CRM-20697 - Online pay now anomalies (contribution transfer to new contact) #11578
Conversation
|
@magnolia61 Are you able to test this? |
jitendrapurohit
changed the title
|
Works ok for me. One small thought though: I am not sure the transparent redirect to the homepage in case of a missing cid or checksum is desirable. I think the same about when the payment is already completed. I think it is proper user experience when people get an error message. New issue on 'overcharging' partially paid contributions: https://issues.civicrm.org/jira/browse/CRM-21700 |
| @@ -142,6 +142,8 @@ public function run() { | |||
| $invoiceSettings = Civi::settings()->get('contribution_invoice_settings'); | |||
| $invoicing = CRM_Utils_Array::value('invoicing', $invoiceSettings); | |||
| $defaultInvoicePage = CRM_Utils_Array::value('default_invoice_page', $invoiceSettings); | |||
| $cs = CRM_Contact_BAO_Contact_Utils::generateChecksum($this->_contactId); | |||
| $this->assign('contactChecksum', $cs); | |||
There was a problem hiding this comment.
Maybe squash these 2 lines into one?
There was a problem hiding this comment.
Also - does that regenerate it - I think if the user is here it is because one of the following is true
- they are an admin user
- they are the user who is being viewed & are logged in
- they are the user who is being viewed & they got here using a checksum - which should be in the url ( TBH I thought once a check sum had been used it was stored to the session)
- they are viewing an alternate contact who they have permission to.
Adding the checksum to the url in scenarios 1 & 4 seem risky -in 3 then it would be in the url & can be passed through?
There was a problem hiding this comment.
Not sure of I'm right but I think the change in Main.php already solves the problem of anonymous (constructed) PayNow links without a contact id in the url (payment links to be mailed).
The links in the dashboard itself probable do not need the checksum, but I thought it would be clearer to have one uniform url.
BTW It is not possible to reach the Contact Dashboard via a checksum link (since longtime on my wishlist)
So removing the checksum (if possibly required for security reasons you mention?) at least it would be good to leave the Contact id, because without it anonymous use of the link will fail like described in this issue.
There was a problem hiding this comment.
Actually maybe the anonymous link (to be mailed) can do without the checksum and only have ccid and cid? So contribution and contact are matched? Would that work?
There was a problem hiding this comment.
@magnolia61 I don't think so, cid needs a checksum to be authenticated, else contact id is not assigned while checking permission on loading of the form.
There was a problem hiding this comment.
@eileenmcnaughton Use-case mentioned by pradeep could be another reason to have a cid and checksum on pay now link for scenarios 1 & 4 other than having uniform link mentioned by @magnolia61 ?
|
@monishdeb do you want to review this? I thought it made sense, but then came up with some questions.... . The $_ccid property needs to be declared & documented! I think it is |
|
@jitendrapurohit @eileenmcnaughton I did UI test on this. I am not sure if this use case needs to be handled or not. Use case:
Expected Result: Actual Result
|
|
I was able to replicate the above scenario mentioned by @pradpnayak which was due to the wrong assignment of contactId on the dashboard. This has been fixed now. |
| @@ -64,7 +64,7 @@ public function __construct() { | |||
| CRM_Utils_System::redirect(CRM_Utils_System::url('civicrm/dashboard', 'reset=1')); | |||
| } | |||
|
|
|||
| $this->_contactId = CRM_Utils_Request::retrieve('id', 'Positive', $this); | |||
| $this->_contactId = CRM_Utils_Request::retrieve('cid', 'Positive', $this); | |||
There was a problem hiding this comment.
It actually depends on how user dashboard is loaded. This worked fine when url was loaded as civicrm/user?reset=1&id=203. As cid is most common param for contact id, user dashboard is also updated to use this as an identifier now.
|
@jitendrapurohit don't you need to update the url at all the places? |
|
So I'm a bit worried that if I as admin user view a contact's dashboard (which I can do) I will see a checksum link & if I click on that then logically I should then be logged in as that contact (undesirable) - I think once you get to the dashboard you are validated in some way & shouldn't need a checksum link from there |
|
Hi all, in this the discussion in the first commit by Jitendra I already said I could live with only the changes in Main.php (that prevent a contribution made by using a constructed (and mailed) Pay Now link from being logged wrongly. d1ff7c1 The change in Main.php solves the original reason for this issue: prevent issues when a user gets mailed a PayNow link and tries to pay using it: https://issues.civicrm.org/jira/browse/CRM-20697 So thats using the PayNow link functionality while 'logged in' with a checksum in the link, ccid. The change in Main.php enforced the requirement to have a cid in that link also, which solves the issue of stangely transfering contributions. All other proposed changes and discussion on the paynow links from the dashboard that I see appearing here are more to prevent an admin user that wants to pay using a Pay Now link fro making mistakes. Maybe other solutions are needed there than to include he checksum in all links. That being said I do think that the problem Pradeep ran into should be solved. When a logged in admin pays using the PayNow button (or mailed link) the paid contribution should not 'move' but keep being attached to the 'owner' of the ccid. Could a general solution be just to make sure a payment made with either the (mailed) link or dashboard button gets logged as an activity with the logged in user (posibly admin) but stays (changed to paid) under the user that belongs to the |
jitendrapurohit
force-pushed
the
CRM-20697
branch
from
c577989
to
58b0963
Compare
|
Sorry for the delayed update on this. I've now updated the PR to include only the changes in Main.php which prevent incorrect contact to pay for the existing contribution in civi. If an anonymous user wants to complete its pending contribution, the URL should have the cid and the checksum of the contact in order to authenticate the user on the contribution page. Maybe, we should add some statements in the documentation regarding this. |
|
Thanks Jitendra, I will test it. While you're in the Online Pay Now subject would you know a solution for the overcharging / double net amount issue with Online Pay Now payment links? That is an even greater anomaly (impact & reputationwise) https://issues.civicrm.org/jira/browse/CRM-21700 |
|
@monishdeb are you able to review this one once you are back. I think @JoeMurray will also ask you to look at CRM-21700 which has been updated recently with some good information |
|
I have tested on my local and it works fine, also checked the issue mentioned by Pradeep and it worked fine. UT cannot be added as there isn't any scope replicate the UI use-case in test env. Merging now. @jitendrapurohit has submitted a separate PR - #12319 for CRM-21700, will review it later |
|
This fix unfortunately does not work when using the Pay Now button from the user dashboard checksum link first (introduced in 5.3.0). Opened an issue for that in gitlab https://lab.civicrm.org/dev/core/issues/346 |
Overview
Avoid contribution to be logged under new contact when "pay now" is done anonymously.
Before
After