Contrib.social

Unauthenticated guest checkout with existing email should not be allowed

Open on Drupal.org →
Created on 29 May 2023, over 1 year ago
Updated 19 July 2023, over 1 year ago

When checking out in GUEST mode, if we enter an existing email it will accept it and assign the order to that account. Which means anyone knowing this particular email address can add orders to that account. This is a problem for us.

Hence I think we should block such request and force login if you want to use this email address for your order.

How can I ensure that if you enter an existing email address, you should log in with it.

Thanks!

🐛 Bug report
Status

Active

Version

3.0

Component

User experience

Created by

🇨🇦Canada mastap

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @mastap
  • Comment over 1 year ago
    🇮🇱Israel jsacksick

    Why are you not disabling guest checkout?

  • Comment over 1 year ago
    🇨🇦Canada mastap

    Because on this project we want guest checkout.

  • Comment over 1 year ago
    🇺🇸United States rszrama

    In Commerce 1.x I believe Commerce Checkout Login could be configured to detect an existing email address and prompt the customer to log in. I think it's a fine feature to add to the log in pane, either in Commerce Core or via a third party module.

  • Comment over 1 year ago
    🇩🇪Germany Anybody Porta Westfalica

    Agree with #4, that would be the correct way. And otherwise disallow to proceed with that unauthenticated email address.

    Perhaps it can be even seen as security-related, as a guest user without login can add orders to an authenticated user's account? Maybe better to clarify that part as bug?

  • Comment over 1 year ago
    🇩🇪Germany Anybody Porta Westfalica

    Changing this to a bug report as of #5 and the risks. I think it shouldn't be configurable in this more or less dangerous combination, as users might not understand the consequences, but that should be discussed.

    If the Commerce Guys disagree, please feel free to change back to a feature request.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024