diff --git a/combo/apps/lingo/views.py b/combo/apps/lingo/views.py index b0141d9b..d9a21feb 100644 --- a/combo/apps/lingo/views.py +++ b/combo/apps/lingo/views.py @@ -36,6 +36,7 @@ from django.conf import settings from django.contrib import messages from django.utils.translation import ugettext_lazy as _ from django.db.transaction import atomic +from django.shortcuts import get_object_or_404 from django.utils.encoding import smart_text import eopayment @@ -525,9 +526,14 @@ class UnknownPaymentException(PaymentException): class PaymentView(View): def handle_response(self, request, backend_response, **kwargs): if 'regie_pk' in kwargs: - payment_backend = Regie.objects.get(id=kwargs['regie_pk']).payment_backend + payment_backend = get_object_or_404( + Regie, + pk=kwargs['regie_pk'] + ).payment_backend elif 'payment_backend_pk' in kwargs: - payment_backend = PaymentBackend.objects.get(id=kwargs['payment_backend_pk']) + payment_backend = get_object_or_404( + PaymentBackend, + pk=kwargs['payment_backend_pk']) else: return HttpResponseBadRequest("A payment backend or regie primary key must be specified") diff --git a/tests/test_lingo_payment.py b/tests/test_lingo_payment.py index ecc7a938..4b54e638 100644 --- a/tests/test_lingo_payment.py +++ b/tests/test_lingo_payment.py @@ -1058,6 +1058,17 @@ def test_payment_callback_error(app, basket_page, regie, user, with_payment_back assert BasketItem.objects.get(id=item.id).notification_date +def test_payment_callback_not_found(app, user, regie): + data = {'transaction_id': 42, 'signed': True, + 'amount': 42, 'ok': True} + + callback_url = reverse('lingo-callback', kwargs={'regie_pk': 0}) + app.get(callback_url, params=data, status=404) + + callback_url = reverse('lingo-callback-payment-backend', kwargs={'payment_backend_pk': 0}) + app.get(callback_url, params=data, status=404) + + @pytest.mark.parametrize("authenticated", [True, False]) def test_payment_no_basket(app, user, regie, authenticated): url = reverse('api-add-basket-item')