Impersonate (place order) is broken (nopCommerce 2.4)

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
12 yıl önce
This issue may be related to the other bugs I reported. Here's a replay:

1. Create a new customer from the Administration screen (fill in all fields)
   * Note, there's no explicit field for the user name.  nopCommerce doesn't use the email address.  It is null in the database. (separate bug).
2. Assign the customer to the Registered role
3. Impersonate (place order) as the new customer
4. Abandon the cart before payment (do not log out)
5. Log back in as the original administrator by going to www.xxxxxx.com/admin

You'll notice you can't get to the administration screen, because you're still impersonating the user even though you're explicitly trying to log in as an administrator.  

When I first saw this bug I had just copied a fresh copy of the database from the production site onto my development box.  I was wondering why I kept seeing another customer's shopping cart, instead of my own.  I couldn't figure out why I couldn't log back into the administrator screen.  I stepped through the code and found the culprit (WebWorkContext.cs, Line 79):


protected Customer GetCurrentCustomer()
{
....
                //impersonate user if required (currently used for 'phone order' support)
                if (customer != null && !customer.Deleted && customer.Active)
                {
                        int? impersonatedCustomerId = customer.GetAttribute<int?>(SystemCustomerAttributeNames.ImpersonatedCustomerId);
                        if (impersonatedCustomerId.HasValue && impersonatedCustomerId.Value > 0)
                        {
                            var impersonatedCustomer = _customerService.GetCustomerById(impersonatedCustomerId.Value);
                            if (impersonatedCustomer != null && !impersonatedCustomer.Deleted && impersonatedCustomer.Active)
                            {
                                //set impersonated customer
                                _originalCustomerIfImpersonated = customer;
                                customer = impersonatedCustomer;
                            }
                        }
                }
....
}


My first thought is to clear the impersonatedCustomerId when ever you successfully log in as an administrator, but I can't confirm how it would effect other areas of the software.
0
12 yıl önce
ralphberger wrote:
4. Abandon the cart before payment (do not log out)
5. Log back in as the original administrator by going to www.xxxxxx.com/admin

It works fine. You have to log out before going to admin area. Just click 'finish impersonated session' link in the public store.
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
0
12 yıl önce
Please bear in mind that I disabled the links you mentioned when I themed the site.  The client didn't want all that extra links running along the top and there's no where to place them without significant rework of the design.  He wanted minimal functionality because it would minimize complexity for the customers.

Although it's not a customer facing issue, I really think that logging back in as the administrator should dump the impersonation if it is an easy change with minimal impact on the rest of the code because it is an expected behavior.  It is really your call on this one, but at least we've documented it.
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.