Server side validation of the POSTed product

2018-09-25 02:13:39 +02:00 · 2018-09-25 02:13:39 +02:00 · ed7ffb355f
commit ed7ffb355f
parent 1988020006
1 changed files with 39 additions and 2 deletions
--- a/datacenterlight/views.py
+++ b/datacenterlight/views.py
@ -341,7 +341,37 @@ class PaymentOrderView(FormView):
                )
                if generic_payment_form.is_valid():
                    logger.debug("Generic payment form is valid.")
-                    generic_payment_details = {
+                    product = None
                    try:
                        product = GenericProduct.objects.get(
                            product_name=
                            request.POST['generic_payment_form-product_name']
                        )
                    except GenericProduct.DoesNotExist as dne:
                        err_msg = _(
                            "The requested product '{}' does not exist".format(
                                request.POST[
                                    'generic_payment_form-product_name']
                            )
                        )
                        logger.error(err_msg)
                        raise ValidationError(err_msg)
                    except GenericProduct.MultipleObjectsReturned as mpe:
                        logger.error(
                            "There seem to be more than one product with "
                            "the name {}".format(
                                request.POST[
                                    'generic_payment_form-product_name']
                            )
                        )
                        product = GenericProduct.objects.all(
                            product_name=
                            request.POST['generic_payment_form-product_name']
                        ).first()
                    gp_details = {
                        "product_name": generic_payment_form.cleaned_data.get(
                            'product_name'
                        ),
                        "amount": generic_payment_form.cleaned_data.get(
                            'amount'
                        ),
@ -352,8 +382,15 @@ class PaymentOrderView(FormView):
                            'description'
                        ),
                    }
                    if (product.get_actual_price() != gp_details['amount'] or
                        product.isSubscription !=
                                (True if gp_details["recurring"] else False)):
                        raise ValidationError(
                            _("Product parameters do not match")
                        )
                    gp_details['product_id'] = product.id
                    request.session["generic_payment_details"] = (
-                        generic_payment_details
+                        gp_details
                    )
                else:
                    logger.debug("Generic payment form invalid")