Woocommerce Email Restrictions Bug

there currently (and perhaps for some time now) seems to be a bug in Woocommerce’s coupon validation methods. Not only does their verification flow ONLY check against the coupon’s email restrictions when PLACING THE ORDER and not when adding the coupon, but a bug currently allows coupons that have an email restriction set to be added to the cart regardless of if the current user’s email is on that list or not.

I currently use your plugin to create coupons for my client’s customers and automatically apply them if there is any items in the cart. This implementation more or less creates an unique “account discount”, with the only restriction being that the coupon’s email restriction must match the current user’s email.

As you can see, this potential Woocommerce bug coupled with your plugin (albeit at the fault of Woocommerce and not your own) creates quite the situation in which every coupon in the database is added to every user’s cart the second they add any items.

Furthermore, when actually trying to place the order, Woocommerce will throw an error saying the coupon(s) don’t belong to the current user, which is good (except for the fact that this is horrible user experience). But then when placing the order after the errors are thrown, the coupons are then added again just before the order is successfully placed, again resulting in a stacked discount cart (very bad).

I have submitted a ticket to Woothemes in hopes that this issue can be resolved on their end once and for all, as this issue seems to date back at least a couple of years.

However, in light of my current implementation and my support of your plugin, I felt that I should contact you in hopes that in the mean time you might wish to remedy this issue directly in your plugin.

I actually dove into the plugin’s code and added a strict string comparison check (although hypothetically a simple ‘in_array()’ query should suffice) against the coupon’s email restriction list and the current user’s email. I did this both in your update_matched_autocoupons() and remove_unmatched_autocoupons() methods. I simply used a for loop to iterate and an if statement to compare and it seems to work as you would expect the Woocommerce implementation to.

$current_user = wp_get_current_user();
$user_name = $current_user->user_login;
$user_email = $current_user->user_email;

 // check if coupon code is same as username
 if ($user_name == $coupon->code) {

	 // if so, double check that user email matches email restriction of coupon
	// by looping through every email in the restricted array
	$restricted_emails = array_map( 'sanitize_email', $coupon->customer_email );

		foreach ($restricted_emails as $coupon_email) {
			// if user email is found in the array of restricted emails supplied by the coupon
		       // add the coupon to the cart and break out of both foreach's (since we only want
		      // one coupon applied to the cart.)
			if ($user_email == $coupon_email) {
				$woocommerce->cart->add_discount( $coupon_code );
				$this->overwrite_success_message( $coupon );

				 break 2;
			}
		}
 }

(ignore the username comparison to the coupon code. that is a use case specific check on my part because that is how I chose to create coupon codes since they will remain unique and it will be easier to track.)

However, Woocommerce still seems to add the successful coupon message but doesn’t display them to the user until the cart is cleared (but again, a Woocommerce issue).

Great plugin regardless of the Woocommerce bug though!

https://www.ads-software.com/plugins/woocommerce-auto-added-coupons/