[Bug]: The API endpoint "Update a Line Item in a Cart" allows you to add more items than are in stock. #10819
Comments
|
@Deroswent, thanks for the detailed report. This should be fixed in #10405. We will push to get this merged and included in the next release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package.json file
{ "name": "medusa-starter-default", "version": "0.0.1", "description": "A starter for Medusa projects.", "author": "Medusa (https://medusajs.com)", "license": "MIT", "keywords": [ "sqlite", "postgres", "typescript", "ecommerce", "headless", "medusa" ], "scripts": { "build": "medusa build", "seed": "medusa exec ./src/scripts/seed.ts", "start": "medusa start", "dev": "medusa develop", "test:integration:http": "TEST_TYPE=integration:http NODE_OPTIONS=--experimental-vm-modules jest --silent=false --runInBand --forceExit", "test:integration:modules": "TEST_TYPE=integration:modules NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit", "test:unit": "TEST_TYPE=unit NODE_OPTIONS=--experimental-vm-modules jest --silent --runInBand --forceExit" }, "dependencies": { "@medusajs/admin-sdk": "latest", "@medusajs/cli": "latest", "@medusajs/framework": "latest", "@medusajs/medusa": "latest", "@mikro-orm/core": "5.9.7", "@mikro-orm/knex": "5.9.7", "@mikro-orm/migrations": "5.9.7", "@mikro-orm/postgresql": "5.9.7", "1c_integration": "github:Deroswent/1c_integration", "awilix": "^8.0.1", "exceljs": "^4.4.0", "managers": "github:Deroswent/managers", "pg": "^8.13.0" }, "devDependencies": { "@medusajs/test-utils": "latest", "@mikro-orm/cli": "5.9.7", "@swc/core": "1.5.7", "@swc/jest": "^0.2.36", "@types/jest": "^29.5.13", "@types/node": "^20.0.0", "@types/react": "^18.3.2", "@types/react-dom": "^18.2.25", "jest": "^29.7.0", "prop-types": "^15.8.1", "react": "^18.2.0", "react-dom": "^18.2.0", "ts-node": "^10.9.2", "typescript": "^5.6.2", "vite": "^5.2.11" }, "engines": { "node": ">=20" } }Node.js version
v22.11.0
Database and its version
PostgreSQL 16.4
Operating system name and version
Ubuntu 24.04 LTS
Browser name
No response
What happended?
Using the API endpoint “Update a Line Item in a Cart” you can add exactly 1 more item than you have in stock.
How to reproduce the problem:
For either variant, enable Manage inventory = true and Allow backorders = false
For this variant create Inventory Item, add any Stock Location for this Inventory Item (if you don't have Stock Location - create it in the settings). And finally, set the quantity available in stock = 1 (this value can be any value of your choice). You should now have 1 variant available for sale. For example:
Add this variant to your cart in quantity of 1 piece, this will succeed as intended. Try to add 2 variants at once or add this variant to the same cart again - as expected, you will get an error. Because there is only 1 item available in stock for sale. Here everything works as expected.
Dev server console error:
This is a bug in the Medusa core.
Note: this bug only works with +1. You will only be able to add 1 more item than available in stock. Only +1, not 2, 5, 10.....
If you already have one more item in your cart than is available in stock - you will receive an error when you try to add more.
After you have added more items to the cart than available in stock - this Line Item in cart becomes "broken". You will not be able to reduce the quantity back to 1 using the same endpoint api.
Expected behavior
It is expected that you will not be able to increase the number of items in your cart beyond what is available in stock. You should get an error when trying to do this:
Actual behavior
You can increase the number of items in your shopping cart by one more than available stock. By 1 only!
This completely breaks the concept of Managed Inventory and you can sell more items than you have in stock (with Allow backorders = false).
Link to reproduction repo
https://github.com/medusajs/medusa
The text was updated successfully, but these errors were encountered: