Commit 9147b8a4 authored by Thom Wiggers's avatar Thom Wiggers 📐
Browse files

Merge branch 'tc/process-payments-post' into 'master'

Change payment processing to use POST requests

Closes #678

See merge request !916
parents 4b3a7685 889ea468
django.jQuery(function () {
var $ = django.jQuery;
$(".payments-row a").click(function(e) {
e.preventDefault();
var type = $(e.target).data('type');
var href = $(e.target).data('href');
var form = $('<form></form>');
form.attr("method", "post");
form.attr("action", href);
var field = $('<input/>');
field.attr("type", "hidden");
field.attr("name", 'type');
field.attr("value", type);
form.append(field);
var csrf = $('<input/>');
csrf.attr("type", "hidden");
csrf.attr("name", 'csrfmiddlewaretoken');
csrf.attr("value", $("input[name='csrfmiddlewaretoken']").val());
form.append(csrf);
$(document.body).append(form);
form.submit();
});
});
...@@ -6,11 +6,16 @@ ...@@ -6,11 +6,16 @@
{% compress css %}<link rel="stylesheet" type="text/x-scss" href="{% static 'admin/payments/css/forms.scss' %}" />{% endcompress %} {% compress css %}<link rel="stylesheet" type="text/x-scss" href="{% static 'admin/payments/css/forms.scss' %}" />{% endcompress %}
{% endblock %} {% endblock %}
{% block extrahead %}
{{ block.super }}
<script type="text/javascript" src="{% static 'admin/payments/js/payments.js' %}"></script>
{% endblock %}
{% block submit_buttons_bottom %} {% block submit_buttons_bottom %}
{% if payment %} {% if payment %}
<div class="submit-row payments-row"> <div class="submit-row payments-row">
<a href="{% url 'payments:admin-process' pk=payment.pk type='cash_payment' %}" class="button process">{% trans "Process (cash payment)" %}</a> <a data-href="{% url 'payments:admin-process' pk=payment.pk %}" data-type="cash_payment" class="button process">{% trans "Process (cash payment)" %}</a>
<a href="{% url 'payments:admin-process' pk=payment.pk type='card_payment' %}" class="button process">{% trans "Process (card payment)" %}</a> <a data-href="{% url 'payments:admin-process' pk=payment.pk %}" data-type="card_payment" class="button process">{% trans "Process (card payment)" %}</a>
</div> </div>
{% endif %} {% endif %}
......
...@@ -41,16 +41,20 @@ class PaymentAdminViewTest(TestCase): ...@@ -41,16 +41,20 @@ class PaymentAdminViewTest(TestCase):
self.client.force_login(self.user) self.client.force_login(self.user)
def test_permissions(self): def test_permissions(self):
url = '/payment/admin/process/{}/cash_payment/'.format( url = '/payment/admin/process/{}/'.format(
self.payment.pk) self.payment.pk)
response = self.client.get(url) response = self.client.post(url, {
'type': 'cash_payment',
})
self.assertRedirects(response, '/admin/login/?next=%s' % url) self.assertRedirects(response, '/admin/login/?next=%s' % url)
self._give_user_permissions() self._give_user_permissions()
url = '/payment/admin/process/{}/cash_payment/'.format( url = '/payment/admin/process/{}/'.format(
self.payment.pk) self.payment.pk)
response = self.client.get(url) response = self.client.post(url, {
'type': 'cash_payment',
})
self.assertRedirects( self.assertRedirects(
response, response,
'/admin/payments/payment/%s/change/' % self.payment.pk '/admin/payments/payment/%s/change/' % self.payment.pk
...@@ -59,7 +63,7 @@ class PaymentAdminViewTest(TestCase): ...@@ -59,7 +63,7 @@ class PaymentAdminViewTest(TestCase):
@mock.patch('django.contrib.messages.error') @mock.patch('django.contrib.messages.error')
@mock.patch('django.contrib.messages.success') @mock.patch('django.contrib.messages.success')
@mock.patch('payments.services.process_payment') @mock.patch('payments.services.process_payment')
def test_get(self, process_payment, messages_success, messages_error): def test_post(self, process_payment, messages_success, messages_error):
process_payment.return_value = [self.payment] process_payment.return_value = [self.payment]
payment_qs = Payment.objects.filter(pk=self.payment.pk) payment_qs = Payment.objects.filter(pk=self.payment.pk)
...@@ -69,28 +73,48 @@ class PaymentAdminViewTest(TestCase): ...@@ -69,28 +73,48 @@ class PaymentAdminViewTest(TestCase):
self._give_user_permissions() self._give_user_permissions()
type = 'cash_payment' with self.subTest('Send post without payload'):
response = self.client.get('/payment/admin/process/{}/{}/' response = self.client.post('/payment/admin/process/{}/'
.format(self.payment.pk, type)) .format(self.payment.pk))
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 302)
self.assertEqual( self.assertEqual(
response.url, response.url,
'/admin/payments/payment/%s/change/' % self.payment.pk '/admin/payments/payment/%s/change/' % self.payment.pk
) )
process_payment.assert_called_once_with(payment_qs, type) process_payment.assert_not_called()
messages_error.assert_not_called()
messages_success.assert_called_once_with( messages_success.assert_not_called()
response.wsgi_request, _('Successfully processed %s.') %
model_ngettext(self.payment, 1) with self.subTest('Send post with successful processing'):
) payment_type = 'cash_payment'
response = self.client.post('/payment/admin/process/{}/'
process_payment.return_value = [] .format(self.payment.pk), {
response = self.client.get('/payment/admin/process/{}/{}/' 'type': payment_type,
.format(self.payment.pk, type)) })
messages_error.assert_called_once_with( self.assertEqual(response.status_code, 302)
response.wsgi_request, _('Could not process %s.') % self.assertEqual(
model_ngettext(self.payment, 1) response.url,
) '/admin/payments/payment/%s/change/' % self.payment.pk
)
process_payment.assert_called_once_with(payment_qs, payment_type)
messages_success.assert_called_once_with(
response.wsgi_request, _('Successfully processed %s.') %
model_ngettext(self.payment, 1)
)
with self.subTest('Send post with failed processing'):
process_payment.return_value = []
response = self.client.post('/payment/admin/process/{}/'
.format(self.payment.pk), {
'type': payment_type,
})
messages_error.assert_called_once_with(
response.wsgi_request, _('Could not process %s.') %
model_ngettext(self.payment, 1)
)
...@@ -6,6 +6,6 @@ from .views import PaymentAdminView ...@@ -6,6 +6,6 @@ from .views import PaymentAdminView
app_name = 'payments' app_name = 'payments'
urlpatterns = [ urlpatterns = [
path('admin/process/<uuid:pk>/<type>/', path('admin/process/<uuid:pk>/',
PaymentAdminView.as_view(), name='admin-process'), PaymentAdminView.as_view(), name='admin-process'),
] ]
...@@ -19,10 +19,14 @@ class PaymentAdminView(View): ...@@ -19,10 +19,14 @@ class PaymentAdminView(View):
""" """
View that processes a payment View that processes a payment
""" """
def get(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
payment = Payment.objects.filter(pk=kwargs['pk']) payment = Payment.objects.filter(pk=kwargs['pk'])
if not ('type' in request.POST):
return redirect('admin:payments_payment_change', kwargs['pk'])
result = services.process_payment( result = services.process_payment(
payment, kwargs['type'] payment, request.POST['type']
) )
if len(result) > 0: if len(result) > 0:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment