3.16.1.X Hotfixes

Bug fixes & general enhancements

Removal of unnecessary special characters (NCS Circ specific)

Whenever a subscription/subscriber related API call is made to NCS Circ, the special characters from the following parameters will be discarded before submitting the request with an exception mentioned against each:

• First Name: ' - & / .

• Last Name: ' - & / .

• Cardholder Name: ' - & / # .

• House number: / -

• Unit number: No Special Chars

• Email: @. + - _ ,

Email update not working - bug fix (NCS specific)

Transfer Links endpoint was enhanced to update the email both in Subscribe database and in NCS Circ

Activate Page button redirecting to the Sign Up tab

When a user clicks the Login/Register (or any text defined in CMS) button at the Activate page, they are now redirected to the Sign Up tab instead of the Login tab

Activate page logic reworked to recognise Publication Code/ Site Code

The logic for the Activate page has been reworked to redirect users referring to the publication code: the Site Code in URL is changed in accordance with the subscription selected. To set this up please go to Support Viewer → APISetting, then updated the Site codes for the SubCon.AllowedPaperCodesByClient API setting

Subscription Search via Phone number optimization in One CSR Portal

Subscription search via Phone number in One CSR Portal logic was optimised by adding appropriate Indexes in the database table so that it is now able to handle large datasets of up to 7.5M records

Authpanel Buttons visibility control via SS Config

The visibility control for AuthPanel buttons SignIn, Register, Custom has been reworked. It can now be managed individually for these buttons via SS Config (HideSigInBox, HideRegisterBox, HideCustomBox, respectively). However, the other properties, like text can be managed from CMS

Areas covered

One CSR Portal, Self-Service, Database

Auth0 / SSOR related fixes

Social Media Login/SignUp Options in Subscription Panel

Fix the login/signup via social media option in Subscription Panel.

The following properties configuration is required in CMS: Subscription Panel --> Presentations --> Page V3 Landing Page --> Step V3 User Information --> User Information --> Switch on 'Google show: ', Facebook show:' and 'Apple show:' properties

User Creation via Subscription Panel Auth0

The realm Auth0 integration is now configurable via Subscription Panel configuration file to be able to work with SSOR.

To configure the flow to work with SSOR please go to Config --> Systems --> Auth0 within SP and set the 'realm' key value to 'AutomaticMigrationSSOR’. The default 'realm' key value is 'Username-Password-Authentication'.

Login failure for subscribers with multiple subscriptions

To prevent potential login failures with subscribers with multiple subscriptions caused by SSOR / Auth0 migration the User Provider configuration setting was created in MG2Control must be set appropriately (e.g. SSOR, Firefly, Gigya, Auth0, etc.)

Logged-in state not carrying over to MyAccount

Logged-in user state not carrying over to MyAccount was fixed by modifying the session recovery logic in SSOR.

VWO script changes

For a certain client the hardcoded VWO smartcode on the checkout pages was outdated. This script has been updated with the details shared by the client.

Delayed Login in Self-Service for Publications using SSOR Authentication

Added on October 16th, 2023.

The issue of publications using SSOR authentication taking too long to load SubCon Sites has been resolved. This delay was primarily because of an additional API call triggered by an internal cookie with an empty value. With the issue resolved, it is now possible to log in to the My Account pages of publications using SSOR authentication without any delays.

Areas covered

Self-Service, Subscription Panel

Braintree SDK update

Braintree is sunsetting their API on python platform. Hence, as per Braintree's recommendation, the backend Braintree SDK has been updated to version 4.18.1.

Areas covered: API

Self-Service logging in/out issues

Logging out when switching between .com and Self-Service

Due to the cross-site validation, Auth0 was deleting the cookie when visiting Self-Service after .com and vice versa. This was fixed by ensuring that the cookie is deleted only when the user actually clicks the Logout button.

Areas covered: Self-Service

Users getting logged out from the main news site after visiting their My Account page

The issue of registered users getting logged out from the main news site after visiting their My Account page and the issue of users getting logged out from the My Account page after visiting the main news site have been resolved now.

Stalling of the My Account First Page

For clients using SSOR authentication, the issue of a logged-in user experiencing a prolonged loading time and the failure to open the dashboard or verified account page on the My Account page has been resolved, and the user can now access the page without the need for a refresh.

Self-Service - Users on vacation unable to raise complaints while on vacation

For NCS Clients, the issue of a user on vacation who has paused his subscription with a specific restart date not being able to raise a complaint has been resolved.

Solicitor Concierge issues

Error message while updating Google Pay payment option

When attempting to update the payment method using the Google Pay option and saving the offer group, the system was throwing an error message stating “Subscribe with Google SKU codes can be specified only if Subscribe with Google Payment Method selected" for clients on version 3.16.1.X. This issue has been resolved now.

Timeout error when selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

CMS - Getting error message (Error400:) while selecting Offer available under Presentation Properties V3

The error message "Error400:" that was displayed while selecting DefaultOfferGroupId from the 'Available Offer Groups' in the CMS module's Presentation Properties V3 due to the presence of an excessive number of offers on SolCon has now been resolved.

Subscription Panel - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third-party authentication system (e.g., a user on a newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

Subscription Panel - Confirmation page Login button not working for known users

Changes have been made to the Subscription Panel confirmation page such that:

• When creating a subscription for a new user, the user will be directed to the website after the subscription has been successfully purchased.

• Once an existing user's subscription has been successfully purchased, they must authenticate with Auth0 before being taken to the website.

Configuration Notes:

• Auth0 should be set up for the user.

• In config.System "AuthCookieDomain" key is mandatory.

Subscription Panel - Special characters related issues

Allow Special Characters in Presentation Fields

• Below Special Characters are now allowed in the fields listed below in the Subscription Panel. Users can now enter:

  1. ' , - & / . in the First and Last name fields.

  2. All special characters are allowed in the Email field.

  3. ' - & / # . in the Card Holder Name field.

  4. # - . / \ in the Address Line 1 field.

  5. . - # in the Address Line 2 field.

• When purchasing a subscription, CreateSubscriber failed with the error message “Child Event: CREATESUBSCRIBER failed. Error: FirstName field contained invalid characters that were removed. (19) LastName field contained invalid characters that were removed. (19)" when special character “," was used in the cardholder's name field (First Name and Last Name) on the payment page. This issue has now been resolved. The issue has occurred since the comma (,) was not one of the earlier permitted special characters ('- & /.) for the name fields. The name fields now allow the usage of special characters: (' , - & / .).

• When creating a subscription, AddSubscription failed with the error message "The entered payment information was not accepted" when special characters (&/.,') were used in the Cardholder's name field (First Name and Last Name) on the payment page when using Cybersource gateway. This issue has now been resolved.

PayPal via Braintree Renewals fix

Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EZPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from the payment vendor to the circulation system.

Areas covered: Self-Service

Auth0 Client-Specific Custom Configuration for Social Login

Client specific custom configuration for social login has been added to the Subscription Panel config files so that subscribers can authenticate through Auth0 to the client's site using their social media login connections (Facebook, Google, and Apple) based on the respective client's custom configurations. Clients that have not opted for this method of authentication will be able to utilize the default method for subscribers to login to their sites.

Areas covered: Subscription Panel

CMS - Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

The Hotfix 3.16.1.7 documentation was updated on June 12th, 2023.

Subscription Panel - Error loading the offer group page

The error “Sorry, the page you requested was not found. See current offers.“ that was displayed when using the input parameter "ofrgp_id" to purchase a subscription in the Subscription Panel has now been resolved. There was an issue with the SolCon GetOffers logic, which has been reworked.

Solicitor Concierge - Unable to add Division to a published offer

The user was not able to add a Division to a published offer in SolCon. An error message was displayed during this update. This issue has been resolved.

API - Complaints

Previously, in SubCon Site (Self-Service), the GET /Complaints/{subscriptionId}/Problems endpoint was failing because the complaint problem codes retrieved from CircPro were not available in Subsvc, which resulted in an error. This issue has now been resolved.

One CSR Portal - Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Areas Covered

One CSR Portal

Self-Service - Invalid Logout call on some flows and 500 error by Update user endpoint

The issue of an increased number of 500 and 404 errors found on clients' servers has been successfully resolved. This was an Authentication system-specific issue. For SSOR clients, even if the user was logged out while navigating to the SubCon site, the logout call was triggered and returned a 500 error. For MG2 Auth clients, the wrong credentials during login were triggering the logout action. After the fix, for SSOR clients, the logout call will be executed with a status 200 and for MG2 Auth clients, there will not be any logout call while entering the bad login credentials.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing application for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.