Contrib.social

Conflict with Decoupled User Authentication module

Open on Drupal.org →
Created on 2 March 2023, over 1 year ago

Describe your bug or feature request.

The Drupal\commerce_payment\Plugin\Commerce\PaymentGateway\PaymentGatewayBase::getRemoteCustomerId() method uses $account->isAuthenticated() to check if the user is not the anonymous user before trying to load a stored commerce_remote_id value, which works fine in normal circumstances. The Decoupled User Authentication module introduces the concept of users without logins and overrides the base isAuthenticated() method to also include a check on whether the user has a login.

When using these two module together, it means that if a purchase is made for a user that does not have a login, their remote customer id can never be loaded, which can cause future payments to fail for some providers.

If a bug, provide steps to reproduce it from a clean install.

Install both Drupal Commerce and Decoupled User and a payment method provider like Commerce Stripe. Set up the site to have a product that can be bought on behalf of a user without a login. When trying to make a second payment using their stored card, you will get a Stripe error because the remote customer id is not set against the payment intent.

Steps to resolve

This is a very niche issue, so I'm not convinced there's a need for Commerce to cope with it, but it would be a relatively minor change with exactly the same results without Decoupled User Authentication if the code in Drupal\commerce_payment\Plugin\Commerce\PaymentGateway\PaymentGatewayBase::getRemoteCustomerId() was altered to check !$account->isAnonymous() instead of $account->isAuthenticated().

🐛 Bug report
Status

Fixed

Version

2.0

Component

Payment

Created by

🇬🇧United Kingdom MrDaleSmith

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024