It seems Paypal does not always send the same responses on auto-return
even when PDT is off. Although not reproducible on a Paypal sandbox,
sometimes the system auto-return to /payment/paypal/dpn without any
meaningful POST data. This seems to only happen with new accounts
that use the 'Hermes' web application of Paypal.
The correct thing to do would be to add a new field on the paypal
payment provider for PDT token and make the PDT flow available
to users; but this is a stable branch and this fix is already
sufficiently delicate. This shall be done in master though.
From this revision on, users can then activate PDT on their paypal
account, set the PDT token as an ir.config_parameter value (WITH
GROUP RESTRICTION SET TO ADMIN/SETTINGS GROUP!!!) and the system
will process these requests correctly.
Although we have been reluctant to perform this change, a specific
use case can cause customers to be redirect to the Odoo DPN url
with a GET request.
This happens when a Paypal Merchant account has the feature Guest
Checkout active; in that case, a customer can pay without having
a Paypal account (using only his credit card) and will *not* be
subjected to auto-return; as detailed here:
https://www.sandbox.paypal.com/be/cgi-bin/webscr?cmd=p/pop/help-account-optional
Request coming from that payment flow will always trigger a GET
request, causing the customer to be welcomed by a
405 - Method Not allowed
error on the Odoo server. The payment is normally correctly processed
through IPN, so this does not normally causes loss of data; however
this is not a nice way to welcome back your customer right after
they pay you.
with post.pop('custom', '{}'), if the key 'custom' is not there, it will return '{}', but if the key is there, but the value is equivalent to False, the json decode will fail.
Damien Bouvy
Denis Ledoux
Fabien Meghazi
Denis Ledoux
Thibault Delavallée