notify_handler should rather 500 on an error

[hedleyroos]

The code returns a 400 if the form validation fails. Since the notify POST from Payfast usually happens out of band no one is around to see these errors, except Payfast. Also, Sentry won't log 400's by default, so the problem may remain undetected. For example, if Payfast were under a DDOS attack and they use DNS to deflect the attack then the list of recognized Payfast IP addresses would be wrong, and the subsequent error will go unnoticed until someone trawls the Nginx logs.

[PiDelport]

Hmm, I can see valid reasons for preferring both error codes 400 (Bad Request) and 500 (Server Error) here, depending on the use case.

Perhaps it makes sense to make this behaviour configurable via a setting?

[hedleyroos]

That sounds reasonable. Payfast will keep trying the notification on anything that isn't a 200, so everything will keep working.