[In-Commerce] Order's user could reset to Guest during payment gateway processing

2 views
Skip to first unread message

Alexander Obuhovich

unread,
Jan 28, 2010, 7:35:37 AM1/28/10
to In-Portal Bugs
Order's user could reset to Guest during payment gateway processing. This can happen because of check made in OrdersEventHandler::CheckUser method. That method checks, that user, who is currently being logged in is also mentioned as order's owner. In case if they doesn't match, then currency logged in user is placed in order. This raises a problem with "stupid" payment gateways, who doesn't understand dynamic callback url.

For example we have same installation (one copy of code, one database, multiple DNS records only) running on multiple domains, but payment processing always happens on central domain. In this case CheckUser method will reset owner of order in case order wasn't initially created on domain used for payment processing.

I propose to check for GW_NOTIFY constant (proposed to be added in another discussion) and not to perform any such checks when payment gateway notification is being processed.

--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

Alexander Obuhovich

unread,
Mar 27, 2010, 6:23:18 PM3/27/10
to In-Portal Bugs
Since no response here for ~2 months I've decided myself, that we need a task for that: http://tracker.in-portal.org/view.php?id=660
Reply all
Reply to author
Forward
0 new messages