Update to Mollie v2 API: Part 2 electric boogaloo (#1147)

* feat: update to mollie v3 api

* chore: run linter

* fix: add ideal as method so we return to Koala on failure

* chore: linter ✨

* chore: satisfy linter 🤡

* chore: satisfy linter 🤡

* feat: remove issuer

* fix: resolved brakeman warning

* fix: resolved linter warning

* fix: second attempt at securing mollie redirect

* fix: pass stirng to `redirect_to` funciton

* fix: update mollie host

* chore: add comment about whitelisted mollie uri

---------

Co-authored-by: Silas <[email protected]>

Author: leuke-naam

app/controllers/members/payments_controller.rb

@@ -45,6 +45,7 @@ def pay_activities
       transaction_type: :activity,
       redirect_uri: member_payments_path
     )
+
     if payment.save
       # Check URI for safety (supresses brakeman warning)
       url = begin
@@ -54,8 +55,8 @@ def pay_activities
       end
 
       # Check if it's a valid URI and matches your whitelist of acceptable domains (e.g., only http(s)://example.com)
-      if url.is_a?(URI::HTTP) && ['mollie.com'].include?(url.host)
-        redirect_to(url)
+      if url.is_a?(URI::HTTP) && ['www.mollie.com'].include?(url.host)
+        redirect_to(url.to_s)
       else
         # Fallback to a safe default redirect if the URI is invalid or not in the whitelist
         redirect_to(root_path)

app/models/payment.rb

@@ -65,6 +65,9 @@ def request_payment
       )
 
       self.trxid = payment.id
+
+      # The host of this url is `www.mollie.com` so it will redirect to the mollie payment page
+      # if this ever chanes, the redirect_uri whitelist in the controller should be updated
       self.payment_uri = payment._links['checkout']['href']
       self.status = :in_progress