[guadec-web-regcfp/develop] Do not trust amounts

From: Patrick Uiterwijk <puiterwijk src gnome org>
To: commits-list gnome org
Cc:
Subject: [guadec-web-regcfp/develop] Do not trust amounts
Date: Fri, 19 Jun 2015 14:29:11 +0000 (UTC)

commit c52ad111221879028766d1b9b60ddda5100bb51b
Author: Patrick Uiterwijk <puiterwijk redhat com>
Date:   Fri Jun 19 16:28:56 2015 +0200

    Do not trust amounts

 bin/payment-status-update |   16 +++++++++++++---
 routes/registration.js    |    2 +-
 2 files changed, 14 insertions(+), 4 deletions(-)
---
diff --git a/bin/payment-status-update b/bin/payment-status-update
index 1bd9c96..62735a1 100755
--- a/bin/payment-status-update
+++ b/bin/payment-status-update
@@ -27,10 +27,20 @@ RegistrationPayment.findAll({
                     console.log(error);
                 } else {
                     console.log("Payment " + val['id'] + " Response: ");
-                    console.log("\tPaid: " + val['paid']);
-                    console.log("\tPayPal state: " + payment.state);
+                    console.log("\tPaid: " + val['paid'] + ' (' + val['amount'] + ')');
+                    console.log("\tPayPal state: " + payment.state + ' (' + 
payment['transactions'][0]['amount']['currency'] + payment['transactions'][0]['amount']['total'] + ')');
 
-                    if(val['paid'] && payment.state != 'approved') {
+                    if(payment['transactions'][0]['amount']['currency'] != 
config['registration']['currency_value']) {
+                        console.log('\tINVALID CURRENCY');
+                        val.paid = false;
+                        val.save();
+                    }
+                    else if(payment['transactions'][0]['amount']['total'] != val['amount']) {
+                        console.log('\tInvalid amount');
+                        val.amount = payment['transactions'][0]['amount']['total'];
+                        val.save();
+                    }
+                    else if(val['paid'] && payment.state != 'approved') {
                         console.log('\tNOT APPROVED, but paid');
                         val.paid = false;
                         val.save();
diff --git a/routes/registration.js b/routes/registration.js
index 66aa048..e2f65d8 100644
--- a/routes/registration.js
+++ b/routes/registration.js
@@ -74,7 +74,7 @@ router.post('/pay/paypal/execute', function(req, res, next) {
       console.log('Response: ');
       console.log(JSON.stringify(payment));
       var info = {
-        amount: req.session.regfee,
+        amount: payment.transactions[0]['amount']['total'],
         paid: payment.state == 'approved',
         type: 'paypal',
         details: payment.id

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]