Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 4.5.0
-
Fix Version/s: 4.5.2
-
Component/s: Client Interface, Staff Interface
-
Labels:None
Description
It's possible for staff to see invoices of a different client than they are logged-in as if they previously attempted to make a payment while logged-in as a separate client.
To replicate:
- Log in as a client
- Click an invoice to "Pay"
- Go back to the staff portal
- Go to another client's profile in the staff UI that has past due invoices
- Click to "Login as Client"
- Click "Pay Past Due" invoices
- The invoices you see will be for the first client (#1) you logged in as rather than the current client (#5) because the system determines the client from the payment information rather than the one that you are logged-in as
To fix:
- Clear any stored payment session information if the client it associates with differs from the client that is logged-in
When logged is as an admin, and using the "Login as Client" option, and clicking the button to "Pay Past Due" invoices in the alert box, it sometimes displays the invoice for another client.
To replicate I created 2 clients, each with a past due invoice. I logged in as an admin into the client, and clicked the "Pay Past Due" button. The invoice for the other client was shown instead of the invoice on the account. I tried it the other way, by logging into the other client, and it did not work. It appears to impact some clients but not others.
It does not appear to do this if logged in only as a client, so it seems to be limited to Staff logged in as a Client.
Issue Links
- relates to
-
CORE-3108
Clients unable to complete payment when not logged in using pay link
-
- Closed
-
Strangely after I reproduced this issue, I'm not longer able to reproduce it with the same clients and invoices. Something odd indeed.