69.2. Checkout overriding same accounts

Checkout overriding

In the checkout process, if an unauthenticated user enters an email address that is already associated with an existing account and proceeds to redirect to the payment page, the order may inadvertently become linked to the account ID of the existing user instead of remaining associated with the unauthenticated user.

To address this issue, we will implement a condition to verify whether the entered email is already in use. If the email is associated with an existing account, the user will be prompted to log in directly, as it aligns better with the expected behavior for account-associated purchases.

We will update a segment of the finish_order view function, placing the new condition check directly above the if not error block. This ensures that the logic for verifying the email's association with an existing account is handled before proceeding further.

views.py/finish_order

if not request.user.is_authenticated :
            email = data.get("email")
            try :
                validate_email(email)
            except ValidationError :
                error = "email"
            
            clients = Client.objects.filter(email=email)
            if clients.exists() and clients[0].user != None:
                # If a client with the same email exists, return an error
                error = "email_in_use"

Additionally, we will update the checkout.html file to display an appropriate error message if the entered email is already associated with an existing account. This message will be shown alongside other error messages, ensuring the user is informed of the issue and guided to log in.

checkout.html

{% if error == "email" %}
<p class="checkout_erro">Fill in your email to continue.</p>
{% endif %}
                
{% if error == "email_in_use" %}
<p class="checkout_erro">Account with that email already exists. Log in or use another.</p>
{% endif %}