Resolution: Not a Bug
Affects Version/s: 7.3
Fix Version/s: Master
Steps to Reproduce
1. In portal-ext.properties, add redirect.url.security.mode=domain and redirect.url.domains.allowed=localhost,.lfr.cloud,.punchout2go.com
2. Start up 7.3.x portal
3. Place the PO2G.lpkg in the deploy
4. Reindex (Control Panel → Search → Index → Reindex all search indexes)
5. Create a site (Control Panel → Site → Create new site → Minium Site → Name site "Test Minium Site")
6. Navigate to site (Commerce → Channels → Click PunchOut tab → Enable Punchout2Go → Enter URL as "http://localhost:8080/group/test-minium-site)
7. Enable Punchout2Go (Control Panel → System Settings → API Authentication → Punchout Access Token Auto Login → set Enabled to true)
1. Control Panel > Configuration Oauth 2 > Punchout Access Token Provider Configuration
Verify Access Token Duration 15 seconds, Access Token Size : 8 bytes
2. Control Panel → OAuth2 Administration → Select PunchOut account → add OAuth for Punchout2Go → Set Callback URI to "http://localhost:8080/" → Set Client Profile to Headless Server → Click Scopes Tab → Check all that boxes in the dropdowns that contain "Commerce" in them
3. Generate access token: Run this in your terminal in the portal directory to get an access token From OAuth2 Credentials, copy and paste your client id and secret and replace it within this command: curl http://localhost:8080/o/oauth2/token -d 'grant_type=client_credentials&client_id=id-2a343dbc-11ec-de1a-0d98-83d8c519ac3&client_secret=secret-62cacabd-9437-d01c-6163-5f694bf28d1'.
1. Create an account - Run POST http://localhost:8080/o/headless-commerce-admin-account/v1.0/accounts
2. Run POST http://localhost:8080/o/headless-commerce-punchout/v1.0/punchout/session/request with "create" type in the body
3. Add two items to your cart
4. Go to http://localhost:8080/o/api and under CartItem > GET/v1.0/carts/
/items > Click Try it out > update cartId with your cartId > Execute
5. In your POST http://localhost:8080/o/headless-commerce-punchout/v1.0/punchout/session/request , edit the JSON body to have your cart Id, and correct ids/skuIds for your items in cart with the previous step and then run the POST
6. Open PunchOutStartURL in the new browser (e.g if you were testing in Chrome, open it in Firefox or Safari). Check to see if the quantity of your cart items changed accordingly to the request.
7. In your original browser you did setup in, click Control Panel → Roles → Site Roles → Verify Punch Out role is there → Click Punch Out → Define Permissions → Verify "Check Out Open Orders" and "View Open Orders" permissions are there
8. In the same browser, click Control Panel → Users and Organizations → PunchOut Middle User → Roles → Verify user is not assigned to any roles.
9. Go back to browser you had PunchOutStartURL open in, and press the cart button and press the "Submit" button. User is redirected to PunchOut2Go login page.
The user will not be able to access the PunchOut2Go login page since the Punch Out role is not assigned.
Shown in GIF below, user is able to access PunchOut2Go login page even when the Punch Out role is not assigned to user.
Tomcat 9.0.37 + MySQL 5.7
Portal 7.3.x GIT ID: 46e28015bb20173dc516edc19adbf283ec090754