search

johnbillion / user-switching

WordPress plugin that provides instant switching between user accounts.
https://wordpress.org/plugins/user-switching/
GNU General Public License v2.0
187 stars 49 forks source link

Possible issue with subscription renewals and switched user #117

Closed tflight closed 2 months ago

tflight commented 2 months ago

I recently came across an issue I haven't fully been able to troubleshoot. I have a site running WooCommerce and the WooCommerce Subscriptions plugin. As you likely know, the subscription renewals are triggered by the Action Scheduler plugin.

I have a filter running on woocommerce_new_order_note_data that looks to see if the current user is a switched user by checking current_user_switched() and if so, I'm appending information to the order notes to indicate the action was triggered by a switched user.

Recently I had a subscription fail because the saved card token for the customer from the payment processor wasn't found. This was the first time I've had that error. What was interesting is that this issue was triggered during the time that a user was switched, so I'm wondering if that is why the token lookup for the user failed.

Let's say I have an admin, Jane. And I have two customers, Bill and Steve. Bill has a subscription, Steve does not. Action Scheduler will trigger a subscription renewal for Bill and a new order will be created. Since no user switching has taken place, the order goes through fine.

But I have a subscription renewal order for Bill, that in the order notes (see woocommerce_new_order_note_data above) says it was done while Jane (admin) was switched to user Steve (who otherwise should have nothing to do with this order.)

Since Jane switched to user Steve just before Bill's renewal was scheduled to happen so it looks like Bill's renewal order was attempted to be placed by Steve. It fails not being able to find Bill's subscription token as the user is Steve.

I have wp-cron.php triggered from my server's cron, but I know /wp-admin/admin-ajax.php?action=as_async_request_queue_runner also can trigger Action Scheduler tasks.

So when Jane (admin) switched to Steve (regular customer) could this have called as_async_request_queue_runner which then tried to renew Bill's subscription as Steve instead of from wp-cron.php as essentially "nobody"?

I'm happy to try to elaborate if this isn't clear.

johnbillion commented 2 months ago

I don't think I can really help you with this as it doesn't fundamentally sound like an issue with User Switching. If you were to manually log in to one of the affected accounts (rather than switching) you would likely see the same issue.

I recommend that you add some additional debugging data to the meta data that gets saved to a subscription and/or its renewal, for example the current request URL, whether it's an ajax request or a cron event, the logged in user ID, etc, to assist you with identifying when a problem happens.

Best of luck!

tflight commented 2 months ago

Thanks, @johnbillion! I appreciate the suggestions. I'll try to debug this in another environment and if I find something relevant I'll let you know. Otherwise I've taken this as an opportunity to ditch as_async_request_queue_runner altogether and initiate all WP-Cron and Action Scheduler tasks via the server's cron and WP-CLI.