def postfinance_ipn(self, request):
"""
Similar to paypal's IPN, postfinance will send an instant notification to the website,
passing the following parameters in the URL:
orderID=Test27&
currency=CHF&
amount=54&
PM=CreditCard&
ACCEPTANCE=test123&
STATUS=9&
CARDNO=XXXXXXXXXXXX3333&ED=0317&
CN=Testauzore+Testos&
TRXDATE=11/08/10&
PAYID=8628366&
NCERROR=0&
BRAND=VISA&
IPCTY=CH&
CCCTY=US&
ECI=7&
CVCCheck=NO&
AAVCheck=NO&
VC=NO&
IP=84.226.127.220&
SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63
Cornfirms that payment has been completed and marks invoice as paid.
This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order
information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server
http connection with parameters passed in the POST fields.
"""
data = request.REQUEST
# Verify that the info is valid (with the SHA sum)
valid = security_check(data, settings.POSTFINANCE_SECRET_KEY)
if valid:
# TODO: Save order details in the database (with a postfinance model)
order_id = data['orderID']
order = self.shop.get_order_for_id(order_id) # Get the order from either the POST or the GET parameters
transaction_id = data['PAYID']
amount = data['amount']
# This actually records the payment in the shop's database
self.shop.confirm_payment(order, amount, transaction_id, self.backend_name)
return HttpResponse('OKAY')
else: # Checksum failed
return HttpResponseBadRequest()
def confirm_payment_data(self, data):
try:
valid = security_check(data, settings.POSTFINANCE_SHAOUT_KEY)
except KeyError:
valid = False
if valid:
order_id = data['orderID']
try:
order = self.shop.get_order_for_id(order_id)
except models.ObjectDoesNotExist:
raise Http404('Order does not exist on this machine')
transaction_id = data['PAYID']
amount = data['amount']
# Create an IPN transaction trace in the database
ipn, created = PostfinanceIPN.objects.get_or_create(
orderID=order_id,
defaults=dict(
currency=data.get('currency', ''),
amount=data.get('amount', ''),
PM=data.get('PM', ''),
ACCEPTANCE=data.get('ACCEPTANCE', ''),
STATUS=data.get('STATUS', ''),
CARDNO=data.get('CARDNO', ''),
CN=data.get('CN', ''),
TRXDATE=data.get('TRXDATE', ''),
PAYID=data.get('PAYID', ''),
NCERROR=data.get('NCERROR', ''),
BRAND=data.get('BRAND', ''),
IPCTY=data.get('IPCTY', ''),
CCCTY=data.get('CCCTY', ''),
ECI=data.get('ECI', ''),
CVCCheck=data.get('CVCCheck', ''),
AAVCheck=data.get('AAVCheck', ''),
VC=data.get('VC', ''),
IP=data.get('IP', ''),
SHASIGN=data.get('SHASIGN', ''),
)
)
if created:
# This actually records the payment in the shop's database
self.shop.confirm_payment(order, amount, transaction_id, self.backend_name)
return True
else: # Checksum failed
return False
def postfinance_ipn(self, request):
"""
Similar to paypal's IPN, postfinance will send an instant notification to the website,
passing the following parameters in the URL:
orderID=Test27&
currency=CHF&
amount=54&
PM=CreditCard&
ACCEPTANCE=test123&
STATUS=9&
CARDNO=XXXXXXXXXXXX3333&ED=0317&
CN=Testauzore+Testos&
TRXDATE=11/08/10&
PAYID=8628366&
NCERROR=0&
BRAND=VISA&
IPCTY=CH&
CCCTY=US&
ECI=7&
CVCCheck=NO&
AAVCheck=NO&
VC=NO&
IP=84.226.127.220&
SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63
Confirms that payment has been completed and marks invoice as paid.
This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order
information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server
http connection with parameters passed in the POST fields.
"""
data = request.REQUEST
# Verify that the info is valid (with the SHA sum)
# Beware, the SHA Secret Key may be different than POSTFINANCE_SECRET_KEY here because postfinance allows
# to set a SHA-OUT Key as well: Konfiguration -> Technische Informationen -> Transaktions-Feedback ->
# Sicherheit der Anfrageparameter -> SHA-1-OUT Signatur
valid = security_check(data, settings.POSTFINANCE_SECRET_KEY)
if valid:
order_id = data['orderID']
order = self.shop.get_order_for_id(
order_id
) # Get the order from either the POST or the GET parameters
transaction_id = data['PAYID']
amount = data['amount']
# Create an IPN transaction trace in the database
# Beware, these parameters only get returned if you select them in the e-payment
# backend: Konfiguration -> Technische Informationen -> Transaktions-Feedback ->
# Dynamische e-Commerce parameter
PostfinanceIPN.objects.create(
orderID=data.get('orderID', ''),
currency=data.get('currency', ''),
amount=data.get('amount', ''),
PM=data.get('PM', ''),
ACCEPTANCE=data.get('ACCEPTANCE', ''),
STATUS=data.get('STATUS', ''),
CARDNO=data.get('CARDNO', ''),
CN=data.get('CN', ''),
TRXDATE=data.get('TRXDATE', ''),
PAYID=data.get('PAYID', ''),
NCERROR=data.get('NCERROR', ''),
BRAND=data.get('BRAND', ''),
IPCTY=data.get('IPCTY', ''),
CCCTY=data.get('CCCTY', ''),
ECI=data.get('ECI', ''),
CVCCheck=data.get('CVCCheck', ''),
AAVCheck=data.get('AAVCheck', ''),
VC=data.get('VC', ''),
IP=data.get('IP', ''),
SHASIGN=data.get('SHASIGN', ''),
)
# This actually records the payment in the shop's database
self.shop.confirm_payment(order, amount, transaction_id,
self.backend_name)
return HttpResponse('OKAY')
else: # Checksum failed
return HttpResponseBadRequest()
def postfinance_ipn(self, request):
"""
Similar to paypal's IPN, postfinance will send an instant notification to the website,
passing the following parameters in the URL:
orderID=Test27&
currency=CHF&
amount=54&
PM=CreditCard&
ACCEPTANCE=test123&
STATUS=9&
CARDNO=XXXXXXXXXXXX3333&ED=0317&
CN=Testauzore+Testos&
TRXDATE=11/08/10&
PAYID=8628366&
NCERROR=0&
BRAND=VISA&
IPCTY=CH&
CCCTY=US&
ECI=7&
CVCCheck=NO&
AAVCheck=NO&
VC=NO&
IP=84.226.127.220&
SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63
Confirms that payment has been completed and marks invoice as paid.
This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order
information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server
http connection with parameters passed in the POST fields.
"""
data = request.REQUEST
# Verify that the info is valid (with the SHA sum)
# Beware, the SHA Secret Key may be different than POSTFINANCE_SECRET_KEY here because postfinance allows
# to set a SHA-OUT Key as well: Konfiguration -> Technische Informationen -> Transaktions-Feedback ->
# Sicherheit der Anfrageparameter -> SHA-1-OUT Signatur
valid = security_check(data, settings.POSTFINANCE_SECRET_KEY)
if valid:
order_id = data['orderID']
order = self.shop.get_order_for_id(order_id) # Get the order from either the POST or the GET parameters
transaction_id = data['PAYID']
amount = data['amount']
# Create an IPN transaction trace in the database
# Beware, these parameters only get returned if you select them in the e-payment
# backend: Konfiguration -> Technische Informationen -> Transaktions-Feedback ->
# Dynamische e-Commerce parameter
PostfinanceIPN.objects.create(
orderID=data.get('orderID', ''),
currency=data.get('currency', ''),
amount=data.get('amount', ''),
PM=data.get('PM', ''),
ACCEPTANCE=data.get('ACCEPTANCE', ''),
STATUS=data.get('STATUS', ''),
CARDNO=data.get('CARDNO', ''),
CN=data.get('CN', ''),
TRXDATE=data.get('TRXDATE', ''),
PAYID=data.get('PAYID', ''),
NCERROR=data.get('NCERROR', ''),
BRAND=data.get('BRAND', ''),
IPCTY=data.get('IPCTY', ''),
CCCTY=data.get('CCCTY', ''),
ECI=data.get('ECI', ''),
CVCCheck=data.get('CVCCheck', ''),
AAVCheck=data.get('AAVCheck', ''),
VC=data.get('VC', ''),
IP=data.get('IP', ''),
SHASIGN=data.get('SHASIGN', ''),
)
# This actually records the payment in the shop's database
self.shop.confirm_payment(order, amount, transaction_id, self.backend_name)
return HttpResponse('OKAY')
else: # Checksum failed
return HttpResponseBadRequest()
