Adobe Summit is here.

Experience keynotes, Sneaks, sessions, and more — all on demand.

Watch now
DocumentationCommerceTools

ACSD-54472: Customers of a rejected company can still authenticate

Last update: November 7, 2024
  • Topics:
  • B2B

CREATED FOR:

  • Experienced
  • Admin
  • Developer

The ACSD-54472 patch fixes the issue where the customers of a rejected company can still authenticate, and customers of a blocked and rejected company can still place orders. This patch is available when the Quality Patches Tool (QPT) 1.1.40 is installed. The patch ID is ACSD-54472. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.7.

Affected products and versions

The patch is created for Adobe Commerce version:

  • Adobe Commerce (all deployment methods) 2.4.6

Compatible with Adobe Commerce versions:

  • Adobe Commerce (all deployment methods) 2.4.6 - 2.4.6-p3
NOTE
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

The customers of a rejected company can still authenticate, and customers of a blocked and rejected company can still place orders.

Steps to reproduce:

  1. Create a company.
  2. Add products to the cart via GraphQL.
  3. Change the company status to Blocked.
  4. Send a GraphQL request to place the order and to create a negotiable quote.
  5. Change the company status to Rejected.
  6. Send a GraphQL request to obtain the company’s user authorization token.
  7. Set customer status to Inactive.
  8. Send a GraphQL request to obtain the company’s user authorization token.

Expected results:

  • Order and negotiable quote is not placed by the user of the Blocked company.
  • Authorization token is not obtained for the user of the Rejected company.
  • Authorization token is not obtained for the Inactive customer.

Actual results:

  • Order and negotiable quote is placed by the user of the Blocked company.
  • Authorization token is obtained for the user of the Rejected company.
  • Authorization token is obtained for the Inactive customer.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

  • Adobe Commerce or Magento Open Source on-premises: Quality Patches Tool > Usage in the Quality Patches Tool guide.
  • Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in the Commerce on Cloud Infrastructure guide.

Related reading

To learn more about Quality Patches Tool, refer to:

  • Quality Patches Tool released: a new tool to self-serve quality patches in the support knowledge base.
  • Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in the Quality Patches Tool guide.

For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.

recommendation-more-help
c2d96e17-5179-455c-ad3a-e1697bb4e8c3