ( $current_locale as $address_field_key => $address_field ) {
485	// Skip validation if field is not required or if it is hidden.
486	if (
487	true !== wc_string_to_bool( $address_field['required'] ?? false ) \|\|
488	true === wc_string_to_bool( $address_field['hidden'] ?? false )
489	) {
490	continue;
491	}
492
493	// Check if field is not set, is an empty string, or is an empty array.
494	$is_empty = ! isset( $address[ $address_field_key ] ) \|\|
495	( is_string( $address[ $address_field_key ] ) && '' === trim( $address[ $address_field_key ] ) ) \|\|
496	( is_array( $address[ $address_field_key ] ) && 0 === count( $address[ $address_field_key ] ) );
497
498	if ( $is_empty ) {
499	/* translators: %s Field label. */
500	$errors->add( $address_type, sprintf( __( '%s is required', 'woocommerce' ), $address_field['label'] ), $address_field_key );
501	}
502	}
503
504	// Validate additional fields.
505	$result = $this->additional_fields_controller->validate_fields_for_location( $address, 'address', $address_type );
506
507	if ( $result->has_errors() ) {
508	// Add errors to main error object but ensure they maintain the billing/shipping error code.
509	foreach ( $result->get_error_codes() as $code ) {
510	$errors->add( $address_type, $result->get_error_message( $code ), $code );
511	}
512	}
513	}
514
515	/**
516	* Check email restrictions of a coupon against the order.
517	*
518	* @throws Exception Exception if invalid data is detected.
519	* @param \WC_Coupon $coupon Coupon object applied to the cart.
520	* @param \WC_Order $order Order object.
521	*/
522	protected function validate_coupon_email_restriction( \WC_Coupon $coupon, \WC_Order $order ) {
523	$restrictions = $coupon->get_email_restrictions();
524
525	if ( empty( $restrictions ) ) {
526	return;
527	}
528
529	$check_emails = array();
530
531	// Check the logged-in user's email.
532	$current_user = wp_get_current_user();
533	if ( $current_user->exists() ) {
534	$user_email = trim( sanitize_email( $current_user->user_email ) );
535	if ( ! empty( $user_email ) ) {
536	$check_emails[] = strtolower( $user_email );
537	}
538	}
539
540	// Also check the billing email from the order.
541	$billing_email = $order->get_billing_email();
542	if ( ! empty( $billing_email ) ) {
543	$billing_email = trim( sanitize_email( $billing_email ) );
544	if ( ! empty( $billing_email ) ) {
545	$check_emails[] = strtolower( $billing_email );
546	}
547	}
548
549	// Remove duplicates and empty values.
550	$check_emails = array_unique( array_filter( $check_emails ) );
551
552	if ( ! empty( $check_emails ) && ! DiscountsUtil::is_coupon_emails_allowed( $check_emails, $restrictions ) ) {
553	// phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped
554	throw new Exception( $coupon->get_coupon_error( \WC_Coupon::E_WC_COUPON_NOT_YOURS_REMOVED ) );
555	}
556	}
557
558	/**
559	* Check usage restrictions of a coupon against the order.
560	*
561	* @throws Exception Exception if invalid data is detected.
562	* @param \WC_Coupon $coupon Coupon object applied to the cart.
563	* @param \WC_Order $order Order object.
564	*/
565	protected function validate_coupon_usage_limit( \WC_Coupon $coupon, \WC_Order $order ) {
566	$coupon_usage_limit = $coupon->get_usage_limit_per_user();
567
568	if ( 0 === $coupon_usage_limit ) {
569	return;
570	}
571
572	// First, we check a logged in customer usage count, which happens against their user id, billing email, and account email.
573	if ( $order->get_customer_id() ) {
574	// We get usage per user id and associated emails.
575	$usage_count = $this->get_usage_per_aliases(
576	$coupon,
577	array(
578	$order->get_billing_email(),
579	$order->get_customer_id(),
580	$this->get_email_from_user_id( $order->get_customer_id() ),
581	)
582	);
583	} else {
584	// Otherwise we check if the email doesn't belong to an existing user.
585	// This will get us any user ids for the given billing email.
586	$user_ids = wc_get_container()->get( CustomerSearchService::class )->find_user_ids_by_billing_email_for_coupons_usage_lookup( array( $order->get_billing_email() ) );
587
588	// Convert all found user ids to a list of email addresses.
589	$user_emails = array_map( array( $this, 'get_email_from_user_id' ), $user_ids );
590
591	// This matches a user against the given billing email and gets their ID/email/billing email.
592	$found_user = get_user_by( 'email', $order->get_billing_email() );
593	if ( $found_user ) {
594	$user_ids[] = $found_user->ID;
595	$user_emails[] = $found_user->user_email;
596	$user_emails[] = get_user_meta( $found_user->ID, 'billing_email', true );
597	}
598
599	// Finally, grab usage count for all found IDs and emails.
600	$usage_count = $this->get_usage_per_aliases(
601	$coupon,
602	array_merge(
603	$user_emails,
604	$user_ids,
605	array( $order->get_billing_email() )
606	)
607	);
608	}
609
610	if ( $usage_count >= $coupon_usage_limit ) {
611	throw new Exception( $coupon->get_coupon_error( \WC_Coupon::E_WC_COUPON_USAGE_LIMIT_REACHED ) );
612	}
613	}
614
615	/**
616	* Get user email from user id.
617	*
618	* @param integer $user_id User ID.
619	* @return string Email or empty string.
620	*/
621	private function get_email_from_user_id( $user_id ) {
622	$user_data = get_userdata( $user_id );
623	return $user_data ? $user_data->user_email : '';
624	}
625
626	/**
627	* Get the usage count for a coupon based on a list of aliases (ids, emails).
628	*
629	* @param \WC_Coupon $coupon Coupon object applied to the cart.
630	* @param array $aliases List of aliases to check.
631	*
632	* @return integer
633	*/
634	private function get_usage_per_aliases( $coupon, $aliases ) {
635	global $wpdb;
636	$aliases = array_unique( array_filter( $aliases ) );
637	$aliases_string = "('" . implode( "','", array_map( 'esc_sql', $aliases ) ) . "')";
638	$usage_count = $wpdb->get_var(
639	$wpdb->prepare(
640	// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
641	"SELECT COUNT( meta_id ) FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_used_by' AND meta_value IN {$aliases_string};",
642	$coupon->get_id(),
643	)
644	);
645
646	$data_store = $coupon->get_data_store();
647	// Coupons can be held for an x amount of time before being applied to an order, so we need to check if it's already being held in (maybe via another flow).
648	$tentative_usage_count = $data_store->get_tentative_usages_for_user( $coupon->get_id(), $aliases );
649	return $tentative_usage_count + $usage_count;
650	}
651
652	/**
653	* Check there is a shipping method if it requires shipping.
654	*
655	* @throws RouteException Exception if invalid data is detected.
656	* @param boolean $needs_shipping Current order needs shipping.
657	* @param array $chosen_shipping_methods Array of shipping methods.
658	*/
659	public function validate_selected_shipping_methods( $needs_shipping, $chosen_shipping_methods = array() ) {
660	if ( ! $needs_shipping ) {
661	return;
662	}
663
664	$exception = new RouteException(
665	'woocommerce_rest_invalid_shipping_option',
666	__( 'Sorry, this order requires a shipping option.', 'woocommerce' ),
667	400,
668	array()
669	);
670
671	if ( ! is_array( $chosen_shipping_methods ) \|\| empty( $chosen_shipping_methods ) ) {
672	throw $exception;
673	}
674
675	// Validate that the chosen shipping methods are valid according to the returned package rates.
676	$packages = WC()->shipping()->get_packages();
677	foreach ( $packages as $package_id => $package ) {
678	$chosen_rate_for_package = $chosen_shipping_methods[ $package_id ];
679	$valid_rate_ids_for_package = wp_list_pluck( $package['rates'], 'id' );
680
681	if ( ! is_string( $chosen_rate_for_package ) \|\| ! ArrayUtils::string_contains_array( $chosen_rate_for_package, $valid_rate_ids_for_package ) ) {
682	throw $exception;
683	}
684	}
685	}
686
687	/**
688	* Validate a given order key against an existing order.
689	*
690	* @throws RouteException Exception if invalid data is detected.
691	* @param integer $order_id Order ID.
692	* @param string $order_key Order key.
693	*/
694	public function validate_order_key( $order_id, $order_key ) {
695	$order = wc_get_order( $order_id );
696
697	if ( ! $order \|\| ! $order_key \|\| $order->get_id() !== $order_id \|\| ! hash_equals( $order->get_order_key(), $order_key ) ) {
698	throw new RouteException( 'woocommerce_rest_invalid_order', __( 'Invalid order ID or key provided.', 'woocommerce' ), 401 );
699	}
700	}
701
702	/**
703	* Get errors for order stock on failed orders.
704	*
705	* @throws RouteException Exception if invalid data is detected.
706	* @param integer $order_id Order ID.
707	*/
708	public function get_failed_order_stock_error( $order_id ) {
709	$order = wc_get_order( $order_id );
710
711	// Ensure order items are still stocked if paying for a failed order. Pending orders do not need this check because stock is held.
712	if ( ! $order->has_status( wc_get_is_pending_statuses() ) ) {
713	$quantities = array();
714
715	foreach ( $order->get_items() as $item_key => $item ) {
716	if ( $item && is_callable( array( $item, 'get_product' ) ) ) {
717	$product = $item->get_product();
718
719	if ( ! $product ) {
720	continue;
721	}
722
723	$quantities[ $product->get_stock_managed_by_id() ] = isset( $quantities[ $product->get_stock_managed_by_id() ] ) ? $quantities[ $product->get_stock_managed_by_id() ] + $item->get_quantity() : $item->get_quantity();
724	}
725	}
726
727	// Stock levels may already have been adjusted for this order (in which case we don't need to worry about checking for low stock).
728	if ( ! $order->get_data_store()->get_stock_reduced( $order->get_id() ) ) {
729	foreach ( $order->get_items() as $item_key => $item ) {
730	if ( $item && is_callable( array( $item, 'get_product' ) ) ) {
731	$product = $item->get_product();
732
733	if ( ! $product ) {
734	continue;
735	}
736
737	/**
738	* Filters whether or not the product is in stock for this pay for order.
739	*
740	* @param boolean True if in stock.
741	* @param \WC_Product $product Product.
742	* @param \WC_Order $order Order.
743	*
744	* @since 9.8.0-dev
745	*/
746	if ( ! apply_filters( 'woocommerce_pay_order_product_in_stock', $product->is_in_stock(), $product, $order ) ) {
747	return array(
748	'code' => 'woocommerce_rest_out_of_stock',
749	/* translators: %s: product name */
750	'message' => sprintf( __( 'Sorry, "%s" is no longer in stock so this order cannot be paid for. We apologize for any inconvenience caused.', 'woocommerce' ), $product->get_name() ),
751	);
752	}
753
754	// We only need to check products managing stock, with a limited stock qty.
755	if ( ! $product->managing_stock() \|\| $product->backorders_allowed() ) {
756	continue;
757	}
758
759	// Check stock based on all items in the cart and consider any held stock within pending orders.
760	$held_stock = wc_get_held_stock_quantity( $product, $order->get_id() );
761	$required_stock = $quantities[ $product->get_stock_managed_by_id() ];
762
763	/**
764	* Filters whether or not the product has enough stock.
765	*
766	* @param boolean True if has enough stock.
767	* @param \WC_Product $product Product.
768	* @param \WC_Order $order Order.
769	*
770	* @since 9.8.0-dev
771	*/
772	if ( ! apply_filters( 'woocommerce_pay_order_product_has_enough_stock', ( $product->get_stock_quantity() >= ( $held_stock + $required_stock ) ), $product, $order ) ) {
773	/* translators: 1: product name 2: quantity in stock */
774	return array(
775	'code' => 'woocommerce_rest_out_of_stock',
776	/* translators: %s: product name */
777	'message' => sprintf( __( 'Sorry, we do not have enough "%1$s" in stock to fulfill your order (%2$s available). We apologize for any inconvenience caused.', 'woocommerce' ), $product->get_name(), wc_format_stock_quantity_for_display( $product->get_stock_quantity() - $held_stock, $product ) ),
778	);
779	}
780	}
781	}
782	}
783	}
784
785	return null;
786	}
787
788	/**
789	* Changes default order status to draft for orders created via this API.
790	*
791	* @return string
792	*/
793	public function default_order_status() {
794	return 'checkout-draft';
795	}
796
797	/**
798	* Create order line items.
799	*
800	* @param \WC_Order $order The order object to update.
801	*/
802	protected function update_line_items_from_cart( \WC_Order $order ) {
803	$cart_controller = new CartController();
804	$cart = $cart_controller->get_cart_instance();
805	$cart_hashes = $cart_controller->get_cart_hashes();
806
807	if ( $order->get_cart_hash() !== $cart_hashes['line_items'] ) {
808	$order->set_cart_hash( $cart_hashes['line_items'] );
809	$order->remove_order_items( 'line_item' );
810	wc()->checkout->create_order_line_items( $order, $cart );
811	}
812
813	if ( $order->get_meta( '_shipping_hash' ) !== $cart_hashes['shipping'] ) {
814	$order->update_meta_data( '_shipping_hash', $cart_hashes['shipping'] );
815	$order->remove_order_items( 'shipping' );
816	wc()->checkout->create_order_shipping_lines( $order, wc()->session->get( 'chosen_shipping_methods' ), wc()->shipping()->get_packages() );
817	}
818
819	if ( $order->get_meta( '_coupons_hash' ) !== $cart_hashes['coupons'] ) {
820	$order->remove_order_items( 'coupon' );
821	$order->update_meta_data( '_coupons_hash', $cart_hashes['coupons'] );
822	wc()->checkout->create_order_coupon_lines( $order, $cart );
823	}
824
825	if ( $order->get_meta( '_fees_hash' ) !== $cart_hashes['fees'] ) {
826	$order->update_meta_data( '_fees_hash', $cart_hashes['fees'] );
827	$order->remove_order_items( 'fee' );
828	wc()->checkout->create_order_fee_lines( $order, $cart );
829	}
830
831	if ( $order->get_meta( '_taxes_hash' ) !== $cart_hashes['taxes'] ) {
832	$order->update_meta_data( '_taxes_hash', $cart_hashes['taxes'] );
833	$order->remove_order_items( 'tax' );
834	wc()->checkout->create_order_tax_lines( $order, $cart );
835	}
836	}
837
838	/**
839	* Update address data from cart and/or customer session data.
840	*
841	* @param \WC_Order $order The order object to update.
842	*/
843	protected function update_addresses_from_cart( \WC_Order $order ) {
844	$order->set_props(
845	array(
846	'billing_first_name' => wc()->customer->get_billing_first_name(),
847	'billing_last_name' => wc()->customer->get_billing_last_name(),
848	'billing_company' => wc()->customer->get_billing_company(),
849	'billing_address_1' => wc()->customer->get_billing_address_1(),
850	'billing_address_2' => wc()->customer->get_billing_address_2(),
851	'billing_city' => wc()->customer->get_billing_city(),
852	'billing_state' => wc()->customer->get_billing_state(),
853	'billing_postcode' => wc()->customer->get_billing_postcode(),
854	'billing_country' => wc()->customer->get_billing_country(),
855	'billing_email' => wc()->customer->get_billing_email(),
856	'billing_phone' => wc()->customer->get_billing_phone(),
857	'shipping_first_name' => wc()->customer->get_shipping_first_name(),
858	'shipping_last_name' => wc()->customer->get_shipping_last_name(),
859	'shipping_company' => wc()->customer->get_shipping_company(),
860	'shipping_address_1' => wc()->customer->get_shipping_address_1(),
861	'shipping_address_2' => wc()->customer->get_shipping_address_2(),
862	'shipping_city' => wc()->customer->get_shipping_city(),
863	'shipping_state' => wc()->customer->get_shipping_state(),
864	'shipping_postcode' => wc()->customer->get_shipping_postcode(),
865	'shipping_country' => wc()->customer->get_shipping_country(),
866	'shipping_phone' => wc()->customer->get_shipping_phone(),
867	)
868	);
869	$this->additional_fields_controller->sync_order_additional_fields_with_customer( $order, wc()->customer );
870	}
871	}
872