This PR only changes the backend to make a request to the PayPal API to verify the payment as 'COMPLETED'
Only if the payment is verified do we then mark the order as paid.
This doesn't change the frontend in any way from the course code so would be a simpler solution for students to adopt.
Edited to add:
Used some of @basir 's code to fix the issue of paying what you want by assuming the prices from our client are corrupt and calculating the prices based on item retrieval from our db.
There are three main checks before we mark a Order as paid:-
The paypal payment has been completed and marked as 'COMPLETED' by PayPal
The payment amount matches the Order.totalPrice
The PayPal transaction ID has not been used to make a purchase in a past order
This PR only changes the backend to make a request to the PayPal API to verify the payment as 'COMPLETED' Only if the payment is verified do we then mark the order as paid. This doesn't change the frontend in any way from the course code so would be a simpler solution for students to adopt.
Edited to add: Used some of @basir 's code to fix the issue of paying what you want by assuming the prices from our client are corrupt and calculating the prices based on item retrieval from our db.
There are three main checks before we mark a Order as paid:-