CRM-16923 enotice fix revealed A.net was passing processor_type_id as processor_id

diff --git a/CRM/Core/Payment/AuthorizeNetIPN.php b/CRM/Core/Payment/AuthorizeNetIPN.php
index 02d873c468a4c07ad9abc1f9768926a102f3a28f..082a67e80983c66bb724e8d6b26b2eb0ede43b32 100644 (file)
--- a/CRM/Core/Payment/AuthorizeNetIPN.php
+++ b/CRM/Core/Payment/AuthorizeNetIPN.php
@@ -68,9 +68,20 @@ class CRM_Core_Payment_AuthorizeNetIPN extends CRM_Core_Payment_BaseIPN {
       // load post ids in $ids
       $this->getIDs($ids, $input);
 
-      $paymentProcessorID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
+      // This is an unreliable method as there could be more than one instance.
+      // Recommended approach is to use the civicrm/payment/ipn/xx url where xx is the payment
+      // processor id & the handleNotification function (which should call the completetransaction api & by-pass this
+      // entirely). The only thing the IPN class should really do is extract data from the request, validate it
+      // & call completetransaction or call fail? (which may not exist yet).
+      $paymentProcessorTypeID = CRM_Core_DAO::getFieldValue('CRM_Financial_DAO_PaymentProcessorType',
         'AuthNet', 'id', 'name'
       );
+      $paymentProcessorID = (int) civicrm_api3('PaymentProcessor', 'getvalue', array(
+        'is_test' => 0,
+        'options' => array('limit' => 1),
+        'payment_processor_type_id' => $paymentProcessorTypeID,
+         'return' => 'id',
+      ));
 
       if (!$this->validateData($input, $ids, $objects, TRUE, $paymentProcessorID)) {
         return FALSE;