diff --git a/src/Controller/Checkout/CompleteOrderAction.php b/src/Controller/Checkout/CompleteOrderAction.php index e9fc352e1..9c8262dfa 100644 --- a/src/Controller/Checkout/CompleteOrderAction.php +++ b/src/Controller/Checkout/CompleteOrderAction.php @@ -13,6 +13,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; +use Symfony\Component\Security\Core\Exception\TokenNotFoundException; final class CompleteOrderAction { @@ -51,6 +52,13 @@ public function __invoke(Request $request): Response Response::HTTP_UNAUTHORIZED ) ); + } catch (TokenNotFoundException $notLoggedInException) { + return $this->viewHandler->handle( + View::create( + 'You need to be logged in with the same user that wants to complete the order', + Response::HTTP_UNAUTHORIZED + ) + ); } return $this->viewHandler->handle(View::create(null, Response::HTTP_NO_CONTENT)); diff --git a/src/Handler/CompleteOrderHandler.php b/src/Handler/CompleteOrderHandler.php index 4342c862d..d2fc76f17 100644 --- a/src/Handler/CompleteOrderHandler.php +++ b/src/Handler/CompleteOrderHandler.php @@ -72,6 +72,7 @@ private function getCustomer(string $emailAddress): CustomerInterface // If the customer does not exist then it's normal checkout if ($customer === null) { + /** @var CustomerInterface $customer */ $customer = $this->customerFactory->createNew(); $customer->setEmail($emailAddress); @@ -80,7 +81,8 @@ private function getCustomer(string $emailAddress): CustomerInterface // If the customer does exist the user has to be logged in with this customer. Otherwise the user is not authorized to complete the checkout $loggedInUser = $this->loggedInUserProvider->provide(); - if ($loggedInUser === null || $loggedInUser->getCustomer() !== $customer) { + + if ($loggedInUser->getCustomer() !== $customer) { throw new NotLoggedInException(); }