From e451e765f5ac435d414e66b41f5fa02ab13d8723 Mon Sep 17 00:00:00 2001
From: Seth Call <seth@jamkazam.com>
Date: Tue, 15 Dec 2020 13:56:16 -0600
Subject: [PATCH] better paypal

---
 web/app/controllers/sessions_controller.rb | 23 ++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/web/app/controllers/sessions_controller.rb b/web/app/controllers/sessions_controller.rb
index 252e9f1b4..b1d1139ad 100644
--- a/web/app/controllers/sessions_controller.rb
+++ b/web/app/controllers/sessions_controller.rb
@@ -55,6 +55,10 @@ class SessionsController < ApplicationController
     end
 
     authorization = current_user.paypal_auth
+    if authorization
+      authorization.delete
+      authorization = nil
+    end
 
     # Always make and save a new authorization. This is because they expire, and honestly there's no cost
     # to just making and saving it.
@@ -68,14 +72,17 @@ class SessionsController < ApplicationController
         :secret => nil
     }
 
-    if authorization.nil?
-      authorization = current_user.user_authorizations.build(user_auth_hash)
-      authorization.save
-    else
-      authorization.token = user_auth_hash[:token]
-      authorization.token_expiration = user_auth_hash[:token_expiration]
-      authorization.uid = user_auth_hash[:uid]
-      authorization.save
+    # delete existing authorization if exists; useful if N users sharing same paypal:
+    authorization = UserAuthorization.find_by_provider_and_uid(user_auth_hash[:provider], user_auth_hash[:uid])
+    if authorization
+      puts "deleting existing paypal authorization"
+      authorization.delete
+      authorization = nil
+    end
+    authorization = current_user.user_authorizations.build(user_auth_hash)
+    if !authorization.save
+      puts "Paypal authorization errors  for user #{current_user.email} #{authorization.errors.inspect}"
+      puts "Paypal params: #{params.inspect}"
     end
 
     redirect_to '/client#/paypal/confirm'