checkout_methods.rb in wepay-rails-2.2.0

- old
+ new

@@ -1,5 +1,6 @@
+require 'digest/sha2'
 module WepayRails
   module Api
     module CheckoutMethods
       # Many of the settings you pass in here are already factored in from
       # the wepay.yml file and only need to be overridden if you insist on doing
@@ -35,37 +36,51 @@
       # :auto_capture	No	A boolean value (0 or 1). Default is 1. If set to 0 then the payment will not automatically be released to the account and will be held by WePay in payment state 'reserved'. To release funds to the account you must call /checkout/capture
       # :require_shipping	No	A boolean value (0 or 1). If set to 1 then the payer will be asked to enter a shipping address when they pay. After payment you can retrieve this shipping address by calling /checkout
       # :shipping_fee	No	The amount that you want to charge for shipping.
       # :charge_tax	No	A boolean value (0 or 1). If set to 1 and the account has a relevant tax entry (see /account/set_tax), then tax will be charged.
       def perform_checkout(parms)
+        security_token = Digest::SHA2.hexdigest("#{rand(4)}#{Time.now.to_i}")
         defaults = {
-            :callback_uri     => ipn_callback_uri,
-            :redirect_uri     => checkout_redirect_uri,
+            :callback_uri     => ipn_callback_uri(security_token),
+            :redirect_uri     => checkout_redirect_uri(security_token),
             :fee_payer        => @wepay_config[:fee_payer],
             :type             => @wepay_config[:checkout_type],
             :charge_tax       => @wepay_config[:charge_tax] ? 1 : 0,
             :app_fee          => @wepay_config[:app_fee],
             :auto_capture     => @wepay_config[:auto_capture] ? 1 : 0,
             :require_shipping => @wepay_config[:require_shipping] ? 1 : 0,
             :shipping_fee     => @wepay_config[:shipping_fee],
             :account_id       => @wepay_config[:account_id]
         }.merge(parms)
 
-        self.call_api("/checkout/create", defaults)
+        resp = self.call_api("/checkout/create", defaults).symbolize_keys!
+        resp.merge({:security_token => security_token})
       end
 
       def lookup_checkout(checkout_id)
         self.call_api("/checkout", {:checkout_id => checkout_id})
       end
 
-      def ipn_callback_uri
-        return @wepay_config[:ipn_callback_uri] if @wepay_config[:ipn_callback_uri].present?
-        "#{@wepay_config[:root_callback_uri]}/wepay/ipn"
+      def ipn_callback_uri(security_token)
+        uri = if @wepay_config[:ipn_callback_uri].present?
+                @wepay_config[:ipn_callback_uri]
+              else
+                "#{@wepay_config[:root_callback_uri]}/wepay/ipn"
+              end
+        apply_security_token(uri, security_token)
       end
 
-      def checkout_redirect_uri
-        return @wepay_config[:checkout_redirect_uri] if @wepay_config[:checkout_redirect_uri].present?
-        "#{@wepay_config[:root_callback_uri]}/wepay/checkout"
+      def checkout_redirect_uri(security_token)
+        uri = if @wepay_config[:ipn_callback_uri].present?
+                @wepay_config[:checkout_redirect_uri]
+              else
+                "#{@wepay_config[:root_callback_uri]}/wepay/checkout"
+              end
+        apply_security_token(uri, security_token)
+      end
+
+      def apply_security_token(uri, security_token)
+        uri += (uri =~ /\?/ ? '&' : '?') + "security_token=#{security_token}"
       end
     end
   end
 end
\ No newline at end of file