Author: jonesde
Date: Tue Oct 10 14:35:26 2006
New Revision: 462584

URL: http://svn.apache.org/viewvc?view=rev&rev=462584
Log:
A fix for the issues run into after an anonymous checkout process; this will 
clear the whole session when clearing the cart after checkout if the 
userLoginId is anonymous; the order confirmation page is then rendered with 
authentication using a variable that is put in a request attribute instead of 
the session so that after the page is rendered there are no remnants of the 
anonymous user; this solves a lot of funny behavior that is inconsistent with 
the idea of a checkout with no login

Modified:
    
incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
    
incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
    
incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java

Modified: 
incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
URL: 
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml?view=diff&rev=462584&r1=462583&r2=462584
==============================================================================
--- 
incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
 (original)
+++ 
incubator/ofbiz/trunk/applications/accounting/webapp/accounting/WEB-INF/controller.xml
 Tue Oct 10 14:35:26 2006
@@ -52,8 +52,8 @@
         <description>Verify a user is logged in.</description>
         <security https="true" auth="false"/>
         <event type="java" path="org.ofbiz.webapp.control.LoginWorker" 
invoke="checkLogin" />
-        <response name="success" type="view" value="main" />
-        <response name="error" type="view" value="login" />
+        <response name="success" type="view" value="main"/>
+        <response name="error" type="view" value="login"/>
     </request-map>
 
     <request-map uri="login">

Modified: 
incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
URL: 
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh?view=diff&rev=462584&r1=462583&r2=462584
==============================================================================
--- 
incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
 (original)
+++ 
incubator/ofbiz/trunk/applications/ecommerce/webapp/ecommerce/WEB-INF/actions/order/orderstatus.bsh
 Tue Oct 10 14:35:26 2006
@@ -27,6 +27,12 @@
 
 orderId = parameters.get("orderId");
 
+// we have a special case here where for an anonymous order the user will 
already be logged out, but the userLogin will be in the request so we can still 
do a security check here
+if (userLogin == null) {
+    userLogin = request.getAttribute("temporaryAnonymousUserLogin");
+    context.put("userLogin", userLogin);
+}
+
 partyId = null;
 if (userLogin != null) partyId = userLogin.getString("partyId");
 
@@ -38,6 +44,7 @@
         if (userLogin == null || orderRole == null) {
             context.remove("orderHeader");
             orderHeader = null;
+            Debug.logWarning("Warning: in orderstatus.bsh before getting order 
detail info: role not found or user not logged in; partyId=[" + partyId + "], 
userLoginId=[" + (userLogin == null ? "null" : userLogin.get("userLoginId")) + 
"]", "orderstatus");
         }
     }
 }

Modified: 
incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java
URL: 
http://svn.apache.org/viewvc/incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java?view=diff&rev=462584&r1=462583&r2=462584
==============================================================================
--- 
incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java
 (original)
+++ 
incubator/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppingcart/ShoppingCartEvents.java
 Tue Oct 10 14:35:26 2006
@@ -605,6 +605,21 @@
     public static String clearCart(HttpServletRequest request, 
HttpServletResponse response) {
         ShoppingCart cart = getCartObject(request);
         cart.clear();
+
+        // if this was an anonymous checkout process, go ahead and clear the 
session and such now that the order is placed; we don't want this to mess up 
additional orders and such
+        HttpSession session = request.getSession();
+        GenericValue userLogin = (GenericValue) 
session.getAttribute("userLogin");
+        if ("anonymous".equals(userLogin.get("userLoginId"))) {
+            // here we want to do a full logout, but not using the normal 
logout stuff because it saves things in the UserLogin record that we don't want 
changed for the anonymous user
+            session.invalidate();
+            session = request.getSession(true);
+            
+            // to allow the display of the order confirmation page put the 
userLogin in the request, but leave it out of the session
+            request.setAttribute("temporaryAnonymousUserLogin", userLogin);
+            
+            Debug.logInfo("Doing clearCart for anonymous user, so logging out 
but put anonymous userLogin in userLogin request attribute", module);
+        }
+        
         return "success";
     }
 


Reply via email to