Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-3073

Staff logged-in as client may show wrong invoices to pay

    Details

      Description

      It's possible for staff to see invoices of a different client than they are logged-in as if they previously attempted to make a payment while logged-in as a separate client.

      To replicate:

      1. Log in as a client
      2. Click an invoice to "Pay"
      3. Go back to the staff portal
      4. Go to another client's profile in the staff UI that has past due invoices
      5. Click to "Login as Client"
      6. Click "Pay Past Due" invoices
      7. The invoices you see will be for the first client (#1) you logged in as rather than the current client (#5) because the system determines the client from the payment information rather than the one that you are logged-in as

      To fix:

      1. Clear any stored payment session information if the client it associates with differs from the client that is logged-in

      When logged is as an admin, and using the "Login as Client" option, and clicking the button to "Pay Past Due" invoices in the alert box, it sometimes displays the invoice for another client.

      To replicate I created 2 clients, each with a past due invoice. I logged in as an admin into the client, and clicked the "Pay Past Due" button. The invoice for the other client was shown instead of the invoice on the account. I tried it the other way, by logging into the other client, and it did not work. It appears to impact some clients but not others.

      It does not appear to do this if logged in only as a client, so it seems to be limited to Staff logged in as a Client.

        Issue Links

          Activity

          admin Paul Phillips created issue -
          admin Paul Phillips made changes -
          Field Original Value New Value
          Rank Ranked higher
          Hide
          admin Paul Phillips added a comment -

          Strangely after I reproduced this issue, I'm not longer able to reproduce it with the same clients and invoices. Something odd indeed.

          Show
          admin Paul Phillips added a comment - Strangely after I reproduced this issue, I'm not longer able to reproduce it with the same clients and invoices. Something odd indeed.
          tyson Tyson Phillips (Inactive) made changes -
          Sprint 4.6.0 Sprint 4 [ 80 ]
          tyson Tyson Phillips (Inactive) made changes -
          Rank Ranked lower
          tyson Tyson Phillips (Inactive) made changes -
          Rank Ranked higher
          tyson Tyson Phillips (Inactive) made changes -
          Fix Version/s 4.5.2 [ 11119 ]
          tyson Tyson Phillips (Inactive) made changes -
          Fix Version/s 4.6.0-b1 [ 11117 ]
          tyson Tyson Phillips (Inactive) made changes -
          Assignee Tyson Phillips [ tyson ]
          Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash -
          Status Open [ 1 ] In Progress [ 3 ]
          Automated transition triggered when Tyson Phillips (Inactive) created pull request #629 in Stash -
          Status In Progress [ 3 ] In Review [ 5 ]
          Resolution Fixed [ 1 ]
          tyson Tyson Phillips (Inactive) made changes -
          Summary Staff login as client wrong invoice Staff logged-in as client may show wrong invoices
          tyson Tyson Phillips (Inactive) made changes -
          Summary Staff logged-in as client may show wrong invoices Staff logged-in as client may show wrong invoices to pay
          tyson Tyson Phillips (Inactive) made changes -
          Description When logged is as an admin, and using the "Login as Client" option, and clicking the button to "Pay Past Due" invoices in the alert box, it sometimes displays the invoice for another client.

          To replicate I created 2 clients, each with a past due invoice. I logged in as an admin into the client, and clicked the "Pay Past Due" button. The invoice for the other client was shown instead of the invoice on the account. I tried it the other way, by logging into the other client, and it did not work. It appears to impact some clients but not others.

          It does not appear to do this if logged in only as a client, so it seems to be limited to Staff logged in as a Client.
          It's possible for staff to see invoices of a different client than they are logged-in as if they previously attempted to make a payment while logged-in as a separate client.

          To replicate:
          # Log in as a client
          # Click an invoice to "Pay"
          # Go back to the staff portal
          # Go to another client's profile in the staff UI that has past due invoices
          # Click to "Login as Client"
          # Click "Pay Past Due" invoices
          # The invoices you see will be for the first client (#1) you logged in as rather than the current client (#5) because the system determines the client from the payment information rather than the one that you are logged-in as

          To fix:
          # Clear any stored payment session information if the client it associates with differs from the client that is logged-in

          ----

          When logged is as an admin, and using the "Login as Client" option, and clicking the button to "Pay Past Due" invoices in the alert box, it sometimes displays the invoice for another client.

          To replicate I created 2 clients, each with a past due invoice. I logged in as an admin into the client, and clicked the "Pay Past Due" button. The invoice for the other client was shown instead of the invoice on the account. I tried it the other way, by logging into the other client, and it did not work. It appears to impact some clients but not others.

          It does not appear to do this if logged in only as a client, so it seems to be limited to Staff logged in as a Client.
          tyson Tyson Phillips (Inactive) made changes -
          Remaining Estimate 0 minutes [ 0 ]
          Time Spent 1 hour [ 3600 ]
          Worklog Id 12037 [ 12037 ]
          jonathan Jonathan Reissmueller made changes -
          Time Spent 1 hour [ 3600 ] 1 hour, 16 minutes [ 4560 ]
          Worklog Id 12040 [ 12040 ]
          Automated transition triggered when Tyson Phillips (Inactive) merged pull request #629 in Stash -
          Status In Review [ 5 ] Closed [ 6 ]
          tyson Tyson Phillips (Inactive) made changes -
          Link This issue relates to CORE-3108 [ CORE-3108 ]

            People

            • Assignee:
              tyson Tyson Phillips (Inactive)
              Reporter:
              admin Paul Phillips
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                4/Apr/19

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 16 minutes
                1h 16m

                  Agile