odoo/odoo#262045
Created by fw-bot
Merged
at 62001b0e3ba8b45c6a3008de6405dee8e74451e6
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: (runtime 1399s)
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- ci/l10n: (runtime 29s)
- ci/documentation: (runtime 1342s)
- ci/design-theme: (runtime 1918s)
- label
- odoo-dev:saas-19.3-18.0-payment_xendit-fix-kaju-522045-fw
- head
- f9c4b0532d0c91944e90bd0746a22930c64174d8
- merged
- 5 days ago by Kaleb Juliu (kaju)
| odoo/odoo | |
|---|---|
| 18.0 | #260258 |
| saas-18.2 | #261616 |
| saas-18.3 | #261734 |
| saas-18.4 | #261771 |
| 19.0 | #261912 |
| saas-19.1 | #261978 |
| saas-19.2 | #262002 |
| saas-19.3 | #262045 |
| master | #262144 |
[FIX] payment_xendit: link access token to the current transaction
Description of the issue/feature this PR addresses:
The /payment/xendit/payment endpoint did not enforce validation of an access token tied to the transaction when processing direct payment requests.
Current behavior before PR:
The endpoint accepted public requests using only the transaction reference, allowing payment execution without verifying that the request was linked to the intended transaction.
Desired behavior after PR is merged:
The endpoint now requires a valid access_token associated with the transaction (reference) before processing. This ensures that payment execution is restricted to the correct transaction.
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr