Skip to content

Fixed decision processing, user ID mapping, and zendesk notification ordering #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

Fixed decision processing, user ID mapping, and zendesk notification ordering #51

wants to merge 1 commit into from
+23 −2

Conversation

@tx2pnw
Copy link
Contributor

@tx2pnw tx2pnw commented Nov 4, 2025

Related to #FRAUD-118
Related to https://github.com/Automattic/woocommerce.com/pull/24635

Description

This PR improves fraud decision handling in Sift for WooCommerce by fixing decision processing, user ID mapping, and notification ordering.

Changes in this PR

Fraud Decision Processing

  • Normalized manual decision handling: When processing the manual decision likely_fraud_keep_purchases_payment_abuse, the code now correctly normalizes it to
    likely_fraud_block_keep_purch_payment_abuse before sending to Sift (abuse-decisions.php:155-158). This ensures Sift logs the correct decision ID in their system.
  • Added decision case handling: The manual decision processor now handles both likely_fraud_keep_purchases_payment_abuse and likely_fraud_block_keep_purch_payment_abuse decision
    IDs (abuse-decisions.php:155-156).

User ID Translation

  • Fixed user ID mapping for Sift decisions: Added user ID translation using the sift_for_woocommerce_translate_user_id_for_decision filter before sending manual decisions to Sift (abuse-decisions.php:281-284). This ensures the correct WordPress user ID is sent to Sift instead of the WC.com user ID.

Notification Ordering

  • Reordered Zendesk notification: Moved the sift_for_woocommerce_send_decision_notification action to fire BEFORE the sift_for_woocommerce_likely_fraud_keep_purchases_payment_abuse action (abuse-decisions.php:53-54). This ensures the Zendesk ticket is created before the user block is applied, preventing duplicate notifications for users who are already blocked.

Public API

  • Added has_new_purchase_block() helper method: Exposed a public static method Sift_For_WooCommerce::has_new_purchase_block($user_id) that can be easily used by other plugins (like the sidecar or WooCommerce.com) to determine a user's fraud flag status without directly accessing user meta (sift-for-woocommerce.php:184-197).

Why These Changes Were Needed

  1. Prevent duplicate Zendesk notifications: By moving the notification before the block action, we ensure that the notification check for existing blocks happens before we set the block flag, preventing duplicate tickets from being sent when a user is already blocked.
  2. Fix Sift decision logging: Sift was not receiving the correct decision ID (likely_fraud_block_keep_purch_payment_abuse) when processing likely_fraud_keep_purchases_payment_abuse manual decisions. This normalization ensures Sift's system correctly logs the manual decision.
  3. Correct user identification: Manual decisions were being sent to Sift with WC.com user IDs instead of WordPress user IDs, causing mismatches in Sift's system. The translation filter ensures the correct user ID format is used.
  4. Enable external fraud status checks: The new public helper method provides a clean API for other systems to check fraud status without tight coupling to internal implementation details (user meta keys).

Testing instructions

npm start
npm test --

Full manual test instructions are in https://github.com/Automattic/woocommerce.com/pull/24635

Mentions #

@tx2pnw tx2pnw requested a review from a team November 4, 2025 18:41
@tx2pnw tx2pnw self-assigned this Nov 4, 2025
@tx2pnw tx2pnw force-pushed the fix/FRAUD-118-sift-for-woo-improvements branch from 3fead46 to 224d37e Compare November 4, 2025 18:44
@github-actions
Copy link

github-actions bot commented Nov 4, 2025

Code Coverage

Package Line Rate Complexity Health
inc/payment-gateways/index.php 0% 0
inc/payment-gateways/lib/stripe.php 63% 77
inc/payment-gateways/load.php 0% 0
inc/payment-gateways/ppcp-gateway.php 31% 26
inc/payment-gateways/stripe.php 26% 17
inc/payment-gateways/transact.php 100% 0
inc/payment-gateways/woocommerce-payments.php 30% 8
inc/rest-api.php 0% 18
inc/sift-decisions/abuse-decisions.php 2% 37
inc/sift-decisions/sift-decision-rest-api-webhooks.php 0% 10
inc/sift-events/class-sift-event-types.php 100% 4
inc/sift-events/normalizers/sift-order.php 96% 6
inc/sift-events/normalizers/sift-payment-gateway.php 100% 5
inc/sift-events/normalizers/sift-payment-method.php 80% 33
inc/sift-events/normalizers/sift-payment-type.php 83% 3
inc/sift-events/normalizers/sift-property.php 100% 3
inc/sift-events/normalizers/sift-verification-status.php 50% 3
inc/sift-events/sift-events-validator.php 82% 142
inc/sift-events/sift-events.php 56% 158
inc/tracking-js.php 0% 4
inc/wc-admin-settings-tab.php 0% 24
index.php 0% 0
sift-for-woocommerce.php 12% 14
Summary 45% (1029 / 2266) 592

chrismccluskey
chrismccluskey approved these changes Nov 7, 2025
View reviewed changes
Copy link
Collaborator

@chrismccluskey chrismccluskey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes make sense and LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrismccluskey chrismccluskey chrismccluskey approved these changes

Assignees

@tx2pnw tx2pnw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tx2pnw @chrismccluskey