3
ctnqhk
259d

At old e-commerce job, some orders were coming through with most of the shipping info missing. The only info filled out was the State. When we looked at Heap, we could see the user was filling in those fields. There was both frontend and backend validation for required form data, so the user shouldn’t have been able to checkout without an address.

When I looked at the BE logic, I saw addresses were retrieved from our database by using a method called GetOrCreateDefaultAddress. When the website couldn’t find the address in the db, it created a new one where the only address field that was filled in was the state.

Unfortunately, this default address creation was happening after the submit button had been hit. There was no logic to validate the address this late in the checkout because the earlier form validation in the process should have caught this.

The orders did have email addresses, so customer service did have a way to contact the customer. I have no idea what happened to the user’s address. Was it never saved? Did it get caught up in a cron job to delete old users and addresses from the db??

Comments
  • 1
    I created a similar bug once. GetOrCreate is dangerous, especially when it comes to session management xD
  • 4
    I do hate combined functions, they never end well and you don't know if it created a record or it returned a record.

    This is where SOLID comes in handy 👀

    https://digitalocean.com/community/...
Add Comment