Author: jonesde
Date: Tue Oct 10 14:35:26 2006
New Revision: 462584
URL:
http://svn.apache.org/viewvc?view=rev&rev=462584Log:
A fix for the issues run into after an anonymous checkout process; this will clear the whole session when clearing the cart after checkout if the userLoginId is anonymous; the order confirmation page is then rendered with authentication using a variable that is put in a request attribute instead of the session so that after the page is rendered there are no remnants of the anonymous user; this solves a lot of funny behavior that is inconsistent with the idea of a checkout with no login
Modified:
incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java
Modified: incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
URL:
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml?view=diff&rev=462584&r1=462583&r2=462584==============================================================================
--- incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml (original)
+++ incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml Tue Oct 10 14:35:26 2006
@@ -52,8 +52,8 @@
<description>Verify a user is logged in.</description>
<security https="true" auth="false"/>
<event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" />
- <response name="success" type="view" value="main" />
- <response name="error" type="view" value="login" />
+ <response name="success" type="view" value="main"/>
+ <response name="error" type="view" value="login"/>
</request-map>
<request-map uri="login">
Modified: incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
URL:
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh?view=diff&rev=462584&r1=462583&r2=462584==============================================================================
--- incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh (original)
+++ incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh Tue Oct 10 14:35:26 2006
@@ -27,6 +27,12 @@
orderId = parameters.get("orderId");
+// we have a special case here where for an anonymous order the user will already be logged out, but the userLogin will be in the request so we can still do a security check here
+if (userLogin == null) {
+ userLogin = request.getAttribute("temporaryAnonymousUserLogin");
+ context.put("userLogin", userLogin);
+}
+
partyId = null;
if (userLogin != null) partyId = userLogin.getString("partyId");
@@ -38,6 +44,7 @@
if (userLogin == null || orderRole == null) {
context.remove("orderHeader");
orderHeader = null;
+ Debug.logWarning("Warning: in orderstatus.bsh before getting order detail info: role not found or user not logged in; partyId=[" + partyId + "], userLoginId=[" + (userLogin == null ? "null" : userLogin.get("userLoginId")) + "]", "orderstatus");
}
}
}
Modified: incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java
URL:
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java?view=diff&rev=462584&r1=462583&r2=462584==============================================================================
--- incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java (original)
+++ incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java Tue Oct 10 14:35:26 2006
@@ -605,6 +605,21 @@
public static String clearCart(HttpServletRequest request, HttpServletResponse response) {
ShoppingCart cart = getCartObject(request);
cart.clear();
+
+ // if this was an anonymous checkout process, go ahead and clear the session and such now that the order is placed; we don't want this to mess up additional orders and such
+ HttpSession session = request.getSession();
+ GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
+ if ("anonymous".equals(userLogin.get("userLoginId"))) {
+ // here we want to do a full logout, but not using the normal logout stuff because it saves things in the UserLogin record that we don't want changed for the anonymous user
+ session.invalidate();
+ session = request.getSession(true);
+
+ // to allow the display of the order confirmation page put the userLogin in the request, but leave it out of the session
+ request.setAttribute("temporaryAnonymousUserLogin", userLogin);
+
+ Debug.logInfo("Doing clearCart for anonymous user, so logging out but put anonymous userLogin in userLogin request attribute", module);
+ }
+
return "success";
}
Locked
