odoo/odoo#262002
Created by fw-bot
Merged
at aa4f44e240ca04ea94c52d52e9f14a279ba73556
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: (runtime 1260s)
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- ci/l10n: (runtime 24s)
- ci/documentation: (runtime 1214s)
- ci/design-theme: (runtime 2289s)
- label
- odoo-dev:saas-19.2-18.0-payment_xendit-fix-kaju-521992-fw
- head
- b80700e259113c5fdb5f6cc8baedc2759af9db9b
- merged
- 5 days ago by Kaleb Juliu (kaju)
| odoo/odoo | |
|---|---|
| 18.0 | #260258 |
| saas-18.2 | #261616 |
| saas-18.3 | #261734 |
| saas-18.4 | #261771 |
| 19.0 | #261912 |
| saas-19.1 | #261978 |
| saas-19.2 | #262002 |
| saas-19.3 | #262045 |
| master | #262144 |
[FIX] payment_xendit: link access token to the current transaction
Description of the issue/feature this PR addresses:
The /payment/xendit/payment endpoint did not enforce validation of an access token tied to the transaction when processing direct payment requests.
Current behavior before PR:
The endpoint accepted public requests using only the transaction reference, allowing payment execution without verifying that the request was linked to the intended transaction.
Desired behavior after PR is merged:
The endpoint now requires a valid access_token associated with the transaction (reference) before processing. This ensures that payment execution is restricted to the correct transaction.
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr