ACSD-47920: a guest user can place orders via REST API even when Allow Guest Checkout is off
The ACSD-47920 patch fixes the issue where orders can be placed via REST API as a guest user even when the Allow Guest Checkout is turned off. This patch is available when the Quality Patches Tool (QPT) 1.1.24 is installed. The patch ID is ACSD-47920. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.6.
Affected products and versions
The patch is created for Adobe Commerce version:
- Adobe Commerce (all deployment methods) 2.4.3-p1
Compatible with Adobe Commerce versions:
- Adobe Commerce (all deployment methods) 2.4.0 - 2.4.5-p1
magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.Issue
Orders can be placed via Rest API as a guest user even when the Allow Guest Checkout is turned off.
Steps to reproduce:
- Go to Adobe Commerce Admin > Stores > Settings > Configuration > Sales > Sales > Checkout > Checkout Options > and set the Allow Guest Checkout to No.
- Use REST API to add a product to a cart and place an order.
Expected results:
Guest checkout API returns an error Sorry, guest checkout is not available if Allow Guest Checkout is set to No.
Actual results:
Guest checkout API allows an order to be placed even if Allow Guest Checkout is set to No.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
- Adobe Commerce or Magento Open Source on-premises: Quality Patches Tool > Usage in the Quality Patches Tool guide.
- Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in the Commerce on Cloud Infrastructure guide.
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches in our support knowledge base.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in our support knowledge base.
For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.