Enhance VerifyPaymentView with user authorization check, streamline payment verification process, and improve response messages. Update settings.py for consistent formatting and clarity in PASSWORDLESS_AUTH configuration.

billing/views.py

@@ -104,57 +104,57 @@ class VerifyPaymentView(StaffEditorPermissionMixin, generics.UpdateAPIView):
     lookup_field = "pk"
 
     def update(self, request, *args, **kwargs):
+        # TODO: Fix check for success payment
+        payment = self.get_object()
         data = request.data
         user = request.user
+        if payment.user != user and not user.is_superuser:
+            return Response(
+                {"message": "You are not authorized to verify this payment."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
         method = data.get("method")
-        payment_id = kwargs.get("pk")
         if not method:
             return Response(
                 {"message": "method is required. 'WALLET' or 'TRANSFER'"},
                 status=status.HTTP_400_BAD_REQUEST,
             )
-        if not payment_id:
-            return Response(
-                {"message": "payment_id is required."},
-                status=status.HTTP_400_BAD_REQUEST,
+
+        devices = payment.devices.all()
+        payment_status = False
+        if method == "WALLET":
+            payment_status = self.process_wallet_payment(
+                user,
+                payment,
             )
+        if method == "TRANSFER":
+            data = {
+                "benefName": f"{user.first_name} {user.last_name}",
+                "accountNo": user.acc_no,
+                "absAmount": payment.amount,
+                "time": (timezone.now() + timedelta(minutes=5)).strftime(
+                    "%Y-%m-%d %H:%M"
+                ),
+            }
+            payment_status = self.verify_transfer_payment(data, payment)
 
-        try:
-            payment = Payment.objects.get(id=payment_id)
-            devices = payment.devices.all()
-
-            if data["type"] == "WALLET":
-                print("processing WALLET payment")
-                self.process_wallet_payment(user, payment, float(data["abs_amount"]))
-            elif data["type"] == "TRANSFER":
-                self.verify_external_payment(data, payment)
-
+        if payment_status:
             # Update devices
             expiry_date = timezone.now() + timedelta(days=30 * payment.number_of_months)
             devices.update(
                 is_active=True, expiry_date=expiry_date, has_a_pending_payment=False
             )
 
-            return Response({"message": "Payment verified successfully."})
-
-        except Payment.DoesNotExist:
             return Response(
-                {"message": "Payment not found."}, status=status.HTTP_404_NOT_FOUND
-            )
-        except InsufficientFundsError:
-            return Response(
-                {"message": "Insufficient funds in wallet."},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-        except Exception as e:
-            return Response(
-                {"message": str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR
+                {"message": f"Payment verified successfully using [{method}]."}
             )
 
-    def process_wallet_payment(self, user, payment, amount):
-        print("processing wallet payment")
-        print(user, amount)
-        if user.wallet_balance < amount:
+        return Response({"message": "Payment verified successfully using [{method}]."})
+
+    def process_wallet_payment(self, user, payment):
+        print("processing wallet payment...")
+        print(user, payment.amount)
+        if user.wallet_balance < payment.amount:
             return Response(
                 {"message": "Insufficient funds in wallet."},
                 status=status.HTTP_400_BAD_REQUEST,
@@ -165,10 +165,12 @@ class VerifyPaymentView(StaffEditorPermissionMixin, generics.UpdateAPIView):
         payment.method = "WALLET"
         payment.save()
 
-        user.wallet_balance -= amount
+        user.wallet_balance -= payment.amount
         user.save()
+        return True
 
-    def verify_external_payment(self, data, payment):
+    def verify_transfer_payment(self, data, payment):
+        print("verifying transfer payment...")
         response = requests.post(
             f"{config('PAYMENT_VERIFY_BASE_URL')}/verify-payment",
             json=data,
@@ -177,7 +179,11 @@ class VerifyPaymentView(StaffEditorPermissionMixin, generics.UpdateAPIView):
         response.raise_for_status()
         print(response.json())
         if not response.json().get("success"):
-            raise Exception("Payment verification failed.")
+            return Response(
+                {"message": "MIB Payment verification failed."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        return True
 
 
 class DeletePaymentView(StaffEditorPermissionMixin, generics.DestroyAPIView):