Bad credentials login frontend but insert shopping list with NULL customer

Hi masters,

I found a bugs in orocommerce 1.5, when i try to logged in frontstore with wrong password (Bad credentials.),
sometimes new record for shoppinglist is created with null value of customer user id …

I notice on dev.log here are the statement about :

PHP

[2018-09-19 09:47:55] doctrine.DEBUG: SELECT t0.id AS id_1, t0.class_name AS class_name_2, t0.created AS created_3, t0.updated AS updated_4, t0.mode AS mode_5, t0.data AS data_6 FROM oro_entity_config t0 WHERE t0.id = ? [73] [] [2018-09-19 09:47:55] event.DEBUG: Notified event "oro_website_search.event.website_search_mapping. configuration" to listener "Oro\Bundle\ProductBundle\EventListener\WebsiteSearchMappingListener:: onWebsiteSearchMapping". [] [] [2018-09-19 09:47:55] doctrine.DEBUG: "START TRANSACTION" [] [] [2018-09-19 09:47:55] doctrine.DEBUG: INSERT INTO oro_shopping_list (serialized_data, label, notes, created_at , updated_at, website_id, customer_user_id, customer_id, user_owner_id, organization_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) {"1":null,"2":"Shopping list","3":null,"4":"2018-09-19 02:47:55","5": "2018-09-19 02:47:55","6":1,"7":null,"8":null,"9":1,"10":1} []

1 2 3 4 5 6 7 8 9 10 11

[2018-09-19 09:47:55] doctrine.DEBUG: SELECT t0.id AS id_1, t0.class_name AS class_name_2, t0.created AS created_3, t0.updated AS updated_4, t0.mode AS mode_5, t0.data AS data_6 FROM oro_entity_config t0 WHERE t0.id = ? [73] [] [2018-09-19 09:47:55] event.DEBUG: Notified event "oro_website_search.event.website_search_mapping. configuration" to listener "Oro\Bundle\ProductBundle\EventListener\WebsiteSearchMappingListener:: onWebsiteSearchMapping". [] [] [2018-09-19 09:47:55] doctrine.DEBUG: "START TRANSACTION" [] [] [2018-09-19 09:47:55] doctrine.DEBUG: INSERT INTO oro_shopping_list (serialized_data, label, notes, created_at , updated_at, website_id, customer_user_id, customer_id, user_owner_id, organization_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) {"1":null,"2":"Shopping list","3":null,"4":"2018-09-19 02:47:55","5": "2018-09-19 02:47:55","6":1,"7":null,"8":null,"9":1,"10":1} []

I didn’t know how it comes? please guide me if any suggestion

Thanks in advance

Topic

[Andrey YatsenkoModerator]

The only place I found, where during login we have the creation of the new shopping list is InteractiveLoginListener.
The listener migrates shopping list from an anonymous user to the authenticated one.
It subscribed to security.interactive_login. According to the docs and the code this event happens only when user is really logged in and should not happed on bad credentials.

Actually, the shopping list from above logs looks like it is a regular guest user shopping list, it’s not attached to any customer or customer user. But if you are sure it’s created because of bad credentials, please provide steps to reproduce so we can confirm the bug. Now I can’t reproduce this.

As I understand it doesn’t happen all the time. You can add extra logs of the context at the above listener, like what customer user is trying to log in and check, maybe shomething is wrong with that user.

Also if you have any customization of the security layer at the application, check them twice to understand that problem is not at the customization side.

Best regards.

[Author]

Replies