diff --git a/spec/controllers/spree/orders_controller_spec.rb b/spec/controllers/spree/orders_controller_spec.rb
index 58957ede34..43b26a17b7 100644
--- a/spec/controllers/spree/orders_controller_spec.rb
+++ b/spec/controllers/spree/orders_controller_spec.rb
@@ -5,6 +5,71 @@ describe Spree::OrdersController, type: :controller do
   let(:order) { create(:order) }
   let(:order_cycle) { create(:simple_order_cycle) }
 
+  describe "viewing an order" do
+    let(:customer) { create(:customer) }
+    let(:order) { create(:order_with_credit_payment, customer: customer, distributor: customer.enterprise) }
+
+    before do
+      allow(controller).to receive(:spree_current_user) { current_user }
+    end
+
+    context "after checking out as an anonymous guest" do
+      let(:customer) { create(:customer, user: nil) }
+      let(:current_user) { nil }
+
+      it "loads page" do
+        spree_get :show, id: order.number, token: order.token
+        expect(response).to be_success
+      end
+
+      it "stores order token in session as 'access_token'" do
+        spree_get :show, id: order.number, token: order.token
+        expect(session[:access_token]).to eq(order.token)
+      end
+    end
+
+    context "when returning to order page after checking out as an anonymous guest" do
+      let(:customer) { create(:customer, user: nil) }
+      let(:current_user) { nil }
+
+      before do
+        session[:access_token] = order.token
+      end
+
+      it "loads page" do
+        spree_get :show, id: order.number
+        expect(response).to be_success
+      end
+    end
+
+    context "when logged in as the customer" do
+      let(:current_user) { order.user }
+
+      it "loads page" do
+        spree_get :show, id: order.number
+        expect(response).to be_success
+      end
+    end
+
+    context "when logged in as another customer" do
+      let(:current_user) { create(:user) }
+
+      it "redirects to unauthorized" do
+        spree_get :show, id: order.number
+        expect(response.status).to eq(401)
+      end
+    end
+
+    context "when neither checked out as an anonymous guest nor logged in" do
+      let(:current_user) { nil }
+
+      it "redirects to unauthorized" do
+        spree_get :show, id: order.number
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
   describe "viewing cart" do
     it "redirects home when no distributor is selected" do
       spree_get :edit
diff --git a/spec/features/consumer/shopping/orders_spec.rb b/spec/features/consumer/shopping/orders_spec.rb
index ada9ba8020..f4b78ff752 100644
--- a/spec/features/consumer/shopping/orders_spec.rb
+++ b/spec/features/consumer/shopping/orders_spec.rb
@@ -3,6 +3,79 @@ require 'spec_helper'
 feature "Order Management", js: true do
   include AuthenticationWorkflow
 
+  describe "viewing a completed order" do
+    let!(:distributor) { create(:distributor_enterprise) }
+    let!(:customer) { create(:customer, user: user, enterprise: distributor) }
+    let!(:order_cycle) { create(:simple_order_cycle, distributors: [distributor]) }
+
+    let!(:bill_address) { create(:address) }
+    let!(:ship_address) { create(:address) }
+    let!(:shipping_method) { create(:free_shipping_method, distributors: [distributor]) }
+
+    let!(:order) do
+      create(:order_with_credit_payment,
+        customer: customer,
+        user: user,
+        distributor: distributor,
+        order_cycle: order_cycle
+      )
+    end
+
+    before do
+      # For some reason, both bill_address and ship_address are not set
+      # automatically.
+      #
+      # Also, assigning the shipping_method to a ShippingMethod instance results
+      # in a SystemStackError.
+      order.update_attributes!(
+        bill_address: bill_address,
+        ship_address: ship_address,
+        shipping_method_id: shipping_method.id
+      )
+    end
+
+    context "when checking out as an anonymous guest" do
+      let(:user) { nil }
+
+      it "allows the user to see the details" do
+        # Cannot load the page without token
+        visit spree.order_path(order)
+        expect(page).to_not be_confirmed_order_page
+
+        # Can load the page with token
+        visit spree.order_path(order, token: order.token)
+        expect(page).to be_confirmed_order_page
+
+        # Can load the page even without the token, after loading the page with
+        # token.
+        visit spree.order_path(order)
+        expect(page).to be_confirmed_order_page
+      end
+    end
+
+    context "when logged in as the customer" do
+      let(:user) { create(:user) }
+
+      before do
+        login_as user
+      end
+
+      it "allows the user to see order details" do
+        visit spree.order_path(order)
+        expect(page).to be_confirmed_order_page
+      end
+    end
+
+    context "when not logged in" do
+      let(:user) { create(:user) }
+
+      it "does not allow the user to see order details" do
+        visit spree.order_path(order)
+        expect(page).to_not be_confirmed_order_page
+      end
+    end
+  end
+
   describe "editing a completed order" do
     let(:address) { create(:address) }
     let(:user) { create(:user, bill_address: address, ship_address: address) }
@@ -86,4 +159,8 @@ feature "Order Management", js: true do
       end
     end
   end
+
+  def be_confirmed_order_page
+    have_content /Order #\w+ Confirmed NOT PAID/
+  end
 end