More issues related to the customer data loaded by js

[pitbulk]

Description

In ticket #28428 I reported a bug that affected customer data not retrieved after executing a custom login controller, that was fixed by: #29081

One of my customers reported 2 more different bugs that I consider are related with the customer data loaded by javascript as well

• If in the Magento instance exists customers with similar fullname (same lastname for example), the message that appears on the welcome message mismatch the fullname (wrong is loaded). It was verified that the data of the logged user that appears on the profile view is different than the one loaded on the customer data object loaded by js for printing the welcome message

• After login, if the user proceeds to checkout, the login popup appear even if the user was previously logged.
  Similar than the issue described here: https://github.com/mageplaza/magento-2-social-login/issues/197

On 2.4.1 and 2.4.2 a new issue appeared as well:

• After login, I can access user account and verify Im logged in, after that I add a new item to the cart, ans when visiting the cart, the login auth popup appears. It seems that something is wrong with the user session on the frontend.

Preconditions

• Magento 2.3.4, 2.3.5, 2.4, 2.4.1
• Custom Login controller

My login controller is similar than the PostLogin code

$customerSession->setCustomerDataAsLoggedIn($customer);
if ($this->getCookieManager()->getCookie('mage-cache-sessid')) {
    $metadata = $this->getCookieMetadataFactory()->createCookieMetadata();
    $metadata->setPath('/');
    $this->getCookieManager()->deleteCookie('mage-cache-sessid', $metadata);
}

$resultRedirect = $this->resultRedirectFactory->create();
return $resultRedirect->setUrl($targetURL);

The extension also forces sections to be invalidated after my custom login, by adding a etc/frontend/sections.xml as documented on page-caching

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="sso/saml2/acs">
        <section name="*"/>
    </action>
</config>

Steps to reproduce

I implemented this simple custom login controller that will allow reproducing the issue:
https://github.com/pitbulk/magento-custom-login

If in a private browser I log in with a user that has the same lastname as others, I experience the issues described.

The issue exists on Magento 2.3.4, 2.3.4-p2, 2.3.5-p1 and 2.4.1

Expected result

• customer data properly loaded even if existing customer accounts with the same lastname
• If the user is logged in, clicking on the checkout link will never open a popup for authentication

Actual result

After enabling a private browser, and log in

• wrong welcome message is loaded, data from other customer prompted
• If the user is logged in, click on the checkout link, a popup for authentication appears
  Similar to the situation described here: https://github.com/mageplaza/magento-2-social-login/issues/197

[m2-assistant]

Hi @pitbulk. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

Please, add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[david-kominek]

Also seeing the second issue in 2.3.5-p2.

After login, if the user proceeds to checkout, the login popup appear even if the user was previously logged.

[pitbulk]

any progress with this issue? I believe it impacts any extension implementing a custom login controller.

[pitbulk]

I have several customers of my extension reporting this issue, any ETA for the resolution that I can share with them?

@complexthings you made a fantastic job fixing the other related issue, can you by any chance work on this?

[wilzon008]

I am one of the customers affected by this issue. There are still a lot of people running Magento 2.3.x. Thank in advance to anyone who can help implement this fix.

[cundd]

We are also not able to update our customer's system to a secure version, because this issue makes it impossible. :(

[pitbulk]

Is there anything we can do in order to get the bugs fixed?

[james05]

Also experiencing on 2.4.1. I cannot go live without this fixed.

[pitbulk]

@complexthings are you able to help here?

[pitbulk]

Can Magento team take any action on this ticket?

[m2-assistant]

Hi @engcom-Bravo. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.4-develop branch

  Details

  - Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Add label Issue: Confirmed once verification is complete.

• 6. Make sure that automatic system confirms that report has been added to the backlog.

[cundd]

Nice to see that somethings going on here!

[pitbulk]

@engcom-Bravo do you have an ETA on when you gonna be able to work on this ticket?
Happy to help on its resoution.

[m2-assistant]

Hi @engcom-Hotel. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.4-develop branch

  Details

  - Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Add label Issue: Confirmed once verification is complete.

• 6. Make sure that automatic system confirms that report has been added to the backlog.

[engcom-Hotel]

Hello @pitbulk,

We request you to please try to reproduce this issue in Magento 2.4-develop branch and let us know if it is still reproducible for you.

Thanks

[pitbulk]

Yes, it is reproducible, basically there is a js that belong to the customer-data.js that defines a listener:
https://github.com/magento/magento2/blob/2.4-develop/app/code/Magento/Customer/view/frontend/web/js/customer-data.js#L423

which invalidates customer data.

During external SSO, the normal login flow is not used, not submit click, so that invalidation was never executed, and that generated the issues described here.

I was able to simulate in my extension such invalidation via js and I confirmed that approach solved those issues, but a new one appeared on 2.4.X:

User guest cart is not merged when SSO login is executed. Basically during the SSO, user is redirected to a 3rd party entity (IdP) and then send back to Magento via a POST.
I was able to verify that on the controller before log the user in, when tried to retrieve the guest cart, was not available.

[engcom-Hotel]

Hello @pitbulk,

Thanks for the reply!

We have tried to reproduce the issue in the clean Magento 2.4-develop instance with the Custom SSO module defined in the main description, but for us, the issue is not reproducible. We have followed the below steps:

1. Install the Custom SSO/login module from repo.
2. Create 2 accounts with the same last names ie Abhinav Pathak & Rajesh Pathak.
3. Change the values for Login.php on line no. 79 to 81 as follows:

$email = "abhinav.pathak@test.com";
$firstname = "Abhinav";
$lastname = "Pathak";

4. When we tried to access the endpoint DOMAIN/mysso/custom/login, then it is redirected to the account page with the mentioned account in step 3, please have a look at the below screenshot for reference:
   
5. And also while checkout it is not asking to log in, I can order the item successfully and the order goes into correct user account:
   

Please let us know if we missed anything in order to reproduce it.

Thanks

[pitbulk]

Instead of accessing directly to DOMAIN/mysso/custom/login,

Can you try the following:

Prerequisites:

• Simple html page in a domain different than the Magento's instance domain, that has a form that will execute a POST to
  DOMAIN/mysso/custom/login

Use case:

1. As guest user, add a item to the cart.
2. Redirect the user to the html page that host the form
3. Execue the POST

Expected:

• User is logged and item is added to the cart:

Current behavior:

• User data not properly loaded
• Item lost and not added to the cart

[engcom-Hotel]

Hello @pitbulk,

Thanks for the reply!

We have tried this as well. We can find the added product in the cart as a guest in the logged-in user cart.

Thanks

[pitbulk]

@magento give me 2.4-develop instance

[magento-deployment-service]

Hi @pitbulk. Thank you for your request. I'm working on Magento instance for you.

[magento-deployment-service]

Hi @pitbulk, unfortunately there is no ability to deploy Magento instance at the moment. Please try again later.

[pitbulk]

Hi @engcom-Hotel,

I was not able to reproduce it on 2.4-develop. I reproduced the issue on the official releases:
2.3.4, 2.3.4-p2, 2.3.5-p1, 2.4.1 and 2.4.2

[engcom-Hotel]

Hello @pitbulk,

Thanks for the confirmation!

That means the has been fixed in develop branch and it will fix in a future release as well. Hence we are closing this issue.

Thanks