odoo/odoo#261912
Created by fw-bot
Merged
at 6cea53e0ae7287a4aaffc10efa2730511e8309cf
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: (runtime 1097s)
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- ci/l10n: (runtime 20s)
- ci/documentation: (runtime 1113s)
- ci/design-theme: (runtime 2185s)
- label
- odoo-dev:19.0-18.0-payment_xendit-fix-kaju-521606-fw
- head
- 1b99c6aac538f73298a97d5b070cd53fb28dc806
- merged
- 6 days ago by Kaleb Juliu (kaju)
| odoo/odoo | |
|---|---|
| 18.0 | #260258 |
| saas-18.2 | #261616 |
| saas-18.3 | #261734 |
| saas-18.4 | #261771 |
| 19.0 | #261912 |
| saas-19.1 | #261978 |
| saas-19.2 | #262002 |
| saas-19.3 | #262045 |
| master | #262144 |
[FIX] payment_xendit: link access token to the current transaction
Description of the issue/feature this PR addresses:
The /payment/xendit/payment endpoint did not enforce validation of an access token tied to the transaction when processing direct payment requests.
Current behavior before PR:
The endpoint accepted public requests using only the transaction reference, allowing payment execution without verifying that the request was linked to the intended transaction.
Desired behavior after PR is merged:
The endpoint now requires a valid access_token associated with the transaction (reference) before processing. This ensures that payment execution is restricted to the correct transaction.
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr