3.16.2.X Hotfixes

SubCon Site (Self-Service) - Incorrect Tip Payment processing in CircPro

For CircPro clients, when a signed in subscriber selects an offer and do the bill payment, the tip amount entered in the corresponding field was getting added twice to the subscription amount resulting in a high cost of subscription. This issue has been fixed now.

Subscription Panel - Added client-specific GTM script in layout pug

The client specific GoogleTagManager (GTM) script has been included in the Subscription Panel configuration.

Subscription Panel - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third party authentication system (e.g., a user on newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

API - Seamless flow failure

Within the Seamless presentation flow of Subscription Panel, there was an issue while completing the purchase flow that did not let the user purchase a subscription. The issue has been identified and fixed now.

API - Resend Invite button error

The issue of users getting error messages while clicking on the Resend Invite button under Pending Invites has been resolved.

Activation of users from One CSR Portal

A CSR can now create and directly activate users from the One CSR Portal. When a CSR activates an invited user, a registration will be created for the user with a system-generated password. Additionally, it is possible to notify the newly created user of their username and password via email.

If the CSR attempts to activate a user who already exists in the Subscribe database (typically a registered user with a different subscription), the system will deny the activation and display a notification message.

Lite Subscriptions - Saving of Unstandardized Addresses

From this release, it is possible for the CSR to re-attempt and save the address in Lite Accounts even if the Melissa standardization of the entered address fails. The application will provide an option to update the unstandardized address only with the user’s consent. The user can consent in a pop-up asking “The address standardization failed. Do you want to retry and save the best available match?”. If the user confirms with a ‘Yes’, then the unstandardized address will be accepted and the success message “Address has been standardized to the best available match & updated“ will be displayed.

Note: The details are updated based on the address returned by Melissa. Hence if a CSR enters a partially incorrect address that Melissa would consider as Standardization failure but would also return a best available match, in this case, the best available match gets updated which could be partially different than what CSR had originally entered.

The UpdateSubscriptionAddress endpoint (PUT /Subscriptions/{subscriptionId}/Address) has now been updated so that address standardization is performed at every call irrespective of the value of the ValidAddress element. If standardization fails and the ValidAddress element value is true, the API will return an error.

Captcha added to Newsletter Unsubscribe Links

reCAPTCHA V2 has now been implemented on requested client sites, ensuring that when a user goes to the site's Newsletter Unsubscribe Links and clicks on any of the unsubscribe options (either "Unsubscribe from this newsletter" or "Unsubscribe from all newsletters"), they must pass captcha verification to complete the unsubscribe request.

One CSR Portal - Company name search results available on partial search

The GET /Subscriptions endpoint has been updated so that when a client searches for a subscription based on a partial name of the company, all records containing the keyword are returned if the keyword is present in the CompanyName column.

One CSR Portal - Partial search on User Search Screen by checking keywords with Contains logic

The GET /User endpoint has been updated such that the logic for searching for a user is now based on "Contains" rather than "Starts with". Searching for a user with a partial name under the FirstName, LastName, and Login Name fields will now return all records containing the keyword if the keyword is present in the relevant columns.

One CSR Portal - Description correction of the Pending invites grid

The grammatical error in the description of Pending invites grid has been corrected. The word being has been removed from the description of the Pending invites to make it accurate. Now the description for Pending invites grid is read as “These people have not accepted your invite”.

Solicitor Concierge - Timeout error when selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

CMS - Getting error message (Error400:) while selecting an Offer available under Presentation Properties V3

The error message "Error400:" that is displayed while selecting DefaultOfferGroupId from the 'Available Offer Groups' in the CMS module's Presentation Properties V3 due to the presence of an excessive number of offers on SolCon has now been resolved.

Subscription Panel - Confirmation page Login button not working for known users

Changes have been made to the Subscription Panel confirmation page such that:

• When creating a subscription for a new user, the user will be directed to the website after the subscription has been successfully purchased.

• Once an existing user's subscription has been successfully purchased, they must authenticate with Auth0 before being taken to the website.

• These changes do not impact clients using SSOR authentication.

Configuration Notes:

• Auth0 should be set up for the user.

• In config.System "AuthCookieDomain" key is mandatory.

Subscription Panel - Special characters related issues

Allow Special Characters in Presentation Fields

Users can now enter:

1. ' , - & / . in the First and Last name fields.

2. All special characters are allowed in the Email field.

3. ' - & / # . in the Card Holder Name field.

4. # - . / \ in the Address Line 1 field.

5. . - # in the Address Line 2 field.

• When purchasing a subscription, CreateSubscriber failed with the error message “Child Event: CREATESUBSCRIBER failed. Error: FirstName field contained invalid characters that were removed. (19) LastName field contained invalid characters that were removed. (19)" when special character “," was used in the cardholder's name field (First Name and Last Name) on the payment page. This issue has now been resolved. The issue has occurred since the comma (,) was not one of the earlier permitted special characters ('- & /.) for the name fields. The name fields now allow the usage of special characters: (' , - & / .).

• When creating a subscription, AddSubscription failed with the error message "The entered payment information was not accepted" when special characters (&/.,') were used in the Cardholder's name field (First Name and Last Name) on the payment page when using Cybersource gateway. This issue has now been resolved.

Self-Service - Users on vacation unable to raise complaints

For NCS Clients, the issue of the user on vacation, who has paused his subscription with a specific restart date, not being able to raise a complaint, has been resolved now.

Note: Please ensure that the Business Rule within the NCS application is set to allow a user to submit a complaint while on vacation.

Self-Service - Stalling of the My Account First Page

For clients using SSOR authentication, the issue of a logged-in user experiencing a prolonged loading time and the failure to open the dashboard or verified account page on the My Account page has been resolved, and the user can now access the page without the need for a refresh.

SolCon - Timeout error while selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

Auth0 Client-Specific Custom Configuration for Social Login

Client specific custom configuration for social login has been added to the Subscription Panel config files so that subscribers can authenticate through Auth0 to the client's site using their social media login connections (Facebook, Google, and Apple) based on the respective client's custom configurations. Clients that have not opted for this method of authentication will be able to utilize the default method for subscribers to login to their sites.

Areas covered: Subscription Panel

Subscription Panel - Error loading the offer group page

The error “Sorry, the page you requested was not found. See current offers.“ that was displayed when using the input parameter "ofrgp_id" to purchase a subscription in the Subscription Panel has now been resolved. There was an issue with the SolCon GetOffers logic, which has been reworked.

Solicitor Concierge - Unable to add Division to a published offer

The user was not able to add a Division to a published offer in SolCon. An error message was displayed during this update. This issue has been resolved.

API - Complaints

Previously, in SubCon Site (Self-Service), the GET /Complaints/{subscriptionId}/Problems endpoint was failing because the complaint problem codes retrieved from CircPro were not available in Subsvc, which resulted in an error. This issue has now been resolved.

One CSR Portal - Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Self-Service - Invalid Logout call on some flows and 500 error by Update user endpoint

The issue of an increased number of 500 and 404 errors found on clients' servers has been successfully resolved. This was an Authentication system-specific issue. For SSOR clients, even if the user was logged out while navigating to the SubCon site, the logout call was triggered and returned a 500 error. For MG2 Auth clients, the wrong login credentials triggered the logout action. After the fix, for SSOR clients, the logout call will be executed with a status 200 and for MG2 Auth clients, there will not be any logout call while entering the bad login credentials.

Self-Service - Delayed Login for Publications using SSOR Authentication

The issue of publications using SSOR authentication taking too long to load SubCon Sites has been resolved. This delay was primarily because of an additional API call triggered by an internal cookie with an empty value. With the issue resolved, it is now possible to log in to the My Account pages of publications using SSOR authentication without any delays.

API - Failure of Newstart due to Invalid Email Characters

In the Self-Service Portal, when creating a start with an email address that included the special character "+" (e.g., user+1@domain.com), the new start failed to create with the error message "Child Event: ADDSUBSCRIPTION failed. Error: EbillEmail field contained invalid characters that were removed." Since the special characters in the Query String Parameter had been removed, the FindAddressOccupant method failed to find the occupants with the specified email address and returned the error "No occupant record found."

The special character ‘+’ has now been encoded in the Query String Parameter when communicating between EventsAPI and CircAPI in the FindAddressOccupant method, so that when entering an email address with the special character "+," new starts will now be created and errors will no longer be displayed.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users can purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information. Since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

Areas Covered

API, Self-Service, Subscription Panel, One CSR Portal

Attention: Enhancement

Self-Service - Auth0 changes to bypass Intelligent Tracking Prevention on Safari

Recent versions of the Safari browser introduced a new feature called Intelligent Tracking Prevention (ITP). ITP is designed to prevent websites from tracking user activity across multiple websites. By default, ITP is active or enabled on the Safari browser. These advancements in user privacy controls of browser adversely impact the user experience by preventing access to third-party cookies. Following this update, the Mac users on Safari browser were experiencing issues while logging into the self-service portal. Auth0 integration was not working on Safari browsers when Intelligent Tracking Prevention was enabled.

To overcome this issue, starting from this release, the Self-Service portal has successfully upgraded the Auth0 SDK from 1.8.0 to 2.1.3. Changes have been made in SS to accommodate Auth0 2.1.3 SDK.

After the enhancement users now have a smooth login process ensuring a better user experience even if the Intelligent Tracking Prevention is enabled on their Safari browsers of Mac systems.

Bug Fixes

API - ApplePay Integration Error

The issue with the Cybersource gateway rejecting payment authorization attempts due to ApplePay integration not sending CountryCode to CyberSource has now been resolved.

SP - User unable to redeem Coupon Codes

The issues with redeeming Coupon Codes (One-time and Multi-use) in the Subscription Panel have now been resolved.

Self-Service - Unable to maintain login state from .com to MyAccount when redirected

Post client upgrade to version 3.16.2.4, the logged-in user from .com site was unable to navigate to the Myaccount page in Self-Service portal in the logged-in state. The user could only login at the self-service portal when the value of cookies/cache was cleared. This critical issue has been resolved now.

Self-Service - Myaccount shows data of logged out user

When a logged-in user navigated to the Myaccount page in the Self-Service portal, they were unable to see their own account information. Instead, the Myaccount page displayed information from the previous logged-out user. This issue has been resolved now.

SolCon - Terms & Conditions exceptions not working

The Terms & Conditions content added under Exceptions (SolCon > Offer Group > Terms & Conditions > Exception) for publications was not displayed correctly wherever the offer was displayed through consumer applications (Subscription Panel and SubCon Site). Instead of the Exception Terms & Conditions content, the original Terms & Conditions content appeared on the checkout page. This issue has been resolved now.

Application Covered:

API, Subscription Panel, Self-Service, SolCon

Attention: Enhancement

SS - Support tab selection on both Auth0 ULP Classic and New

The Identity provider Auth0 has introduced a new Universal login experience for its clients. Starting from this version, Subscribe clients will have access to this new Universal login experience through the Self-Service portal. However, there will be no visual changes for the user.

Application Covered:

SubCon Site

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing application for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.