Commit 3ba6dd46 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_wechat: Fixup security for anonymous access while verifing payment

parent 179bcdaa
...@@ -2,7 +2,7 @@ if not trade_no: ...@@ -2,7 +2,7 @@ if not trade_no:
raise Exception("You need to provide a trade number") raise Exception("You need to provide a trade number")
portal = context.getPortalObject() portal = context.getPortalObject()
payment = portal.restrictedTraverse("accounting_module/%s" % trade_no) payment = portal.accounting_module[trade_no]
if not payment: if not payment:
raise Exception("The payment with reference %s was not found" % trade_no) raise Exception("The payment with reference %s was not found" % trade_no)
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>trade_no=None</string> </value> <value> <string>trade_no=None</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>Base_queryWechatOrderStatusByTradeNo</string> </value> <value> <string>Base_queryWechatOrderStatusByTradeNo</string> </value>
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>REQUEST=None, **kw</string> </value> <value> <string>REQUEST=None, **kw</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>PaymentTransaction_createWechatEvent</string> </value> <value> <string>PaymentTransaction_createWechatEvent</string> </value>
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>REQUEST=None</string> </value> <value> <string>REQUEST=None</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>PaymentTransaction_getWechatId</string> </value> <value> <string>PaymentTransaction_getWechatId</string> </value>
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string></string> </value> <value> <string></string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>PaymentTransaction_updateWechatPaymentStatus</string> </value> <value> <string>PaymentTransaction_updateWechatPaymentStatus</string> </value>
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>data_kw, REQUEST=None</string> </value> <value> <string>data_kw, REQUEST=None</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>WechatEvent_processUpdate</string> </value> <value> <string>WechatEvent_processUpdate</string> </value>
......
...@@ -11,7 +11,7 @@ if transaction_id is None: ...@@ -11,7 +11,7 @@ if transaction_id is None:
wechat_dict = { wechat_dict = {
'out_trade_no': payment_transaction.getId().encode('utf-8'), 'out_trade_no': payment_transaction.getId().encode('utf-8'),
'total_fee': str(int(round((payment_transaction.PaymentTransaction_getTotalPayablePrice() * 100), 0))), 'total_fee': int(round((payment_transaction.PaymentTransaction_getTotalPayablePrice() * -100), 0)),
'fee_type': payment_transaction.getResourceValue().Currency_getIntegrationMapping(), 'fee_type': payment_transaction.getResourceValue().Currency_getIntegrationMapping(),
'body': "Rapid Space Virtual Machine".encode('utf-8') 'body': "Rapid Space Virtual Machine".encode('utf-8')
} }
......
...@@ -52,6 +52,14 @@ ...@@ -52,6 +52,14 @@
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>state_change</string> </value> <value> <string>state_change</string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>WechatEvent_updateStatus</string> </value> <value> <string>WechatEvent_updateStatus</string> </value>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment