Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guest cart API ignoring cartId in url for some methods #14086

Closed
midlan opened this issue Mar 13, 2018 · 6 comments
Closed

Guest cart API ignoring cartId in url for some methods #14086

midlan opened this issue Mar 13, 2018 · 6 comments
Assignees
@engcom-Charlie
Labels
Component: Api Use with concrete module component label E.g. "Component: Api" + "Catalog" Fixed in 2.4.x The issue has been fixed in 2.4-develop branch Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch

Comments

@midlan
Copy link

midlan commented Mar 13, 2018
edited
Loading

Preconditions

  1. Magento 2.2.3

Steps to reproduce

I am following the API documentation to create guest cart and add item to it:

  1. POST https://yourdomain/rest/default/V1/guest-carts (with empty body) creates cart for you and return cartId in body
  2. GET https://yourdomain/rest/default/V1/guest-carts/:cartId to check you cart is created
  3. POST https://yourdomain/rest/default/V1/guest-carts/:cartId/items with body
{
  "cartItem": {
    "sku": "WS12-M-Orange",
    "qty": 3
  }
}

to add item to your cart, but error is returned instead of adding cart to item

Expected result

In step 3, I was expecting the added item to be returned. Instead of that, error is returned.

Actual result

{
    "message": "No such entity with %fieldName = %fieldValue",
    "parameters": {
        "fieldName": "cartId",
        "fieldValue": null
    },
    "trace": "..."
}

Further research

I discovered: If you send the cartId in quote_id field in body at step 3, the method would work. So the body would be:

{
  "cartItem": {
    "sku": "WS12-M-Orange",
    "qty": 3,
    "quote_id": ":cartId"
  }
}

And the results is cart item, no error. The cartId in url is completly ignored. If you use send request with some dummy string instead of cartId in URL (with the body with quote_id field), it actually works.

So request like
POST https://yourdomain/rest/default/V1/guest-carts/some_dummy_string_insetead_of_cartId/items
works. But it should not! And the mandatory quote_id in body is also wrong I think. The only cartId needed to add the item to the cart should be the one from URL (which is not used at all at the moment).

The same problem is present on other methods in guest-cart.
@magento-engcom-team magento-engcom-team added Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed labels Mar 13, 2018
@magento-engcom-team
Copy link
Contributor

@midlan, thank you for your report.
We've acknowledged the issue and added to our backlog.

@elzekool elzekool mentioned this issue Mar 17, 2018
Closed
4 tasks
@elzekool
Copy link
Contributor

I've created a PR for this issue. Investigating this a little further I found a related issue for the normal cart API. In the case /V1/carts/mine/items is used it allows adding/editing items to a quote different then the actual customer quote.

elzekool added a commit to elzekool/magento2 that referenced this issue Mar 19, 2018
@elzekool
[ magento#14086 ] Use cartId in REST URL
f06ed69 
For /V1/carts/mine/items and /V1/carts/mine/items the quoteId from the
quote item is used. For guest cart this is confusing as it makes the
cartId in the URL useless. For logged in carts it makes it unsafe as it
allows adding products to any active cart.

Relates to: magento#14086
@engcom-Bravo engcom-Bravo self-assigned this Jan 3, 2020
@m2-assistant
Copy link

m2-assistant bot commented Jan 3, 2020

Hi @engcom-Bravo. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:

  • 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

  • 2. Verify that the issue is reproducible on 2.4-develop branch

    Details- Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
    - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
    - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

  • 3. If the issue is not relevant or is not reproducible any more, feel free to close it.

@engcom-Bravo engcom-Bravo added Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Component: Api Use with concrete module component label E.g. "Component: Api" + "Catalog" Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed and removed Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed labels Jan 3, 2020
@ghost ghost unassigned engcom-Bravo Jan 3, 2020
@magento-engcom-team
Copy link
Contributor

✅ Confirmed by @engcom-Bravo
Thank you for verifying the issue. Based on the provided information internal tickets MC-30200 were created

Issue Available: @engcom-Bravo, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

@engcom-Charlie engcom-Charlie self-assigned this Mar 3, 2020
@m2-assistant
Copy link

m2-assistant bot commented Mar 3, 2020

Hi @engcom-Charlie. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:

  • 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

  • 2. Verify that the issue is reproducible on 2.4-develop branch

    Details- Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
    - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
    - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

  • 3. If the issue is not relevant or is not reproducible any more, feel free to close it.

@engcom-Charlie engcom-Charlie mentioned this issue Mar 5, 2020
Merged
4 tasks
@magento-engcom-team
Copy link
Contributor

Hi @midlan. Thank you for your report.
The issue has been fixed in #27172 by @engcom-Charlie in 2.4-develop branch
Related commit(s):

The fix will be available with the upcoming 2.4.0 release.

@magento-engcom-team magento-engcom-team added the Fixed in 2.4.x The issue has been fixed in 2.4-develop branch label Mar 12, 2020
@sdzhepa sdzhepa mentioned this issue May 9, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@engcom-Charlie engcom-Charlie

Labels
Component: Api Use with concrete module component label E.g. "Component: Api" + "Catalog" Fixed in 2.4.x The issue has been fixed in 2.4-develop branch Issue: Clear Description Gate 2 Passed. Manual verification of the issue description passed Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.1.x The issue has been reproduced on latest 2.1 release Reproduced on 2.2.x The issue has been reproduced on latest 2.2 release Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@elzekool @midlan @magento-engcom-team @engcom-Bravo @engcom-Charlie