3.16.0.X Hotfixes

Backward compatibility for inApp starts

Starting from 3.16 onwards Purchase API must be for all the new starts. There are two endpoints /Purchases (to receive Standard, Comps, PaidPass, Gifts, etc for all Circs) and /Purchases/InApp (to receive InApp and SwG).

/Purchases/InApp is prepared to redirect to Subscriptions API or Pu

rchase API based on an MG2 Control setting. This works for consumer apps but it is going to be a problem for all the clients using InApp today since they were not notified they need to switch the endpoint. Since we want to have backward compatibility with our external InApp consumers, re-add the POST /Subscription endpoint with a condition that it can be used only for InApp new starts.

In the scope of this hotfix, we also fixed the issue with the Payway form not being loaded in the Edge browser in Account Management.

Areas Covered: API, Account Management

CircPro related fixes

This hotfix is dedicated to CircPro-related issues. The following issues are covered:

• wrong redelivery issue dropdown options when submitting a complaint in Account Management

• unit designator not being sent in CircPro for a new start

• scheduled vacation not being synced during overnight database sync

• new start with ApplePay or Google Pay passing zero amount to circ

• displaying negative balance in Account Management while it's actually positive

Areas Covered: Account Management, API

Auth0 issue fix

For Auth0 we had a problem with ProcessLogin failing because the Auth Endpoint was using the User ID instead of Internal_id for Advance Tennant. The issue was fixed in scope of this hotfix. Now for Advance Auth endpoint uses Internal_id.

Areas Covered: API

Digital payments issues: ApplePay with Payway, GooglePay

Some ApplePay starts with Payway were failing due to ApplePay Payload not having the ECI Indicator. The issue was fixed in scope of the current hotfix, new MG2Control's Setting (API Setting) was added:

• Key -> Edgil.SecureElectronicCommerceTransactionECI

• NULL NULL NULL Value -> 5

The changes had to be merged to several branches as several clients in production were affected. Please see the list of the branches below:

PurchaseAPI: 3.15.0.5, 3.15.1.6, 3.15.2.3, 3.15.3.1, 3.16.0.5

EdgilPaywayAPI: 3.15.0.2, 3.15.1.2, 3.15.2.2, 3.15.3.1, 3.16.0.5

Also included minor fixes for GooglePay:

• The old GooglePay watermark image is now replaced with the new watermark in the checkout flow

• Fixed the error of GooglePay icon still being visible in checkout flow even if unchecked in Solicitor Concierge

Areas Covered: API, Subscription Panel

Database focused

This fix contains the scripts that populate CancellationTypes and NewspaperCancellationTypes in subsvc database as part of the dacpack. These scripts are required for the cancellation options for Account Management to work correctly

The fix also includes some optimisation of the subsvc database used by One CSR Portal:

• ApiGetUserEmailPreference and ApiUpdateRegistration stored procedure optimised.

• The new index in the Registration table is created; EmailAddressId column is included in the existing index of the EmailAddress table.

Seamless flow with Independent Address fix

Previously, a bug was introduced that caused the user to have to click twice instead of a single click to purchase the subscription after entering billing details when the seamless presentation was configured with the Independent Address component. The issue was fixed in the scope of this hotfix.

Areas covered: Subscription Panel, CMS Admin

Braintree SDK update

Braintree is sunsetting their API on python platform. Hence, as per Braintree's recommendation, the backend Braintree SDK has been updated to version 4.18.1.

Areas covered: API

Logging out when switching between .com and Self-Service

Due to the cross-site validation, Auth0 was deleting the cookie when visiting Self-Service after .com and vice versa. This was fixed by ensuring that the cookie is deleted only when the user actually clicks the Logout button.

Areas covered: Self-Service

PayPal via Braintree Renewals fix

Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EZPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from the payment vendor to the circulation system.

Areas covered: Self-Service

Logout and access issues related with 3rd party cookies

The following issues were fixed:

• Not being able to access downgrade page or logout when 3rd party cookies are blocked

• Not being able to logout when 3rd party cookies are blocked

• Logout after browsing to Newsletter page

Auth0's Integration was fixed and defensive code was added to APP_INITIALIZER flow. Inconsistent logic from auth0.service.ts was removed

Areas covered: Self-Service

Subscription Panel now recognizes existing users even after logout

When a subscribed user logs out from the Subscription panel and then tries to buy a new Subscription with his existing account, the user was not recognized as an existing user by SP. This was because the Customer Registration ID of the user was not available and hence the user was treated as a new user.

To overcome this issue, it is ensured that even if the user logs out, the system will make sure to fetch the Customer Registration ID that recognizes the user.

SP - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third-party authentication system (e.g., a user on newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

The Hotfix 3.16.0.13 documentation was updated on June 12th, 2023.

Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.