Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymous donation was de-anonymised after another donation #19

Open
informaniac opened this issue Oct 11, 2022 · 1 comment
Open

Anonymous donation was de-anonymised after another donation #19

informaniac opened this issue Oct 11, 2022 · 1 comment

Comments

@informaniac
Copy link

At Hekathon offline 2022 I experienced the following bug when I made two donations. The first one was an anonymous donation with comment, the second one was a pseudonymised donation without comment from the same device (and probably the same browser tab, but I am not sure with that).

When the second donation did not show up that evening (I was later told by the tech crew that it happened due to it being flagged), I saw on the /donations page that my first donation was no longer anonymised, but listed with my alias from the second donation.

I am currently setting up a local dev environment to further investigate this issue so I may be able provide a better way to reproduce the bug.

For now it could be that

  • I did not choose to anonymise the first donation explicitly, but indirectly by selecting to use an existing alias and leaving the alias input blank (I cannot remember what I did choose but this sounds to me like it could enable this unexpected behaviour)
  • some issues with paypal (which also acted weird that evening) contributed to that bug. But this might be far-fetched.

In the original repository I found this similar sounding bug. Except this one seems to have the two donations in reverse order. As this repository is more than 600 commits behind the main branch in the original repo, I wanted to first reproduce the bug, then check whether it exists in the original repo, and - if applicable - move the issue there.
@informaniac
Copy link
Author

I think I found a possible reason for this, but I was not able to reproduce it in the dev environment, because when I donated via paypal sandbox the donation was still in the 'pending' transaction state and the Donor object was not created.

The issue most likely exists because the requested visibility when making a Donation is bound to the Donor, not the Donation itself. The following if statement from paypalutils.py will change a Donors visibility every donation when anything else than "use existing" (alias) was chosen.

if donation.requestedvisibility != 'CURR':
    donor.visibility = donation.requestedvisibility

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@informaniac