Change guest permissions to full after verification (https://github.com/woocommerce/woocommerce-blocks/pull/12072)
This commit is contained in:
Mike Jolley
GitHub
parent
ba9760baa3
commit
45ae286a10
|
|
@ -67,10 +67,10 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
* This renders the content of the block within the wrapper. The permission determines what data can be shown under
|
||||
* the given context.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
abstract protected function render_content( $order, $permission = false, $attributes = [], $content = '' );
|
||||
|
|
@ -103,13 +103,8 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
/**
|
||||
* View mode for order details based on the order, current user, and settings.
|
||||
*
|
||||
* Possible values are:
|
||||
* - "full" user can view all order details.
|
||||
* - "limited" user can view some order details, but no PII. This may happen for example, if the user checked out as a guest.
|
||||
* - false user cannot view order details.
|
||||
*
|
||||
* @param \WC_Order|null $order Order object.
|
||||
* @return "full"|"limited"|false
|
||||
* @return string|false Returns "full" if the user can view all order details. False if they can view no details.
|
||||
*/
|
||||
protected function get_view_order_permissions( $order ) {
|
||||
if ( ! $order || ! $this->has_valid_order_key( $order ) ) {
|
||||
|
|
@ -121,8 +116,8 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
return $this->is_current_customer_order( $order ) ? 'full' : false;
|
||||
}
|
||||
|
||||
// Guest orders are displayed with limited information.
|
||||
return $this->email_verification_required( $order ) ? false : 'limited';
|
||||
// Guest orders are displayed only within the grace period or after verification. If email verification is required, return false.
|
||||
return $this->email_verification_required( $order ) ? false : 'full';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -146,17 +141,12 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
}
|
||||
|
||||
/**
|
||||
* See if we need to verify the email address before showing the order details.
|
||||
* See if the order was created within the grace period for viewing details.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @return boolean
|
||||
*/
|
||||
protected function email_verification_required( $order ) {
|
||||
// Skip verification if the current user still has the order in their session.
|
||||
if ( $order->get_id() === wc()->session->get( 'store_api_draft_order' ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
protected function is_within_grace_period( $order ) {
|
||||
/**
|
||||
* Controls the grace period within which we do not require any sort of email verification step before rendering
|
||||
* the 'order received' or 'order pay' pages.
|
||||
|
|
@ -170,36 +160,47 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
$verification_grace_period = (int) apply_filters( 'woocommerce_order_email_verification_grace_period', 10 * MINUTE_IN_SECONDS, $order, 'order-received' );
|
||||
$date_created = $order->get_date_created();
|
||||
|
||||
// We do not need to verify the email address if we are within the grace period immediately following order creation.
|
||||
if ( is_a( $date_created, \WC_DateTime::class ) && time() - $date_created->getTimestamp() <= $verification_grace_period ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$session = wc()->session;
|
||||
$session_email = '';
|
||||
$session_order = 0;
|
||||
|
||||
if ( is_a( $session, \WC_Session::class ) ) {
|
||||
$customer = $session->get( 'customer' );
|
||||
$session_email = is_array( $customer ) && isset( $customer['email'] ) ? sanitize_email( $customer['email'] ) : '';
|
||||
$session_order = (int) $session->get( 'store_api_draft_order' );
|
||||
}
|
||||
|
||||
// We do not need to verify the email address if the user still has the order in session.
|
||||
if ( $order->get_id() === $session_order ) {
|
||||
return false;
|
||||
}
|
||||
return is_a( $date_created, \WC_DateTime::class ) && time() - $date_created->getTimestamp() <= $verification_grace_period;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if the email has been verified (posted email matches given order email).
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @return boolean
|
||||
*/
|
||||
protected function is_email_verified( $order ) {
|
||||
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
|
||||
if ( ! empty( $_POST ) && ! wp_verify_nonce( $_POST['check_submission'] ?? '', 'wc_verify_email' ) ) {
|
||||
return true;
|
||||
if ( empty( $_POST ) || ! isset( $_POST['email'] ) || ! wp_verify_nonce( $_POST['check_submission'] ?? '', 'wc_verify_email' ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$session_email_match = $session_email === $order->get_billing_email();
|
||||
$supplied_email_match = isset( $_POST['email'] ) && sanitize_email( wp_unslash( $_POST['email'] ) ?? '' ) === $order->get_billing_email();
|
||||
return $order->get_billing_email() && sanitize_email( wp_unslash( $_POST['email'] ?? '' ) ) === $order->get_billing_email();
|
||||
}
|
||||
|
||||
// If we cannot match the order with the current user, the user should verify their email address.
|
||||
$email_verification_required = ! $session_email_match && ! $supplied_email_match;
|
||||
/**
|
||||
* See if we need to verify the email address before showing the order details.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @return boolean
|
||||
*/
|
||||
protected function email_verification_required( $order ) {
|
||||
$session = wc()->session;
|
||||
|
||||
// Skip verification if the current user still has the order in their session.
|
||||
if ( is_a( $session, \WC_Session::class ) && $order->get_id() === (int) $session->get( 'store_api_draft_order' ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Skip verification if the order was created within the grace period.
|
||||
if ( $this->is_within_grace_period( $order ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// If the user verified their email address, we can skip further verification.
|
||||
if ( $this->is_email_verified( $order ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides an opportunity to override the (potential) requirement for shoppers to verify their email address
|
||||
|
|
@ -211,7 +212,7 @@ abstract class AbstractOrderConfirmationBlock extends AbstractBlock {
|
|||
* @param WC_Order $order The relevant order.
|
||||
* @param string $context The context under which we are performing this check.
|
||||
*/
|
||||
return (bool) apply_filters( 'woocommerce_order_email_verification_required', $email_verification_required, $order, 'order-received' );
|
||||
return (bool) apply_filters( 'woocommerce_order_email_verification_required', true, $order, 'order-received' );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ class AdditionalInformation extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
|
|||
|
|
@ -17,14 +17,14 @@ class BillingAddress extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
if ( 'full' !== $permission || ! $order->has_billing_address() ) {
|
||||
if ( ! $permission || ! $order->has_billing_address() ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,13 +17,13 @@ class BillingWrapper extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the billing wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
if ( ! $order || ! $order->has_billing_address() || 'full' !== $permission ) {
|
||||
if ( ! $order || ! $order->has_billing_address() || ! $permission ) {
|
||||
return '';
|
||||
}
|
||||
return $content;
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@ class Downloads extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
|
|||
|
|
@ -62,10 +62,10 @@ class DownloadsWrapper extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the downloads wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
$show_downloads = $order && $order->has_downloadable_item() && $order->is_download_permitted();
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ class ShippingAddress extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
@ -28,32 +28,9 @@ class ShippingAddress extends AbstractOrderConfirmationBlock {
|
|||
return $this->render_content_fallback();
|
||||
}
|
||||
|
||||
if ( 'full' === $permission ) {
|
||||
$address = '<address>' . wp_kses_post( $order->get_formatted_shipping_address() ) . '</address>';
|
||||
$phone = $order->get_shipping_phone() ? '<p class="woocommerce-customer-details--phone">' . esc_html( $order->get_shipping_phone() ) . '</p>' : '';
|
||||
$address = '<address>' . wp_kses_post( $order->get_formatted_shipping_address() ) . '</address>';
|
||||
$phone = $order->get_shipping_phone() ? '<p class="woocommerce-customer-details--phone">' . esc_html( $order->get_shipping_phone() ) . '</p>' : '';
|
||||
|
||||
return $address . $phone;
|
||||
}
|
||||
|
||||
$states = wc()->countries->get_states( $order->get_shipping_country() );
|
||||
$address = esc_html(
|
||||
sprintf(
|
||||
/* translators: %s location. */
|
||||
__( 'Shipping to %s', 'woo-gutenberg-products-block' ),
|
||||
implode(
|
||||
', ',
|
||||
array_filter(
|
||||
[
|
||||
$order->get_shipping_postcode(),
|
||||
$order->get_shipping_city(),
|
||||
$states[ $order->get_shipping_state() ] ?? $order->get_shipping_state(),
|
||||
wc()->countries->countries[ $order->get_shipping_country() ] ?? $order->get_shipping_country(),
|
||||
]
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
return '<address>' . wp_kses_post( $address ) . '</address>';
|
||||
return $address . $phone;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ class ShippingWrapper extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the shipping wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
if ( ! $order || ! $order->has_shipping_address() || ! $order->needs_shipping_address() || ! $permission ) {
|
||||
|
|
|
|||
|
|
@ -52,10 +52,10 @@ class Status extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
@ -106,11 +106,7 @@ class Status extends AbstractOrderConfirmationBlock {
|
|||
case 'failed':
|
||||
// phpcs:ignore WooCommerce.Commenting.CommentHooks.MissingHookComment
|
||||
$order_received_text = apply_filters( 'woocommerce_thankyou_order_received_text', esc_html__( 'Your order cannot be processed as the originating bank/merchant has declined your transaction. Please attempt your purchase again.', 'woo-gutenberg-products-block' ), null );
|
||||
$actions = '';
|
||||
|
||||
if ( 'full' === $permission ) {
|
||||
$actions .= '<a href="' . esc_url( $order->get_checkout_payment_url() ) . '" class="button">' . esc_html__( 'Try again', 'woo-gutenberg-products-block' ) . '</a> ';
|
||||
}
|
||||
$actions = '<a href="' . esc_url( $order->get_checkout_payment_url() ) . '" class="button">' . esc_html__( 'Try again', 'woo-gutenberg-products-block' ) . '</a> ';
|
||||
|
||||
if ( wc_get_page_permalink( 'myaccount' ) ) {
|
||||
$actions .= '<a href="' . esc_url( wc_get_page_permalink( 'myaccount' ) ) . '" class="button">' . esc_html__( 'My account', 'woo-gutenberg-products-block' ) . '</a> ';
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ class Summary extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
@ -32,10 +32,8 @@ class Summary extends AbstractOrderConfirmationBlock {
|
|||
$content .= $this->render_summary_row( __( 'Order number:', 'woo-gutenberg-products-block' ), $order->get_order_number() );
|
||||
$content .= $this->render_summary_row( __( 'Date:', 'woo-gutenberg-products-block' ), wc_format_datetime( $order->get_date_created() ) );
|
||||
$content .= $this->render_summary_row( __( 'Total:', 'woo-gutenberg-products-block' ), $order->get_formatted_order_total() );
|
||||
if ( 'full' === $permission ) {
|
||||
$content .= $this->render_summary_row( __( 'Email:', 'woo-gutenberg-products-block' ), $order->get_billing_email() );
|
||||
$content .= $this->render_summary_row( __( 'Payment method:', 'woo-gutenberg-products-block' ), $order->get_payment_method_title() );
|
||||
}
|
||||
$content .= $this->render_summary_row( __( 'Email:', 'woo-gutenberg-products-block' ), $order->get_billing_email() );
|
||||
$content .= $this->render_summary_row( __( 'Payment method:', 'woo-gutenberg-products-block' ), $order->get_payment_method_title() );
|
||||
$content .= '</ul>';
|
||||
|
||||
return $content;
|
||||
|
|
|
|||
|
|
@ -19,10 +19,10 @@ class Totals extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the block within the wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @return string
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ class TotalsWrapper extends AbstractOrderConfirmationBlock {
|
|||
/**
|
||||
* This renders the content of the totals wrapper.
|
||||
*
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string $permission Permission level for viewing order details.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
* @param \WC_Order $order Order object.
|
||||
* @param string|false $permission If the current user can view the order details or not.
|
||||
* @param array $attributes Block attributes.
|
||||
* @param string $content Original block content.
|
||||
*/
|
||||
protected function render_content( $order, $permission = false, $attributes = [], $content = '' ) {
|
||||
if ( ! $permission ) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue