diff options
| author | Magnus Hagander | 2013-06-27 17:40:41 +0000 |
|---|---|---|
| committer | Magnus Hagander | 2013-06-27 17:40:41 +0000 |
| commit | 20aaa3d2b56b181a15d172b6bdd5d38b263f60f9 (patch) | |
| tree | 8b458af6a507522705632243ccc8610ec43b6e70 /postgresqleu/paypal/views.py | |
| parent | 454d7032779a51a148394f8632926a8812f27ac3 (diff) | |
Support paypal/cc payment of invoices without a community account
In order to pay these invoices, it's necessary to be able to view them
on the website, which previously required a community login attached to
the invoice. We now genereate a secret URL for each invoice (based on a
SHA256 hash of the invoice itself and some random nonce). If this URL
is used to access the invoice, a login is no longer required.
It's still more convenient to use the logged in version of course, since
that lets you view your invoice history. Also, all autogenerated invoices
such as those from confreg and membership will still be using the logged
in version.
Diffstat (limited to 'postgresqleu/paypal/views.py')
| -rw-r--r-- | postgresqleu/paypal/views.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/postgresqleu/paypal/views.py b/postgresqleu/paypal/views.py index ac0c9728..aa46f1c9 100644 --- a/postgresqleu/paypal/views.py +++ b/postgresqleu/paypal/views.py @@ -132,7 +132,15 @@ def paypal_return_handler(request): else: # No processor, so redirect the user back to the basic # invoice page. - url = "%s/invoices/%s/" % (settings.SITEBASE_SSL, i.pk) + if i.recipient_user: + # Registered to a specific user, so request that users + # login on redirect + url = "%s/invoices/%s/" % (settings.SITEBASE_SSL, i.pk) + else: + # No user account registered, so send back to the secret + # url version + url = "%s/invoices/%s/%s/" % (settings.SITEBASE_SSL, i.pk, i.recipient_secret) + return render_to_response('paypal/complete.html', { 'invoice': i, 'url': url, |