Mikhail Korobov committed 664b5f8

Data is checked anyway using post-back, disable additional signature check for now.

Files changed (3)

         if self.ip not in conf.IP_ADDRESSES:
             raise forms.ValidationError('untrusted ip: %s' % self.ip)
+#        # signature is checked here because cleaned_data is not yet populated
+#        # when clean_signature method is invoked
+#        data = SortedDict()
+#        for key in self.fields.keys():
+#            if key == 'signature':
+#                continue
+#            data[key] = self.cleaned_data.get(key, None)
+#        if signature(data) != self.cleaned_data['signature']:
+#            raise forms.ValidationError('Signature is invalid: %s != %s' % (
+#                        signature(data), self.cleaned_data['signature'],))
         if conf.USE_POSTBACK:
             is_valid = data_is_valid(self.request.POST, conf.SERVER)
             if is_valid is None:
                                             requested, received,))
         return received
-    def clean_signature(self):
-        return self.cleaned_data['signature']
     def save(self, *args, **kwargs):
         self.instance.request_ip = self.ip
         self.instance.debug_info = self.request.raw_post_data
     notify_data['amount_gross'] = data['amount']
     del notify_data['amount']
     del notify_data['merchant_key']
-    notify_data['signature'] = payment_form._signature
+    notify_data['signature'] = signature(notify_data)
     return notify_data
 def _order():
-    version='0.1.7',
+    version='0.2.0',
     author='Mikhail Korobov',
