app/controllers/effective/providers/moneris.rb in effective_orders-6.14.6 vs app/controllers/effective/providers/moneris.rb in effective_orders-6.15.0

@@ -11,10 +11,11 @@
 
       def moneris_postback
         raise('moneris provider is not available') unless EffectiveOrders.moneris?
 
         @order ||= Effective::Order.deep.find(params[:response_order_id])
+        @order.current_user = current_user unless admin_checkout?(moneris_params)
 
         # We do this even if we're not authorized
         EffectiveResources.authorized?(self, :update, @order)
 
         # Delete the Purchased and Declined Redirect URLs
@@ -33,16 +34,30 @@
         # Verify response from moneris
         payment = params.merge(verify_moneris_transaction(params[:transactionKey]))
         valid = (1..49).include?(payment[:response_code].to_i)  # Must be > 0 and < 50 to be valid. Sometimes we get the string 'null'
 
         if valid == false
-          return order_declined(payment: payment, provider: 'moneris', card: params[:card], declined_url: declined_url)
+          return order_declined(
+            payment: payment, 
+            provider: 'moneris', 
+            card: params[:card], 
+            declined_url: declined_url
+          )
         end
 
-        order_purchased(payment: payment, provider: 'moneris', card: params[:card], purchased_url: purchased_url, current_user: current_user)
+        order_purchased(
+          payment: payment, 
+          provider: 'moneris', 
+          card: params[:card], 
+          purchased_url: purchased_url
+        )
       end
 
       private
+
+      def moneris_params
+        { purchased_url: params[:rvar_purchased_url] }
+      end
 
       def verify_moneris_transaction(transactionKey)
         # Send a verification POST request
         uri = URI.parse(EffectiveOrders.moneris[:verify_url])
         params = { ps_store_id: EffectiveOrders.moneris[:ps_store_id], hpp_key: EffectiveOrders.moneris[:hpp_key], transactionKey: transactionKey }