[CHK-2129] Properly handle the new CheckoutOrderFormOwnership cookie

[brunoabreu]

Jira Issue

What problem is this solving?

Handle the new CheckoutOrderFormOwnership cookie, forwarding when necessary. Just like https://github.com/vtex-apps/checkout-graphql/pull/183

How to test it?

It is linked in qastore workspace brunoh2.

Screenshots or example usage:

The cookie comes back in set-cookie when included in the API requests:

$ curl -v 'https://brunoh2--qastore.myvtex.com/_v/private/graphql/v1' \
  -H 'content-type: application/json' \
  -H 'cookie: checkout.vtex.com=__ofid=bec5432879934595babe0d4efe39beac; CheckoutOrderFormOwnership=2d048a247bdf461fb298bfff177ec665; vtex-commerce-env=beta' \
  --data-raw '{"operationName":"orderForm","variables":{},"extensions":{"persistedQuery":{"version":1,"sha256Hash":"1ecfbc15a63112ff28cf95d4789812438cf2e9a3a67fcf1dd4d89b6bdf78e39e","sender":"vtex.store-resources@0.x","provider":"vtex.store-graphql@2.x"}}}' \
  2>&1 | grep -Fi set-cookie:

< set-cookie: checkout.vtex.com=__ofid=bec5432879934595babe0d4efe39beac; path=/; expires=Tue, 25 Apr 2023 20:45:30 GMT; domain=brunoh2--qastore.myvtex.com; samesite=lax; secure; httponly
< set-cookie: CheckoutOrderFormOwnership=2d048a247bdf461fb298bfff177ec665; path=/; expires=Tue, 25 Apr 2023 20:45:30 GMT; domain=brunoh2--qastore.myvtex.com; samesite=strict; secure; httponly

The set-cookie is included when updating the clientProfileAttachment (which generates an ownerId):

$ curl -v 'https://brunoh2--qastore.myvtex.com/_v/private/graphql/v1' \
  -H 'content-type: application/json' \
  -H 'cookie: checkout.vtex.com=__ofid=bec5432879934595babe0d4efe39beac; vtex-commerce-env=beta' \
  --data-raw '{"query":"mutation {updateOrderFormProfile (fields: {email: \"newshopper_100@mailinator.com\"}) @context(provider: \"vtex.store-graphql@2.x\") { userProfileId }}"}' \
  2>&1 | grep -Fi set-cookie:

< set-cookie: CheckoutOrderFormOwnership=0f3f6f0e1ebf42f5870317e3202fb5a0; path=/; expires=Tue, 25 Apr 2023 20:50:06 GMT; domain=brunoh2--qastore.myvtex.com; samesite=strict; secure; httponly

PS: In this case the set-cookie will just appear the first time a "new" profile attachment is sent (new email). Example: call one time with "newshopper_100@mailinator.com" => receive set-cookie call another time with "newshopper_100@mailinator.com" => no set-cookie call another time with "newshopper_101@mailinator.com" => receive set-cookie

This behavior is not related to this PR, it is just how it was implemented in the Checkout API.

[vtex-io-ci-cd[bot]]

Hi! I'm VTEX IO CI/CD Bot and I'll be helping you to publish your app! 🤖

Please select which version do you want to release:

• [ ] Patch (backwards-compatible bug fixes)

• [x] Minor (backwards-compatible functionality)

• [ ] Major (incompatible API changes)

And then you just need to merge your PR when you are ready! There is no need to create a release commit/tag.

• [ ] No thanks, I would rather do it manually 😞

[vtex-io-docs-bot[bot]]

Beep boop :robot:

I noticed you didn't make any changes at the docs/ folder

• [x] There's nothing new to document :thinking:
• [ ] I'll do it later :disappointed:

In order to keep track, I'll create an issue if you decide now is not a good time

• [ ] I just updated :tada::tada:

[vtex-io-ci-cd[bot]]

Your PR has been merged! App is being published. :rocket: Version 2.157.1 → 2.158.0

After the publishing process has been completed (check #vtex-io-releases) and doing A/B tests with the new version, you can deploy your release by running:

vtex deploy vtex.store-graphql@2.158.0

After that your app will be updated on all accounts.

For more information on the deployment process check the docs. :book: