I'm putting together a basic shopping cart with PayPal Express Checkout functionality. Everything appears to be working until I click on the checkout button, then I get a blank page that says "no token passed". In the server logs it appears that no token is being created but I'm not sure why. I think that this is most likely a problem with the creation of the express checkout token but I'm really not sure what I'm doing wrong. Here is what the server log looks like:
Started GET "/express_checkout" for 10.240.0.204 at 2017-05-27 16:54:43 +0000
Cannot render console from 10.240.0.204! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by OrdersController#express_checkout as HTML
Order Load (0.1ms) SELECT "orders".* FROM "orders" WHERE "orders"."id" = ? LIMIT ? [["id", 1], ["LIMIT", 1]]
OrderItem Load (0.1ms) SELECT "order_items".* FROM "order_items" WHERE "order_items"."order_id" = ? [["order_id", 1]]
Product Load (0.2ms) SELECT "products".* FROM "products" WHERE "products"."active" = ? AND "products"."id" = ? LIMIT ? [["active", true], ["id", 1], ["LIMIT", 1]]
Redirected to https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=
Completed 302 Found in 615ms (ActiveRecord: 0.5ms)
Here is my Order.rb:
class Order < ApplicationRecord
has_many :order_items
before_save :update_subtotal
def subtotal
order_items.collect { |oi| oi.valid? ? (oi.quantity * oi.unit_price) : 0 }.sum
end
def purchase
response = EXPRESS_GATEWAY.purchase(order.total, express_purchase_options)
order.update_attribute(:purchased_at, Time.now) if response.success?
response.success?
end
def express_token=(token)
self[:express_token]=token
if new_record? && !token.blank?
details = EXPRESS_GATEWAY.details_for(token)
self.express_payer_id = details.payer_id
end
end
private
def update_subtotal
self[:subtotal] = subtotal
end
def express_purchase_options
{
:ip => ip,
:token => express_token,
:payer_id => express_payer_id
}
end
end
My orders_controller.rb:
class OrdersController < ApplicationController
def express_checkout
@order = current_order
response = EXPRESS_GATEWAY.setup_purchase(@order.subtotal,
ip: request.remote_ip,
return_url: 'carts/show',
cancel_return_url: 'carts/cancel',
currency: "USD",
allow_guest_checkout: true,
items: [{name: "Order", description: "Order description", quantity: "1", amount: @order.subtotal}]
)
redirect_to EXPRESS_GATEWAY.redirect_url_for(response.token)
end
def new
@order = Order.new(:express_token => params[:token])
end
def create
@order = current_order.create!(order_params)
@order.ip = request.remote_ip
if @order.save
if @order.purchase
redirect_to order_url(@order)
else
render :action => "failure"
end
else
render :action => 'new'
end
end
private
def order_params
params.require(:order).permit(:subtotal, :total, :ip, :express_token, :express_payer_id)
end
end
My application_controller.rb:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
helper_method :current_order
def current_order
if !session[:order_id].nil?
Order.find(session[:order_id])
else
Order.new(order_params)
end
end
end
The Active Merchant code in my development.rb:
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
paypal_options = {
login: "merchant_api1.christianorourke.com",
password: ************,
signature: ***************************
}
::EXPRESS_GATEWAY = ActiveMerchant::Billing::PaypalExpressGateway.new(paypal_options)
end
My Routes file:
Rails.application.routes.draw do
root "products#index"
resources :products, only: [:index]
resource :cart, only: [:show]
resources :order_items, only: [:create, :update, :destroy]
get 'express_checkout', to: 'orders#express_checkout'
resources :orders do
collection do
post 'express_checkout'
end
end
end