Author: jonesde Date: Tue Oct 10 14:35:26 2006 New Revision: 462584 URL: http://svn.apache.org/viewvc?view=rev&rev=462584 Log: A fix for the issues run into after an anonymous checkout process; this will clear the whole session when clearing the cart after checkout if the userLoginId is anonymous; the order confirmation page is then rendered with authentication using a variable that is put in a request attribute instead of the session so that after the page is rendered there are no remnants of the anonymous user; this solves a lot of funny behavior that is inconsistent with the idea of a checkout with no login
Modified: incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java Modified: incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml?view=diff&rev=462584&r1=462583&r2=462584 ============================================================================== --- incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml (original) +++ incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml Tue Oct 10 14:35:26 2006 @@ -52,8 +52,8 @@ <description>Verify a user is logged in.</description> <security https="true" auth="false"/> <event type="java" path="org.ofbiz.webapp.control.LoginWorker" invoke="checkLogin" /> - <response name="success" type="view" value="main" /> - <response name="error" type="view" value="login" /> + <response name="success" type="view" value="main"/> + <response name="error" type="view" value="login"/> </request-map> <request-map uri="login"> Modified: incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh?view=diff&rev=462584&r1=462583&r2=462584 ============================================================================== --- incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh (original) +++ incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh Tue Oct 10 14:35:26 2006 @@ -27,6 +27,12 @@ orderId = parameters.get("orderId"); +// we have a special case here where for an anonymous order the user will already be logged out, but the userLogin will be in the request so we can still do a security check here +if (userLogin == null) { + userLogin = request.getAttribute("temporaryAnonymousUserLogin"); + context.put("userLogin", userLogin); +} + partyId = null; if (userLogin != null) partyId = userLogin.getString("partyId"); @@ -38,6 +44,7 @@ if (userLogin == null || orderRole == null) { context.remove("orderHeader"); orderHeader = null; + Debug.logWarning("Warning: in orderstatus.bsh before getting order detail info: role not found or user not logged in; partyId=[" + partyId + "], userLoginId=[" + (userLogin == null ? "null" : userLogin.get("userLoginId")) + "]", "orderstatus"); } } } Modified: incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java URL: http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java?view=diff&rev=462584&r1=462583&r2=462584 ============================================================================== --- incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java (original) +++ incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java Tue Oct 10 14:35:26 2006 @@ -605,6 +605,21 @@ public static String clearCart(HttpServletRequest request, HttpServletResponse response) { ShoppingCart cart = getCartObject(request); cart.clear(); + + // if this was an anonymous checkout process, go ahead and clear the session and such now that the order is placed; we don't want this to mess up additional orders and such + HttpSession session = request.getSession(); + GenericValue userLogin = (GenericValue) session.getAttribute("userLogin"); + if ("anonymous".equals(userLogin.get("userLoginId"))) { + // here we want to do a full logout, but not using the normal logout stuff because it saves things in the UserLogin record that we don't want changed for the anonymous user + session.invalidate(); + session = request.getSession(true); + + // to allow the display of the order confirmation page put the userLogin in the request, but leave it out of the session + request.setAttribute("temporaryAnonymousUserLogin", userLogin); + + Debug.logInfo("Doing clearCart for anonymous user, so logging out but put anonymous userLogin in userLogin request attribute", module); + } + return "success"; }