Closed DavidRothstein closed 1 year ago
From planning:
If you visit Checkout for a product you don't own, we should already be displaying a notice of what happened. In this case, it's likely handled at the Checkout router for a Checkout address for a site that you don't own. We should follow similar logic and display the failure reason on purchase management. It's possible the first message isn't showing either, so let's double-check that too.
For reference (not that we have to do the same sort of thing), if you try to add a product to your cart that doesn't exist via the Checkout URL (eg: /checkout/example.com/aasdadas
) the shopping-cart endpoint returns an error which is then displayed for the user and checkout does not redirect anywhere.
When you visit a checkout URL you don't have access to (for example, if you are logged in as User A but the checkout URL came from a renewal email for User B's subscription) you get redirected to https://wordpress.com/me/purchases instead.
Interestingly, this is not totally accurate. If you visit /checkout/:site
or /checkout/:site/:product
for a site you do not own, you are redirected by the siteSelection middleware to the site picker (or the primary site if only one exists) which will then send you back to checkout.
To reproduce the reported issue of ending up on the purchases page, you have to specifically visit a renewal URL for a site you don't own, and that's because of the following events:
/checkout/:product/renew/:subscription/:site
./checkout/:product/renew/:subscription
(the same URL without the site).I think that both of these redirect flows could benefit from an error notice, but as they are quite different they'll need to be handled separately.
Working on the renewal flow in https://github.com/Automattic/wp-calypso/pull/75309
What
When you visit a checkout URL you don't have access to (for example, if you are logged in as User A but the checkout URL came from a renewal email for User B's subscription) you get redirected to https://wordpress.com/me/purchases instead.
I think the redirect makes sense, but we should also display a message on the screen in this case explaining e.g. that you don't have access to renew the subscription that you were trying to renew and that the reason is probably because it belongs to a different user account.
Why
This would inform users of why they can't actually renew the subscription they were trying to renew, rather than giving them no feedback (which can cause them to get confused and start trying to buy or renew something else on the wrong account).
Background: https://github.com/Automattic/wp-calypso/issues/74310
How
No response