fix(payu): implement real verify_payment API contract#29
Conversation
…equest hash and nested transaction_details parsing
…ll status, amount, error, and hash cases
…nsaction_details response
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
samithreddychinni
left a comment
There was a problem hiding this comment.
This is the right direction, but please fix these before merge.
-
client.goreads the amount fromamount. The PayU verify payment response example usesamtandtransaction_amount, notamount. With the current code a real successful payment can parse as amount0, then Paystable will mark it as a mismatch. Please parseamtfirst, thentransaction_amount. Keepingamountas a fallback is fine for the mock gateway. Add a test with the PayU shaped response from the docs. -
CI lint is failing because
captureRequestinclient_test.gois unused. Please remove it or use it.
Small cleanup: the code comment links to transaction-status-check-api-2, but the response shape used here is from the Verify Payment API docs. Please link the right PayU page so the next person can check the contract.
|
One more thing while fixing the amount field: please do not ignore If PayU returns a bad amount value, |
good catches. i'll fix all of them. small request though... if you're using ai to polish review comments, keep them a bit shorter. the actionable bits are gr8, but the essays make it harder to spot the actual changes. |
…error, fix doc link, drop unused captureRequest
samithreddychinni
left a comment
There was a problem hiding this comment.
few blockers before this can merge
biggest issue is the parser only handles the nested transaction_details[txnid] shape, nothing else. if payu ever sends a flat payload it'll just silently return not_found instead of failing loud. should throw a schema error with the raw response attached instead, or have a flat fallback
also the not_found case is mapped wrong. real payu response for that is transaction_details[txnid].status = "Not Found", but rn it's getting normalized to pending w amount 0
minor thing :- doc link in the description 404s (docs.payu.in/reference/verify-payment), should be verify_payment_api.md instead
form=2 is required by payu, currently it's just assumed to already be in the env url, nothing actually checks for it
and amount parsing :- amt/transaction_amount come back as rupee decimals not paise, treating them as integer paise is gonna cause issues
to be clear, switching to post + hash + nested parsing is the right call vs the old get/bearer thing, no issue with that part. the problem is specifically making nested-only the one acceptable shape and letting anything unexpected fall through as not_found instead of erroring
…ound to not_found, enforce form=2, fix doc link
yep, went through all 5 points and pushed fixes.
so overall i agree with the original concern around unexpected payloads silently becoming |
closes #21
what changed
the old payu client wasn't actually calling the verify api. it was sending a GET with a Bearer token, which PayU doesn't support, so verification could never work correctly.
switched it to the actual
verify_paymentflow:uses a
POSTrequest withapplication/x-www-form-urlencodedsends
key,command,var1(txnid) andhashhash is generated as
sha512(merchantKey|verify_payment|txnid|salt)wheresaltcomes fromWEBHOOK_SECRETparses the actual
transaction_details[txnid]response instead of expecting a flat payloadnormalizes PayU statuses:
success,captured,completed→successfailed,failure→failedpendingNewClientnow accepts the merchant salt andmain.gowires it fromcfg.WebhookSecretupdated the mock gateway as well so it reads
var1from the POST form body and returns the same nested response shape as PayU, keeping the testkit aligned with production.tests
rewrote
client_test.gofrom scratch (28 tests, all passing).covers:
success,captured,completed,failed,failure,pending,not_found, unknown values)also ran the existing integration and stabilizer suites against a real database — everything passes.