app/controllers/effective/providers/moneris.rb in effective_orders-1.2.0 vs app/controllers/effective/providers/moneris.rb in effective_orders-1.2.1
- old
+ new
@@ -6,10 +6,14 @@
included do
prepend_before_filter :find_authenticity_token_from_moneris, :only => [:moneris_postback]
end
def moneris_postback
- @order ||= Effective::Order.find(params[:response_order_id].to_i - EffectiveOrders.moneris[:order_nudge].to_i)
+ response_order_id = (EffectiveOrders.obfuscate_order_ids == true ? Effective::Order.deobfuscate(params[:response_order_id]).to_i : params[:response_order_id].to_i)
+ response_order_id = response_order_id - EffectiveOrders.moneris[:order_nudge].to_i
+
+ @order ||= Effective::Order.find_by_id(response_order_id)
+ raise ActiveRecord::RecordNotFound unless @order
EffectiveOrders.authorized?(self, :update, @order)
# Store the Order Nudge if present, so we can have this information in our order_purchased hash
params[:order_nudge] = EffectiveOrders.moneris[:order_nudge] if EffectiveOrders.moneris[:order_nudge].to_i > 0