Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: allow all users with token to view order #6092

Merged
merged 10 commits into from
Mar 2, 2020
Merged

refactor: allow all users with token to view order #6092

merged 10 commits into from
Mar 2, 2020

Conversation

kieckhafer
Copy link
Member

The original PR, #6082, was accidentally closed when we deleted the old release-3.0.0 branch. This is a copy of the original PR to the trunk branch.

Resolves #5882
Impact: minor
Type: refactor

Issue

Checkout as an anonymous customer, you get an order with an ID and token so you can visit the order complete page /order/:id/:token in your storefront.

When you visit this page not logged in, you see the order details, as the token is in the URL.

Now if you login, the order is not found.

It appears that once logged in, the token value is ignored and it will attempt to find the order from your account. The order resolver, when given a order ID and token, should use these to locate the order, and ignore who they are logged in with. If it's presented with only an Order ID and no token, then it should try to find the order from the current account.

Solution

Refactor check order to allow all users who have the order token to view the order.

Breaking changes

None

Testing

  1. Create an order as a logged out user using example-storefront
  2. See the order confirmation page, and copy the link to that page
  3. Login as any user
  4. Paste the link, see you can still see the order with the token URL

@kieckhafer
refactor: allow all users with token to view order
ebfa81a 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
refactor: update util function with permissions for viewing order
29ca54a 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
refactor getOrderQuery for token use
16007de 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
tests: update tests with error messaging
717ca00 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
test: update unit tests
688a789 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
tests: update test with not found error
3b29027 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
tests: uncomment all tests
a09b7eb 
Signed-off-by: Erik Kieckhafer <[email protected]>
@kieckhafer
Merge branch 'trunk' into refactor-kieckhafer-getOrderQuery
de2e0d6
@kieckhafer
Merge branch 'trunk' into refactor-kieckhafer-getOrderQuery
a0a9c42
@kieckhafer kieckhafer mentioned this pull request Feb 28, 2020
Closed
@aldeed aldeed merged commit 4838a37 into trunk Mar 2, 2020
@aldeed aldeed deleted the refactor-kieckhafer-getOrderQuery branch March 2, 2020 15:01
@kieckhafer kieckhafer mentioned this pull request Mar 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aldeed aldeed aldeed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot view anonymous order when logged in.
2 participants
@kieckhafer @aldeed