[FIX] payment_xendit: link access token to the current transaction#262002
Closed
fw-bot wants to merge 1 commit intoodoo:saas-19.2from
Closed
[FIX] payment_xendit: link access token to the current transaction#262002fw-bot wants to merge 1 commit intoodoo:saas-19.2from
fw-bot wants to merge 1 commit intoodoo:saas-19.2from
Conversation
Restrict payment execution to the current transaction by requiring a valid access token. X-original-commit: 6cea53e
Contributor
|
|
Contributor
Author
|
This PR targets saas-19.2 and is part of the forward-port chain. Further PRs will be created up to master. More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
Contributor
Author
|
@kaju-odoo @AntoineVDV the next pull request (#262045) is in conflict. You can merge the chain up to here by saying
More info at https://github.com/odoo/odoo/wiki/Mergebot#forward-port |
Contributor
|
@robodoo r+ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the issue/feature this PR addresses:
The
/payment/xendit/paymentendpoint did not enforce validation of an access token tied to the transaction when processing direct payment requests.Current behavior before PR:
The endpoint accepted public requests using only the transaction reference, allowing payment execution without verifying that the request was linked to the intended transaction.
Desired behavior after PR is merged:
The endpoint now requires a valid access_token associated with the transaction (reference) before processing. This ensures that payment execution is restricted to the correct transaction.
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr
Forward-Port-Of: #261912
Forward-Port-Of: #260258