Hi,
while writing tests for the getpaid.paypal module this came to my mind:
the approach currently is that we don't create an order if it's not paid,
but we instead create it after the paypal process is over and an IPN comes.
Customer data is also collected on the paypal site.
Some customers are propably going to place an order and for some reasons
(computer crash or phone call etc) wait some time before paying it, or lose
their browser session.
I really think we should create the order object and destroy the cart before
the customer is sent to paypal, collecting data on the getpaid-enabled site
as well.
We could then provide the "pay with paypal" button on the order summary
page. This would allow orders to be paid after they have been taken.
It would also simplify the solution of a bug with the current
implementation; the function order_id of the view
getpaid.paypal.views.PayPalCheckoutButton is:
30 def order_id(self):
31 return 'PUT ORDER ID HERE'
and it would be handy to have the actual order id available when we create
the button.
BTW, we should also fix the personal details form and separate "first name"
from "surname": we can't programmatically split "Full name" when we pass it
to paypal.
One more issue: anonymous users can't see their own orders, so they wouldn't
be able to pay with the described setup.
We could solve this providing a token in the emails we send after the order
is created; the token could be the md5 hash of the date and time of the
order.
Would this be secure enough? It would prevent a random person from
collecting personal data of users, would it?
I currently use this approach in production and, at least for me, it has
worked well; but I'm not sure it's secure enough. Anyway, users like *a lot*
not to be forced to remember username/password pairs. This would also allow
them to email the link to the order details page to a friend, and he could
see only that particular order. This could be useful for gifts if the
recipient wants to check the shipping status.
What do you think?
Silvio
--~--~---------~--~----~------------~-------~--~----~
GetPaid for Plone: http://www.plonegetpaid.com (overview info) |
http://code.google.com/p/getpaid (code and issue tracker)
You received this message because you are subscribed to the Google Groups
"getpaid-dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/getpaid-dev?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
