re2o/cotisations/payment_methods/comnpay/views.py

# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au Rézo Metz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2018  Hugo Levy-Falk
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
"""Payment

Here are the views needed by comnpay
"""

from collections import OrderedDict

from django.urls import reverse
from django.shortcuts import redirect, get_object_or_404
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from django.views.decorators.csrf import csrf_exempt
from django.utils.datastructures import MultiValueDictKeyError
from django.utils.translation import ugettext as _
from django.http import HttpResponse, HttpResponseBadRequest

from cotisations.models import Facture
from .comnpay import Transaction
from .models import ComnpayPayment


@csrf_exempt
@login_required
def accept_payment(request, factureid):
    """
    The view where the user is redirected when a comnpay payment has been
    accepted.
    """
    invoice = get_object_or_404(Facture, id=factureid)
    if invoice.valid:
        messages.success(
            request,
            _("The payment of %(amount)s € was accepted.")
            % {"amount": invoice.prix_total()},
        )
        # In case a cotisation was bought, inform the user, the
        # cotisation time has been extended too
        if any(purchase.test_membership_or_connection() for purchase in invoice.vente_set.all()):
            messages.success(
                request,
                _(
                    "The subscription of %(member_name)s was extended to"
                    " %(end_date)s."
                )
                % {
                    "member_name": invoice.user.pseudo,
                    "end_date": invoice.user.end_adhesion(),
                },
            )
    return redirect(reverse("users:profil", kwargs={"userid": invoice.user.id}))


@csrf_exempt
@login_required
def refuse_payment(request):
    """
    The view where the user is redirected when a comnpay payment has been
    refused.
    """
    messages.error(request, _("The payment was refused."))
    return redirect(reverse("users:profil", kwargs={"userid": request.user.id}))


@csrf_exempt
def ipn(request):
    """
    The view called by Comnpay server to validate the transaction.
    Verify that we can firmly save the user's action and notify
    Comnpay with 400 response if not or with a 200 response if yes.
    """
    p = Transaction()
    order = ("idTpe", "idTransaction", "montant", "result", "sec")
    try:
        data = OrderedDict([(f, request.POST[f]) for f in order])
    except MultiValueDictKeyError:
        return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")

    idTransaction = request.POST["idTransaction"]
    try:
        factureid = int(idTransaction)
    except ValueError:
        return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")

    facture = get_object_or_404(Facture, id=factureid)
    payment_method = get_object_or_404(ComnpayPayment, payment=facture.paiement)

    if not p.validSec(data, payment_method.payment_pass):
        return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")

    result = True if (request.POST["result"] == "OK") else False
    idTpe = request.POST["idTpe"]

    # Checking that the payment is actually for us.
    if not idTpe == payment_method.payment_credential:
        return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")

        # Checking that the payment is valid
    if not result:
        # Payment failed: Cancelling the invoice operation
        # And send the response to Comnpay indicating we have well
        # received the failure information.
        return HttpResponse("HTTP/1.1 200 OK")

    facture.valid = True
    facture.save()

    # Everything worked we send a reponse to Comnpay indicating that
    # it's ok for them to proceed
    return HttpResponse("HTTP/1.0 200 OK")