Bug #138
403 Forbidden when accessing invoice for sibling account
| Status: | New | Start: | 2016-05-05 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
It is possible to pay an invoice for a "sibling" account without that being the active account, but when you finish payment and click the invoice number you are taken to a 403 Forbidden error page.
Steps to reproduce:
1. Sign in with "Account A"
2. In your email, follow the link to https://panel.bitfolk.com/account/invoices/pay/{invoiceId} for "Account B" (a sibling account of "Account A")
3. Pay the invoice with Stripe
4. Click on the invoice link to https://panel.bitfolk.com/account/invoices/get/{invoiceId} after successful payment
5. Observe a 403 Forbidden error
6. Go back to the panel index and switch to "Account B"
7. Observe the URL in step 4 now works