If updating\creating the billing\shipping profile via the endpoint provided at /jsonapi/checkout/${order.uuid} there is no check for the validity of the address.

The case we noticed is with the postal code: if some user has insert a combination of administrative_area and postal_code not validated in the backend, thus the relative order address is not actually updated.
The API however returns a 200 code, so there's no way in the front-end to know that actually the order is without an address!

Example of a payload which has a incorrect postal code: 

 {
  data: {
    type: "commerce_order--default",
    id: "ffa590d4-9e33-49ba-b9f5-dd82da5fda3e",
    attributes: {
      billing_information: {
        address_line1: "test",
        address_line2: "1",
        administrative_area: "MC",
        country_code: "IT",
        family_name: "name",
        given_name: "surname",
        locality: "Locality",
        organization: "organization",
        postal_code: "6201011", // not valid
      },
      shipping_information: {
        // …
      },
      data: {
        copy_to_address_book: true,
        address_book_profile_id: 91
      }
    },
    // ...
  }
}
CommentFileSizeAuthor
#9 3175106-9.patch13.2 KBjsacksick
#7 3175106-7.patch11.06 KBjsacksick
#6 3175106-6.patch11.07 KBjsacksick
#3 3175106-3.patch1.4 KBjsacksick

Comments

Giuseppe87 created an issue. See original summary.

giuseppe87’s picture

giuseppe87 commented
Version: 8.x-1.x-dev » 8.x-1.0-beta2
jsacksick’s picture

jsacksick commented
Status: Active » Needs review
StatusFileSize
new 3175106-3.patch1.4 KB

Indeed, that is because AddressDataDefinition doesn't implement the getConstraints() method (unlike AddressItem).

I had a closer look at the code, and I'm now wondering why we're not simply using the AddressItem here in OrderProfile... Attaching a patch doing that... That fixes validation. Some tests might fail though....

The weird part is that we have the following comment in our tests:

// This should throw an error on postal_code validation.
            'address' => [
              'country_code' => 'US',
              'administrative_area' => 'CA',
              'postal_code' => '11111',
            ],

But I don't think we're actually expecting that error in the test (since there's no validation happening anyway).

Let's see which tests are failing with the attached patch.

jsacksick’s picture

jsacksick commented

Also, we're partially updating addresses on a project I'm working on (for example, simply updating the postal code), and I'm now getting errors due to a missing first/last name.

So as soon as this is in, the field configuration must be updated to make certain fields optional otherwise this would start failing.

Status: Needs review » Needs work

The last submitted patch, 3: 3175106-3.patch, failed testing. View results

jsacksick’s picture

jsacksick commented
Status: Needs work » Needs review
StatusFileSize
new 3175106-6.patch11.07 KB

I fixed most of the tests failures (there will be one or two remaining I think), but also updated one of the tests to check for the error.

Let's see what failures are remaining.

jsacksick’s picture

jsacksick commented
StatusFileSize
new 3175106-7.patch11.06 KB

Status: Needs review » Needs work

The last submitted patch, 7: 3175106-7.patch, failed testing. View results

jsacksick’s picture

jsacksick commented
Status: Needs work » Needs review
StatusFileSize
new 3175106-9.patch13.2 KB
jsacksick’s picture

jsacksick commented

This was added to a project I'm working on, and partial address updates weren't allowed through the API anymore, this needs to be investigated.

dobe’s picture

dobe commented

@jsacksick I am trying to get the shipping address and billing address to update a profile I select using the api instead of creating new entries... How do I pass those parameters? Seems like everything I have tried just creates new entries.

Thank you!
-Jesse