cart.html.erb

<div class='col-sm-6 text-center'>
            <%= form_tag "https://www.sandbox.paypal.com/cgi-bin/webscr" do %>
              <%= hidden_field_tag :project_id, @cart.project_id %>
              <%= hidden_field_tag :cmd, "_s-xclick" %>
              <%= hidden_field_tag :rm, 2 %>
              <%= hidden_field_tag :encrypted, @cart.paypal_encrypted(projects_purchase_path, payment_notifications_path) %>
              <%= submit_tag "Checkout", class: 'btn btn-success' %> 
            <% end %>
          </div>

cart.rb

def paypal_encrypted(return_url, notify_url)
    values = { 
      :business => 'allen-facilitator@[r].com',
      :cmd => '_cart',
      :upload => 1,
      # :return => return_url,
      :invoice => id + 1000,
      :rm => 2,
      #:notify_url => notify_url,
      :cert_id => '[r]'
    } 
    packages.each_with_index do |p, i|
      values.merge!({ 
        "amount_#{i+1}" => p.discount_value,
        "item_name_#{i+1}" => p.name,
        "item_number_#{i+1}" => p.id,
        "quantity_#{i+1}" => '1'
      })    
    end
    p "heyyy paypal_encrypted!!! values: #{values}"
    p encrypt_for_paypal(values)
  end 

  PAYPAL_CERT_PEM = File.read("#{Rails.root}/certs/paypal_cert.pem")
  APP_CERT_PEM = File.read("#{Rails.root}/certs/app_cert.pem")
  APP_KEY_PEM = File.read("#{Rails.root}/certs/app_key.pem")

  def encrypt_for_paypal(values)
    signed = OpenSSL::PKCS7::sign(OpenSSL::X509::Certificate.new(APP_CERT_PEM), OpenSSL::PKey::RSA.new(APP_KEY_PEM, ''), values.map { |k, v| "#{k}=#{v}" }.join("\n"), [], OpenSSL::PKCS7::BINARY)
    OpenSSL::PKCS7::encrypt([OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)], signed.to_der, OpenSSL::Cipher::Cipher::new("DES3"), OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")
  end

carts_controller.erb

class CartsController < ApplicationController  
  def create
    #the modal is being shown via js by appending the modal div below the button and then showing it
    p "CARTCONTROLLER#CREATE: CART_PARAMS: #{cart_params}"
  	@cart = Cart.create(cart_params)
  	respond_to do |format|
  		format.html {}
   		format.js {}
   	end
  end

	def cart_params
    params.fetch(:cart, {}).permit(:id, :project_id, :purchased_at, carts_packages_attributes: [:id, :cart_id, :package_id])
  end
end

payment_notification.rb

class PaymentNotification < ActiveRecord::Base
	belongs_to :cart
	serialize :params
	after_create :mark_cart_as_purchased

	private

	def mark_cart_as_purchased
		if status == "Completed"
			cart.update!(purchased_at: Time.now)
		end
	end


	 def payment_notification_params
    params.require(:payment_notification).permit(:id, :cart_id, :status, :transaction_id)
  end

end

payment_notifications_controller.

class PaymentNotificationsController < ApplicationController  
  
  protect_from_forgery :except => [:create]
    
  def create
    p "payment notifications REQUEST!!!!: #{request}"
    p "payment notifications PARAMS!!!!: #{params}"    
    PaymentNotification.create!(cart_id: params[:invoice].to_i - 1000, status: params[:payment_status], transaction_id: params[:txn_id])
    render nothing: true
  end

  private

  def payment_notification_params
    params.require(:payment_notification).permit(:id, :cart_id, :status, :transaction_id)
  end

end

projects_controller.rb

class ProjectsController < ApplicationController  
  
  protect_from_forgery :except => [:purchase]

  def purchase    
    p "PROJ#PURCHASE REQUEST !!! #{request}"
    p "PARAMS TO PROJECT PURCHASE ROUTE #{params}"
    p "INVOICE LESS 1000 = #{params[:invoice].to_i - 1000}"
    @cart = Cart.find(params[:invoice].to_i - 1000)
    @project = Project.find(@cart.project_id)
    @cart.packages.each {|p| @project.packages << p }
    @project.save!
    @forecast = @project.forecasts.last
    @budget = @forecast.budget
    @sheet = @forecast.sheets.last
    respond_to do |format|
      format.html { redirect_to sheet_path(@sheet) }
      format.js {}
    end
  end

end