Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-23 20:00:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Prevent users from changing the url to access a payment method whose limits don't support the current invoice

Browse Source
This commit is contained in:
Joshua Dwire 2016-09-08 22:19:51 -04:00
parent ca71ea5622
commit 286f9e8902
3 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/ClientPortalController.php
View File

@ -173,8 +173,8 @@ class ClientPortalController extends BaseController
foreach ($account->account_gateways as $accountGateway) {
$paymentDriver = $accountGateway->paymentDriver($invitation);
$links = array_merge($links, $paymentDriver->tokenLinks($invitation->invoice));
$links = array_merge($links, $paymentDriver->paymentLinks($invitation->invoice));
$links = array_merge($links, $paymentDriver->tokenLinks());
$links = array_merge($links, $paymentDriver->paymentLinks());
}
return $links;

19
app/Ninja/PaymentDrivers/BasePaymentDriver.php
View File

@ -121,6 +121,12 @@ class BasePaymentDriver
$gateway = $this->accountGateway->gateway;
if ( ! $this->meetsGatewayTypeLimits($this->gatewayType)) {
// The customer must have hacked the URL
Session::flash('error', trans('texts.limits_not_met'));
return redirect()->to('view/' . $this->invitation->invitation_key);
}
if ($this->isGatewayType(GATEWAY_TYPE_TOKEN) || $gateway->is_offsite) {
if (Session::has('error')) {
Session::reflash();
@ -735,7 +741,7 @@ class BasePaymentDriver
return $this->createPayment($ref);
}
public function tokenLinks($invoice)
public function tokenLinks()
{
if ( ! $this->customer()) {
return [];
@ -749,7 +755,7 @@ class BasePaymentDriver
continue;
}
if ( !$this->invoiceMeetsGatewayTypeLimits($invoice, $paymentMethod->payment_type->gateway_type_id) ) {
if ( ! $this->meetsGatewayTypeLimits($paymentMethod->payment_type->gateway_type_id)) {
continue;
}
@ -776,7 +782,7 @@ class BasePaymentDriver
return $links;
}
public function paymentLinks($invoice)
public function paymentLinks()
{
$links = [];
@ -785,7 +791,7 @@ class BasePaymentDriver
continue;
}
if ( !$this->invoiceMeetsGatewayTypeLimits($invoice, $gatewayTypeId) ) {
if ( ! $this->meetsGatewayTypeLimits($gatewayTypeId)) {
continue;
}
@ -798,7 +804,8 @@ class BasePaymentDriver
return $links;
}
protected function invoiceMeetsGatewayTypeLimits( $invoice, $gatewayTypeId ) {
protected function meetsGatewayTypeLimits($gatewayTypeId)
{
if ( !$gatewayTypeId ) {
return true;
}
@ -807,6 +814,8 @@ class BasePaymentDriver
'=', $gatewayTypeId)->first();
if ($accountGatewaySettings) {
$invoice = $this->invoice();
if ($accountGatewaySettings->min_limit && $invoice->balance < $accountGatewaySettings->min_limit) {
return false;
}

1
resources/lang/en/texts.php
View File

@ -2106,6 +2106,7 @@ $LANG = array(
'enable_max' => 'Enable max',
'min' => 'Min',
'max' => 'Max',
'limits_not_met' => 'This invoice does not meet the limits for that payment type.',
);