Beispiel #1
0
    def patch(self: Controller):
        """
        Set context.method
        Set context.form
        :return:
        """
        # Preserve patches
        patches = context.form
        results = []
        context.jsonpatch = True

        try:
            for patch in patches:
                context.form = patch.get('value', {})
                context.method = patch['op']

                remaining_paths = patch['path'].split('/')
                if remaining_paths and not remaining_paths[0]:
                    return_data = self()
                else:
                    return_data = self(*remaining_paths)

                results.append(return_data)

                DBSession.flush()
            DBSession.commit()
            return '[%s]' % ',\n'.join(results)
        except:
            if DBSession.is_active:
                DBSession.rollback()
            raise
        finally:
            del context.jsonpatch
Beispiel #2
0
    def patch(self: Controller):
        try:
            results = super().patch()
            DBSession.commit()
            results = [r.to_dict() if hasattr(r, 'to_dict') else r \
                      for r in results]
            return results

        except:
            if DBSession.is_active:
                DBSession.rollback()
            raise

        finally:
            del context.jsonpatch
Beispiel #3
0
    def patch(self: Controller):
        """
        Set context.method
        Set context.form
        :return:
        """
        # Preserve patches
        patches = context.form
        results = []
        context.jsonpatch = True

        try:
            for patch in patches:
                context.form = patch.get('value', {})
                path, context.query = split_path(patch['path'])
                context.method = patch['op'].lower()
                context.request_content_length = \
                    len(context.form) if context.form else 0

                remaining_paths = path.split('/')
                if remaining_paths and not remaining_paths[0]:
                    return_data = self()
                else:
                    return_data = self(*remaining_paths)

                if isinstance(return_data, types.GeneratorType):
                    results.append('"%s"' % ''.join(list(return_data)))
                else:
                    results.append(return_data)

                DBSession.flush()
                context.query = {}

            DBSession.commit()
            return '[%s]' % ',\n'.join(results)
        except:
            if DBSession.is_active:
                DBSession.rollback()
            raise
        finally:
            del context.jsonpatch
Beispiel #4
0
    def post(self, inner_resource: str):
        # TODO: Warning: DDOS!
        # TODO: Fix these shits!
        # TODO: Add some salt to prevent man in the middle (Extra field to send on creation and check on verification,
        # Use description part)
        if inner_resource == 'pay-irs':
            status = context.form.get('status', None)
            trans_id = context.form.get('transId', None)
            factor_number = context.form.get('factorNumber', None)
            _ = context.form.get('description', None)
            card_number = context.form.get('cardNumber', None)
            trace_number = context.form.get('traceNumber', None)
            _ = context.form.get('message', None)

            result = 'successful'

            if status == 0:
                result = 'bad-status'
            elif factor_number is None:
                result = 'bad-factor-number'
            elif trace_number is None:
                result = 'bad-trace-number'
            else:
                target_transaction = Cashin.query \
                    .filter(Cashin.id == factor_number) \
                    .filter(Cashin.reference_id.is_(None)) \
                    .filter(Cashin.transaction_id == trans_id).one_or_none()

                if target_transaction is None:
                    result = 'bad-transaction'
                elif card_number[:6] != target_transaction.banking_id.pan.replace('-', '')[:6] or \
                        card_number[-4:] != target_transaction.banking_id.pan[-4:]:
                    result = 'bad-card'
                else:
                    payment_gateway = target_transaction.payment_gateway
                    shaparak_provider = create_shaparak_provider()
                    try:
                        amount, _, _ = shaparak_provider.verify_transaction(
                            target_transaction.transaction_id)
                        amount = payment_gateway.fiat.input_to_normalized(
                            str(amount), strict=False)

                        # TODO: After verification, add a record with error to be possible to follow the problem later
                        if target_transaction.amount != amount:
                            result = 'bad-amount'
                        else:
                            try:
                                # Set reference_id
                                target_transaction.reference_id = trace_number

                                stexchange_client.balance_update(
                                    user_id=target_transaction.member_id,
                                    asset=target_transaction.payment_gateway.
                                    fiat_symbol,  # FIXME
                                    business="cashin",  # FIXME
                                    business_id=target_transaction.
                                    id,  # FIXME: Think about double payment
                                    change=payment_gateway.fiat.
                                    format_normalized_string(
                                        target_transaction.amount -
                                        target_transaction.commission),
                                    detail=target_transaction.to_dict(),
                                )

                                # FIXME: Important !!!! : rollback the updated balance if
                                #  DBSession.commit() was not successful

                                DBSession.commit()
                            except StexchangeException as e:
                                if DBSession.is_active:
                                    DBSession.rollback()
                                    result = 'stexchange-error' + str(
                                        e  # FIXME: Delete the exception message for deployment
                                    )

                            except:
                                import traceback
                                traceback.print_exc()
                                if DBSession.is_active:
                                    DBSession.rollback()
                                    result = 'internal-error'

                    except ShaparakError:
                        result = 'not-verified'

            raise HttpFound(
                f'{settings.shaparak.pay_ir.result_redirect_url}?result={result}'
            )

        raise HttpMethodNotAllowed()