paypal IPN causes security error when creating payment

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

paypal IPN causes security error when creating payment

Hansen
The following exception happened when I received an paypal IPN for a sales
order.

accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
; [Security Error : To Create a Payment you must either be the to or from
party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]

The order was placed by a registered user and the IPN was sent to the server
right after the order was submitted.

If anyone knows the root cause, please let me know. That would save me some
time tracing the source code.

Thanks,
Hansen
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
permissions.
my guess is that the code is not use the "system" user in running this
code. it is is then the security permissions have to assigned to the
system user.

it seems we have lost the ability to assign permissions to groups in the
 current version.


Hansen Wang sent the following on 2/5/2009 12:23 PM:

> The following exception happened when I received an paypal IPN for a sales
> order.
>
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
> ; [Security Error : To Create a Payment you must either be the to or from
> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>
> The order was placed by a registered user and the IPN was sent to the server
> right after the order was submitted.
>
> If anyone knows the root cause, please let me know. That would save me some
> time tracing the source code.
>
> Thanks,
> Hansen
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJi069rP3NbaWWqE4RAkYXAKCYQUk/i7Xek8TrevAPDv45/j33rwCdFaBb
TmsiwFranMSRUpJrzEZCOL8=
=rvR8
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

Hansen
I use release4 trunk. My presumption is that paypalIPN works out of the box
for the release I am using.

Thanks,
Hansen

On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
> permissions.
> my guess is that the code is not use the "system" user in running this
> code. it is is then the security permissions have to assigned to the
> system user.
>
> it seems we have lost the ability to assign permissions to groups in the
>  current version.
>
>
> Hansen Wang sent the following on 2/5/2009 12:23 PM:
> > The following exception happened when I received an paypal IPN for a
> sales
> > order.
> >
> >
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
> > ; [Security Error : To Create a Payment you must either be the to or from
> > party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
> >
> > The order was placed by a registered user and the IPN was sent to the
> server
> > right after the order was submitted.
> >
> > If anyone knows the root cause, please let me know. That would save me
> some
> > time tracing the source code.
> >
> > Thanks,
> > Hansen
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJi069rP3NbaWWqE4RAkYXAKCYQUk/i7Xek8TrevAPDv45/j33rwCdFaBb
> TmsiwFranMSRUpJrzEZCOL8=
> =rvR8
> -----END PGP SIGNATURE-----
>
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

release4 is the most stable. however they may be bugs that have not been
found.

Hansen Wang sent the following on 2/5/2009 12:48 PM:

> I use release4 trunk. My presumption is that paypalIPN works out of the box
> for the release I am using.
>
> Thanks,
> Hansen
>
> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]> wrote:
>
> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
> permissions.
> my guess is that the code is not use the "system" user in running this
> code. it is is then the security permissions have to assigned to the
> system user.
>
> it seems we have lost the ability to assign permissions to groups in the
>  current version.
>
>
> Hansen Wang sent the following on 2/5/2009 12:23 PM:
>>>> The following exception happened when I received an paypal IPN for a
> sales
>>>> order.
>>>>
>>>>
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
>>>> ; [Security Error : To Create a Payment you must either be the to or from
>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>>>>
>>>> The order was placed by a registered user and the IPN was sent to the
> server
>>>> right after the order was submitted.
>>>>
>>>> If anyone knows the root cause, please let me know. That would save me
> some
>>>> time tracing the source code.
>>>>
>>>> Thanks,
>>>> Hansen
>>>>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJi1OMrP3NbaWWqE4RAtvRAKDOTsqnGHi45DNlRzR0ZHGpWeQnXwCgiSNG
aUQEJW2Wy43pAXXcY/rMKUA=
=86xo
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did a quick review of the code
the only two security groups that have this permission are the
ORDERENTRY and ORDERPURCH
This means if the user is not a order taker or purchasing agent and have
 these permission it will not work.
your error orginated from
PaymentMethodServices.java

need more information about you senario to help any more.


BJ Freeman sent the following on 2/5/2009 1:01 PM:

> release4 is the most stable. however they may be bugs that have not been
> found.
>
> Hansen Wang sent the following on 2/5/2009 12:48 PM:
>> I use release4 trunk. My presumption is that paypalIPN works out of the box
>> for the release I am using.
>
>> Thanks,
>> Hansen
>
>> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]> wrote:
>
>> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
>> permissions.
>> my guess is that the code is not use the "system" user in running this
>> code. it is is then the security permissions have to assigned to the
>> system user.
>
>> it seems we have lost the ability to assign permissions to groups in the
>>  current version.
>
>
>> Hansen Wang sent the following on 2/5/2009 12:23 PM:
>>>>> The following exception happened when I received an paypal IPN for a
>> sales
>>>>> order.
>>>>>
>>>>>
>> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
>>>>> ; [Security Error : To Create a Payment you must either be the to or from
>>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>>>>>
>>>>> The order was placed by a registered user and the IPN was sent to the
>> server
>>>>> right after the order was submitted.
>>>>>
>>>>> If anyone knows the root cause, please let me know. That would save me
>> some
>>>>> time tracing the source code.
>>>>>
>>>>> Thanks,
>>>>> Hansen
>>>>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJi1z1rP3NbaWWqE4RAvkKAJ9YT0wcCooR8g1PJCxQoEbF15iPaACgmURg
cx7LogJpN4yQp1hInV43DIQ=
=frrY
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

Hansen
Yes. That is exactly where the problem is. The exception did not happen
after I added the user to the ORDERENTRY group. But this is not a solution
because a regular customer can not have the permissions in the group. Looks
like have to change the code to switch the user when executing the related
code block. What would you recommend to do?

Thanks.
Hansen


On Thu, Feb 5, 2009 at 2:41 PM, BJ Freeman <[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I did a quick review of the code
> the only two security groups that have this permission are the
> ORDERENTRY and ORDERPURCH
> This means if the user is not a order taker or purchasing agent and have
>  these permission it will not work.
> your error orginated from
> PaymentMethodServices.java
>
> need more information about you senario to help any more.
>
>
> BJ Freeman sent the following on 2/5/2009 1:01 PM:
>  > release4 is the most stable. however they may be bugs that have not
> been
> > found.
> >
> > Hansen Wang sent the following on 2/5/2009 12:48 PM:
> >> I use release4 trunk. My presumption is that paypalIPN works out of the
> box
> >> for the release I am using.
> >
> >> Thanks,
> >> Hansen
> >
> >> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]> wrote:
> >
> >> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
> >> permissions.
> >> my guess is that the code is not use the "system" user in running this
> >> code. it is is then the security permissions have to assigned to the
> >> system user.
> >
> >> it seems we have lost the ability to assign permissions to groups in the
> >>  current version.
> >
> >
> >> Hansen Wang sent the following on 2/5/2009 12:23 PM:
> >>>>> The following exception happened when I received an paypal IPN for a
> >> sales
> >>>>> order.
> >>>>>
> >>>>>
> >>
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
> >>>>> ; [Security Error : To Create a Payment you must either be the to or
> from
> >>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
> >>>>>
> >>>>> The order was placed by a registered user and the IPN was sent to the
> >> server
> >>>>> right after the order was submitted.
> >>>>>
> >>>>> If anyone knows the root cause, please let me know. That would save
> me
> >> some
> >>>>> time tracing the source code.
> >>>>>
> >>>>> Thanks,
> >>>>> Hansen
> >>>>>
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJi1z1rP3NbaWWqE4RAvkKAJ9YT0wcCooR8g1PJCxQoEbF15iPaACgmURg
> cx7LogJpN4yQp1hInV43DIQ=
> =frrY
> -----END PGP SIGNATURE-----
>
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

here is what I see
these Methods are meant to allow a party to update their profile.
you could create a customerGroup
and put the security permission under that, then assign the
customergroup to the parties login.
Unless you want only your staff to update it.
the way it is setup now you staff are the only ones to Create and Update
 CC info.
However this should have nothing to do with IPN process once the CC is
created.



Hansen Wang sent the following on 2/5/2009 2:25 PM:

> Yes. That is exactly where the problem is. The exception did not happen
> after I added the user to the ORDERENTRY group. But this is not a solution
> because a regular customer can not have the permissions in the group. Looks
> like have to change the code to switch the user when executing the related
> code block. What would you recommend to do?
>
> Thanks.
> Hansen
>
>
> On Thu, Feb 5, 2009 at 2:41 PM, BJ Freeman <[hidden email]> wrote:
>
> I did a quick review of the code
> the only two security groups that have this permission are the
> ORDERENTRY and ORDERPURCH
> This means if the user is not a order taker or purchasing agent and have
>  these permission it will not work.
> your error orginated from
> PaymentMethodServices.java
>
> need more information about you senario to help any more.
>
>
> BJ Freeman sent the following on 2/5/2009 1:01 PM:
>  > release4 is the most stable. however they may be bugs that have not
> been
>>>> found.
>>>>
>>>> Hansen Wang sent the following on 2/5/2009 12:48 PM:
>>>>> I use release4 trunk. My presumption is that paypalIPN works out of the
> box
>>>>> for the release I am using.
>>>>> Thanks,
>>>>> Hansen
>>>>> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]> wrote:
>>>>> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
>>>>> permissions.
>>>>> my guess is that the code is not use the "system" user in running this
>>>>> code. it is is then the security permissions have to assigned to the
>>>>> system user.
>>>>> it seems we have lost the ability to assign permissions to groups in the
>>>>>  current version.
>>>>
>>>>> Hansen Wang sent the following on 2/5/2009 12:23 PM:
>>>>>>>> The following exception happened when I received an paypal IPN for a
>>>>> sales
>>>>>>>> order.
>>>>>>>>
>>>>>>>>
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
>>>>>>>> ; [Security Error : To Create a Payment you must either be the to or
> from
>>>>>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>>>>>>>>
>>>>>>>> The order was placed by a registered user and the IPN was sent to the
>>>>> server
>>>>>>>> right after the order was submitted.
>>>>>>>>
>>>>>>>> If anyone knows the root cause, please let me know. That would save
> me
>>>>> some
>>>>>>>> time tracing the source code.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Hansen
>>>>>>>>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJi25UrP3NbaWWqE4RAl95AKDHnl7DnAHG/jYWJ1M4qyId7ytTcwCglyAS
alB6qU2t2wEooiT5YASoZTI=
=wGYC
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

Hansen
It looks like a bug. To resolve it, just add the following parameter and value when calling createPaymentFromPreference (line 493 of PayPalEvents.java).
paymentFromId=userLogin.getString("partyId")

BJ Freeman wrote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

here is what I see
these Methods are meant to allow a party to update their profile.
you could create a customerGroup
and put the security permission under that, then assign the
customergroup to the parties login.
Unless you want only your staff to update it.
the way it is setup now you staff are the only ones to Create and Update
 CC info.
However this should have nothing to do with IPN process once the CC is
created.



Hansen Wang sent the following on 2/5/2009 2:25 PM:
> Yes. That is exactly where the problem is. The exception did not happen
> after I added the user to the ORDERENTRY group. But this is not a solution
> because a regular customer can not have the permissions in the group. Looks
> like have to change the code to switch the user when executing the related
> code block. What would you recommend to do?
>
> Thanks.
> Hansen
>
>
> On Thu, Feb 5, 2009 at 2:41 PM, BJ Freeman <bjfree@free-man.net> wrote:
>
> I did a quick review of the code
> the only two security groups that have this permission are the
> ORDERENTRY and ORDERPURCH
> This means if the user is not a order taker or purchasing agent and have
>  these permission it will not work.
> your error orginated from
> PaymentMethodServices.java
>
> need more information about you senario to help any more.
>
>
> BJ Freeman sent the following on 2/5/2009 1:01 PM:
>  > release4 is the most stable. however they may be bugs that have not
> been
>>>> found.
>>>>
>>>> Hansen Wang sent the following on 2/5/2009 12:48 PM:
>>>>> I use release4 trunk. My presumption is that paypalIPN works out of the
> box
>>>>> for the release I am using.
>>>>> Thanks,
>>>>> Hansen
>>>>> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <bjfree@free-man.net> wrote:
>>>>> this is an ofbiz message saying the user does not   have PAY_INFO_CREATE
>>>>> permissions.
>>>>> my guess is that the code is not use the "system" user in running this
>>>>> code. it is is then the security permissions have to assigned to the
>>>>> system user.
>>>>> it seems we have lost the ability to assign permissions to groups in the
>>>>>  current version.
>>>>
>>>>> Hansen Wang sent the following on 2/5/2009 12:23 PM:
>>>>>>>> The following exception happened when I received an paypal IPN for a
>>>>> sales
>>>>>>>> order.
>>>>>>>>
>>>>>>>>
> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
>>>>>>>> ; [Security Error : To Create a Payment you must either be the to or
> from
>>>>>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>>>>>>>>
>>>>>>>> The order was placed by a registered user and the IPN was sent to the
>>>>> server
>>>>>>>> right after the order was submitted.
>>>>>>>>
>>>>>>>> If anyone knows the root cause, please let me know. That would save
> me
>>>>> some
>>>>>>>> time tracing the source code.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Hansen
>>>>>>>>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJi25UrP3NbaWWqE4RAl95AKDHnl7DnAHG/jYWJ1M4qyId7ytTcwCglyAS
alB6qU2t2wEooiT5YASoZTI=
=wGYC
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: paypal IPN causes security error when creating payment

BJ Freeman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

actually would suggest a Secas off of create customer that sets the
security the way he wants.

Hansen sent the following on 2/23/2009 11:03 AM:

> It looks like a bug. To resolve it, just add the following parameter and
> value when calling createPaymentFromPreference (line 493 of
> PayPalEvents.java).
> paymentFromId=userLogin.getString("partyId")
>
>
> BJ Freeman wrote:
> here is what I see
> these Methods are meant to allow a party to update their profile.
> you could create a customerGroup
> and put the security permission under that, then assign the
> customergroup to the parties login.
> Unless you want only your staff to update it.
> the way it is setup now you staff are the only ones to Create and Update
>  CC info.
> However this should have nothing to do with IPN process once the CC is
> created.
>
>
>
> Hansen Wang sent the following on 2/5/2009 2:25 PM:
>>>> Yes. That is exactly where the problem is. The exception did not happen
>>>> after I added the user to the ORDERENTRY group. But this is not a
>>>> solution
>>>> because a regular customer can not have the permissions in the group.
>>>> Looks
>>>> like have to change the code to switch the user when executing the
>>>> related
>>>> code block. What would you recommend to do?
>>>>
>>>> Thanks.
>>>> Hansen
>>>>
>>>>
>>>> On Thu, Feb 5, 2009 at 2:41 PM, BJ Freeman <[hidden email]> wrote:
>>>>
>>>> I did a quick review of the code
>>>> the only two security groups that have this permission are the
>>>> ORDERENTRY and ORDERPURCH
>>>> This means if the user is not a order taker or purchasing agent and have
>>>>  these permission it will not work.
>>>> your error orginated from
>>>> PaymentMethodServices.java
>>>>
>>>> need more information about you senario to help any more.
>>>>
>>>>
>>>> BJ Freeman sent the following on 2/5/2009 1:01 PM:
>>>>  > release4 is the most stable. however they may be bugs that have not
>>>> been
>>>>>>> found.
>>>>>>>
>>>>>>> Hansen Wang sent the following on 2/5/2009 12:48 PM:
>>>>>>>> I use release4 trunk. My presumption is that paypalIPN works out of
>>>>>>>> the
>>>> box
>>>>>>>> for the release I am using.
>>>>>>>> Thanks,
>>>>>>>> Hansen
>>>>>>>> On Thu, Feb 5, 2009 at 1:40 PM, BJ Freeman <[hidden email]>
>>>>>>>> wrote:
>>>>>>>> this is an ofbiz message saying the user does not   have
>>>>>>>> PAY_INFO_CREATE
>>>>>>>> permissions.
>>>>>>>> my guess is that the code is not use the "system" user in running
>>>>>>>> this
>>>>>>>> code. it is is then the security permissions have to assigned to the
>>>>>>>> system user.
>>>>>>>> it seems we have lost the ability to assign permissions to groups in
>>>>>>>> the
>>>>>>>>  current version.
>>>>>>>> Hansen Wang sent the following on 2/5/2009 12:23 PM:
>>>>>>>>>>> The following exception happened when I received an paypal IPN for
>>>>>>>>>>> a
>>>>>>>> sales
>>>>>>>>>>> order.
>>>>>>>>>>>
>>>>>>>>>>>
>>>> accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml#createPayment]]:
>>>>>>>>>>> ; [Security Error : To Create a Payment you must either be the to
>>>>>>>>>>> or
>>>> from
>>>>>>>>>>> party or have the PAY_INFO_CREATE or PAY_INFO_ADMIN permissions.]
>>>>>>>>>>>
>>>>>>>>>>> The order was placed by a registered user and the IPN was sent to
>>>>>>>>>>> the
>>>>>>>> server
>>>>>>>>>>> right after the order was submitted.
>>>>>>>>>>>
>>>>>>>>>>> If anyone knows the root cause, please let me know. That would
>>>>>>>>>>> save
>>>> me
>>>>>>>> some
>>>>>>>>>>> time tracing the source code.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Hansen
>>>>>>>>>>>
>>
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJovXXrP3NbaWWqE4RAhB0AJ0dc0dE0DZob+Wt05C9EBjbcrkEywCfVfmZ
mMbqdJqgdRgH5e8cdcFtZ9I=
=BYvq
-----END PGP SIGNATURE-----