Commit 11c263b6 authored by Skia's avatar Skia
Browse files

Hotfix: better handle atomicity in eboutic basket validation

parent 9f4f3bf4
Pipeline #384 passed with stage
in 4 minutes and 2 seconds
...@@ -9,6 +9,7 @@ from django.shortcuts import render ...@@ -9,6 +9,7 @@ from django.shortcuts import render
from django.core.urlresolvers import reverse_lazy from django.core.urlresolvers import reverse_lazy
from django.views.generic import TemplateView, View from django.views.generic import TemplateView, View
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from django.core.exceptions import SuspiciousOperation
from django.shortcuts import render from django.shortcuts import render
from django.db import transaction, DataError from django.db import transaction, DataError
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
...@@ -177,20 +178,23 @@ class EtransactionAutoAnswer(View): ...@@ -177,20 +178,23 @@ class EtransactionAutoAnswer(View):
except: except:
return HttpResponse("Bad signature", status=400) return HttpResponse("Bad signature", status=400)
if request.GET['Error'] == "00000": if request.GET['Error'] == "00000":
with transaction.atomic(): try:
b = Basket.objects.filter(id=request.GET['BasketID']).first() with transaction.atomic():
if b is None: b = Basket.objects.filter(id=request.GET['BasketID']).first()
return HttpResponse("Basket does not exists", status=400) if b is None:
i = Invoice() raise SuspiciousOperation("Basket does not exists")
i.user = b.user i = Invoice()
i.payment_method = "CARD" i.user = b.user
i.save() i.payment_method = "CARD"
for it in b.items.all(): i.save()
InvoiceItem(invoice=i, product_id=it.product_id, product_name=it.product_name, type_id=it.type_id, for it in b.items.all():
product_unit_price=it.product_unit_price, quantity=it.quantity).save() InvoiceItem(invoice=i, product_id=it.product_id, product_name=it.product_name, type_id=it.type_id,
i.validate() product_unit_price=it.product_unit_price, quantity=it.quantity).save()
b.delete() i.validate()
b.delete()
except Exception as e:
return HttpResponse("Payment failed with error: "+repr(e), status=400)
return HttpResponse() return HttpResponse()
else: else:
return HttpResponse("Payment failed with error: "+request.GET['Error']) return HttpResponse("Payment failed with error: "+request.GET['Error'], status=400)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment