Problem with email access due to complication with #1790

[DevinWalker]

@Benunc commented on Tue Nov 07 2017

Issue Overview

Currently if email access is enabled, donors cannot access their donation history as expected.

Expected Behavior

The Give_subscriptions shortcode should work correctly.

Current Behavior

Possible Solution

Review complication with #1790 causing email access to not work as expected.

Steps to Reproduce (for bugs)

Original steps from @Benunc

1. On Give 1.8.16 and Recurring 1.4 branch (pre-release)
2. Create some subscriptions, as well as a page with the [give_subscriptions] shortcode.
3. Ensure that email access is enabled.
4. In an incognito browser, navigate to the page with the above shortcode on it
5. Attempt to enter a valid email that has made a recurring donation on the site.

I was able to reproduce with the donation history page, and other locations the email access is in use. Essentially, email access is not working now.

You will get the above error

Error: It looks like that email address provided and access token of the link does not match.

Related issues

#1790

[mehul0810]

@DevinWalker @Benunc
I have analysed and found that the issue arises due to accessing wrong URL after passing the session time of donation or accessing via InCognito Mode.

Wrong URL: /donation-history/
Correct URL: /donation-history/?payment_key=##### (This is what sent in the Donation Receipt email)

To overcome the issue, Me and @ravinderk had a quick call and came to a better solution to achieve it. But, we do require your suggestions as well.

Settings Involved

1. Email Access (Enable and Disable)
2. Form - Guest Checkout Enabled
3. Form - Both Registration and Login Disabled

How it should work?

1. If Email Access is disabled, donation form will ask for the registration and on completion of donation will create Donor as well as WP User. Hence, user will need to login to access the donation history in this case.
2. If Email Access is enabled, donation form will act as a Guest Checkout, and on completion of donation will create donor only. Hence, user will need specific tokenised URL and email verification to access the donation history.

Suggestion

When a user will access Donation History URL ( i.e. /donation-history/) from donation confirmation page (in case of subscriptions). User will be asked for email to verify. Once user enter email and click on Verify, Give will check for the valid email and will also check whether email is associated with Donor, WP User or Both.

Case 1. If email is associated with Both ( Donor and WP User ) then Give will show recent first donation and login form with email pre-filled so that user can login to access the complete donation history. Also, for WP User as well, it will ask for login, but in that case user won't be having any donation. Hence, only login form will be shown.

Case 2. If email is associated with Donor only, then Give will show the Recent First Donation and an informative message saying “We are showing you the recent first donation as you are not a registered user of our site. To access complete donation history, please click the View it in browser link in your Donation Receipt Email” and we will show these steps with screenshots for better understanding to the user.

@mathetos Please give your insights whether we should explain user with screenshot on Donation History page for Case 2 or we should create a page on givewp.com docs explaining How to access donation history? and linking it to the informative message.

[mathetos]

@mehul0810 Thanks for your very detailed thoughts on this. Regarding your question about Case 2, I'd say the following:

1. They shouldn't have to go back to an OLD email to get their whole donation history.
2. Instead, the message should just say this, nothing more: "If you would like to see your full donation history, provide your email here and we'll send you a unique link." Then the email field and submit button below it.
3. I'm also not a fan of the multiple error messages, yellow/red. If they could be combined into one in this case that would be better.

[wkeving]

As a user of GiveWP, I agree with @mathetos on all his points regarding this issue.

[mathetos]

This PR doesn't seem to be working as intended currently. See notes and comments on this new issue:
#2474

[mathetos]

Actually, #2474 is slated for 1.8.18, but the items I'm raising affect 1.8.17 directly.

1. After reCAPTCHA is successful, there's a "Verify Email Address" button. That's fine.
2. But when you click on that button, the page refreshes with no success/failure message
3. And no email is sent at all.

Contrary to Devin's video, I also couldn't get past the "Verify Email" screen even with reCAPTCHA disabled completely. So it seems there's generally more work to do on this item.