From d22e37a96a7e76bbe911b539b6ac819aae3a5dff Mon Sep 17 00:00:00 2001 From: Scott Percival Date: Tue, 27 Feb 2018 11:07:50 +0800 Subject: [PATCH] ledger.payments.api: add more sane checkout URL generator --- ledger/payments/api.py | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/ledger/payments/api.py b/ledger/payments/api.py index d15729a38f..c4f95ba4dc 100644 --- a/ledger/payments/api.py +++ b/ledger/payments/api.py @@ -31,6 +31,7 @@ from oscar.apps.voucher.models import Voucher from oscar.apps.payment import forms import traceback +import six class CsrfExemptSessionAuthentication(SessionAuthentication): def enforce_csrf(self, request): @@ -836,11 +837,6 @@ class CheckoutCreateView(generics.CreateAPIView): authentication_classes = [SessionAuthentication] permission_classes = [] - def get_redirect_value(self,serializer,value): - if serializer.validated_data.get(value) is not None: - return '{}={}'.format(value,serializer.validated_data[value]) - return '' - def create(self, request): try: http_status = status.HTTP_200_OK @@ -867,21 +863,13 @@ def create(self, request): else: basket = createBasket(serializer.validated_data['products'],request.user,serializer.validated_data['system']) - redirect = HttpResponseRedirect(reverse('checkout:index')+u'?{}&{}&{}&{}&{}&{}&{}&{}&{}&{}&{}&{}&{}&{}'.format( - self.get_redirect_value(serializer,'card_method'), - self.get_redirect_value(serializer,'basket_owner'), - self.get_redirect_value(serializer,'template'), - self.get_redirect_value(serializer,'fallback_url'), - self.get_redirect_value(serializer,'return_url'), - self.get_redirect_value(serializer,'associateInvoiceWithToken'), - self.get_redirect_value(serializer,'forceRedirect'), - self.get_redirect_value(serializer,'sendEmail'), - self.get_redirect_value(serializer,'proxy'), - self.get_redirect_value(serializer,'checkoutWithToken'), - self.get_redirect_value(serializer,'bpay_format'), - self.get_redirect_value(serializer,'icrn_format'), - self.get_redirect_value(serializer,'invoice_text'), - self.get_redirect_value(serializer,'check_url'))) + fields = [ + 'card_method', 'basket_owner', 'template', 'fallback_url', 'return_url', 'associateInvoiceWithToken', 'forceRedirect', 'sendEmail', 'proxy', + 'checkoutWithToken', 'bpay_format', 'icrn_format', 'invoice_text', 'check_url' + ] + url_args = {f: six.text_type(serializer.validated_data[f]).encode('utf8') for f in fields if f in serializer.validated_data and serializer.validated_data[f] is not None} + + redirect = HttpResponseRedirect(reverse('checkout:index')+'?'+six.moves.urllib.parse.urlencode(url_args)) # inject the current basket into the redirect response cookies # or else, anonymous users will be directionless redirect.set_cookie(