From 20b5f66e3f16381765a1476625a90eae93d3aaa6 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Tue, 17 Apr 2018 12:56:35 +0300
Subject: [PATCH] Prevent duplicate token payments

---
 app/Http/Controllers/OnlinePaymentController.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/Http/Controllers/OnlinePaymentController.php b/app/Http/Controllers/OnlinePaymentController.php
index 66b91b8b5c7a..ca15dfc34404 100644
--- a/app/Http/Controllers/OnlinePaymentController.php
+++ b/app/Http/Controllers/OnlinePaymentController.php
@@ -102,6 +102,16 @@ class OnlinePaymentController extends BaseController
             return redirect()->to('view/' . $invitation->invitation_key);
         }
 
+        // add a delay check for token links
+        if ($gatewayTypeId == GATEWAY_TYPE_TOKEN) {
+            $key = 'payment_token:' . $invitation->invitation_key;
+            if (cache($key)) {
+                return redirect()->to('view/' . $invitation->invitation_key);
+            } else {
+                cache([$key => true], \Carbon::now()->addSeconds(10));
+            }
+        }
+
         try {
             return $paymentDriver->startPurchase(Input::all(), $sourceId);
         } catch (Exception $exception) {