[MINC-53] Order's user could reset to Guest during payment gateway processing - In-Portal Issue Tracker

XML

Word

Printable

Details

Type: Bug Report
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 5.0.3-B1
Fix Version/s: 5.1.1-B1
Component/s: General
Labels:
None

External issue URL:
http://tracker.in-portal.org/view.php?id=660
External issue ID:
660
Copy Issue Key:
Patch Instructions:
Patches must be submitted through Phabricator.
- To submit patch via Command Line use Patches Workflow (via Arcanist) tutorial
- To submit patch via Web Interface use Patches Workflow (via Web Interface) tutorial

Description

Order's user could reset to Guest during payment gateway processing. This can happen because of check made in OrdersEventHandler::CheckUser method. That method checks, that user, who is currently being logged in is also mentioned as order's owner. In case if they doesn't match, then currency logged in user is placed in order. This raises a problem with "stupid" payment gateways, who doesn't understand dynamic callback url.

For example we have same installation (one copy of code, one database, multiple DNS records only) running on multiple domains, but payment processing always happens on central domain. In this case CheckUser method will reset owner of order in case order wasn't initially created on domain used for payment processing.

I propose to check for GW_NOTIFY constant (proposed to be added in another discussion) and not to perform any such checks when payment gateway notification is being processed.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

user_lost_during_payment_gw_processing.patch
0.5 kB
08/Sep/10 9:03 AM

Issue Links

mentioned in: Wiki Page Loading...

Activity

People

Assignee:

Alex

Reporter:

Alex

Developer:

Alex

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

27/Mar/10 5:22 PM

Updated:

27/Mar/16 11:02 AM

Resolved:

30/Mar/11 9:58 AM