New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move the guest should verify email logic to the order class #43834
Move the guest should verify email logic to the order class #43834
Conversation
Test Results SummaryCommit SHA: 1fce2d1
To view the full API test report, click here. To view the full E2E test report, click here. To view all test reports, visit the WooCommerce Test Reports Dashboard. |
Hi @barryhughes, Apart from reviewing the code changes, please make sure to review the testing instructions as well. You can follow this guide to find out what good testing instructions should look like: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally the changes look good. Tests went well. But I left a comment about making the code more readable.
Also the wc-order class is already huge so I'm a little unease about moving more code into it.
We'll need to check with a team that is more familiar with WooCommerce core code to also review this PR before it gets merged.
*/ | ||
return (bool) apply_filters( 'woocommerce_order_email_verification_required', $email_verification_required, $order, $context ); | ||
// If we cannot match the order with the current user, ask that they verify their email address. | ||
$supplied_email = sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email' ) ) ) === $order->get_billing_email() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one liner is quite hard to understand at first. Let's take the opportunity and refactor it into a more readable code. Maybe change to something like this:
// If we cannot match the order with the current user, ask that they verify their email address.
$supplied_email_matches_order_email = sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email' ) ) ) === $order->get_billing_email();
$nonce_is_valid = wp_verify_nonce( filter_input( INPUT_POST, 'check_submission' ), 'wc_verify_email' );
$supplied_email = null;
if ( $supplied_email_matches_order_email && $nonce_is_valid ) {
$supplied_email = sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email' ) ) );
}
Also it ends up checking if the email matches with the order again in the new function. Do we really need to also check it here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one liner is quite hard to understand at first. Let's take the opportunity and refactor it into a more readable code.
Good idea, thank you!
Also it ends up checking if the email matches with the order again in the new function. Do we really need to also check it here?
Thank you for catching that! Both issues are fixed here cf90234.
4adee49
to
d81488a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good now. Thanks for the fixes.
Hi @jonathansadowski, can you help us review this PR, we'll need it before Jan 31st for testing. Thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jonathansadowski, can you help us review this PR, we'll need it before Jan 31st for testing. Thank you!
Hey @hsingyuc I cycled the tests on this by closing and reopening the PR, as after the changelog was added by our automation, the checks weren't automatically triggered (a fix for this is in the works). I noticed that there was a lint issue that should be addressed before this was run.
We'll need to check with a team that is more familiar with WooCommerce core code to also review this PR before it gets merged.
I'm going to add @woocommerce/proton as a reviewer to this PR for that. @woocommerce/vortex is primarily involved with the tooling surrounding the monorepo.
Fwiw, I agree with this. Less because of the size of the existing Could this logic live inside |
583005f
to
eea1892
Compare
Thank you, @jonathansadowski ! Fixed in eea1892. @barryhughes This is more of a permission check, it's only checking if the email is valid. I put it inside |
Hi @hsingyuc,
True. Although, it's described as a spot for any order-related helpers—so it wouldn't be the worst fit (but I take your point). If that's uncomfortable, how about either of:
Both have the advantage we are not adding frontend validation logic to a data model, and both are in the internal namespace which can be used from both block and traditional shortcode logic, but gives us the freedom to refactor further in the future. |
185b11e
to
bc14f07
Compare
Thank you, @barryhughes! Fixed in bc14f07 and moved the function to user utils. |
Hi @hsingyuc, I wanted to take a bit of time to test some scenarios, because the rollout of the original change (adding protections to the order confirmation page) resulted in some friction. One thing I'm noticing (with the 'classic'/shortcode-based flow) is that, after a guest checks out, they are immediately asked to verify their email address. This shouldn't be the case, they should see the confirmation page. |
Sure. I'm just trying to make the store API meet the Core expectations and expose the function so we can use it. Let me know how I can help. |
Definitely. We'd need to start by addressing the issue I just mentioned, we can't merge as-is, or we'd disrupt a large number of sites. |
56024da
to
4ee6572
Compare
Thank you for pointing that out! Fixed in 4ee6572 |
Thanks! Closing and re-opening to re-start CI checks (...again 🙃). |
Changes are made and tests are passing.
@barryhughes Thank you for the review! I'm not authorized to merge the PR, could you merge it for me? Thanks! |
* Move the guest should verify email logic to the order class * Refactor for readability and remove redundant code * Use billing email variable * Remove white space * Rename and move email_is_valid to users utils * Use global WC_DateTime and WC_Session classes * Add changefile(s) from automation for the following project(s): woocommerce --------- Co-authored-by: github-actions <github-actions@github.com>
* Move the guest should verify email logic to the order class * Refactor for readability and remove redundant code * Use billing email variable * Remove white space * Rename and move email_is_valid to users utils * Use global WC_DateTime and WC_Session classes * Add changefile(s) from automation for the following project(s): woocommerce --------- Co-authored-by: github-actions <github-actions@github.com>
* Move the guest should verify email logic to the order class (#43834) * Move the guest should verify email logic to the order class * Refactor for readability and remove redundant code * Use billing email variable * Remove white space * Rename and move email_is_valid to users utils * Use global WC_DateTime and WC_Session classes * Add changefile(s) from automation for the following project(s): woocommerce --------- Co-authored-by: github-actions <github-actions@github.com> * Prep for cherry pick 43834 --------- Co-authored-by: Hsing-yu Flowers <hsingyuc.7@gmail.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: WooCommerce Bot <no-reply@woo.com>
Submission Review Guidelines:
Changes proposed in this Pull Request:
This PR move the guest should verify email logic to the order class so we can reuse email is valid check.
How to test the changes in this Pull Request:
Using the WooCommerce Testing Instructions Guide, include your detailed testing instructions:
pending payment
Customer payment page →
in incognitoScreenshot
Changelog entry
Significance
Type
Message
Move the guest should verify email logic to the user utils
Comment