0

Hey folks, I’m currently working on a payment gateway integration, and I’ve come to the point where the user successfully completes their payment on a third-party portal and is then redirected into the application, but my set up that is supposed to auto login the user so they aren’t presented with the default deep link login page isn’t working. Here are the things I’ve already set up: - Redirect to third-party payment portal with callback information specific to the current user - EventHandler in a java action that receives the callback request from the third-party payment portal and relevant user information → Code Snippet Here: public java.lang.Boolean executeAction() throws Exception { // BEGIN USER CODE Core.addRequestHandler("stripesuccess/", new RequestHandler() { @Override protected void processRequest(IMxRuntimeRequest request, IMxRuntimeResponse response, String path) throws Exception { // TODO Auto-generated method stub try { final IContext context = Core.createSystemContext(); LOGGER.info("Incoming request path: " + path); String sessionID = path; LOGGER.info("Session ID is: " + sessionID); StripeSession session = retrieveStripeSession(context, sessionID); LOGGER.info("Successfully retrieved session"); Account account = session.getStripeSession_Account(); if (account != null) { context.startTransaction(); login(context, request, response, account); String redirectURI = customer_portal.proxies.constants.Constants.getSiteURL_EU() + "/link/sendorder/" + sessionID; redirectUser(response, redirectURI); context.endTransaction(); } else { LOGGER.error("Error: No account was found. Stale link was used."); context.startTransaction(); String redirectURI = customer_portal.proxies.constants.Constants.getSiteURL_EU() + "/link/cancel"; redirectUser(response, redirectURI); context.endTransaction(); } } catch (Error e) { throw e; } } }); return true; // END USER CODE } /** * Returns a string representation of this action */ @java.lang.Override public java.lang.String toString() { return "StartStripe"; } // BEGIN EXTRA CODE private static final String SESSION_ID_COOKIE_NAME = Core.getConfiguration().getSessionIdCookieName(); private static final ILogNode LOGGER = Core.getLogger("START STRIPE"); private static void login(final IContext context, final IMxRuntimeRequest request, final IMxRuntimeResponse response, final Account account) throws CoreException { LOGGER.info("Initializing session for user " + account.getName() + " <START>"); final IUser user = Core.getUser(context, account.getName()); final String oldSessionId = request.getCookie(SESSION_ID_COOKIE_NAME); final ISession session = Core.initializeSession(user, oldSessionId); response.addCookie(SESSION_ID_COOKIE_NAME, session.getId().toString(), "/", "", -1, true); response.addCookie("XASID", "0." + Core.getXASId(), "/", "", -1, true); LOGGER.info("Initializing session for user " + account.getName() + " <END>"); } private static StripeSession retrieveStripeSession(IContext context, String sessionID) throws CoreException { String xPathString = "//StripeIntegration.StripeSession[MendixID='" + sessionID + "']"; List <IMendixObject> sessionObjectList = Core.retrieveXPathQuery(context, xPathString, 1); StripeSession retrievedSession = StripeSession.initialize(context, sessionObjectList.get(0)); return retrievedSession; } private static void redirectUser(final IMxRuntimeResponse response, final String redirectUri) { LOGGER.info("Redirecting user to: " + redirectUri); response.setStatus(HttpStatus.SC_SEE_OTHER); response.addHeader("location", redirectUri); } - The deep link used to route the user on successful auto login after a successful payment The problem I’m running into is that, despite my best efforts, on being rerouted back into the application and going through the above code snippet the session is still for an anonymous user and I’m receiving an error based on access rights. Currently the ‘sendorder’ deep link is configured to allow for guests, however anonymous users don’t have the necessary permissions to view the supporting helper objects on the subsequent loading page that is opened at the end of the deep link microflow. That is by design, most definitely, we don’t want just anyone to have access to the application, but currently not even users have access to the rest of the flow.   I relied heavily on the XSUAA and ForgotPassword modules for the auto login piece, but even still it looks like I missed something What’s most frustrating about this is that it works locally without any issue, but in the deployed environment I always come back with an anonymous session. Any chance any of you have some insights for me? Any pointers would be much appreciated.

asked 2022-02-17

1 answers