Exposure of shopify employee summit page allows anonymous user to place orders for free books

## Summary: The online shop at https://book-bar.shopify.io/ appears to be for a shopify employee summit. On this site, with no promo code, any user can checkout books for free. I only did one in the PoC (Feel free to cancel that or tell me how to). It appeared that I was able to put as many books as was available in my cart to checkout. So an anonymous user could claim all the product. ## Steps To Reproduce: 1. Browse to https://book-bar.shopify.io/ 2. Select a book that is not sold out, and add it to your cart 3. Fill out shipping information, no payment info is needed, and confirm the checkout 4. You will see a "Thank you for your purchase" screen confirming your FREE selection. ## Supporting Material: Please see the attached video of me being able to add "Sapiens" to my cart, and checkout for free. (Also, feel free to cancel the transaction!) ## Video PoC ██████ ## Impact ## Summary: An anonymous user can claim all the books and free merchandise, and essentially empty out the entire shop and ship it for free.