odoo/odoo#165832
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: Contact runbot team on discord for help.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:17.0-17.0-OPW-3844214-website_sale_invalid_shipping_method_allowed-44Qi-fw
- head
- 2dfb603abaddb45613456ce25c9719d76c95a55c
- merged
- 2 years ago by Bugfix, Kawtar Drissi El Bouzaidi (kdeb)
| odoo/odoo | |
|---|---|
| saas-16.3 | #161704 |
| saas-16.4 | #165267 |
| 17.0 | #165832 |
| saas-17.1 | #166442 |
| saas-17.2 | #166450 |
| saas-17.3 | #167547 |
| master | #166939 |
[FW][FIX] website_sale: block payment when shipping carrier error
Issue:
- When a customer places an order on the website and there are errors in the shipping informations, such as an invalid address format, the shipping costs drop to 0€ if only one shipping method is available.
- Despite these errors, Odoo does not block the "Pay now" button, allowing the customer to proceed and pay 0€ for shipping.
Steps To Reproduce:
- Install UPS US on your db and publish it.
- unpublish the other shipping methods.
- Go to /shop and purchase any product as a customer
- During the checkout process, add an address that has more than 35 characters
- Notice you'll be allowed to pay and your order will be confirmed.
In an other scenario:
- Install Fedex US on your db and publish it.
- Set Fedex service type to STANDARD_OVERNIGHT
- unpublish the other shipping methods.
- Go to /shop and purchase any product as a customer
- During the checkout process, set Hawaii in state/Povince
- Notice you'll be allowed to pay and your order will be confirmed even though Hawaii doesn't support STANDARD_OVERNIGHT shipping.
Explanation and Solution:
-
The first issue arises when there is only one shipping provider available; it gets selected by default. After this selection, the
startmethod ofwebsiteSaleDeliveryis triggered, which attempts to force-click the already checked shipping carrier. Consequently, it returns without completing the logic because the click event handler_onCarrierClickdismisses with the following condition:if (radio.checked && !this._shouldDisplayPickupLocations(ev)) {return;} -
The second problem occurs because the
startmethod is triggered as soon as thewebsiteSaleDeliverypublic widget is rendered, which does not allow enough time for thePaymentButtonto be rendered. This delay causes the_disablePayButtonmethod to fail. - To address the first issue, I added a flag
refreshclickto indicate that the shipping carrier was set by default. - To address the second issue, I modified the
_enableButtonmethod to actively disable the button if the status is false. This change ensures that thePaymentButtonwidget has sufficient time to render since_enableButtonis called within_handleCarrierUpdateResultafter awaiting the response from an RPC call.
opw-3844214
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr