Permalink
Browse files

Added csrf_exempt tag for ipn callback view. Minor comments in code.

  • Loading branch information...
1 parent a8a5c36 commit e01b118228306aca29a60bdba583eaffc015c946 @mikexstudios mikexstudios committed with May 26, 2010
Showing with 15 additions and 5 deletions.
  1. +2 −1 .gitignore
  2. +13 −4 paypal/standard/ipn/views.py
View
@@ -4,4 +4,5 @@
.pydevproject
/dist
/build
-/django_paypal.egg-info
+/django_paypal.egg-info
+*.swp
@@ -2,11 +2,13 @@
# -*- coding: utf-8 -*-
from django.http import HttpResponse
from django.views.decorators.http import require_POST
+from django.views.decorators.csrf import csrf_exempt
from paypal.standard.ipn.forms import PayPalIPNForm
from paypal.standard.ipn.models import PayPalIPN
@require_POST
+@csrf_exempt
def ipn(request, item_check_callable=None):
"""
PayPal IPN endpoint (notify_url).
@@ -16,30 +18,37 @@ def ipn(request, item_check_callable=None):
PayPal IPN Simulator:
https://developer.paypal.com/cgi-bin/devscr?cmd=_ipn-link-session
"""
+ #TODO: Clean up code so that we don't need to set None here and have a lot
+ # of if checks just to determine if flag is set.
flag = None
ipn_obj = None
# Clean up the data as PayPal sends some weird values such as "N/A"
data = request.POST.copy()
- date_fields = ('time_created', 'payment_date', 'next_payment_date', 'subscr_date', 'subscr_effective')
+ date_fields = ('time_created', 'payment_date', 'next_payment_date',
+ 'subscr_date', 'subscr_effective')
for date_field in date_fields:
if data.get(date_field) == 'N/A':
del data[date_field]
form = PayPalIPNForm(data)
if form.is_valid():
try:
- ipn_obj = form.save(commit=False)
+ #When commit = False, object is returned without saving to DB.
+ ipn_obj = form.save(commit = False)
except Exception, e:
flag = "Exception while processing. (%s)" % e
else:
flag = "Invalid form. (%s)" % form.errors
if ipn_obj is None:
ipn_obj = PayPalIPN()
-
+
+ #Set query params and sender's IP address
ipn_obj.initialize(request)
+
if flag is not None:
+ #We save errors in the flag field
ipn_obj.set_flag(flag)
else:
# Secrets should only be used over SSL.
@@ -49,4 +58,4 @@ def ipn(request, item_check_callable=None):
ipn_obj.verify(item_check_callable)
ipn_obj.save()
- return HttpResponse("OKAY")
+ return HttpResponse("OKAY")

0 comments on commit e01b118

Please sign in to comment.