app/controllers/payment_notifications_controller.rb in ecommerce-0.0.2 vs app/controllers/payment_notifications_controller.rb in ecommerce-0.0.3

- old
+ new

@@ -1,80 +1,26 @@ class PaymentNotificationsController < ApplicationController + # Paypal needs to be able to access this without passing the auth token protect_from_forgery :except => [:create] unloadable - # https://cms.paypal.com/cms_content/en_US/files/developer/PP_OrderMgmt_IntegrationGuide.pdf - SUCCESSFUL_PAYPAL_STATES = %w[instant echeck completed processed pending] - - # For cart info, see: - # https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables - def index - if request_seems_to_be_valid() - pm = PaymentNotification.create!(:params => params, - :cart_id => params[:invoice], - :status => params[:payment_status].downcase, - :transaction_id => params[:txn_id]) - render :text => pm.inspect - else - Rails.logger.warn("Something was wrong with this transaction! See PaymentNotification entry for cart_id #{params[:invoice]} and transaction_id #{params[:txn_id]}") - render :text => 'test failed' - end + create() end - def create - if request_seems_to_be_valid() - PaymentNotification.create!(:params => params, - :cart_id => params[:invoice], - :status => params[:payment_status].downcase, - :transaction_id => params[:txn_id]) - else - Rails.logger.warn("Something was wrong with this transaction! See PaymentNotification entry for cart_id #{params[:invoice]} and transaction_id #{params[:txn_id]}") + begin + pm = PaymentHandler.create!(:params => params) + if pm.accept? + head :accepted + else + Rails.logger.fatal("Failed Transaction for cart_id #{pm.cart_id}: #{pm.errors}") + head :bad_request + end + rescue => e + Rails.logger.fatal(e) + head :bad_request end - render :nothing => true - end - - protected - - - # TODO -- younker [2011-03-27 15:12] - # Move this into the payment notification model and do validations there (change request_seems_to_be_valid to pm.valid?) - def request_seems_to_be_valid() - # current_cart = find_cart() - txn_cart = Cart.find_by_id(params[:invoice]) - - # unless current_cart.id.eql?(txn_cart.id) - # Rails.logger.fatal("The user's current cart (#{current_cart.id}) does not match the cart for this transaction #{txn_cart.id}") - # return false - # end - - # unless current_cart.total.eql?(txn_cart.total) - # Rails.logger.warn("The total for the current cart (#{current_cart.total}) does not equal the total for the transaction cart #{txn_cart.total}") - # return false - # end - - # unless txn_cart.total.to_f.eql?(params[:payment_gross].to_f) - # Rails.logger.warn("The total for the current cart (#{txn_cart.total}) does not equal the payment_gross #{params[:payment_gross]}sent back from paypal") - # return false - # end - - unless ECO['paypal']['email'].eql?(params[:receiver_email]) - Rails.logger.warn("The receiver email from paypal (#{params[:receiver_email]}) does not match our ECO.paypal_email (#{ECO['paypal']['email']})") - return false - end - - unless ECO['paypal']['secret'].eql?(params[:secret]) - Rails.logger.warn("Our secret (#{ECO['paypal']['secret']}) does not match their secret (#{params[:secret]})") - return false - end - - if SUCCESSFUL_PAYPAL_STATES.detect{ |str| str.eql?(params[:payment_status].downcase) }.nil? - Rails.logger.warn("The payment state reported back from paypal (#{params[:payment_status].downcase}) does not indicate success") - return false - end - - true end end