Change sandbox requirements as Kiwipay have updated their sandbox to …

…be a replica of production.

app/controllers/shoppe/kiwipay/payments_controller.rb

@@ -8,7 +8,9 @@ class PaymentsController < ApplicationController
       def process_callback
         ensure_callback_params!
         permitted = params.permit(:id, :custom, :reference, :amount, :status, :name, :email, address: [:street, :region, :city, :zip, :country])
-        order = Rails.env.production? ? Shoppe::Order.find_by_token!(permitted[:custom]) : Shoppe::Order.find_by_id!(permitted[:reference])
+        order = Shoppe::Order.find_by_token!(permitted[:custom])
+        # Only received orders can have payments against them
+        # as they're changed from received to accepted after payment
         if order.status == 'received'
           if order.create_kiwipay_payment(permitted)
             order.accept!
@@ -29,16 +31,14 @@ def pay
         end
 
         payment_params = order.kiwipay_payment_parameters
-        payment_params[:return_url] = return_url(Rails.env.production? ? order.token : order.id)
+        payment_params[:return_url] = return_url(order.token)
         redirect_to "#{payment_url}?#{payment_params.to_query}"
       end
 
       private
 
       def ensure_callback_params!
-        if Rails.env.production?
-          params.require(:custom)
-        end
+        params.require(:custom)
         params.require(:id)
         params.require(:reference)
         params.require(:amount)

lib/shoppe/kiwipay/order_extensions.rb

@@ -38,9 +38,7 @@ def kiwipay_payment_approved?(params)
       end
 
       def kiwipay_payment_valid?(params)
-        if Rails.env.production? 
-          return false if self.token.to_s != params[:custom].to_s
-        end
+        return false if self.token.to_s != params[:custom].to_s
         return false if self.id.to_s != params[:reference].to_s
         return false if self.email_address.to_s != params[:email].to_s
         true