Create new order from backend saves the credit card when it is told not to

[justinharris1986]

Preconditions

1. Magento 2.2.6
2. PHP 7.1.24
3. Apache 2.4.6-80.el7.centos.1
4. Paypal Payflow Pro

Steps to reproduce

1. Stores -> Configuration, Sales -> Payment Methods
2. Configure an account - Most notibly Partner, User, Vendor, Password must all be configured. Enable this solution, Enable paypal credit, and vault enabled must all be set to yes. For testing purposes, Test mode must be set to yes. Save this config
3. Go to Sales -> Orders, Click on Create New order in upper right, then click on an existing customer. (create an account of one does not exist first)
4. Add a product to the order, complete the account information, and address information
5. Complete the shipping method
6. Select Credit card, input test credit card number from https://developer.paypal.com/developer/creditCardGenerator/
7. note that "Save for later use" is unchecked, and should remain unchecked.
8. Submit order, look for success

Expected result

1. When you follow steps 3 through 5 above, and then click on "saved credit cards" the credit card you entered on step 6 above should NOT be saved and present
2. When you navigate to the front end, and log in as the user, Navigate to My Account, Click on tored Payment Methods, you should the credit card you entered on step 6 above should NOT be saved and present

Actual result (*)

1. When you follow steps 3 through 5 above, and then click on "saved credit cards" the credit card you entered on step 6 above IS saved and present
2. When you navigate to the front end, and log in as the user, Navigate to My Account, Click on tored Payment Methods, you should the credit card you entered on step 6 above IS saved and present

Other notes:

• The credit card is NOT stored in the front end, when the "save for later use box" is not checked (correct behavior)
• The credit card IS stored in the front end, when the "save for later use box" is checked (correct behavior)
• Running through steps 1-8 under "Steps to reproduce" but checking off "Save for later use" in step 7 still saves the credit card (correct behavior)

[magento-engcom-team]

Hi @justinharris1986. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me $VERSION instance

where $VERSION is version tags (starting from 2.2.0+) or develop branches (for example: 2.3-develop).
For more details, please, review the Magento Contributor Assistant documentation.

@justinharris1986 do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

• yes
• no

[justinharris1986]

@magento-engcom-team give me 2.2.6 instance

[magento-engcom-team]

Hi @justinharris1986. Thank you for your request. I'm working on Magento 2.2.6 instance for you

[magento-engcom-team]

Hi @justinharris1986, here is your Magento instance.
Admin access: https://i-19515-2-2-6.instances.magento-community.engineering/admin
Login: admin Password: 123123q
Instance will be terminated in up to 3 hours.

[justinharris1986]

Confirmed in vanilla install - I forgot to mention:

• you have to have a product to add to the order first!
• Merchant Country must be set when setting up Payflow Pro (I set to United States)
• I created a new user from the front end. I could not get the password reset email when i created the user from the back end. I dont think there is any difference though.
• I removed my test credentials from the install, in case if you save them to go back and look. These are my customers and I cannot leave them around. Let me know if you want to set up a screen share one day if needed.

Otherwise Yes, @magento-engcom-team, I am able to confirm this in a vanilla install, with all the information required.

[magento-engcom-team]

Hi @engcom-backlog-nazar. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• 6. Add label Issue: Confirmed once verification is complete.

• 7. Make sure that automatic system confirms that report has been added to the backlog.

[magento-engcom-team]

@engcom-backlog-nazar Thank you for verifying the issue. Based on the provided information internal tickets MAGETWO-96887, MAGETWO-96888 were created

[justinharris1986]

so I'm probably a bit impatient, so loaded this patch up in to our 2.2.7 dev instance. However, it still looks like it is saving the cards in the adminhtml area.

sorry for me being so impatient, but I just want to make sure were on the same page, and everything is fixed. I appreciate all the help!

[justinharris1986]

Just so were on the same page - I see the save credit cards when going to place another order in the adminhtml. I dont see them on the Customer account page.

[harithasdckap]

#MM19IN

[magento-engcom-team]

@harithasdckap thank you for joining. Please accept team invitation here and self-assign the issue.

[magento-engcom-team]

Hi @harithasdckap. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if your want to validate it one more time, please, go though the following instruction:

• 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 2. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 3. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• 4. If the issue is not relevant or is not reproducible any more, feel free to close it.

[joni-jones]

This is not an issue but expected behavior. Magento always stores Vault tokens (to provide future partial capture, reorder, etc.) but these payment tokens are not available for customers.

Save for later use option affects only customers but not admin users.

[justinharris1986]

@joni-jones I have to respectfully disagree.

1. There is a save for later use in the admin panel. If this is default behavior, then lets remove this to stop confusion:
   

2. Even if an order is created in the back end, the saved credit card shows up in the customers account login in the front end. This has caused issues where the customer does not want us (and I'm presuming other merchants) to save their credit card info (even though it is only a token)
   

[joni-jones]

@justinharris1986 this behavior requested by the product owner, if the admin doesn't check Save for later use option, the saved tokens shouldn't appear in the Stored Payment Methods.

There is a save for later use in the admin panel. If this is default behavior, then lets remove this to stop confusion

Admin should have a possibility to define if the card should be available for customers or not (this is a real business case when a merchant representative asks to save or not the card details by phone during order creation).

Even if an order is created in the back end, the saved credit card shows up in the customers account login in the front end.

Such requirements requested by merchants.

This has caused issues where the customer does not want us (and I'm presuming other merchants) to save their credit card info (even though it is only a token)

If a payment token (which doesn't contain sensitive information) is available in the customer account, the customer always can delete it by himself.

[pmclain]

@joni-jones

Admin should have a possibility to define if the card should be available for customers or not (this is a real business case when a merchant representative asks to save or not the card details by phone during order creation).

This does not work. The "save for later user" selection in the admin is IGNORED and the card is always saved and added to the customer's saved payment list. If a merchant is taking an order through the admin and the customer does NOT want their payment stored for later use there is no way for the merchant to honor this request as the payment method is added to the customer's visible saved payment methods.

[joni-jones]

@pmclain, I've made the fix a few months ago and sent a patch to the team. Don't know why it still not fixed.

[magento-engcom-team]

Hi @justinharris1986. Thank you for your report.
The issue has been fixed in #19767 by @pmclain in 2.3-develop branch
Related commit(s):

• bbb386bb5ab25c19c302a545f261eca588b0b828
• d93a9b5c3a01946e29bf87ffea635a45d9bea289
• 093af61ea5db9f2c052d85f26d097aea19ec492a

The fix will be available with the upcoming 2.3.3 release.