def payment_confirm(self, tx_id, access_token, **kwargs):
""" Display the payment confirmation page with the appropriate status message to the user.
:param str tx_id: The transaction to confirm, as a `payment.transaction` id
:param str access_token: The access token used to verify the user
:param dict kwargs: Optional data. This parameter is not used here
:raise: werkzeug.exceptions.NotFound if the access token is invalid
"""
tx_id = self.cast_as_int(tx_id)
if tx_id:
tx_sudo = request.env['payment.transaction'].sudo().browse(tx_id)
# Raise an HTTP 404 if the access token is invalid
if not payment_utils.check_access_token(
access_token, tx_sudo.partner_id.id, tx_sudo.amount, tx_sudo.currency_id.id
):
raise werkzeug.exceptions.NotFound # Don't leak info about existence of an id
# Fetch the appropriate status message configured on the acquirer
if tx_sudo.state == 'draft':
status = 'info'
message = tx_sudo.state_message \
or _("This payment has not been processed yet.")
elif tx_sudo.state == 'pending':
status = 'warning'
message = tx_sudo.acquirer_id.pending_msg
elif tx_sudo.state in ('authorized', 'done'):
status = 'success'
message = tx_sudo.acquirer_id.done_msg
elif tx_sudo.state == 'cancel':
status = 'danger'
message = tx_sudo.acquirer_id.cancel_msg
else:
status = 'danger'
message = tx_sudo.state_message \
or _("An error occurred during the processing of this payment.")
# Display the payment confirmation page to the user
PaymentPostProcessing.remove_transactions(tx_sudo)
render_values = {
'tx': tx_sudo,
'status': status,
'message': message
}
return request.render('payment.confirm', render_values)
else:
# Display the portal homepage to the user
return request.redirect('/my/home')
def _refund_validation_transaction(self, tx_id):
""" Refund a validation transaction and remove it from post-processing.
:param str tx_id: The validation transaction to refund, as a `payment.transaction` id
:return: The refunded transaction
:rtype: recordset of `payment.transaction`
:raise: ValidationError if the transaction id is invalid
"""
tx_id = self.cast_as_int(tx_id)
tx_sudo = request.env['payment.transaction'].sudo().browse(tx_id).exists()
if not tx_sudo:
raise werkzeug.exceptions.NotFound
if tx_sudo.operation == 'validation': # Don't allow to refund non-validation transactions
tx_sudo._send_refund_request()
PaymentPostProcessing.remove_transactions(tx_sudo)
return tx_sudo
def _create_transaction(
self, payment_option_id, reference_prefix, amount, currency_id, partner_id, flow,
tokenization_requested, validation_route, landing_route, custom_create_values=None, **kwargs
):
""" Create a draft transaction based on the payment context and return it.
:param int payment_option_id: The payment option handling the transaction, as a
`payment.acquirer` id or a `payment.token` id
:param str reference_prefix: The custom prefix to compute the full reference
:param float|None amount: The amount to pay in the given currency.
None if in a payment method validation operation
:param int|None currency_id: The currency of the transaction, as a `res.currency` id.
None if in a payment method validation operation
:param int partner_id: The partner making the payment, as a `res.partner` id
:param str flow: The online payment flow of the transaction: 'redirect', 'direct' or 'token'
:param bool tokenization_requested: Whether the user requested that a token is created
:param str validation_route: The route the user is redirected to in order to refund a
validation transaction
:param str landing_route: The route the user is redirected to after the transaction
:param dict custom_create_values: Additional create values overwriting the default ones
:param dict kwargs: Locally unused data passed to `_is_tokenization_required` and
`_compute_reference`
:return: The sudoed transaction that was created
:rtype: recordset of `payment.transaction`
:raise: UserError if the flow is invalid
"""
# Prepare create values
if flow in ['redirect', 'direct']: # Direct payment or payment with redirection
acquirer_sudo = request.env['payment.acquirer'].sudo().browse(payment_option_id)
token_id = None
tokenization_required_or_requested = acquirer_sudo._is_tokenization_required(
provider=acquirer_sudo.provider, **kwargs
) or tokenization_requested
tokenize = bool(
# Public users are not allowed to save tokens as their partner is unknown
not request.env.user._is_public()
# Don't tokenize if the user tried to force it through the browser's developer tools
and acquirer_sudo.allow_tokenization
# Token is only created if required by the flow or requested by the user
and tokenization_required_or_requested
)
elif flow == 'token': # Payment by token
token_sudo = request.env['payment.token'].sudo().browse(payment_option_id)
acquirer_sudo = token_sudo.acquirer_id
token_id = payment_option_id
tokenize = False
else:
raise UserError(
_("The payment should either be direct, with redirection, or made by a token.")
)
reference = request.env['payment.transaction']._compute_reference(
acquirer_sudo.provider,
prefix=reference_prefix,
**(custom_create_values or {}),
**kwargs
)
if validation_route: # Acquirers determine the amount and currency in validation operations
amount = acquirer_sudo._get_validation_amount()
currency_id = acquirer_sudo._get_validation_currency().id
# Create the transaction
tx_sudo = request.env['payment.transaction'].sudo().create({
'acquirer_id': acquirer_sudo.id,
'reference': reference,
'amount': amount,
'currency_id': currency_id,
'partner_id': partner_id,
'token_id': token_id,
'operation': f'online_{flow}' if not validation_route else 'validation',
'tokenize': tokenize,
'validation_route': validation_route,
'landing_route': landing_route,
**(custom_create_values or {}),
}) # In sudo mode to allow writing on callback fields
# Validation routes require the transaction id
tx_sudo.validation_route = validation_route and f'{validation_route}?tx_id={tx_sudo.id}'
if flow == 'token':
tx_sudo._send_payment_request() # Payments by token process transactions immediately
else:
tx_sudo._log_sent_message()
# Monitor the transaction to make it available in the portal
PaymentPostProcessing.monitor_transactions(tx_sudo)
return tx_sudo
def _create_transaction(
self, payment_option_id, reference_prefix, amount, currency_id, partner_id, flow,
tokenization_requested, landing_route, is_validation=False, invoice_id=None,
custom_create_values=None, **kwargs
):
""" Create a draft transaction based on the payment context and return it.
:param int payment_option_id: The payment option handling the transaction, as a
`payment.acquirer` id or a `payment.token` id
:param str reference_prefix: The custom prefix to compute the full reference
:param float|None amount: The amount to pay in the given currency.
None if in a payment method validation operation
:param int|None currency_id: The currency of the transaction, as a `res.currency` id.
None if in a payment method validation operation
:param int partner_id: The partner making the payment, as a `res.partner` id
:param str flow: The online payment flow of the transaction: 'redirect', 'direct' or 'token'
:param bool tokenization_requested: Whether the user requested that a token is created
:param str landing_route: The route the user is redirected to after the transaction
:param bool is_validation: Whether the operation is a validation
:param int invoice_id: The account move for which a payment id made, as an `account.move` id
:param dict custom_create_values: Additional create values overwriting the default ones
:param dict kwargs: Locally unused data passed to `_is_tokenization_required` and
`_compute_reference`
:return: The sudoed transaction that was created
:rtype: recordset of `payment.transaction`
:raise: UserError if the flow is invalid
"""
# Prepare create values
if flow in ['redirect', 'direct']: # Direct payment or payment with redirection
acquirer_sudo = request.env['payment.acquirer'].sudo().browse(payment_option_id)
token_id = None
tokenization_required_or_requested = acquirer_sudo._is_tokenization_required(
provider=acquirer_sudo.provider, **kwargs
) or tokenization_requested
tokenize = bool(
# Don't tokenize if the user tried to force it through the browser's developer tools
acquirer_sudo.allow_tokenization
# Token is only created if required by the flow or requested by the user
and tokenization_required_or_requested
)
elif flow == 'token': # Payment by token
token_sudo = request.env['payment.token'].sudo().browse(payment_option_id)
# Prevent from paying with a token that doesn't belong to the current partner (either
# the current user's partner if logged in, or the partner on behalf of whom the payment
# is being made).
partner_sudo = request.env['res.partner'].sudo().browse(partner_id)
if partner_sudo.commercial_partner_id != token_sudo.partner_id.commercial_partner_id:
raise AccessError(_("You do not have access to this payment token."))
acquirer_sudo = token_sudo.acquirer_id
token_id = payment_option_id
tokenize = False
else:
raise UserError(
_("The payment should either be direct, with redirection, or made by a token.")
)
if invoice_id:
if custom_create_values is None:
custom_create_values = {}
custom_create_values['invoice_ids'] = [Command.set([int(invoice_id)])]
reference = request.env['payment.transaction']._compute_reference(
acquirer_sudo.provider,
prefix=reference_prefix,
**(custom_create_values or {}),
**kwargs
)
if is_validation: # Acquirers determine the amount and currency in validation operations
amount = acquirer_sudo._get_validation_amount()
currency_id = acquirer_sudo._get_validation_currency().id
# Create the transaction
tx_sudo = request.env['payment.transaction'].sudo().create({
'acquirer_id': acquirer_sudo.id,
'reference': reference,
'amount': amount,
'currency_id': currency_id,
'partner_id': partner_id,
'token_id': token_id,
'operation': f'online_{flow}' if not is_validation else 'validation',
'tokenize': tokenize,
'landing_route': landing_route,
**(custom_create_values or {}),
}) # In sudo mode to allow writing on callback fields
if flow == 'token':
tx_sudo._send_payment_request() # Payments by token process transactions immediately
else:
tx_sudo._log_sent_message()
# Monitor the transaction to make it available in the portal
PaymentPostProcessing.monitor_transactions(tx_sudo)
return tx_sudo