Forums

Covering OroCommerce, OroCRM, OroPlatform topics, including community updates and company announcements.

Forums OroCommerce Bad credentials login frontend but insert shopping list with NULL customer

This topic contains 1 reply, has 2 voices, and was last updated by Andrey Yatsenko Andrey Yatsenko 4 weeks, 1 day ago.

  • Creator
    Topic
  • #37369

    Rio
    Participant

    Hi masters,

    I found a bugs in orocommerce 1.5, when i try to logged in frontstore with wrong password (Bad credentials.),
    sometimes new record for shoppinglist is created with null value of customer user id …

    I notice on dev.log here are the statement about :

    I didn’t know how it comes? please guide me if any suggestion

    Thanks in advance

Viewing 1 replies (of 1 total)
  • Author
    Replies
  • #37400
    Andrey Yatsenko
    Andrey Yatsenko
    Moderator

    The only place I found, where during login we have the creation of the new shopping list is InteractiveLoginListener.
    The listener migrates shopping list from an anonymous user to the authenticated one.
    It subscribed to security.interactive_login. According to the docs and the code this event happens only when user is really logged in and should not happed on bad credentials.

    Actually, the shopping list from above logs looks like it is a regular guest user shopping list, it’s not attached to any customer or customer user. But if you are sure it’s created because of bad credentials, please provide steps to reproduce so we can confirm the bug. Now I can’t reproduce this.

    As I understand it doesn’t happen all the time. You can add extra logs of the context at the above listener, like what customer user is trying to log in and check, maybe shomething is wrong with that user.

    Also if you have any customization of the security layer at the application, check them twice to understand that problem is not at the customization side.

    Best regards.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

You will be redirected to [title]. Would you like to continue?

Yes No
sso for www.magecore.comsso for oroinc.comsso for oroinc.desso for oroinc.frsso for marketplace.orocommerce.comsso for marketplace.orocrm.com