Hotfix: better handle atomicity in eboutic basket validation

This commit is contained in:
Skia 2016-11-10 00:35:13 +01:00
parent 9f4f3bf436
commit 11c263b6e7

View File

@ -9,6 +9,7 @@ from django.shortcuts import render
from django.core.urlresolvers import reverse_lazy from django.core.urlresolvers import reverse_lazy
from django.views.generic import TemplateView, View from django.views.generic import TemplateView, View
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from django.core.exceptions import SuspiciousOperation
from django.shortcuts import render from django.shortcuts import render
from django.db import transaction, DataError from django.db import transaction, DataError
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
@ -177,10 +178,11 @@ class EtransactionAutoAnswer(View):
except: except:
return HttpResponse("Bad signature", status=400) return HttpResponse("Bad signature", status=400)
if request.GET['Error'] == "00000": if request.GET['Error'] == "00000":
try:
with transaction.atomic(): with transaction.atomic():
b = Basket.objects.filter(id=request.GET['BasketID']).first() b = Basket.objects.filter(id=request.GET['BasketID']).first()
if b is None: if b is None:
return HttpResponse("Basket does not exists", status=400) raise SuspiciousOperation("Basket does not exists")
i = Invoice() i = Invoice()
i.user = b.user i.user = b.user
i.payment_method = "CARD" i.payment_method = "CARD"
@ -190,7 +192,9 @@ class EtransactionAutoAnswer(View):
product_unit_price=it.product_unit_price, quantity=it.quantity).save() product_unit_price=it.product_unit_price, quantity=it.quantity).save()
i.validate() i.validate()
b.delete() b.delete()
except Exception as e:
return HttpResponse("Payment failed with error: "+repr(e), status=400)
return HttpResponse() return HttpResponse()
else: else:
return HttpResponse("Payment failed with error: "+request.GET['Error']) return HttpResponse("Payment failed with error: "+request.GET['Error'], status=400)