From f9e043c7022cfced9b0aa0dc1e79a5fbb3e88a73 Mon Sep 17 00:00:00 2001
From: Adrian Moennich <adrian.moennich@cern.ch>
Date: Thu, 7 Dec 2017 16:14:39 +0100
Subject: [PATCH] Payment/PayPal: Check receiver_<id|email> as well

---
 payment_paypal/indico_payment_paypal/controllers.py | 10 ++++++----
 payment_paypal/tests/controllers_test.py            | 13 ++++++++-----
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/payment_paypal/indico_payment_paypal/controllers.py b/payment_paypal/indico_payment_paypal/controllers.py
index 9ada365..1bbf8c8 100644
--- a/payment_paypal/indico_payment_paypal/controllers.py
+++ b/payment_paypal/indico_payment_paypal/controllers.py
@@ -85,11 +85,13 @@ class RHPaypalIPN(RH):
 
     def _verify_business(self):
         expected = current_plugin.event_settings.get(self.registration.registration_form.event, 'business')
-        business = request.form.get('business')
-        if expected == business:
+        candidates = {request.form.get('business'),
+                      request.form.get('receiver_id'),
+                      request.form.get('receiver_email')}
+        if expected in candidates:
             return True
-        current_plugin.logger.warning("Unexpected business: %s != %s", business, expected)
-        current_plugin.logger.warning("Request data was: %s", request.form)
+        current_plugin.logger.warning("Unexpected business: %s not in %r (request data: %r)", expected, candidates,
+                                      request.form)
         return False
 
     def _verify_amount(self):
diff --git a/payment_paypal/tests/controllers_test.py b/payment_paypal/tests/controllers_test.py
index df6c861..e751989 100644
--- a/payment_paypal/tests/controllers_test.py
+++ b/payment_paypal/tests/controllers_test.py
@@ -25,16 +25,19 @@ from indico_payment_paypal.plugin import PaypalPaymentPlugin
 
 
 @pytest.mark.usefixtures('db', 'request_context')
-@pytest.mark.parametrize(('business', 'expected'), (
-    ('test', True),
-    ('foo',  False)
+@pytest.mark.parametrize(('formdata', 'expected'), (
+    ({'business': 'test'},       True),
+    ({'receiver_id': 'test'},    True),
+    ({'receiver_email': 'test'}, True),
+    ({'business': 'foo'},        False),
+    ({},                         False)
 ))
-def test_ipn_verify_business(business, expected, dummy_event):
+def test_ipn_verify_business(formdata, expected, dummy_event):
     rh = RHPaypalIPN()
     rh.registration = MagicMock()
     rh.registration.registration_form.event = dummy_event
     PaypalPaymentPlugin.event_settings.set(dummy_event, 'business', 'test')
-    request.form = {'business': business}
+    request.form = formdata
     with PaypalPaymentPlugin.instance.plugin_context():
         assert rh._verify_business() == expected