Why does OrderConfirmationController validate the order Payment to the Modules display name?

[bellini13]

Hey guys, I'm building a Payment Module, and I am trying to understand why the OrderConfirmationController.php controller is attempting to validate that the payment method value of the Order matches the modules displayname?

        if ($order->payment != $module->displayName) {

Since the order's payment value is displayed to the end user on the Front Office, why are we being forced to tie the Payment Module display name to it? This would normally be something like "Cheque" or "Google Checkout" or "Paypal", but can also be something really long like "Authorize.net AIM (Advanced Integration Method)"

I think in the case where a customer is paying by credit card, as is the case in my module, i want to show "Credit Card", but i don't necessarily want to name my module Credit Card, in the event there are duplicates
ie. "Offline Credit Card" and "Online Credit Card" modules would likely call themselves both "Credit Card"


The display name is used also in the Back Office in the module section, and I am thinking it would be better to have separate display names? One that you see in the back office, and one that you would see as the "Payment Method" shown to the customer on the Front Office.

For now I have customized the controller to use my modules paymentMethod attribute instead so that I can name my module something unique, without having to show that name to the customers.

        if ($order->payment != $module->paymentMethod) {

Thoughts? Is this the proper way to ask for enhancements?

[olea]

You have the bug tracker where you can report bug or submit feature request.

There are 2 things in your remark :
-- why does the order->payment (value displayed to end user) take the same value than the displayName of the module. Effectively, we can imagine the payment module defines a end user name different from its displayName
-- this test si done for security reason, to be sure the same module is use in the different steps of the payment process. It could have been done on $order->module field

[bellini13]

Hi Olea, thank you for your feedback. I like your proposal, I have modified my local controller to use this code instead, which should maintain the desired security feature, as well allow a module developer to name their module without having to consider what the end user sees.

        if ($order->module != $module->name) {

I will take a look at the bug tracker to submit an enhancement.

[Dave Sniper]

Hi all,

Thanks for this. Clearly the currently validation is not right.. it is okay for currently payment modules which developed by Prestashop. For our module Paypal Websites Payment Pro, we normally display the payment type for each order such as " Visa, Master Card, Maestro etc" and for this reason customers will not redirect to confirmation page.

Your suggestion above makes more sense though.

Cheers,
Hung