feat: tokenized cart PRB PDP session handler #9021
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Test the buildOption 1. Jetpack Beta
Option 2. Jurassic Ninja - available for logged-in A12s🚀 Launch a JN site with this branch 🚀 ℹ️ Install this Tampermonkey script to get more options. Build info:
Note: the build is updated when a new commit is pushed to this PR. |
|
Size Change: -37 B (0%) Total Size: 1.33 MB
ℹ️ View Unchanged
|
frosso
requested review from
a team and
brettshumaker
and removed request for
a team
frosso
commented
Jul 18, 2024
| // this header will be overwritten by a filter in the backend to overcome nonce overwrites in this middleware: | ||
| // https://github.com/woocommerce/woocommerce/blob/trunk/plugins/woocommerce-blocks/assets/js/middleware/store-api-nonce.js | ||
| 'X-WooPayments-Store-Api-Nonce': response.headers.get( 'Nonce' ), | ||
| 'Cart-Token': response.headers.get( 'Cart-Token' ), |
There was a problem hiding this comment.
No longer necessary to save this for anonymous carts.
Comment on lines
-141
to
-144
| credentials: | ||
| getPaymentRequestData( 'button_context' ) === 'product' | ||
| ? 'omit' | ||
| : undefined, |
There was a problem hiding this comment.
In the case of PDPs, the cart will no longer be "anonymous" - we'll always provide cookies to identify the customer.
Comment on lines
-169
to
-172
| credentials: | ||
| getPaymentRequestData( 'button_context' ) === 'product' | ||
| ? 'omit' | ||
| : undefined, |
There was a problem hiding this comment.
In the case of PDPs, the cart will no longer be "anonymous" - we'll always provide cookies to identify the customer.
| @@ -192,7 +187,6 @@ export default class PaymentRequestCartApi { | |||
| return await this._request( { | |||
| method: 'POST', | |||
| path: '/wc/store/v1/cart/add-item', | |||
| credentials: 'omit', | |||
There was a problem hiding this comment.
In the case of PDPs, the cart will no longer be "anonymous" - we'll always provide cookies to identify the customer.
| const cartData = await this._request( { | ||
| method: 'GET', | ||
| path: '/wc/store/v1/cart', | ||
| credentials: 'omit', |
There was a problem hiding this comment.
In the case of PDPs, the cart will no longer be "anonymous" - we'll always provide cookies to identify the customer.
| @@ -120,7 +120,6 @@ public function init() { | |||
| 2 | |||
| ); | |||
| add_filter( 'rest_pre_dispatch', [ $this, 'tokenized_cart_store_api_address_normalization' ], 10, 3 ); | |||
| add_filter( 'rest_pre_dispatch', [ $this, 'tokenized_cart_store_api_nonce_overwrite' ], 10, 3 ); | |||
There was a problem hiding this comment.
We no longer need to overwrite the nonce value
| 'platform_tracker' => wp_create_nonce( 'platform_tracks_nonce' ), | ||
| 'pay_for_order' => wp_create_nonce( 'pay_for_order' ), | ||
| 'tokenized_cart_nonce' => wp_create_nonce( 'woopayments_tokenized_cart_nonce' ), | ||
| 'tokenized_cart_session_nonce' => wp_create_nonce( 'tokenized_cart_session_nonce' ), |
There was a problem hiding this comment.
I added a new nonce for product pages
Comment on lines
-959
to
-969
| 'get_cart_details' => wp_create_nonce( 'wcpay-get-cart-details' ), | ||
| 'shipping' => wp_create_nonce( 'wcpay-payment-request-shipping' ), | ||
| 'update_shipping' => wp_create_nonce( 'wcpay-update-shipping-method' ), | ||
| 'checkout' => wp_create_nonce( 'woocommerce-process_checkout' ), | ||
| 'add_to_cart' => wp_create_nonce( 'wcpay-add-to-cart' ), | ||
| 'empty_cart' => wp_create_nonce( 'wcpay-empty-cart' ), | ||
| 'get_selected_product_data' => wp_create_nonce( 'wcpay-get-selected-product-data' ), | ||
| 'platform_tracker' => wp_create_nonce( 'platform_tracks_nonce' ), | ||
| 'pay_for_order' => wp_create_nonce( 'pay_for_order' ), | ||
| 'tokenized_cart_nonce' => wp_create_nonce( 'woopayments_tokenized_cart_nonce' ), | ||
| 'tokenized_order_nonce' => wp_create_nonce( 'wc_store_api' ), |
There was a problem hiding this comment.
Here I just added the tokenized_cart_session_nonce nonce and renamed the pay_for_order nonce to a more generic store_api_nonce.
The rest of the changes are just indentation.
| // On cart, checkout, place order pages we instead use the cart itself. | ||
| if ( getPaymentRequestData( 'button_context' ) === 'product' ) { | ||
| await this.paymentRequestCartApi.createAnonymousCart(); | ||
| this.paymentRequestCartApi.useSeparateCart(); |
There was a problem hiding this comment.
I renamed the createAnonymousCart() method to useSeparateCart() - since the cart is no longer "anonymous" (we're sending cookies this time - we weren't before)
brettshumaker
requested changes
Jul 24, 2024
There was a problem hiding this comment.
Confirmed that this is all working as expected. Do you know what's going on with these failing tests, though?
1) WC_Payments_Payment_Request_Session_Test::test_restores_cart_data_on_order_received_page
Exception: Invalid token: cookie and session customer mismatch
2) WC_Payments_Payment_Request_Session_Test::test_does_not_restore_cart_data_when_missing_query_parameter
Exception: Invalid token: cookie and session customer mismatch
@brettshumaker thank you for pointing it out, I'm not sure why the tests were passing before. In any case, after debugging, I noticed that the incorrect session handler was lingering across test cases. So I added some cleanup steps in 6f1d761 to solve for it. |
brettshumaker
approved these changes
Jul 29, 2024
lovo-h
pushed a commit
that referenced
this pull request
Aug 1, 2024
Co-authored-by: Brett Shumaker <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #8841
Changes proposed in this Pull Request
Adding capability to pay for subscriptions & associating orders placed by the current logged-in customer.
Screen.Recording.2024-07-18.at.2.34.03.PM.mov
When an order is placed with the PRB on a product page, the customer's main cart should remain unaltered.
So, if the customer placed an order for one product (but had other items in their cart), they should be able to check out only the single product.
After discussing with the Blocks team, the solution we concluded with was to implement a custom SessionHandler.
Testing instructions
npm run changelogto add a changelog file, choosepatchto leave it empty if the change is not significant. You can add multiple changelog files in one PR by running this command a few times.Post merge