Interface GuestCartProtectionService
- All Known Implementing Classes:
DefaultGuestCartProtectionService
public interface GuestCartProtectionService
Interface for a service that is used for protecting customer information within guest carts.
Customer information generally includes details such as email address, name, addresses, or
payment tokens.
- Author:
- Nick Crum (ncrum)
-
Method Summary
Modifier and TypeMethodDescriptioncom.broadleafcommerce.cart.client.domain.Cart
clearCustomerInformation
(com.broadleafcommerce.cart.client.domain.Cart cart) Deprecated.com.broadleafcommerce.cart.client.domain.Cart
clearCustomerInformation
(com.broadleafcommerce.cart.client.domain.Cart cart, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) If theCart
contains payment data, then this method should clone the original cart & remove any sensitive customer data.com.broadleafcommerce.cart.client.domain.GuestToken
createGuestToken
(String cartId, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) Creates a new guest token for the cart with the provided ID.com.broadleafcommerce.cart.client.domain.GuestToken
validateGuestToken
(String cartId, String guestToken, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) Validates the provided guest token string for the given cart ID.
-
Method Details
-
clearCustomerInformation
com.broadleafcommerce.cart.client.domain.Cart clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) If theCart
contains payment data, then this method should clone the original cart & remove any sensitive customer data. Otherwise, this method will remove any sensitive customer data and return the existing cart. Due to this method's archival/sanitization of related entities like cart payments, this method should also handle updating the cart status fromDefaultCartStatuses.AWAITING_PAYMENT_FINALIZATION
toDefaultCartStatuses.IN_PROCESS
. The clearing of guest customer PII signals that payment finalization is no longer available, & the previously validated cart can no longer be deemed "ready for checkout" until it once again passes the validation contained within the checkout workflow.- Parameters:
cart
- the cart to clearcontextInfo
- the context info- Returns:
- Either the original cart or a cloned cart that has been cleansed of customer data.
-
clearCustomerInformation
@Deprecated com.broadleafcommerce.cart.client.domain.Cart clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart) Deprecated.in favor orclearCustomerInformation(Cart, ContextInfo)
which also archives/sanitizes the cart's related entities like payments to avoid PII exposure.Clears customer information from the provided cart. This is typically used to filter out personal information from a guest cart when a guest token is not present, or when generating a new guest token.Note, this method will not persist any changes to the cart. Instead,
CartOperationService.updateCart(Cart, boolean, boolean, boolean, ContextInfo)
should be used to save the cart if the changes are meant to be permanent.- Parameters:
cart
- the cart to clear
-
createGuestToken
com.broadleafcommerce.cart.client.domain.GuestToken createGuestToken(String cartId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) Creates a new guest token for the cart with the provided ID. This typically creates or replaces a token within a token store for the given cart ID, and returns the resulting token details.- Parameters:
cartId
- the cart IDcontextInfo
- the context info- Returns:
- the token details
-
validateGuestToken
com.broadleafcommerce.cart.client.domain.GuestToken validateGuestToken(String cartId, String guestToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo) Validates the provided guest token string for the given cart ID. This typically retrieves a the token details from a token store using the cart ID, and verifies they match up with the provided token string. If verified, this will return the token details. If not verified, this will throw aGuestTokenValidationException
indicating the token failed to validate.- Parameters:
cartId
- the cart IDguestToken
- the guest token stringcontextInfo
- the context info- Returns:
- the verified token details
- Throws:
GuestTokenValidationException
- if the token failed to validateGuestTokenExpirationException
- if the token is expired
-
clearCustomerInformation(Cart, ContextInfo)
which also archives/sanitizes the cart's related entities like payments to avoid PII exposure.