Commit 3ba6dd46 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_wechat: Fixup security for anonymous access while verifing payment

parent 179bcdaa
......@@ -2,7 +2,7 @@ if not trade_no:
raise Exception("You need to provide a trade number")
portal = context.getPortalObject()
payment = portal.restrictedTraverse("accounting_module/%s" % trade_no)
payment = portal.accounting_module[trade_no]
if not payment:
raise Exception("The payment with reference %s was not found" % trade_no)
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>trade_no=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_queryWechatOrderStatusByTradeNo</string> </value>
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>REQUEST=None, **kw</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PaymentTransaction_createWechatEvent</string> </value>
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PaymentTransaction_getWechatId</string> </value>
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>PaymentTransaction_updateWechatPaymentStatus</string> </value>
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>data_kw, REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>WechatEvent_processUpdate</string> </value>
......
......@@ -11,7 +11,7 @@ if transaction_id is None:
wechat_dict = {
'out_trade_no': payment_transaction.getId().encode('utf-8'),
'total_fee': str(int(round((payment_transaction.PaymentTransaction_getTotalPayablePrice() * 100), 0))),
'total_fee': int(round((payment_transaction.PaymentTransaction_getTotalPayablePrice() * -100), 0)),
'fee_type': payment_transaction.getResourceValue().Currency_getIntegrationMapping(),
'body': "Rapid Space Virtual Machine".encode('utf-8')
}
......
......@@ -52,6 +52,14 @@
<key> <string>_params</string> </key>
<value> <string>state_change</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>WechatEvent_updateStatus</string> </value>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment