Adding Check for Registered Users using existing Email of Guest Donor
complete
Ben Meredith
complete
This was fixed in version 2.21.2 of GiveWP.
Ravinder Kumar
ready for release
Ravinder Kumar
in progress
r
rik
I think it is really important to specify this further. This should NOT happen during the donation process. That would put an extra barrier for repeat donations by someone who was a guest donor before. The only place where this check should take place is upon accessing the Donor Dashboard, that is why we submitted this ticket. Here is the detailed background to this ticket:
[we only have email access enabled on our site, no Wordpress registrations and logins]. Currently, after making a donation with an email address that was previously used to make a guest donation on GiveWP, I can login to the Donor Dashboard for that email address, without requesting an email access token. (It even works when the donation is cancelled in the payment provider environment.) After this I can see all the previous donation made under this email address. This does not appear very privacy-safe: this means that anyone can take my email address, make a small new donation with it (or cancel in the payment environment), and then have access to all my previous donations.
So to summarise: automatic login to the Donor Dashboard after making a donation should be disabled. If people want to review their donation(s) after making a donation, they should just request email access on the Dashboard, just like anyone would do who has not just made a donation.