class QPayProSettingsHolder(BasePaymentProvider): identifier = 'qpaypro' verbose_name = _('QPayPro') is_enabled = False is_meta = True url_onlinemetrix = 'https://h.online-metrix.net' def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'qpaypro', event) @property def were_general_settings_provided(self): return bool(self.settings.general_x_login and self.settings.general_x_private_key and self.settings.general_x_api_secret and self.settings.general_x_endpoint and self.settings.general_x_org_id and self.settings.general_x_country and self.settings.general_x_state and self.settings.general_x_city and self.settings.general_x_address) @property def settings_form_fields(self): if (self.were_general_settings_provided): fields = [] else: fields = get_settings_form_fields('', True) d = OrderedDict(fields + [ ('method_creditcard', forms.BooleanField( label=_('Credit card'), required=False, )), ('method_visaencuotas', forms.BooleanField( label=_('Monthly payments'), required=False, )), ] + list(super().settings_form_fields.items())) d.move_to_end('_enabled', last=False) return d def get_settings_key(self, key): if (self.were_general_settings_provided): key = 'general_{0}'.format(key) return self.settings.get(key)
def test_sandbox(self): sandbox = SettingsSandbox('testing', 'foo', self.event) sandbox.set('foo', 'bar') self.assertEqual(sandbox.get('foo'), 'bar') self.assertEqual(self.event.settings.get('testing_foo_foo'), 'bar') self.assertIsNone(self.event.settings.get('foo'), 'bar') sandbox['bar'] = 'baz' sandbox.baz = 42 self.event = Event.objects.get(id=self.event.id) sandbox = SettingsSandbox('testing', 'foo', self.event) self.assertEqual(sandbox['bar'], 'baz') self.assertEqual(sandbox.baz, '42') del sandbox.baz del sandbox['bar'] self.assertIsNone(sandbox.bar) self.assertIsNone(sandbox['baz'])
def test_sandbox(self): sandbox = SettingsSandbox("testing", "foo", self.event) sandbox.set("foo", "bar") self.assertEqual(sandbox.get("foo"), "bar") self.assertEqual(self.event.settings.get("testing_foo_foo"), "bar") self.assertIsNone(self.event.settings.get("foo"), "bar") sandbox["bar"] = "baz" sandbox.baz = 42 self.event = Event.objects.get(identity=self.event.identity) sandbox = SettingsSandbox("testing", "foo", self.event) self.assertEqual(sandbox["bar"], "baz") self.assertEqual(sandbox.baz, "42") del sandbox.baz del sandbox["bar"] self.assertIsNone(sandbox.bar) self.assertIsNone(sandbox["baz"])
class BaseTicketOutput: """ This is the base class for all ticket outputs. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('ticketoutput', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns whether or whether not this output is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) def generate(self, order: Order) -> Tuple[str, str, str]: """ This method should generate the download file and return a tuple consisting of a filename, a file type and file content. """ raise NotImplementedError() @property def verbose_name(self) -> str: """ A human-readable name for this ticket output. This should be short but self-explaining. Good examples include 'PDF tickets' and 'Passbook'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this ticket output. This should only contain lowercase letters and in most cases will be the same as your packagename. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled`` setting mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('paper_size', forms.CharField( label=_('Paper size'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable output'), required=False, )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def download_button_text(self) -> str: """ The text on the download button in the frontend. """ return _('Download ticket') @property def download_button_icon(self) -> str: """ The name of the icon on the download button in the frontend """ return None
def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) # Default values if self.settings.get('_fee_reverse_calc') is None: self.settings.set('_fee_reverse_calc', True)
class MollieMethod(BasePaymentProvider): method = '' abort_pending_allowed = False refunds_allowed = True def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'mollie', event) @property def settings_form_fields(self): return {} @property def identifier(self): return 'mollie_{}'.format(self.method) @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_refund_supported(self, payment: OrderPayment) -> bool: return self.refunds_allowed def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: return self.refunds_allowed def payment_prepare(self, request, payment): return self.checkout_prepare(request, None) def payment_is_valid_session(self, request: HttpRequest): return True @property def request_headers(self): headers = {} if self.settings.connect_client_id and self.settings.access_token: headers['Authorization'] = 'Bearer %s' % self.settings.access_token else: headers['Authorization'] = 'Bearer %s' % self.settings.api_key return headers def payment_form_render(self, request) -> str: template = get_template('pretix_mollie/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_confirm_render(self, request) -> str: template = get_template('pretix_mollie/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self } return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def payment_pending_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretix_mollie/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': payment.order, 'payment': payment, 'payment_info': payment_info, } return template.render(ctx) def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretix_mollie/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def execute_refund(self, refund: OrderRefund): payment = refund.payment.info_data.get('id') body = { 'amount': { 'currency': self.event.currency, 'value': str(refund.amount) }, } if self.settings.connect_client_id and self.settings.access_token: body['testmode'] = refund.payment.info_data.get('mode', 'live') == 'test' try: print(self.request_headers, body) req = requests.post( 'https://api.mollie.com/v2/payments/{}/refunds'.format( payment), json=body, headers=self.request_headers) req.raise_for_status() req.json() except HTTPError: logger.exception('Mollie error: %s' % req.text) try: refund.info_data = req.json() except: refund.info_data = {'error': True, 'detail': req.text} raise PaymentException( _('Mollie reported an error: {}').format( refund.info_data.get('detail'))) else: refund.done() def get_locale(self, language): pretix_to_mollie_locales = { 'en': 'en_US', 'nl': 'nl_NL', 'nl_BE': 'nl_BE', 'fr': 'fr_FR', 'de': 'de_DE', 'es': 'es_ES', 'ca': 'ca_ES', 'pt': 'pt_PT', 'it': 'it_IT', 'nb': 'nb_NO', 'sv': 'sv_SE', 'fi': 'fi_FI', 'da': 'da_DK', 'is': 'is_IS', 'hu': 'hu_HU', 'pl': 'pl_PL', 'lv': 'lv_LV', 'lt': 'lt_LT' } return pretix_to_mollie_locales.get( language, pretix_to_mollie_locales.get( language.split('-')[0], pretix_to_mollie_locales.get(language.split('_')[0], 'en'))) def _get_payment_body(self, payment): b = { 'amount': { 'currency': self.event.currency, 'value': str(payment.amount), }, 'description': 'Order {}-{}'.format(self.event.slug.upper(), payment.full_id), 'redirectUrl': build_absolute_uri( self.event, 'plugins:pretix_mollie:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), }), 'webhookUrl': build_absolute_uri(self.event, 'plugins:pretix_mollie:webhook', kwargs={'payment': payment.pk}), 'locale': self.get_locale(payment.order.locale), 'method': self.method, 'metadata': { 'organizer': self.event.organizer.slug, 'event': self.event.slug, 'order': payment.order.code, 'payment': payment.local_id, } } if self.settings.connect_client_id and self.settings.access_token: b['profileId'] = self.settings.connect_profile b['testmode'] = self.settings.endpoint == 'test' or self.event.testmode return b def execute_payment(self, request: HttpRequest, payment: OrderPayment): try: req = requests.post('https://api.mollie.com/v2/payments', json=self._get_payment_body(payment), headers=self.request_headers) req.raise_for_status() except HTTPError: logger.exception('Mollie error: %s' % req.text) try: payment.info_data = req.json() except: payment.info_data = {'error': True, 'detail': req.text} payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'data': payment.info_data }) raise PaymentException( _('We had trouble communicating with Mollie. Please try again and get in touch ' 'with us if this problem persists.')) data = req.json() payment.info = json.dumps(data) payment.state = OrderPayment.PAYMENT_STATE_CREATED payment.save() request.session['payment_mollie_order_secret'] = payment.order.secret return self.redirect(request, data.get('_links').get('checkout').get('href')) def redirect(self, request, url): if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return (build_absolute_uri( request.event, 'plugins:pretix_mollie:redirect') + '?url=' + urllib.parse.quote(signer.sign(url))) else: return str(url) def shred_payment_info(self, obj: OrderPayment): if not obj.info: return d = json.loads(obj.info) if 'details' in d: d['details'] = { k: '█' for k in d['details'].keys() if k not in ('bitcoinAmount', ) } d['_shredded'] = True obj.info = json.dumps(d) obj.save(update_fields=['info'])
def settings(self): return SettingsSandbox('payment', 'banktransfer', getattr(self.request, 'event', self.request.organizer))
class BasePaymentProvider: """ This is the base class for all payment providers. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns, whether or whether not this payment provider is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) def calculate_fee(self, price: Decimal) -> Decimal: """ Calculate the fee for this payment provider which will be added to final price before fees (but after taxes). It should include any taxes. The default implementation makes use of the setting ``_fee_abs`` for an absolute fee and ``_fee_percent`` for a percentage. :param price: The total value without the payment method fee, after taxes. """ fee_abs = self.settings.get('_fee_abs', as_type=Decimal, default=0) fee_percent = self.settings.get('_fee_percent', as_type=Decimal, default=0) return (price * fee_percent / 100).quantize(Decimal('.01')) + fee_abs @property def verbose_name(self) -> str: """ A human-readable name for this payment provider. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card via Stripe'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this payment provider. This should only contain lowercase letters and in most cases will be the same as your packagename. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled``, ``_fee_abs`` and ``_fee_percent`` settings mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('bank_details', forms.CharField( widget=forms.Textarea, label=_('Bank account details'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable payment method'), required=False, )), ('_fee_abs', forms.DecimalField(label=_('Additional fee'), help_text=_('Absolute value'), required=False)), ('_fee_percent', forms.DecimalField(label=_('Additional fee'), help_text=_('Percentage'), required=False)), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def payment_form_fields(self) -> dict: """ This is used by the default implementation of :py:meth:`checkout_form`. It should return an object similar to :py:attr:`settings_form_fields`. The default implementation returns an empty dictionary. """ return {} def payment_form(self, request: HttpRequest) -> Form: """ This is called by the default implementation of :py:meth:`checkout_form_render` to obtain the form that is displayed to the user during the checkout process. The default implementation constructs the form using :py:attr:`checkout_form_fields` and sets appropriate prefixes for the form and all fields and fills the form with data form the user's session. """ form = Form(data=(request.POST if request.method == 'POST' else None), prefix='payment_%s' % self.identifier, initial={ k.replace('payment_%s_' % self.identifier, ''): v for k, v in request.session.items() if k.startswith('payment_%s_' % self.identifier) }) form.fields = self.payment_form_fields return form def is_allowed(self, request: HttpRequest) -> bool: """ You can use this method to disable this payment provider for certain groups of users, products or other criteria. If this method returns ``False``, the user will not be able to select this payment method. The default implementation always returns ``True``. """ return True def payment_form_render(self, request: HttpRequest) -> str: """ When the user selects this provider as his prefered payment method, he will be shown the HTML you return from this method. The default implementation will call :py:meth:`checkout_form` and render the returned form. If your payment method doesn't require the user to fill out form fields, you should just return a paragraph of explainatory text. """ form = self.payment_form(request) template = get_template( 'pretixpresale/event/checkout_payment_form_default.html') ctx = {'request': request, 'form': form} return template.render(ctx) def checkout_confirm_render(self, request) -> str: """ If the user successfully filled in his payment data, he will be redirected to a confirmation page which lists all details of his order for a final review. This method should return the HTML which should be displayed inside the 'Payment' box on this page. In most cases, this should include a short summary of the user's input and a short explaination on how the payment process will continue. """ raise NotImplementedError() # NOQA def checkout_prepare(self, request: HttpRequest, cart: Dict[str, Any]) -> "bool|str": """ Will be called after the user selected this provider as his payment method. If you provided a form to the user to enter payment data, this method should at least store the user's input into his session. This method should return ``False``, if the user's input was invalid, ``True`` if the input was valid and the frontend should continue with default behaviour or a string containing an URL, if the user should be redirected somewhere else. On errors, you should use Django's message framework to display an error message to the user (or the normal form validation error messages). The default implementation stores the input into the form returned by :py:meth:`payment_form` in the user's session. If your payment method requires you to redirect the user to an external provider, this might be the place to do so. .. IMPORTANT:: If this is called, the user has not yet confirmed his or her order. You may NOT do anything which actually moves money. :param cart: This dictionary contains at least the following keys: positions: A list of ``CartPosition`` objects that are annotated with the special attributes ``count`` and ``total`` because multiple objects of the same content are grouped into one. raw: The raw list of ``CartPosition`` objects in the users cart total: The overall total *including* the fee for the payment method. payment_fee: The fee for the payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_is_valid_session(self, request: HttpRequest) -> bool: """ This is called at the time the user tries to place the order. It should return ``True``, if the user's session is valid and all data your payment provider requires in future steps is present. """ raise NotImplementedError() # NOQA def payment_perform(self, request: HttpRequest, order: Order) -> str: """ After the user confirmed his purchase, this method will be called to complete the payment process. This is the place to actually move the money, if applicable. If you need any special behaviour, you can return a string containing an URL the user will be redirected to. If you are done with your process you should return the user to the order's detail page. If the payment is completed, you should call ``pretix.base.services.orders.mark_order_paid(order, provider, info)`` with ``provider`` being your :py:attr:`identifier` and ``info`` being any string you might want to store for later usage. Please note that ``mark_order_paid`` might raise a ``Quota.QuotaExceededException`` if (and only if) the payment term of this order is over and some of the items are sold out. You should use the exception message to display a meaningful error to the user. The default implementation just returns ``None`` and therefore leaves the order unpaid. The user will be redirected to the order's detail page by default. On errors, you should use Django's message framework to display an error message to the user. :param order: The order object """ return None def order_pending_mail_render(self, order: Order) -> str: """ After the user submitted his order, he or she will receive a confirmation e-mail. You can return a string from this method if you want to add additional information to this e-mail. :param order: The order object """ return "" def order_pending_render(self, request: HttpRequest, order: Order) -> str: """ If the user visits a detail page of an order which has not yet been paid but this payment method was selected during checkout, this method will be called to provide HTML content for the 'payment' box on the page. It should contain instructions on how to continue with the payment process, either in form of text or buttons/links/etc. :param order: The order object """ raise NotImplementedError() # NOQA def order_can_retry(self, order: Order) -> bool: """ Will be called if the user views the detail page of an unpaid order to determine whether the user should be presented with an option to retry the payment. The default implementation always returns False. :param order: The order object """ return False def retry_prepare(self, request: HttpRequest, order: Order) -> "bool|str": """ Will be called if the user retries to pay an unpaid order (after the user filled in e.g. the form returned by :py:meth:`payment_form`). It should return and report errors the same way as :py:meth:`checkout_prepare`, but receives an ``Order`` object instead of a cart object. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def order_paid_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the user views the detail page of an paid order which is associated with this payment provider. It should return HTML code which should be displayed to the user or None, if there is nothing to say (like the default implementation does). :param order: The order object """ return None def order_control_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the *event administrator* views the detail page of an order which is associated with this payment provider. It should return HTML code containing information regarding the current payment status and, if applicable, next steps. The default implementation returns the verbose name of the payment provider. :param order: The order object """ return _('Payment provider: %s' % self.verbose_name) def order_control_refund_render(self, order: Order) -> str: """ Will be called if the event administrator clicks an order's 'refund' button. This can be used to display information *before* the order is being refunded. It should return HTML code which should be displayed to the user. It should contain information about to which extend the money will be refunded automatically. :param order: The order object """ self.order.log_action('pretix.base.order.refunded') return '<div class="alert alert-warning">%s</div>' % _( 'The money can not be automatically refunded, ' 'please transfer the money back manually.') def order_control_refund_perform(self, request: HttpRequest, order: Order) -> "bool|str": """ Will be called if the event administrator confirms the refund. This should transfer the money back (if possible). You can return an URL the user should be redirected to if you need special behaviour or None to continue with default behaviour. On failure, you should use Django's message framework to display an error message to the user. The default implementation sets the Orders state to refunded and shows a success message. :param request: The HTTP request :param order: The order object """ from pretix.base.services.orders import mark_order_refunded mark_order_refunded(order, user=request.user) messages.success( request, _('The order has been marked as refunded. Please transfer the money ' 'back to the buyer manually.'))
def __init__(self, event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event)
class StripeMethod(BasePaymentProvider): identifier = '' method = '' def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'stripe', event) @property def test_mode_message(self): if self.settings.connect_client_id and not self.settings.secret_key: is_testmode = True else: is_testmode = '_test_' in self.settings.secret_key if is_testmode: return mark_safe( _('The Stripe plugin is operating in test mode. You can use one of <a {args}>many test ' 'cards</a> to perform a transaction. No money will actually be transferred.' ). format( args= 'href="https://stripe.com/docs/testing#cards" target="_blank"' )) return None @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_prepare(self, request, payment): return self.checkout_prepare(request, None) def _amount_to_decimal(self, cents): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return round_decimal(float(cents) / (10**places), self.event.currency) def _decimal_to_int(self, amount): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return int(amount * 10**places) def _get_amount(self, payment): return self._decimal_to_int(payment.amount) @property def api_kwargs(self): if self.settings.connect_client_id and self.settings.connect_user_id: if self.settings.get('endpoint', 'live') == 'live' and not self.event.testmode: kwargs = { 'api_key': self.settings.connect_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.connect_test_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.secret_key, } return kwargs def _init_api(self): stripe.api_version = '2019-05-16' stripe.set_app_info("pretix", partner_id="pp_partner_FSaz4PpKIur7Ox", version=__version__, url="https://pretix.eu") def checkout_confirm_render(self, request) -> str: template = get_template( 'pretixplugins/stripe/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self } return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def _charge_source(self, request, source, payment): try: params = {} if not source.startswith('src_'): params['statement_descriptor'] = ugettext( '{event}-{code}').format(event=self.event.slug.upper(), code=payment.order.code)[:22] params.update(self.api_kwargs) charge = stripe.Charge.create( amount=self._get_amount(payment), currency=self.event.currency.lower(), source=source, description='{event}-{code}'.format( event=self.event.slug.upper(), code=payment.order.code), metadata={ 'order': str(payment.order.id), 'event': self.event.id, 'code': payment.order.code }, # TODO: Is this sufficient? idempotency_key=str(self.event.id) + payment.order.code + source, **params) except stripe.error.CardError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) logger.info('Stripe card error: %s' % str(err)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException( _('Stripe reported an error with your card: %s') % err['message']) except stripe.error.StripeError as e: if e.json_body and 'error' in e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException( _('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) else: ReferencedStripeObject.objects.get_or_create(reference=charge.id, defaults={ 'order': payment.order, 'payment': payment }) if charge.status == 'succeeded' and charge.paid: try: payment.info = str(charge) payment.confirm() except Quota.QuotaExceededException as e: raise PaymentException(str(e)) except SendMailException: raise PaymentException( _('There was an error sending the confirmation mail.')) elif charge.status == 'pending': if request: messages.warning( request, _('Your payment is pending completion. We will inform you as soon as the ' 'payment completed.')) payment.info = str(charge) payment.state = OrderPayment.PAYMENT_STATE_PENDING payment.save() return else: logger.info('Charge failed: %s' % str(charge)) payment.info = str(charge) payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'info': str(charge) }) raise PaymentException( _('Stripe reported an error: %s') % charge.failure_message) def payment_pending_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretixplugins/stripe/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': payment.order, 'payment': payment, 'payment_info': payment_info, 'payment_hash': hashlib.sha1(payment.order.secret.lower().encode()).hexdigest() } return template.render(ctx) def api_payment_details(self, payment: OrderPayment): return { "id": payment.info_data.get("id", None), "payment_method": payment.info_data.get("payment_method", None) } def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if 'amount' in payment_info: payment_info['amount'] /= 10**settings.CURRENCY_PLACES.get( self.event.currency, 2) else: payment_info = None template = get_template('pretixplugins/stripe/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def execute_refund(self, refund: OrderRefund): self._init_api() payment_info = refund.payment.info_data if not payment_info: raise PaymentException(_('No payment information found.')) try: if payment_info['id'].startswith('pi_'): chargeid = payment_info['charges']['data'][0]['id'] else: chargeid = payment_info['id'] ch = stripe.Charge.retrieve(chargeid, **self.api_kwargs) r = ch.refunds.create(amount=self._get_amount(refund), ) ch.refresh() except (stripe.error.InvalidRequestError, stripe.error.AuthenticationError, stripe.error.APIConnectionError) \ as e: if e.json_body and 'error' in e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) raise PaymentException( _('We had trouble communicating with Stripe. Please try again and contact ' 'support if the problem persists.')) except stripe.error.StripeError as err: logger.error('Stripe error: %s' % str(err)) raise PaymentException(_('Stripe returned an error')) else: refund.info = str(r) if r.status in ('succeeded', 'pending'): refund.done() elif r.status in ('failed', 'canceled'): refund.state = OrderRefund.REFUND_STATE_FAILED refund.execution_date = now() refund.save() def execute_payment(self, request: HttpRequest, payment: OrderPayment): self._init_api() try: source = self._create_source(request, payment) except stripe.error.StripeError as e: if e.json_body and 'err' in e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException( _('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) ReferencedStripeObject.objects.get_or_create(reference=source.id, defaults={ 'order': payment.order, 'payment': payment }) payment.info = str(source) payment.state = OrderPayment.PAYMENT_STATE_PENDING payment.save() request.session['payment_stripe_order_secret'] = payment.order.secret return self.redirect(request, source.redirect.url) def redirect(self, request, url): if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return ( build_absolute_uri(request.event, 'plugins:stripe:redirect') + '?url=' + urllib.parse.quote(signer.sign(url))) else: return str(url) def shred_payment_info(self, obj: OrderPayment): if not obj.info: return d = json.loads(obj.info) new = {} if 'source' in d: new['source'] = { 'id': d['source'].get('id'), 'type': d['source'].get('type'), 'brand': d['source'].get('brand'), 'last4': d['source'].get('last4'), 'bank_name': d['source'].get('bank_name'), 'bank': d['source'].get('bank'), 'bic': d['source'].get('bic'), 'card': { 'brand': d['source'].get('card', {}).get('brand'), 'country': d['source'].get('card', {}).get('cuntry'), 'last4': d['source'].get('card', {}).get('last4'), } } if 'amount' in d: new['amount'] = d['amount'] if 'currency' in d: new['currency'] = d['currency'] if 'status' in d: new['status'] = d['status'] if 'id' in d: new['id'] = d['id'] new['_shredded'] = True obj.info = json.dumps(new) obj.save(update_fields=['info']) for le in obj.order.all_logentries().filter( action_type="pretix.plugins.stripe.event").exclude( data="", shredded=True): d = le.parsed_data if 'data' in d: for k, v in list(d['data']['object'].items()): if v not in ('reason', 'status', 'failure_message', 'object', 'id'): d['data']['object'][k] = '█' le.data = json.dumps(d) le.shredded = True le.save(update_fields=['data', 'shredded'])
class StripeMethod(BasePaymentProvider): identifier = '' method = '' def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'stripe', event) @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get('_enabled', as_type=bool) and self.settings.get('method_{}'.format(self.method), as_type=bool) def payment_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_prepare(self, request, payment): return self.checkout_prepare(request, None) def _amount_to_decimal(self, cents): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return round_decimal(float(cents) / (10 ** places), self.event.currency) def _decimal_to_int(self, amount): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return int(amount * 10 ** places) def _get_amount(self, payment): return self._decimal_to_int(payment.amount) @property def api_kwargs(self): if self.settings.connect_client_id and self.settings.connect_user_id: if self.settings.get('endpoint', 'live') == 'live': kwargs = { 'api_key': self.settings.connect_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.connect_test_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.secret_key, } return kwargs def _init_api(self): stripe.api_version = '2018-02-28' stripe.set_app_info("pretix", version=__version__, url="https://pretix.eu") def checkout_confirm_render(self, request) -> str: template = get_template('pretixplugins/stripe/checkout_payment_confirm.html') ctx = {'request': request, 'event': self.event, 'settings': self.settings, 'provider': self} return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def _charge_source(self, request, source, payment): try: params = {} if not source.startswith('src_'): params['statement_descriptor'] = ugettext('{event}-{code}').format( event=self.event.slug.upper(), code=payment.order.code )[:22] params.update(self.api_kwargs) charge = stripe.Charge.create( amount=self._get_amount(payment), currency=self.event.currency.lower(), source=source, metadata={ 'order': str(payment.order.id), 'event': self.event.id, 'code': payment.order.code }, # TODO: Is this sufficient? idempotency_key=str(self.event.id) + payment.order.code + source, **params ) except stripe.error.CardError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) logger.info('Stripe card error: %s' % str(err)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException(_('Stripe reported an error with your card: %s') % err['message']) except stripe.error.StripeError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException(_('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) else: ReferencedStripeObject.objects.get_or_create( reference=charge.id, defaults={'order': payment.order, 'payment': payment} ) if charge.status == 'succeeded' and charge.paid: try: payment.info = str(charge) payment.confirm() except Quota.QuotaExceededException as e: raise PaymentException(str(e)) except SendMailException: raise PaymentException(_('There was an error sending the confirmation mail.')) elif charge.status == 'pending': if request: messages.warning(request, _('Your payment is pending completion. We will inform you as soon as the ' 'payment completed.')) payment.info = str(charge) payment.state = OrderPayment.PAYMENT_STATE_PENDING payment.save() return else: logger.info('Charge failed: %s' % str(charge)) payment.info = str(charge) payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'info': str(charge) }) raise PaymentException(_('Stripe reported an error: %s') % charge.failure_message) def payment_pending_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretixplugins/stripe/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': payment.order, 'payment': payment, 'payment_info': payment_info, } return template.render(ctx) def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if 'amount' in payment_info: payment_info['amount'] /= 10 ** settings.CURRENCY_PLACES.get(self.event.currency, 2) else: payment_info = None template = get_template('pretixplugins/stripe/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def execute_refund(self, refund: OrderRefund): self._init_api() payment_info = refund.payment.info_data if not payment_info: raise PaymentException(_('No payment information found.')) try: ch = stripe.Charge.retrieve(payment_info['id'], **self.api_kwargs) r = ch.refunds.create( amount=self._get_amount(refund), ) ch.refresh() except (stripe.error.InvalidRequestError, stripe.error.AuthenticationError, stripe.error.APIConnectionError) \ as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) raise PaymentException(_('We had trouble communicating with Stripe. Please try again and contact ' 'support if the problem persists.')) except stripe.error.StripeError as err: logger.error('Stripe error: %s' % str(err)) raise PaymentException(_('Stripe returned an error')) else: refund.info = str(r) if r.status in ('succeeded', 'pending'): refund.done() elif r.status in ('failed', 'canceled'): refund.state = OrderRefund.REFUND_STATE_FAILED refund.execution_date = now() refund.save() def execute_payment(self, request: HttpRequest, payment: OrderPayment): self._init_api() try: source = self._create_source(request, payment) except stripe.error.StripeError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) payment.info_data = { 'error': True, 'message': err['message'], } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': err['message'] }) raise PaymentException(_('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) ReferencedStripeObject.objects.get_or_create( reference=source.id, defaults={'order': payment.order, 'payment': payment} ) payment.info = str(source) payment.state = OrderPayment.PAYMENT_STATE_PENDING payment.save() request.session['payment_stripe_order_secret'] = payment.order.secret return self.redirect(request, source.redirect.url) def redirect(self, request, url): if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return ( build_absolute_uri(request.event, 'plugins:stripe:redirect') + '?url=' + urllib.parse.quote(signer.sign(url)) ) else: return str(url) def shred_payment_info(self, obj: OrderPayment): if not obj.info: return d = json.loads(obj.info) new = {} if 'source' in d: new['source'] = { 'id': d['source'].get('id'), 'type': d['source'].get('type'), 'brand': d['source'].get('brand'), 'last4': d['source'].get('last4'), 'bank_name': d['source'].get('bank_name'), 'bank': d['source'].get('bank'), 'bic': d['source'].get('bic'), 'card': { 'brand': d['source'].get('card', {}).get('brand'), 'country': d['source'].get('card', {}).get('cuntry'), 'last4': d['source'].get('card', {}).get('last4'), } } if 'amount' in d: new['amount'] = d['amount'] if 'currency' in d: new['currency'] = d['currency'] if 'status' in d: new['status'] = d['status'] if 'id' in d: new['id'] = d['id'] new['_shredded'] = True obj.info = json.dumps(new) obj.save(update_fields=['info']) for le in obj.order.all_logentries().filter( action_type="pretix.plugins.stripe.event" ).exclude(data="", shredded=True): d = le.parsed_data if 'data' in d: for k, v in list(d['data']['object'].items()): if v not in ('reason', 'status', 'failure_message', 'object', 'id'): d['data']['object'][k] = '█' le.data = json.dumps(d) le.shredded = True le.save(update_fields=['data', 'shredded'])
class SaferpayMethod(BasePaymentProvider): method = '' abort_pending_allowed = False refunds_allowed = True cancel_flow = True payment_methods = [] def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'saferpay', event) @property def settings_form_fields(self): return {} @property def identifier(self): return 'saferpay_{}'.format(self.method) @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_refund_supported(self, payment: OrderPayment) -> bool: return self.refunds_allowed def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: return self.refunds_allowed def payment_prepare(self, request, payment): return self.checkout_prepare(request, None) def payment_is_valid_session(self, request: HttpRequest): return True def payment_form_render(self, request) -> str: template = get_template('pretix_saferpay/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_confirm_render(self, request) -> str: template = get_template( 'pretix_saferpay/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self } return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def payment_pending_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretix_saferpay/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': payment.order, 'payment': payment, 'payment_info': payment_info, } return template.render(ctx) def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if 'amount' in payment_info: payment_info['amount'] /= 10**settings.CURRENCY_PLACES.get( self.event.currency, 2) else: payment_info = None template = get_template('pretix_saferpay/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def execute_refund(self, refund: OrderRefund): d = refund.payment.info_data try: if self.cancel_flow and refund.amount == refund.payment.amount: if 'Id' not in d: raise PaymentException( _('The payment has not been captured successfully and can therefore not be ' 'refunded.')) req = self._post('Payment/v1/Transaction/Cancel', json={ "RequestHeader": { "SpecVersion": "1.10", "CustomerId": self.settings.customer_id, "RequestId": str(uuid.uuid4()), "RetryIndicator": 0 }, "TransactionReference": { "TransactionId": d.get('Id') } }) if req.status_code == 200: refund.info = req.text refund.save(update_fields=['info']) refund.done() try: err = req.json() except: req.raise_for_status() else: if err['ErrorName'] not in ('ACTION_NOT_SUPPORTED', 'TRANSACTION_ALREADY_CAPTURED', 'TRANSACTION_IN_WRONG_STATE'): req.raise_for_status() if 'CaptureId' not in d: raise PaymentException( _('The payment has not been captured successfully and can therefore not be ' 'refunded.')) req = self._post( 'Payment/v1/Transaction/Refund', json={ "RequestHeader": { "SpecVersion": "1.10", "CustomerId": self.settings.customer_id, "RequestId": str(uuid.uuid4()), "RetryIndicator": 0 }, "Refund": { "Amount": { "Value": str(self._decimal_to_int(refund.amount)), "CurrencyCode": self.event.currency }, "OrderId": "{}-{}-R-{}".format(self.event.slug.upper(), refund.order.code, refund.local_id), "Description": "Order {}-{}".format(self.event.slug.upper(), refund.order.code), }, "CaptureReference": { "CaptureId": d.get('CaptureId') } }) req.raise_for_status() refund.info_data = req.json() refund.save(update_fields=['info']) if refund.info_data['Transaction'].get('Status') == 'AUTHORIZED': req = self._post( 'Payment/v1/Transaction/Capture', json={ "RequestHeader": { "SpecVersion": "1.10", "CustomerId": self.settings.customer_id, "RequestId": str(uuid.uuid4()), "RetryIndicator": 0 }, "TransactionReference": { "TransactionId": refund.info_data['Transaction'].get('Id') } }) req.raise_for_status() data = req.json() if data['Status'] == 'CAPTURED': refund.order.log_action('pretix_saferpay.event.paid') trans = refund.info_data trans['Transaction']['Status'] = 'CAPTURED' trans['Transaction']['CaptureId'] = data['CaptureId'] refund.info = json.dumps(trans) refund.save(update_fields=['info']) refund.done() except HTTPError: logger.exception('Saferpay error: %s' % req.text) try: refund.info_data = req.json() except: refund.info_data = {'error': True, 'detail': req.text} refund.state = OrderRefund.REFUND_STATE_FAILED refund.save() refund.order.log_action( 'pretix.event.order.refund.failed', { 'local_id': refund.local_id, 'provider': refund.provider, 'data': refund.info_data }) raise PaymentException( _('We had trouble communicating with Saferpay. Please try again and get in touch ' 'with us if this problem persists.')) @property def test_mode_message(self): if self.settings.endpoint == 'test': return _( 'The Saferpay plugin is operating in test mode. No money will actually be transferred.' ) return None def _post(self, endpoint, *args, **kwargs): r = requests.post('https://{env}.saferpay.com/api/{ep}'.format( env='www' if self.settings.get('endpoint') == 'live' else 'test', ep=endpoint, ), auth=(self.settings.get('api_user'), self.settings.get('api_pass')), *args, **kwargs) return r def _get(self, endpoint, *args, **kwargs): r = requests.get('https://{env}.saferpay.com/api/{ep}'.format( env='www' if self.settings.get('endpoint') == 'live' else 'test', ep=endpoint, ), auth=(self.settings.get('api_user'), self.settings.get('api_pass')), *args, **kwargs) return r def get_locale(self, language): saferpay_locales = { 'de', 'en', 'fr', 'da', 'cs', 'es', 'et', 'hr', 'it', 'hu', 'lv', 'lt', 'nl', 'nn', 'pl', 'pt', 'ru', 'ro', 'sk', 'sl', 'fi', 'sv', 'tr', 'el', 'ja', 'zh' } if language[:2] in saferpay_locales: return language[:2] return 'en' def _amount_to_decimal(self, cents): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return round_decimal(float(cents) / (10**places), self.event.currency) def _decimal_to_int(self, amount): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return int(amount * 10**places) def _get_payment_page_init_body(self, payment): b = { "RequestHeader": { "SpecVersion": "1.10", "CustomerId": self.settings.customer_id, "RequestId": str(uuid.uuid4()), "RetryIndicator": 0, "ClientInfo": { "ShopInfo": "pretix", } }, "TerminalId": self.settings.terminal_id, "Payment": { "Amount": { "Value": str(self._decimal_to_int(payment.amount)), "CurrencyCode": self.event.currency }, "OrderId": "{}-{}-P-{}".format(self.event.slug.upper(), payment.order.code, payment.local_id), "Description": "Order {}-{}".format(self.event.slug.upper(), payment.order.code), "PayerNote": "{}-{}".format(self.event.slug.upper(), payment.order.code), }, "PaymentMethods": self.payment_methods, "Payer": { "LanguageCode": self.get_locale(payment.order.locale), }, "ReturnUrls": { "Success": build_absolute_uri( self.event, 'plugins:pretix_saferpay:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), 'action': 'success' }), "Fail": build_absolute_uri( self.event, 'plugins:pretix_saferpay:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), 'action': 'fail' }), "Abort": build_absolute_uri( self.event, 'plugins:pretix_saferpay:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), 'action': 'abort' }), }, "Notification": { "NotifyUrl": build_absolute_uri(self.event, 'plugins:pretix_saferpay:webhook', kwargs={ 'payment': payment.pk, }), }, "BillingAddressForm": { "Display": False }, "DeliveryAddressForm": { "Display": False } } return b def execute_payment(self, request: HttpRequest, payment: OrderPayment): try: req = self._post('Payment/v1/PaymentPage/Initialize', json=self._get_payment_page_init_body(payment)) req.raise_for_status() except HTTPError: logger.exception('Saferpay error: %s' % req.text) try: payment.info_data = req.json() except: payment.info_data = {'error': True, 'detail': req.text} payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'data': payment.info_data }) raise PaymentException( _('We had trouble communicating with Saferpay. Please try again and get in touch ' 'with us if this problem persists.')) data = req.json() payment.info = json.dumps(data) payment.state = OrderPayment.PAYMENT_STATE_CREATED payment.save() request.session['payment_saferpay_order_secret'] = payment.order.secret return self.redirect(request, data.get('RedirectUrl')) def redirect(self, request, url): if request.session.get('iframe_session', False) and self.method in ( 'paypal', 'sofort', 'giropay', 'paydirekt'): signer = signing.Signer(salt='safe-redirect') return (build_absolute_uri( request.event, 'plugins:pretix_saferpay:redirect') + '?url=' + urllib.parse.quote(signer.sign(url))) else: return str(url) def shred_payment_info(self, obj: OrderPayment): if not obj.info: return d = json.loads(obj.info) if 'details' in d: d['details'] = {k: '█' for k in d['details'].keys()} d['_shredded'] = True obj.info = json.dumps(d) obj.save(update_fields=['info'])
class WirecardMethod(BasePaymentProvider): method = '' wc_payment_type = 'SELECT' statement_length = 253 order_ref_length = 32 def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'wirecard', event) @property def identifier(self): return 'wirecard_{}'.format(self.method) @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_form_render(self, request) -> str: template = get_template('pretix_wirecard/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_confirm_render(self, request) -> str: template = get_template( 'pretix_wirecard/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_prepare(self, request, total): return True def payment_is_valid_session(self, request): return True def payment_perform(self, request, order) -> str: request.session['wirecard_nonce'] = get_random_string(length=12) request.session['wirecard_order_secret'] = order.secret return eventreverse(self.event, 'plugins:pretix_wirecard:redirect', kwargs={ 'order': order.code, 'hash': hashlib.sha1( order.secret.lower().encode()).hexdigest(), }) def sign_parameters(self, params: dict, order: list = None) -> dict: keys = order or (list(params.keys()) + ['requestFingerprintOrder', 'secret']) params['requestFingerprintOrder'] = ','.join(keys) payload = ''.join( self.settings.get('secret') if k == 'secret' else params[k] for k in keys) params['requestFingerprint'] = hmac.new( self.settings.get('secret').encode(), payload.encode(), hashlib.sha512).hexdigest().upper() return params def params_for_order(self, order, request): if not request.session.get('wirecard_nonce'): request.session['wirecard_nonce'] = get_random_string(length=12) request.session['wirecard_order_secret'] = order.secret hash = hashlib.sha1(order.secret.lower().encode()).hexdigest() # TODO: imageURL, cssURL? return { 'customerId': self.settings.get('customer_id'), 'shopId': self.settings.get('shop_id', ''), 'language': order.locale[:2], 'paymentType': self.wc_payment_type, 'amount': str(order.total), 'currency': self.event.currency, 'orderDescription': _('Order {event}-{code}').format(event=self.event.slug.upper(), code=order.code), 'successUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': order.code, 'hash': hash, }), 'cancelUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': order.code, 'hash': hash, }), 'failureUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': order.code, 'hash': hash, }), 'confirmUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:confirm', kwargs={ 'order': order.code, 'hash': hash, }).replace(':8000', ''), # TODO: Remove 'pendingUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:confirm', kwargs={ 'order': order.code, 'hash': hash, }), 'duplicateRequestCheck': 'yes', 'serviceUrl': self.event.settings.imprint_url, 'customerStatement': _('ORDER {order} EVENT {event} BY {organizer}').format( event=self.event.slug.upper(), order=order.code, organizer=self.event.organizer.name)[:self.statement_length], 'orderReference': '{code}{id}'.format(code=order.code, id=request.session.get('wirecard_nonce')) [:self.order_ref_length], 'displayText': _('Order {} for event {} by {}').format(order.code, self.event.name, self.event.organizer.name), 'pretix_orderCode': order.code, 'pretix_eventSlug': self.event.slug, 'pretix_organizerSlug': self.event.organizer.slug, 'pretix_nonce': request.session.get('wirecard_nonce'), } def order_pending_render(self, request, order) -> str: retry = True try: if order.payment_info and json.loads( order.payment_info)['paymentState'] == 'PENDING': retry = False except KeyError: pass template = get_template('pretix_wirecard/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'retry': retry, 'order': order } return template.render(ctx) def order_control_render(self, request, order) -> str: if order.payment_info: payment_info = json.loads(order.payment_info) else: payment_info = None template = get_template('pretix_wirecard/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'order': order, 'provname': self.verbose_name } return template.render(ctx) def order_can_retry(self, order): return True @property def refund_available(self): return bool(self.settings.get('toolkit_password')) def order_control_refund_render(self, order, request) -> str: if self.refund_available: template = get_template('pretix_wirecard/control_refund.html') ctx = { 'request': request, 'form': self._refund_form(request), } return template.render(ctx) else: return super().order_control_refund_render(order, request) def _refund(self, order_number, amount, currency, language): params = { 'customerId': self.settings.get('customer_id'), 'shopId': self.settings.get('shop_id', ''), 'toolkitPassword': self.settings.get('toolkit_password'), 'command': 'refund', 'language': language, 'orderNumber': order_number, 'amount': str(amount), 'currency': currency } r = requests.post( 'https://checkout.wirecard.com/page/toolkit.php', data=self.sign_parameters(params, [ 'customerId', 'shopId', 'toolkitPassword', 'secret', 'command', 'language', 'orderNumber', 'amount', 'currency' ])) retvals = parse_qs(r.text) if retvals['status'][0] != '0': logger.error('Wirecard error during refund: %s' % r.text) raise PaymentException( _('Wirecard reported an error: {msg}').format( msg=retvals['message'][0])) def _refund_form(self, request): return RefundForm( data=request.POST if request.method == "POST" else None) def order_control_refund_perform(self, request, order) -> "bool|str": if order.payment_info: payment_info = json.loads(order.payment_info) else: payment_info = None if not payment_info or not self.refund_available: mark_order_refunded(order, user=request.user) messages.warning( request, _('We were unable to transfer the money back automatically. ' 'Please get in touch with the customer and transfer it back manually.' )) return f = self._refund_form(request) if not f.is_valid(): messages.error(request, _('Your input was invalid, please try again.')) return elif f.cleaned_data.get('auto_refund') == 'manual': order = mark_order_refunded(order, user=request.user) order.payment_manual = True order.save() return try: self._refund(payment_info['orderNumber'], order.total, self.event.currency, order.locale[:2]) except PaymentException as e: messages.error(request, str(e)) except requests.exceptions.RequestException as e: logger.exception('Wirecard error: %s' % str(e)) messages.error( request, _('We had trouble communicating with Wirecard. Please try again and contact ' 'support if the problem persists.')) else: mark_order_refunded(order, user=request.user) def shred_payment_info(self, order: Order): if not order.payment_info: return d = json.loads(order.payment_info) new = {'_shreded': True} for k in ('paymentState', 'amount', 'authenticated', 'paymentType', 'pretix_orderCode', 'currency', 'orderNumber', 'financialInstitution', 'message', 'mandateId', 'dueDate'): if k in d: new[k] = d[k] order.payment_info = json.dumps(new) order.save(update_fields=['payment_info'])
class QPayProMethod(QPayProSettingsHolder): method = '' abort_pending_allowed = False refunds_allowed = True def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'qpaypro', event) @property def settings_form_fields(self): return {} @property def identifier(self): return 'qpaypro_{}'.format(self.method) @property def is_enabled(self) -> bool: return (self.settings.get('_enabled', as_type=bool) and self.settings.get('method_{}'.format(self.method), as_type=bool)) def _fingerprint_prepare(self, request, url_next): if not super().checkout_prepare(request, None): return False # Device fingerprint session id session_onlinemetrix_key = self.get_payment_key_prefix( ) + 'session_onlinemetrix' if not request.session.get(session_onlinemetrix_key, False): request.session[session_onlinemetrix_key] = get_random_string(32) # Device fingerprint URLs params = 'org_id={x_org_id}&session_id={x_login}{session_id}'.format( x_org_id=self.get_settings_key('x_org_id'), x_login=self.get_settings_key('x_login'), session_id=request.session.get(session_onlinemetrix_key, '')) url_script = '{url}/fp/tags.js?{params}'.format( url=self.url_onlinemetrix, params=params, ) url_iframe = '{url}/fp/tags?{params}'.format( url=self.url_onlinemetrix, params=params, ) # Final URL using the result of all the previous steps signer = signing.Signer(salt='safe-redirect') url_final = ( eventreverse(self.event, 'plugins:pretix_qpaypro:onlinemetrix') + '?' + 'url_script=' + urllib.parse.quote(signer.sign(url_script)) + '&' + 'url_iframe=' + urllib.parse.quote(signer.sign(url_iframe)) + '&' + 'url_next=' + urllib.parse.quote(signer.sign(url_next))) return url_final def payment_prepare(self, request, payment): url_next = eventreverse(self.event, 'presale:event.order.pay.confirm', kwargs={ 'order': payment.order.code, 'secret': payment.order.secret, 'payment': payment.pk }) return self._fingerprint_prepare(request, url_next) def checkout_prepare(self, request, cart): url_next = eventreverse(self.event, 'presale:event.checkout', kwargs={ 'step': 'confirm', }) return self._fingerprint_prepare(request, url_next) def get_payment_key_prefix(self): return 'payment_{0}_'.format(self.identifier) def payment_is_valid_session(self, request: HttpRequest): key_prefix = self.get_payment_key_prefix() return (request.session.get(key_prefix + 'cc_type', '') != '' and request.session.get(key_prefix + 'cc_number', '') != '' and request.session.get(key_prefix + 'cc_exp_month', '') != '' and request.session.get(key_prefix + 'cc_exp_year', '') != '' and request.session.get(key_prefix + 'cc_cvv2', '') != '' and request.session.get(key_prefix + 'cc_first_name', '') != '' and request.session.get(key_prefix + 'cc_last_name', '') != '' and request.session.get(key_prefix + 'session_onlinemetrix', '') != '') @property def payment_form_fields(self): return OrderedDict(get_payment_form_fields()) def payment_form_render(self, request) -> str: template = get_template('pretix_qpaypro/checkout_payment_form.html') ctx = { 'form': self.payment_form(request), } return template.render(ctx) def checkout_confirm_render(self, request) -> str: template = get_template('pretix_qpaypro/checkout_payment_confirm.html') key_prefix = self.get_payment_key_prefix() ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'cc_type': request.session[key_prefix + 'cc_type'].upper(), 'cc_number': mask_cc_number(request.session[key_prefix + 'cc_number']), 'cc_exp_month': request.session[key_prefix + 'cc_exp_month'], 'cc_exp_year': request.session[key_prefix + 'cc_exp_year'], 'cc_first_name': request.session[key_prefix + 'cc_first_name'], 'cc_last_name': request.session[key_prefix + 'cc_last_name'], } return template.render(ctx) def _get_payment_body(self, request: HttpRequest, payment: OrderPayment): key_prefix = self.get_payment_key_prefix() # Get a complete list of the cart contents x_line_item = '' for line in payment.order.positions.all(): x_line_item += '{description}<|>{code}<|>{quantity}<|>{value}<|>'.format( description=line.item.name, code=line.item.name, quantity='1', value=line.price, ) # Get the order page for relay URL x_relay_url = build_absolute_uri(self.event, 'presale:event.order', kwargs={ 'order': payment.order.code, 'secret': payment.order.secret }) + '?paid=yes' # Generate all the transaction body b = { 'x_login': self.get_settings_key('x_login'), 'x_private_key': self.get_settings_key('x_private_key'), 'x_api_secret': self.get_settings_key('x_api_secret'), 'x_description': 'Order {} - {}'.format(self.event.slug.upper(), payment.full_id), 'x_amount': str(payment.amount), 'x_currency_code': self.event.currency, 'x_product_id': payment.order.code, 'x_audit_number': payment.order.code, 'x_line_item': x_line_item, 'x_email': payment.order.email, 'x_fp_sequence': payment.order.code, 'x_fp_timestamp': str(datetime.now()), 'x_invoice_num': payment.order.code, 'x_first_name': request.session.get(key_prefix + 'cc_first_name', ''), 'x_last_name': request.session.get(key_prefix + 'cc_last_name', ''), 'x_company': 'C/F', 'x_address': self.get_settings_key('x_address'), 'x_city': self.get_settings_key('x_city'), 'x_state': self.get_settings_key('x_state'), 'x_zip': self.get_settings_key('x_zip'), 'x_country': self.get_settings_key('x_country'), 'x_relay_response': 'TRUE', 'x_relay_url': x_relay_url, 'x_type': 'AUTH_ONLY', 'x_method': 'CC', 'visaencuotas': 0, 'cc_number': request.session.get(key_prefix + 'cc_number', ''), 'cc_exp': '{}/{}'.format( request.session.get(key_prefix + 'cc_exp_month', ''), str(request.session.get(key_prefix + 'cc_exp_year', ''))[-2:]), 'cc_cvv2': request.session.get(key_prefix + 'cc_cvv2', ''), 'cc_name': '{} {}'.format( request.session.get(key_prefix + 'cc_first_name', ''), request.session.get(key_prefix + 'cc_last_name', ''), ), 'cc_type': request.session.get(key_prefix + 'cc_type', ''), 'device_fingerprint_id': request.session.get(key_prefix + 'session_onlinemetrix', ''), } return b def execute_payment(self, request: HttpRequest, payment: OrderPayment): try: # Get the correct endpoint to consume x_endpoint = self.get_settings_key('x_endpoint') if x_endpoint == 'live': url = 'https://payments.qpaypro.com/checkout/api_v1' else: url = 'https://sandbox.qpaypro.com/payment/api_v1' # Get the message body payment_body = self._get_payment_body(request, payment) # # To save the information befor send # # TO DO: to delete this action because of security issues # payment.order.log_action('pretix.event.order.payment.started', { # 'local_id': payment.local_id, # 'provider': payment.provider, # 'data': payment_body # }) # Perform the call to the endpoint req = requests.post( url, json=payment_body, ) req.raise_for_status() # Load the response to be read data = req.json() # The result is evaluated to determine the next step if not (data['result'] == 1 and data['responseCode'] == 100): raise PaymentException(data['responseText']) # To save the result payment.info = req.json() payment.confirm() except (HTTPError, PaymentException, Quota.QuotaExceededException): logger.exception('QPayPro error: %s' % req.text) try: payment.info_data = req.json() except Exception: payment.info_data = {'error': True, 'detail': req.text} payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'data': payment.info_data }) raise PaymentException( _('We had trouble communicating with QPayPro. Please try again and get in touch ' 'with us if this problem persists.')) return None
def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event)
class BaseTicketOutput: """ This is the base class for all ticket outputs. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('ticketoutput', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns whether or whether not this output is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) @property def multi_download_enabled(self) -> bool: """ Returns whether or not the ``generate_order`` method may be called. Returns ``True`` by default. """ return True def generate(self, position: OrderPosition) -> Tuple[str, str, str]: """ This method should generate the download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. .. note:: If the event uses the event series feature (internally called subevents) and your generated ticket contains information like the event name or date, you probably want to display the properties of the subevent. A common pattern to do this would be a declaration ``ev = position.subevent or position.order.event`` and then access properties that are present on both classes like ``ev.name`` or ``ev.date_from``. """ raise NotImplementedError() def generate_order(self, order: Order) -> Tuple[str, str, str]: """ This method is the same as order() but should not generate one file per order position but instead one file for the full order. This method is optional to implement. If you don't implement it, the default implementation will offer a zip file of the generate() results for the order positions. This method should generate a download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. If you override this method, make sure that positions that are addons (i.e. ``addon_to`` is set) are only outputted if the event setting ``ticket_download_addons`` is active. Do the same for positions that are non-admission without ``ticket_download_nonadm`` active. If you want, you can just iterate over ``order.positions_with_tickets`` which applies the appropriate filters for you. """ with tempfile.TemporaryDirectory() as d: with ZipFile(os.path.join(d, 'tmp.zip'), 'w') as zipf: for pos in order.positions_with_tickets: fname, __, content = self.generate(pos) zipf.writestr('{}-{}{}'.format( order.code, pos.positionid, os.path.splitext(fname)[1] ), content) with open(os.path.join(d, 'tmp.zip'), 'rb') as zipf: return '{}-{}.zip'.format(order.code, self.identifier), 'application/zip', zipf.read() @property def verbose_name(self) -> str: """ A human-readable name for this ticket output. This should be short but self-explanatory. Good examples include 'PDF tickets' and 'Passbook'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this ticket output. This should only contain lowercase letters and in most cases will be the same as your package name. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled`` setting mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('paper_size', forms.CharField( label=_('Paper size'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable output'), required=False, )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def download_button_text(self) -> str: """ The text on the download button in the frontend. """ return _('Download ticket') @property def download_button_icon(self) -> str: """ The Font Awesome icon on the download button in the frontend. """ return 'fa-download'
class Paypal(BasePaymentProvider): identifier = 'paypal' verbose_name = _('PayPal') payment_form_fields = OrderedDict([ ]) def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'paypal', event) @property def settings_form_fields(self): if self.settings.connect_client_id and not self.settings.secret: # PayPal connect if self.settings.connect_user_id: fields = [ ('connect_user_id', forms.CharField( label=_('PayPal account'), disabled=True )), ] else: return {} else: fields = [ ('client_id', forms.CharField( label=_('Client ID'), max_length=80, min_length=80, help_text=_('<a target="_blank" rel="noopener" href="{docs_url}">{text}</a>').format( text=_('Click here for a tutorial on how to obtain the required keys'), docs_url='https://docs.pretix.eu/en/latest/user/payments/paypal.html' ) )), ('secret', forms.CharField( label=_('Secret'), max_length=80, min_length=80, )), ('endpoint', forms.ChoiceField( label=_('Endpoint'), initial='live', choices=( ('live', 'Live'), ('sandbox', 'Sandbox'), ), )), ] d = OrderedDict( fields + list(super().settings_form_fields.items()) ) d.move_to_end('_enabled', False) return d def get_connect_url(self, request): request.session['payment_paypal_oauth_event'] = request.event.pk self.init_api() return Tokeninfo.authorize_url({'scope': 'openid profile email'}) def settings_content_render(self, request): if self.settings.connect_client_id and not self.settings.secret: # Use PayPal connect if not self.settings.connect_user_id: return ( "<p>{}</p>" "<a href='{}' class='btn btn-primary btn-lg'>{}</a>" ).format( _('To accept payments via PayPal, you will need an account at PayPal. By clicking on the ' 'following button, you can either create a new PayPal account connect pretix to an existing ' 'one.'), self.get_connect_url(request), _('Connect with {icon} PayPal').format(icon='<i class="fa fa-paypal"></i>') ) else: return ( "<button formaction='{}' class='btn btn-danger'>{}</button>" ).format( reverse('plugins:paypal:oauth.disconnect', kwargs={ 'organizer': self.event.organizer.slug, 'event': self.event.slug, }), _('Disconnect from PayPal') ) else: return "<div class='alert alert-info'>%s<br /><code>%s</code></div>" % ( _('Please configure a PayPal Webhook to the following endpoint in order to automatically cancel orders ' 'when payments are refunded externally.'), build_global_uri('plugins:paypal:webhook') ) def init_api(self): if self.settings.connect_client_id: paypalrestsdk.set_config( mode="sandbox" if "sandbox" in self.settings.connect_endpoint else 'live', client_id=self.settings.connect_client_id, client_secret=self.settings.connect_secret_key, openid_client_id=self.settings.connect_client_id, openid_client_secret=self.settings.connect_secret_key, openid_redirect_uri=urlquote(build_global_uri('plugins:paypal:oauth.return'))) else: paypalrestsdk.set_config( mode="sandbox" if "sandbox" in self.settings.get('endpoint') else 'live', client_id=self.settings.get('client_id'), client_secret=self.settings.get('secret')) def payment_is_valid_session(self, request): return (request.session.get('payment_paypal_id', '') != '' and request.session.get('payment_paypal_payer', '') != '') def payment_form_render(self, request) -> str: template = get_template('pretixplugins/paypal/checkout_payment_form.html') ctx = {'request': request, 'event': self.event, 'settings': self.settings} return template.render(ctx) def checkout_prepare(self, request, cart): self.init_api() kwargs = {} if request.resolver_match and 'cart_namespace' in request.resolver_match.kwargs: kwargs['cart_namespace'] = request.resolver_match.kwargs['cart_namespace'] if request.event.settings.payment_paypal_connect_user_id: userinfo = Tokeninfo.create_with_refresh_token(request.event.settings.payment_paypal_connect_refresh_token).userinfo() request.event.settings.payment_paypal_connect_user_id = userinfo.email payee = { "email": request.event.settings.payment_paypal_connect_user_id, # If PayPal ever offers a good way to get the MerchantID via the Identifity API, # we should use it instead of the merchant's eMail-address # "merchant_id": request.event.settings.payment_paypal_connect_user_id, } else: payee = {} payment = paypalrestsdk.Payment({ 'intent': 'sale', 'payer': { "payment_method": "paypal", }, "redirect_urls": { "return_url": build_absolute_uri(request.event, 'plugins:paypal:return', kwargs=kwargs), "cancel_url": build_absolute_uri(request.event, 'plugins:paypal:abort', kwargs=kwargs), }, "transactions": [ { "item_list": { "items": [ { "name": __('Order for %s') % str(request.event), "quantity": 1, "price": self.format_price(cart['total']), "currency": request.event.currency } ] }, "amount": { "currency": request.event.currency, "total": self.format_price(cart['total']) }, "description": __('Event tickets for {event}').format(event=request.event.name), "payee": payee } ] }) request.session['payment_paypal_order'] = None return self._create_payment(request, payment) def format_price(self, value): return str(round_decimal(value, self.event.currency, { # PayPal behaves differently than Stripe in deciding what currencies have decimal places # Source https://developer.paypal.com/docs/classic/api/currency_codes/ 'HUF': 0, 'JPY': 0, 'MYR': 0, 'TWD': 0, # However, CLPs are not listed there while PayPal requires us not to send decimal places there. WTF. 'CLP': 0, # Let's just guess that the ones listed here are 0-based as well # https://developers.braintreepayments.com/reference/general/currencies 'BIF': 0, 'DJF': 0, 'GNF': 0, 'KMF': 0, 'KRW': 0, 'LAK': 0, 'PYG': 0, 'RWF': 0, 'UGX': 0, 'VND': 0, 'VUV': 0, 'XAF': 0, 'XOF': 0, 'XPF': 0, })) @property def abort_pending_allowed(self): return False def _create_payment(self, request, payment): try: if payment.create(): if payment.state not in ('created', 'approved', 'pending'): messages.error(request, _('We had trouble communicating with PayPal')) logger.error('Invalid payment state: ' + str(payment)) return request.session['payment_paypal_id'] = payment.id for link in payment.links: if link.method == "REDIRECT" and link.rel == "approval_url": if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return ( build_absolute_uri(request.event, 'plugins:paypal:redirect') + '?url=' + urllib.parse.quote(signer.sign(link.href)) ) else: return str(link.href) else: messages.error(request, _('We had trouble communicating with PayPal')) logger.error('Error on creating payment: ' + str(payment.error)) except Exception as e: messages.error(request, _('We had trouble communicating with PayPal')) logger.exception('Error on creating payment: ' + str(e)) def checkout_confirm_render(self, request) -> str: """ Returns the HTML that should be displayed when the user selected this provider on the 'confirm order' page. """ template = get_template('pretixplugins/paypal/checkout_payment_confirm.html') ctx = {'request': request, 'event': self.event, 'settings': self.settings} return template.render(ctx) def execute_payment(self, request: HttpRequest, payment: OrderPayment): if (request.session.get('payment_paypal_id', '') == '' or request.session.get('payment_paypal_payer', '') == ''): raise PaymentException(_('We were unable to process your payment. See below for details on how to ' 'proceed.')) self.init_api() pp_payment = paypalrestsdk.Payment.find(request.session.get('payment_paypal_id')) ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=pp_payment.id) if str(pp_payment.transactions[0].amount.total) != str(payment.amount) or pp_payment.transactions[0].amount.currency \ != self.event.currency: logger.error('Value mismatch: Payment %s vs paypal trans %s' % (payment.id, str(pp_payment))) raise PaymentException(_('We were unable to process your payment. See below for details on how to ' 'proceed.')) return self._execute_payment(pp_payment, request, payment) def _execute_payment(self, payment, request, payment_obj): if payment.state == 'created': payment.replace([ { "op": "replace", "path": "/transactions/0/item_list", "value": { "items": [ { "name": __('Order {slug}-{code}').format(slug=self.event.slug.upper(), code=payment_obj.order.code), "quantity": 1, "price": self.format_price(payment_obj.amount), "currency": payment_obj.order.event.currency } ] } }, { "op": "replace", "path": "/transactions/0/description", "value": __('Order {order} for {event}').format( event=request.event.name, order=payment_obj.order.code ) } ]) try: payment.execute({"payer_id": request.session.get('payment_paypal_payer')}) except Exception as e: messages.error(request, _('We had trouble communicating with PayPal')) logger.exception('Error on creating payment: ' + str(e)) for trans in payment.transactions: for rr in trans.related_resources: if hasattr(rr, 'sale') and rr.sale: if rr.sale.state == 'pending': messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as ' 'soon as the payment completed.')) payment_obj.info = json.dumps(payment.to_dict()) payment_obj.state = OrderPayment.PAYMENT_STATE_PENDING payment_obj.save() return payment_obj.refresh_from_db() if payment.state == 'pending': messages.warning(request, _('PayPal has not yet approved the payment. We will inform you as soon as the ' 'payment completed.')) payment_obj.info = json.dumps(payment.to_dict()) payment_obj.state = OrderPayment.PAYMENT_STATE_PENDING payment_obj.save() return if payment.state != 'approved': payment_obj.state = OrderPayment.PAYMENT_STATE_FAILED payment_obj.save() payment_obj.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, }) logger.error('Invalid state: %s' % str(payment)) raise PaymentException(_('We were unable to process your payment. See below for details on how to ' 'proceed.')) if payment_obj.state == OrderPayment.PAYMENT_STATE_CONFIRMED: logger.warning('PayPal success event even though order is already marked as paid') return try: payment_obj.info = json.dumps(payment.to_dict()) payment_obj.save(update_fields=['info']) payment_obj.confirm() except Quota.QuotaExceededException as e: raise PaymentException(str(e)) except SendMailException: messages.warning(request, _('There was an error sending the confirmation mail.')) return None def payment_pending_render(self, request, payment) -> str: retry = True try: if payment.info and payment.info_data['state'] == 'pending': retry = False except KeyError: pass template = get_template('pretixplugins/paypal/pending.html') ctx = {'request': request, 'event': self.event, 'settings': self.settings, 'retry': retry, 'order': payment.order} return template.render(ctx) def payment_control_render(self, request: HttpRequest, payment: OrderPayment): template = get_template('pretixplugins/paypal/control.html') ctx = {'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment.info_data, 'order': payment.order} return template.render(ctx) def payment_partial_refund_supported(self, payment: OrderPayment): return True def payment_refund_supported(self, payment: OrderPayment): return True def execute_refund(self, refund: OrderRefund): self.init_api() sale = None for res in refund.payment.info_data['transactions'][0]['related_resources']: for k, v in res.items(): if k == 'sale': sale = paypalrestsdk.Sale.find(v['id']) break pp_refund = sale.refund({ "amount": { "total": self.format_price(refund.amount), "currency": refund.order.event.currency } }) if not pp_refund.success(): raise PaymentException(_('Refunding the amount via PayPal failed: {}').format(pp_refund.error)) else: sale = paypalrestsdk.Payment.find(refund.payment.info_data['id']) refund.payment.info = json.dumps(sale.to_dict()) refund.info = json.dumps(pp_refund.to_dict()) refund.done() def payment_prepare(self, request, payment_obj): self.init_api() if request.event.settings.payment_paypal_connect_user_id: userinfo = Tokeninfo.create_with_refresh_token(request.event.settings.payment_paypal_connect_refresh_token).userinfo() request.event.settings.payment_paypal_connect_user_id = userinfo.email payee = { "email": request.event.settings.payment_paypal_connect_user_id, # If PayPal ever offers a good way to get the MerchantID via the Identifity API, # we should use it instead of the merchant's eMail-address # "merchant_id": request.event.settings.payment_paypal_connect_user_id, } else: payee = {} payment = paypalrestsdk.Payment({ 'intent': 'sale', 'payer': { "payment_method": "paypal", }, "redirect_urls": { "return_url": build_absolute_uri(request.event, 'plugins:paypal:return'), "cancel_url": build_absolute_uri(request.event, 'plugins:paypal:abort'), }, "transactions": [ { "item_list": { "items": [ { "name": __('Order {slug}-{code}').format(slug=self.event.slug.upper(), code=payment_obj.order.code), "quantity": 1, "price": self.format_price(payment_obj.amount), "currency": payment_obj.order.event.currency } ] }, "amount": { "currency": request.event.currency, "total": self.format_price(payment_obj.amount) }, "description": __('Order {order} for {event}').format( event=request.event.name, order=payment_obj.order.code ), "payee": payee } ] }) request.session['payment_paypal_order'] = payment_obj.order.pk request.session['payment_paypal_payment'] = payment_obj.pk return self._create_payment(request, payment) def shred_payment_info(self, obj): if obj.info: d = json.loads(obj.info) new = { 'id': d.get('id'), 'payer': { 'payer_info': { 'email': '█' } }, 'update_time': d.get('update_time'), 'transactions': [ { 'amount': t.get('amount') } for t in d.get('transactions', []) ], '_shredded': True } obj.info = json.dumps(new) obj.save(update_fields=['info']) for le in obj.order.all_logentries().filter(action_type="pretix.plugins.paypal.event").exclude(data=""): d = le.parsed_data if 'resource' in d: d['resource'] = { 'id': d['resource'].get('id'), 'sale_id': d['resource'].get('sale_id'), 'parent_payment': d['resource'].get('parent_payment'), } le.data = json.dumps(d) le.shredded = True le.save(update_fields=['data', 'shredded'])
def settings(self): return SettingsSandbox('payment', 'banktransfer', self.request.event)
def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'paypal', event)
class BasePaymentProvider: """ This is the base class for all payment providers. """ def __init__(self, event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns, whether or whether not this payment provider is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) def calculate_fee(self, price: Decimal) -> Decimal: """ Calculate the fee for this payment provider which will be added to final price before fees (but after taxes). It should include any taxes. The default implementation makes use of the setting ``_fee_abs`` for an absolute fee and ``_fee_percent`` for a percentage. :param price: The total value without the payment method fee, after taxes. """ fee_abs = self.settings.get('_fee_abs', as_type=Decimal, default=0) fee_percent = self.settings.get('_fee_percent', as_type=Decimal, default=0) return Decimal(price * fee_percent / 100 + fee_abs) @property def verbose_name(self) -> str: """ A human-readable name for this payment provider. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card via Stripe'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this payment provider. This should only contain lowercase letters and in most cases will be the same as your packagename. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled``, ``_fee_abs`` and ``_fee_percent`` settings mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('bank_details', forms.CharField( widget=forms.Textarea, label=_('Bank account details'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable payment method'), required=False, )), ('_fee_abs', forms.DecimalField( label=_('Additional fee'), help_text=_('Absolute value'), required=False )), ('_fee_percent', forms.DecimalField( label=_('Additional fee'), help_text=_('Percentage'), required=False )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def payment_form_fields(self) -> dict: """ This is used by the default implementation of :py:meth:`checkout_form`. It should return an object similar to :py:attr:`settings_form_fields`. The default implementation returns an empty dictionary. """ return {} def payment_form(self, request: HttpRequest) -> Form: """ This is called by the default implementation of :py:meth:`checkout_form_render` to obtain the form that is displayed to the user during the checkout process. The default implementation constructs the form using :py:attr:`checkout_form_fields` and sets appropriate prefixes for the form and all fields and fills the form with data form the user's session. """ form = Form( data=(request.POST if request.method == 'POST' else None), prefix='payment_%s' % self.identifier, initial={ k.replace('payment_%s_' % self.identifier, ''): v for k, v in request.session.items() if k.startswith('payment_%s_' % self.identifier) } ) form.fields = self.payment_form_fields return form def is_allowed(self, request: HttpRequest) -> bool: """ You can use this method to disable this payment provider for certain groups of users, products or other criteria. If this method returns ``False``, the user will not be able to select this payment method. The default implementation always returns ``True``. """ return True def payment_form_render(self, request: HttpRequest) -> str: """ When the user selects this provider as his prefered payment method, he will be shown the HTML you return from this method. The default implementation will call :py:meth:`checkout_form` and render the returned form. If your payment method doesn't require the user to fill out form fields, you should just return a paragraph of explainatory text. """ form = self.payment_form(request) template = get_template('pretixpresale/event/checkout_payment_form_default.html') ctx = {'request': request, 'form': form} return template.render(ctx) def checkout_confirm_render(self, request) -> str: """ If the user successfully filled in his payment data, he will be redirected to a confirmation page which lists all details of his order for a final review. This method should return the HTML which should be displayed inside the 'Payment' box on this page. In most cases, this should include a short summary of the user's input and a short explaination on how the payment process will continue. """ raise NotImplementedError() # NOQA def checkout_prepare(self, request: HttpRequest, cart: dict) -> "bool|str": """ Will be called after the user selected this provider as his payment method. If you provided a form to the user to enter payment data, this method should at least store the user's input into his session. This method should return ``False``, if the user's input was invalid, ``True`` if the input was valid and the frontend should continue with default behaviour or a string containing an URL, if the user should be redirected somewhere else. On errors, you should use Django's message framework to display an error message to the user (or the normal form validation error messages). The default implementation stores the input into the form returned by :py:meth:`payment_form` in the user's session. If your payment method requires you to redirect the user to an external provider, this might be the place to do so. .. IMPORTANT:: If this is called, the user has not yet confirmed his or her order. You may NOT do anything which actually moves money. :param cart: This dictionary contains at least the following keys: positions: A list of ``CartPosition`` objects that are annotated with the special attributes ``count`` and ``total`` because multiple objects of the same content are grouped into one. raw: The raw list of ``CartPosition`` objects in the users cart total: The overall total *including* the fee for the payment method. payment_fee: The fee for the payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_is_valid_session(self, request: HttpRequest) -> bool: """ This is called at the time the user tries to place the order. It should return ``True``, if the user's session is valid and all data your payment provider requires in future steps is present. """ raise NotImplementedError() # NOQA def payment_perform(self, request: HttpRequest, order: Order) -> str: """ After the user confirmed his purchase, this method will be called to complete the payment process. This is the place to actually move the money, if applicable. If you need any speical behaviour, you can return a string containing an URL the user will be redirected to. If you are done with your process you should return the user to the order's detail page. If the payment is completed, you should call ``pretix.base.services.orders.mark_order_paid(order, provider, info)`` with ``provider`` being your :py:attr:`identifier` and ``info`` being any string you might want to store for later usage. Please note, that if you want to store something inside ``order.payment_info``, please do it after the ``mark_order_paid`` call, as this call does a object clone for you. Please also note that ``mark_order_paid`` might raise a ``Quota.QuotaExceededException`` if (and only if) the payment term of this order is over and some of the items are sold out. You should use the exception message to display a meaningful error to the user. The default implementation just returns ``None`` and therefore leaves the order unpaid. The user will be redirected to the order's detail page by default. On errors, you should use Django's message framework to display an error message to the user. :param order: The order object """ return None def order_pending_mail_render(self, order: Order) -> str: """ After the user submitted his order, he or she will receive a confirmation e-mail. You can return a string from this method if you want to add additional information to this e-mail. :param order: The order object """ return "" def order_pending_render(self, request: HttpRequest, order: Order) -> str: """ If the user visits a detail page of an order which has not yet been paid but this payment method was selected during checkout, this method will be called to provide HTML content for the 'payment' box on the page. It should contain instructions on how to continue with the payment process, either in form of text or buttons/links/etc. :param order: The order object """ raise NotImplementedError() # NOQA def order_can_retry(self, order: Order) -> bool: """ Will be called if the user views the detail page of an unpaid order to determine whether the user should be presented with an option to retry the payment. The default implementation always returns False. :param order: The order object """ return False def retry_prepare(self, request: HttpRequest, order: Order) -> "bool|str": """ Will be called if the user retries to pay an unpaid order (after the user filled in e.g. the form returned by :py:meth:`payment_form`). It should return and report errors the same way as :py:meth:`checkout_prepare`, but receives an ``Order`` object instead of a cart object. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def order_paid_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the user views the detail page of an paid order which is associated with this payment provider. It should return HTML code which should be displayed to the user or None, if there is nothing to say (like the default implementation does). :param order: The order object """ return None def order_control_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the *event administrator* views the detail page of an order which is associated with this payment provider. It should return HTML code containing information regarding the current payment status and, if applicable, next steps. The default implementation returns the verbose name of the payment provider. :param order: The order object """ return _('Payment provider: %s' % self.verbose_name) def order_control_refund_render(self, order: Order) -> str: """ Will be called if the event administrator clicks an order's 'refund' button. This can be used to display information *before* the order is being refunded. It should return HTML code which should be displayed to the user. It should contain information about to which extend the money will be refunded automatically. :param order: The order object """ return '<div class="alert alert-warning">%s</div>' % _('The money can not be automatically refunded, ' 'please transfer the money back manually.') def order_control_refund_perform(self, request: HttpRequest, order: Order) -> "bool|str": """ Will be called if the event administrator confirms the refund. This should transfer the money back (if possible). You can return an URL the user should be redirected to if you need special behaviour or None to continue with default behaviour. On failure, you should use Django's message framework to display an error message to the user. The default implementation sets the Orders state to refunded and shows a success message. :param request: The HTTP request :param order: The order object """ order.mark_refunded() messages.success(request, _('The order has been marked as refunded. Please transfer the money ' 'back to the buyer manually.'))
class Mercadopago(BasePaymentProvider): identifier = 'pretix_mercadopago' verbose_name = _('MercadoPago') def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'mercadopago', event) @property def test_mode_message(self): if self.settings.connect_client_id and not self.settings.secret: # in OAuth mode, sandbox mode needs to be set global is_sandbox = self.settings.connect_endpoint == 'sandbox' else: is_sandbox = self.settings.get('endpoint') == 'sandbox' if is_sandbox: return _( 'The MercadoPago sandbox is being used, you can test without ' 'actually sending money but you will need a ' 'MercadoPago sandbox user to log in.') return None #################################################################### # No Refunds # #################################################################### def payment_partial_refund_supported(self, payment: OrderPayment): return False def payment_refund_supported(self, payment: OrderPayment): return False def execute_refund(self, refund: OrderRefund): raise PaymentException(_('Refunding is not supported.')) #################################################################### # Plugin Settings # #################################################################### @property def settings_form_fields(self): fields = [ ('client_id', forms.CharField( label=_('Client ID'), max_length=71, min_length=10, help_text=_('{token}<a target="_blank" rel="noopener" ' 'href="{docs_url}">{text}</a>'). format( token=_('puede usar un token el lugar del client_id o '), text= _('Click here for a tutorial on how to obtain the required keys' ), docs_url= 'https://www.mercadopago.com.ar/developers/es/guides/faqs/credentials' ))), ('secret', forms.CharField(label=_('Secret'), max_length=71, min_length=10, required=False)), ('endpoint', forms.ChoiceField( label=_('Endpoint'), initial='live', required=True, choices=( ('live', 'Live'), ('sandbox', 'Sandbox'), ), )), ('currency', forms.ChoiceField( label=_('Currency'), initial='ARS', required=True, choices=( ('ARS', 'ARS'), ('BRL', 'BRL'), ('CLP', 'CLP'), ('MXN', 'MXN'), ('COP', 'COP'), ('PEN', 'PEN'), ('UYU', 'UYU'), ), )), ('exchange_rate', forms.DecimalField( label=_('Exchange Rate'), required=True, min_value=0, decimal_places=2, help_text= _('Exchange rate to apply to the event currency. Use "1" to not apply any exchange rate.' ))), ] d = OrderedDict(fields + list(super().settings_form_fields.items())) return d def settings_content_render(self, request): settings_content = "" if not self.settings.get('client_id'): settings_content = ( "<p>{}</p>" "<a href='{}' class='btn btn-primary btn-lg'>{}</a>" ).format( _('To accept payments via MercadoPagp, you will need an account at MercadoPago. ' 'By clicking on the following button, you can either create a new MercadoPago ' 'account connect pretix to an existing one.'), self.get_connect_url(request), _('Connect with {icon} MercadoPago').format( icon='<i class="fa fa-mercadopago"></i>')) else: settings_content = "<div class='alert alert-info'>%s<br /><code>%s</code></div>" % ( _('Please configure a MercadoPago Webhook to the following endpoint in order ' 'to automatically cancel orders when payments are refunded externally.' ), build_absolute_uri(request.event, 'plugins:pretix_mercadopago:webhook')) if self.event.currency is not self.settings.get('currency'): settings_content += ( '<br><br><div class="alert alert-warning">%s ' '<a href="ihttps://www.mercadopago.com.ar/developers/es/reference/merchant_orders/resource/">%s</a>' '</div>' ) % (_( "MercadoPago does not process payments in your event's currency." ), _("Please make sure you are using the proper exchange rate.")) return settings_content def init_api(self) -> mercadopago.MP: if self.settings.get('client_id') and not self.settings.get('secret'): mp = mercadopago.MP(self.settings.get('client_id')) else: mp = mercadopago.MP(self.settings.get('client_id'), self.settings.get('secret')) return mp #################################################################### # MercadoPago Interaction # #################################################################### def payment_form_render(self, request) -> str: # When the user selects this provider # as their preferred payment method, # they will be shown the HTML you return from this method. return "You will be redirected to MercadoPago now." def payment_is_valid_session(self, request): # This is called at the time the user tries to place the order. # It should return True if the user’s session is valid and all data # your payment provider requires in future steps is present. return True def execute_payment(self, request: HttpRequest, payment_obj: OrderPayment): try: # After the user has confirmed their purchase, # this method will be called to complete the payment process. mp = self.init_api() order = payment_obj.order meta_info = json.loads(order.meta_info) form_data = meta_info.get('contact_form_data', {}) address = {} company = '' name = '' if hasattr(Order, 'invoice_address'): address = { "zip_code": order.invoice_address.zipcode, "street_name": order.invoice_address.street } company = order.invoice_address.company name = str(order.invoice_address.name_parts) identification_type = form_data.get('invoicing_type_tax_id', '') if identification_type == 'PASS': identification_number = form_data.get('invoicing_tax_id_pass', '') elif identification_type == 'VAT': identification_number = form_data.get('invoicing_tax_id_vat', '') else: identification_number = form_data.get('invoicing_tax_id_dni', '') price = float(payment_obj.amount) if self.settings.get('currency') is not order.event.currency: price = price * float(self.settings.get('exchange_rate')) price = round(price, 2) order_url = build_absolute_uri(request.event, 'presale:event.order', kwargs={ 'order': order.code, 'secret': order.secret }) preference = { "items": [{ "title": __('Order {slug}-{code}').format(slug=self.event.slug, code=order.code), "quantity": 1, "unit_price": price, "currency_id": self.settings.get('currency') }], "auto_return": 'all', "back_urls": { "failure": order_url, "pending": build_absolute_uri(request.event, 'plugins:pretix_mercadopago:return'), "success": build_absolute_uri(request.event, 'plugins:pretix_mercadopago:return') }, "notification_url": build_absolute_uri(request.event, 'plugins:pretix_mercadopago:return'), "statement_descriptor": __('Order {slug}-{code}').format(slug=self.event.slug, code=order.code), "external_reference": str(payment_obj.id), # "additional_info": json.dumps(order.invoice_address)[:600], "payer": { "name": name, "surname": company, "email": form_data.get('email', ''), "identification": { "type": identification_type, "number": identification_number }, "address": address }, "payment_methods": { "installments": 1 } } # Get the payment reported by the IPN. # Glossary of attributes response in https://developers.mercadopago.com # paymentInfo = mp.get_payment(kwargs["id"]) preferenceResult = mp.create_preference(preference) payment_obj.info = json.dumps(preferenceResult, indent=4) payment_obj.save() request.session['payment_mercadopago_preferece_id'] = str( preferenceResult['response']['id']) request.session['payment_mercadopago_collector_id'] = str( preferenceResult['response']['collector_id']) request.session['payment_mercadopago_order'] = order.pk request.session['payment_mercadopago_payment'] = payment_obj.pk try: if preferenceResult: if preferenceResult["status"] not in ( 200, 201 ): # ate not in ('created', 'approved', 'pending'): messages.error( request, _('We had trouble communicating with MercadoPago' + str(preferenceResult["response"]["message"]))) logger.error('Invalid payment state: ' + str(preferenceResult["response"])) return request.session['payment_mercadopago_id'] = str( preferenceResult["response"]["id"]) if (self.test_mode_message == None): link = preferenceResult["response"]["init_point"] else: link = preferenceResult["response"][ "sandbox_init_point"] return link else: messages.error( request, _('We had trouble communicating with MercadoPago' + str(preferenceResult["response"]))) logger.error('Error on creating payment: ' + str(preferenceResult["response"])) except Exception as e: messages.error( request, _('We had trouble communicating with ' + 'MercadoPago ' + str(e) + str(preferenceResult["response"]))) logger.exception('Error on creating payment: ' + str(e)) except Exception as e: messages.error( request, _('We had trouble preparing the order for ' + 'MercadoPago ' + str(e))) logger.exception('Error on creating payment: ' + str(e)) def checkout_confirm_render(self, request) -> str: # Returns the HTML that should be displayed when the user selected this provider # on the 'confirm order' page. try: # TODO weird error that doesn't include templates on our path folder template = get_template( '../../pretix_mercadopago/templates/pretix_mercadopago/checkout_payment_confirm.html' ) except Exception as e: template = get_template( 'pretixplugins/paypal/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def render_invoice_text(self, order: Order, payment: OrderPayment) -> str: if order.status == Order.STATUS_PAID: if payment.info_data.get('id', None): try: return '{}\r\n{}: {}'.format( _('The payment for this invoice has already been received.' ), _('Payment ID'), payment.info_data['response']['id'], ) except (KeyError, IndexError): return '{}\r\n{}: {}'.format( _('The payment for this invoice has already been received.' ), _('Payment ID'), payment.info_data['response']['id']) else: return super().render_invoice_text(order, payment) return self.settings.get('_invoice_text', as_type=LazyI18nString, default='') def matching_id(self, payment: OrderPayment): # Will be called to get an ID for a matching this payment when comparing # pretix records with records of an external source. # This should return the main transaction ID for your API. return payment.info_data.get('external_reference', None) def api_payment_details(self, payment: OrderPayment): # Will be called to populate the details parameter # of the payment in the REST API. res = {"payment_info": payment.info} try: res = json.loads(payment.info) except Exception as e: logger.exception('Could not parse json payment.info') return res #################################################################### # Utility functions # #################################################################### def get_connect_url(self, request): request.session['payment_mercadopago_oauth_event'] = request.event.pk self.init_api() return Tokeninfo.authorize_url({'scope': 'openid profile email'})
class StripeMethod(BasePaymentProvider): identifier = '' method = '' def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'stripe', event) @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def order_prepare(self, request, order): return self.checkout_prepare(request, None) def _get_amount(self, order): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return int(order.total * 10**places) @property def api_kwargs(self): if self.settings.connect_client_id and self.settings.connect_user_id: if self.settings.get('endpoint', 'live') == 'live': kwargs = { 'api_key': self.settings.connect_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.connect_test_secret_key, 'stripe_account': self.settings.connect_user_id } else: kwargs = { 'api_key': self.settings.secret_key, } return kwargs def _init_api(self): stripe.api_version = '2018-02-28' stripe.set_app_info("pretix", version=__version__, url="https://pretix.eu") def checkout_confirm_render(self, request) -> str: template = get_template( 'pretixplugins/stripe/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self } return template.render(ctx) def order_can_retry(self, order): return self._is_still_available(order=order) def _charge_source(self, request, source, order): try: charge = stripe.Charge.create( amount=self._get_amount(order), currency=self.event.currency.lower(), source=source, metadata={ 'order': str(order.id), 'event': self.event.id, 'code': order.code }, # TODO: Is this sufficient? idempotency_key=str(self.event.id) + order.code + source, **self.api_kwargs) except stripe.error.CardError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) logger.info('Stripe card error: %s' % str(err)) order.payment_info = json.dumps({ 'error': True, 'message': err['message'], }) order.save(update_fields=['payment_info']) raise PaymentException( _('Stripe reported an error with your card: %s') % err['message']) except stripe.error.StripeError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) order.payment_info = json.dumps({ 'error': True, 'message': err['message'], }) order.save(update_fields=['payment_info']) raise PaymentException( _('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) else: ReferencedStripeObject.objects.get_or_create(order=order, reference=charge.id) if charge.status == 'succeeded' and charge.paid: try: mark_order_paid(order, self.identifier, str(charge)) except Quota.QuotaExceededException as e: RequiredAction.objects.create( event=self.event, action_type='pretix.plugins.stripe.overpaid', data=json.dumps({ 'order': order.code, 'charge': charge.id })) raise PaymentException(str(e)) except SendMailException: raise PaymentException( _('There was an error sending the confirmation mail.')) elif charge.status == 'pending': if request: messages.warning( request, _('Your payment is pending completion. We will inform you as soon as the ' 'payment completed.')) order.payment_info = str(charge) order.save(update_fields=['payment_info']) return else: logger.info('Charge failed: %s' % str(charge)) order.payment_info = str(charge) order.save(update_fields=['payment_info']) raise PaymentException( _('Stripe reported an error: %s') % charge.failure_message) def order_pending_render(self, request, order) -> str: if order.payment_info: payment_info = json.loads(order.payment_info) else: payment_info = None template = get_template('pretixplugins/stripe/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': order, 'payment_info': payment_info, } return template.render(ctx) def order_control_render(self, request, order) -> str: if order.payment_info: payment_info = json.loads(order.payment_info) if 'amount' in payment_info: payment_info['amount'] /= 10**settings.CURRENCY_PLACES.get( self.event.currency, 2) else: payment_info = None template = get_template('pretixplugins/stripe/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'order': order, 'method': self.method, 'provider': self, } return template.render(ctx) def _refund_form(self, request): return RefundForm( data=request.POST if request.method == "POST" else None) def order_control_refund_render(self, order, request) -> str: template = get_template('pretixplugins/stripe/control_refund.html') ctx = { 'request': request, 'form': self._refund_form(request), } return template.render(ctx) def order_control_refund_perform(self, request, order) -> "bool|str": self._init_api() f = self._refund_form(request) if not f.is_valid(): messages.error(request, _('Your input was invalid, please try again.')) return elif f.cleaned_data.get('auto_refund') == 'manual': order = mark_order_refunded(order, user=request.user) order.payment_manual = True order.save() return if order.payment_info: payment_info = json.loads(order.payment_info) else: payment_info = None if not payment_info: mark_order_refunded(order, user=request.user) messages.warning( request, _('We were unable to transfer the money back automatically. ' 'Please get in touch with the customer and transfer it back manually.' )) return try: ch = stripe.Charge.retrieve(payment_info['id'], **self.api_kwargs) ch.refunds.create() ch.refresh() except (stripe.error.InvalidRequestError, stripe.error.AuthenticationError, stripe.error.APIConnectionError) \ as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) messages.error( request, _('We had trouble communicating with Stripe. Please try again and contact ' 'support if the problem persists.')) logger.error('Stripe error: %s' % str(err)) except stripe.error.StripeError: mark_order_refunded(order, user=request.user) messages.warning( request, _('We were unable to transfer the money back automatically. ' 'Please get in touch with the customer and transfer it back manually.' )) else: order = mark_order_refunded(order, user=request.user) order.payment_info = str(ch) order.save() def payment_perform(self, request, order) -> str: self._init_api() try: source = self._create_source(request, order) except stripe.error.StripeError as e: if e.json_body: err = e.json_body['error'] logger.exception('Stripe error: %s' % str(err)) else: err = {'message': str(e)} logger.exception('Stripe error: %s' % str(e)) order.payment_info = json.dumps({ 'error': True, 'message': err['message'], }) order.save(update_fields=['payment_info']) raise PaymentException( _('We had trouble communicating with Stripe. Please try again and get in touch ' 'with us if this problem persists.')) ReferencedStripeObject.objects.get_or_create(order=order, reference=source.id) order.payment_info = str(source) order.save(update_fields=['payment_info']) request.session['payment_stripe_order_secret'] = order.secret return self.redirect(request, source.redirect.url) def redirect(self, request, url): if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return ( build_absolute_uri(request.event, 'plugins:stripe:redirect') + '?url=' + urllib.parse.quote(signer.sign(url))) else: return str(url)
def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'mercadopago', event)
class MollieSettingsHolder(BasePaymentProvider): identifier = 'mollie' verbose_name = _('Mollie') is_enabled = False is_meta = True def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'mollie', event) def get_connect_url(self, request): request.session['payment_mollie_oauth_event'] = request.event.pk if 'payment_mollie_oauth_token' not in request.session: request.session['payment_mollie_oauth_token'] = get_random_string( 32) return ( "https://www.mollie.com/oauth2/authorize?client_id={}&redirect_uri={}" "&state={}&scope=payments.read+payments.write+refunds.read+refunds.write+profiles.read+organizations.read" "&response_type=code&approval_prompt=auto").format( self.settings.connect_client_id, urlquote( build_global_uri('plugins:pretix_mollie:oauth.return')), request.session['payment_mollie_oauth_token'], ) def settings_content_render(self, request): if self.settings.connect_client_id and not self.settings.api_key: # Use Mollie Connect if not self.settings.access_token: return ( "<p>{}</p>" "<a href='{}' class='btn btn-primary btn-lg'>{}</a>" ).format( _('To accept payments via Mollie, you will need an account at Mollie. By clicking on the ' 'following button, you can either create a new Mollie account connect pretix to an existing ' 'one.'), self.get_connect_url(request), _('Connect with Mollie')) else: return ( "<button formaction='{}' class='btn btn-danger'>{}</button>" ).format( reverse('plugins:pretix_mollie:oauth.disconnect', kwargs={ 'organizer': self.event.organizer.slug, 'event': self.event.slug, }), _('Disconnect from Mollie')) @property def test_mode_message(self): if self.settings.connect_client_id and not self.settings.api_key: is_testmode = True else: is_testmode = 'test_' in self.settings.secret_key if is_testmode: return _( 'The Mollie plugin is operating in test mode. No money will actually be transferred.' ) return None @property def settings_form_fields(self): if self.settings.connect_client_id and not self.settings.api_key: # Mollie Connect if self.settings.access_token: fields = [ ('connect_org_name', forms.CharField(label=_('Mollie account'), disabled=True)), ('connect_profile', forms.ChoiceField(label=_('Website profile'), choices=self.settings.get( 'connect_profiles', as_type=list) or [])), ('endpoint', forms.ChoiceField( label=_('Endpoint'), initial='live', choices=( ('live', pgettext('mollie', 'Live')), ('test', pgettext('mollie', 'Testing')), ), )), ] else: return {} else: fields = [ ('api_key', forms.CharField( label=_('Secret key'), validators=(MollieKeyValidator(['live_', 'test_']), ), )), ] d = OrderedDict(fields + [ ('method_creditcard', forms.BooleanField( label=_('Credit card'), required=False, )), ('method_bancontact', forms.BooleanField( label=_('Bancontact'), required=False, )), ('method_banktransfer', forms.BooleanField( label=_('Bank transfer'), required=False, )), ('method_belfius', forms.BooleanField( label=_('Belfius Pay Button'), required=False, )), ('method_bitcoin', forms.BooleanField( label=_('Bitcoin'), required=False, )), ('method_eps', forms.BooleanField( label=_('EPS'), required=False, )), ('method_giropay', forms.BooleanField( label=_('giropay'), required=False, )), ('method_ideal', forms.BooleanField( label=_('iDEAL'), required=False, )), ('method_inghomepay', forms.BooleanField( label=_('ING Home’Pay'), required=False, )), ('method_kbc', forms.BooleanField( label=_('KBC/CBC Payment Button'), required=False, )), ('method_paysafecard', forms.BooleanField( label=_('paysafecard'), required=False, )), ('method_sofort', forms.BooleanField( label=_('Sofort'), required=False, )), ] + list(super().settings_form_fields.items())) d.move_to_end('_enabled', last=False) return d
class BaseTicketOutput: """ This is the base class for all ticket outputs. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('ticketoutput', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns whether or whether not this output is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) def generate(self, position: OrderPosition) -> Tuple[str, str, str]: """ This method should generate the download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. """ raise NotImplementedError() def generate_order(self, order: Order) -> Tuple[str, str, str]: """ This method is the same as order() but should not generate one file per order position but instead one file for the full order. This method is optional to implement. If you don't implement it, the default implementation will offer a zip file of the generate() results for the order positions. This method should generate a download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. If you override this method, make sure that positions that are addons (i.e. ``addon_to`` is set) are only outputted if the event setting ``ticket_download_addons`` is active. """ with tempfile.TemporaryDirectory() as d: with ZipFile(os.path.join(d, 'tmp.zip'), 'w') as zipf: for pos in order.positions.all(): if pos.addon_to_id and not self.event.settings.ticket_download_addons: continue fname, __, content = self.generate(pos) zipf.writestr( '{}-{}{}'.format(order.code, pos.positionid, os.path.splitext(fname)[1]), content) with open(os.path.join(d, 'tmp.zip'), 'rb') as zipf: return '{}-{}.zip'.format( order.code, self.identifier), 'application/zip', zipf.read() @property def verbose_name(self) -> str: """ A human-readable name for this ticket output. This should be short but self-explanatory. Good examples include 'PDF tickets' and 'Passbook'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this ticket output. This should only contain lowercase letters and in most cases will be the same as your package name. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled`` setting mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('paper_size', forms.CharField( label=_('Paper size'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable output'), required=False, )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def download_button_text(self) -> str: """ The text on the download button in the frontend. """ return _('Download ticket')
class BasePaymentProvider: """ This is the base class for all payment providers. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) # Default values if self.settings.get('_fee_reverse_calc') is None: self.settings.set('_fee_reverse_calc', True) def __str__(self): return self.identifier @property def is_implicit(self) -> bool: """ Returns whether or whether not this payment provider is an "implicit" payment provider that will *always* and unconditionally be used if is_allowed() returns True and does not require any input. This is intended to be used by the FreePaymentProvider, which skips the payment choice page. By default, this returns ``False``. Please do not set this if you don't know exactly what you are doing. """ return False @property def is_meta(self) -> bool: """ Returns whether or whether not this payment provider is a "meta" payment provider that only works as a settings holder for other payment providers and should never be used directly. This is a trick to implement payment gateways with multiple payment methods but unified payment settings. Take a look at the built-in stripe provider to see how this might be used. By default, this returns ``False``. """ return False @property def is_enabled(self) -> bool: """ Returns whether or whether not this payment provider is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) @property def test_mode_message(self) -> str: """ If this property is set to a string, this will be displayed when this payment provider is selected while the event is in test mode. You should use it to explain to your user how your plugin behaves, e.g. if it falls back to a test mode automatically as well or if actual payments will be performed. If you do not set this (or, return ``None``), pretix will show a default message warning the user that this plugin does not support test mode payments. """ return None def calculate_fee(self, price: Decimal) -> Decimal: """ Calculate the fee for this payment provider which will be added to final price before fees (but after taxes). It should include any taxes. The default implementation makes use of the setting ``_fee_abs`` for an absolute fee and ``_fee_percent`` for a percentage. :param price: The total value without the payment method fee, after taxes. """ fee_abs = self.settings.get('_fee_abs', as_type=Decimal, default=0) fee_percent = self.settings.get('_fee_percent', as_type=Decimal, default=0) fee_reverse_calc = self.settings.get('_fee_reverse_calc', as_type=bool, default=True) places = settings.CURRENCY_PLACES.get(self.event.currency, 2) if fee_reverse_calc: return ((price + fee_abs) * (1 / (1 - fee_percent / 100)) - price).quantize( Decimal('1') / 10 ** places, ROUND_HALF_UP ) else: return (price * fee_percent / 100 + fee_abs).quantize( Decimal('1') / 10 ** places, ROUND_HALF_UP ) @property def verbose_name(self) -> str: """ A human-readable name for this payment provider. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card via Stripe'. """ raise NotImplementedError() # NOQA @property def public_name(self) -> str: """ A human-readable name for this payment provider to be shown to the public. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card', but 'Credit card via Stripe' might be to explicit. By default, this is the same as ``verbose_name`` """ return self.verbose_name @property def identifier(self) -> str: """ A short and unique identifier for this payment provider. This should only contain lowercase letters and in most cases will be the same as your package name. """ raise NotImplementedError() # NOQA @property def abort_pending_allowed(self) -> bool: """ Whether or not a user can abort a payment in pending start to switch to another payment method. This returns ``False`` by default which is no guarantee that aborting a pending payment can never happen, it just hides the frontend button to avoid users accidentally committing double payments. """ return False @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled``, ``_fee_abs``, ``_fee_percent`` and ``_availability_date`` settings mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('bank_details', forms.CharField( widget=forms.Textarea, label=_('Bank account details'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ places = settings.CURRENCY_PLACES.get(self.event.currency, 2) d = OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable payment method'), required=False, )), ('_availability_date', RelativeDateField( label=_('Available until'), help_text=_('Users will not be able to choose this payment provider after the given date.'), required=False, )), ('_invoice_text', I18nFormField( label=_('Text on invoices'), help_text=_('Will be printed just below the payment figures and above the closing text on invoices. ' 'This will only be used if the invoice is generated before the order is paid. If the ' 'invoice is generated later, it will show a text stating that it has already been paid.'), required=False, widget=I18nTextarea, widget_kwargs={'attrs': {'rows': '2'}} )), ('_total_min', forms.DecimalField( label=_('Minimum order total'), help_text=_('This payment will be available only if the order total is equal to or exceeds the given ' 'value. The order total for this purpose may be computed without taking the fees imposed ' 'by this payment method into account.'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places) )), ('_total_max', forms.DecimalField( label=_('Maximum order total'), help_text=_('This payment will be available only if the order total is equal to or below the given ' 'value. The order total for this purpose may be computed without taking the fees imposed ' 'by this payment method into account.'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places) )), ('_fee_abs', forms.DecimalField( label=_('Additional fee'), help_text=_('Absolute value'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places) )), ('_fee_percent', forms.DecimalField( label=_('Additional fee'), help_text=_('Percentage of the order total. Note that this percentage will currently only ' 'be calculated on the summed price of sold tickets, not on other fees like e.g. shipping ' 'fees, if there are any.'), localize=True, required=False, )), ('_fee_reverse_calc', forms.BooleanField( label=_('Calculate the fee from the total value including the fee.'), help_text=_('We recommend to enable this if you want your users to pay the payment fees of your ' 'payment provider. <a href="{docs_url}" target="_blank" rel="noopener">Click here ' 'for detailed information on what this does.</a> Don\'t forget to set the correct fees ' 'above!').format(docs_url='https://docs.pretix.eu/en/latest/user/payments/fees.html'), required=False )), ('_restricted_countries', forms.MultipleChoiceField( label=_('Restrict to countries'), choices=Countries(), help_text=_('Only allow choosing this payment provider for invoice addresses in the selected ' 'countries. If you don\'t select any country, all countries are allowed. This is only ' 'enabled if the invoice address is required.'), widget=forms.CheckboxSelectMultiple( attrs={'class': 'scrolling-multiple-choice'} ), required=False, disabled=not self.event.settings.invoice_address_required )), ]) d['_restricted_countries']._as_type = list return d def settings_form_clean(self, cleaned_data): """ Overriding this method allows you to inject custom validation into the settings form. :param cleaned_data: Form data as per previous validations. :return: Please return the modified cleaned_data """ return cleaned_data def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ return "" def render_invoice_text(self, order: Order) -> str: """ This is called when an invoice for an order with this payment provider is generated. The default implementation returns the content of the _invoice_text configuration variable (an I18nString), or an empty string if unconfigured. """ if order.status == Order.STATUS_PAID: return pgettext_lazy('invoice', 'The payment for this invoice has already been received.') return self.settings.get('_invoice_text', as_type=LazyI18nString, default='') @property def payment_form_fields(self) -> dict: """ This is used by the default implementation of :py:meth:`payment_form`. It should return an object similar to :py:attr:`settings_form_fields`. The default implementation returns an empty dictionary. """ return {} def payment_form(self, request: HttpRequest) -> Form: """ This is called by the default implementation of :py:meth:`payment_form_render` to obtain the form that is displayed to the user during the checkout process. The default implementation constructs the form using :py:attr:`payment_form_fields` and sets appropriate prefixes for the form and all fields and fills the form with data form the user's session. If you overwrite this, we strongly suggest that you inherit from ``PaymentProviderForm`` (from this module) that handles some nasty issues about required fields for you. """ form = PaymentProviderForm( data=(request.POST if request.method == 'POST' and request.POST.get("payment") == self.identifier else None), prefix='payment_%s' % self.identifier, initial={ k.replace('payment_%s_' % self.identifier, ''): v for k, v in request.session.items() if k.startswith('payment_%s_' % self.identifier) } ) form.fields = self.payment_form_fields for k, v in form.fields.items(): v._required = v.required v.required = False v.widget.is_required = False return form def _is_still_available(self, now_dt=None, cart_id=None, order=None): now_dt = now_dt or now() tz = pytz.timezone(self.event.settings.timezone) availability_date = self.settings.get('_availability_date', as_type=RelativeDateWrapper) if availability_date: if self.event.has_subevents and cart_id: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=CartPosition.objects.filter( cart_id=cart_id, event=self.event ).values_list('subevent', flat=True) ) ]) elif self.event.has_subevents and order: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=order.positions.values_list('subevent', flat=True) ) ]) elif self.event.has_subevents: logger.error('Payment provider is not subevent-ready.') return False else: availability_date = availability_date.datetime(self.event).date() return availability_date >= now_dt.astimezone(tz).date() return True def is_allowed(self, request: HttpRequest, total: Decimal=None) -> bool: """ You can use this method to disable this payment provider for certain groups of users, products or other criteria. If this method returns ``False``, the user will not be able to select this payment method. This will only be called during checkout, not on retrying. The default implementation checks for the _availability_date setting to be either unset or in the future and for the _total_max and _total_min requirements to be met. It also checks the ``_restrict_countries`` setting. :param total: The total value without the payment method fee, after taxes. .. versionchanged:: 1.17.0 The ``total`` parameter has been added. For backwards compatibility, this method is called again without this parameter if it raises a ``TypeError`` on first try. """ timing = self._is_still_available(cart_id=get_or_create_cart_id(request)) pricing = True if (self.settings._total_max is not None or self.settings._total_min is not None) and total is None: raise ImproperlyConfigured('This payment provider does not support maximum or minimum amounts.') if self.settings._total_max is not None: pricing = pricing and total <= Decimal(self.settings._total_max) if self.settings._total_min is not None: pricing = pricing and total >= Decimal(self.settings._total_min) def get_invoice_address(): if not hasattr(request, '_checkout_flow_invoice_address'): cs = cart_session(request) iapk = cs.get('invoice_address') if not iapk: request._checkout_flow_invoice_address = InvoiceAddress() else: try: request._checkout_flow_invoice_address = InvoiceAddress.objects.get(pk=iapk, order__isnull=True) except InvoiceAddress.DoesNotExist: request._checkout_flow_invoice_address = InvoiceAddress() return request._checkout_flow_invoice_address if self.event.settings.invoice_address_required: restricted_countries = self.settings.get('_restricted_countries', as_type=list) if restricted_countries: ia = get_invoice_address() if str(ia.country) not in restricted_countries: return False return timing and pricing def payment_form_render(self, request: HttpRequest, total: Decimal) -> str: """ When the user selects this provider as their preferred payment method, they will be shown the HTML you return from this method. The default implementation will call :py:meth:`payment_form` and render the returned form. If your payment method doesn't require the user to fill out form fields, you should just return a paragraph of explanatory text. """ form = self.payment_form(request) template = get_template('pretixpresale/event/checkout_payment_form_default.html') ctx = {'request': request, 'form': form} return template.render(ctx) def checkout_confirm_render(self, request) -> str: """ If the user has successfully filled in their payment data, they will be redirected to a confirmation page which lists all details of their order for a final review. This method should return the HTML which should be displayed inside the 'Payment' box on this page. In most cases, this should include a short summary of the user's input and a short explanation on how the payment process will continue. """ raise NotImplementedError() # NOQA def payment_pending_render(self, request: HttpRequest, payment: OrderPayment) -> str: """ Render customer-facing instructions on how to proceed with a pending payment :return: HTML """ return "" def checkout_prepare(self, request: HttpRequest, cart: Dict[str, Any]) -> Union[bool, str]: """ Will be called after the user selects this provider as their payment method. If you provided a form to the user to enter payment data, this method should at least store the user's input into their session. This method should return ``False`` if the user's input was invalid, ``True`` if the input was valid and the frontend should continue with default behavior or a string containing a URL if the user should be redirected somewhere else. On errors, you should use Django's message framework to display an error message to the user (or the normal form validation error messages). The default implementation stores the input into the form returned by :py:meth:`payment_form` in the user's session. If your payment method requires you to redirect the user to an external provider, this might be the place to do so. .. IMPORTANT:: If this is called, the user has not yet confirmed their order. You may NOT do anything which actually moves money. :param cart: This dictionary contains at least the following keys: positions: A list of ``CartPosition`` objects that are annotated with the special attributes ``count`` and ``total`` because multiple objects of the same content are grouped into one. raw: The raw list of ``CartPosition`` objects in the users cart total: The overall total *including* the fee for the payment method. payment_fee: The fee for the payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_is_valid_session(self, request: HttpRequest) -> bool: """ This is called at the time the user tries to place the order. It should return ``True`` if the user's session is valid and all data your payment provider requires in future steps is present. """ raise NotImplementedError() # NOQA def execute_payment(self, request: HttpRequest, payment: OrderPayment) -> str: """ After the user has confirmed their purchase, this method will be called to complete the payment process. This is the place to actually move the money if applicable. You will be passed an :py:class:`pretix.base.models.OrderPayment` object that contains the amount of money that should be paid. If you need any special behavior, you can return a string containing the URL the user will be redirected to. If you are done with your process you should return the user to the order's detail page. If the payment is completed, you should call ``payment.confirm()``. Please note that ``this`` might raise a ``Quota.QuotaExceededException`` if (and only if) the payment term of this order is over and some of the items are sold out. You should use the exception message to display a meaningful error to the user. The default implementation just returns ``None`` and therefore leaves the order unpaid. The user will be redirected to the order's detail page by default. On errors, you should raise a ``PaymentException``. :param order: The order object :param payment: An ``OrderPayment`` instance """ return None def order_pending_mail_render(self, order: Order) -> str: """ After the user has submitted their order, they will receive a confirmation email. You can return a string from this method if you want to add additional information to this email. :param order: The order object """ return "" def order_change_allowed(self, order: Order) -> bool: """ Will be called to check whether it is allowed to change the payment method of an order to this one. The default implementation checks for the _availability_date setting to be either unset or in the future, as well as for the _total_max, _total_min and _restricted_countries settings. :param order: The order object """ ps = order.pending_sum if self.settings._total_max is not None and ps > Decimal(self.settings._total_max): return False if self.settings._total_min is not None and ps < Decimal(self.settings._total_min): return False restricted_countries = self.settings.get('_restricted_countries', as_type=list) if restricted_countries: try: ia = order.invoice_address except InvoiceAddress.DoesNotExist: return True else: if str(ia.country) not in restricted_countries: return False return self._is_still_available(order=order) def payment_prepare(self, request: HttpRequest, payment: OrderPayment) -> Union[bool, str]: """ Will be called if the user retries to pay an unpaid order (after the user filled in e.g. the form returned by :py:meth:`payment_form`) or if the user changes the payment method. It should return and report errors the same way as :py:meth:`checkout_prepare`, but receives an ``Order`` object instead of a cart object. Note: The ``Order`` object given to this method might be different from the version stored in the database as it's total will already contain the payment fee for the new payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_control_render(self, request: HttpRequest, payment: OrderPayment) -> str: """ Will be called if the *event administrator* views the details of a payment. It should return HTML code containing information regarding the current payment status and, if applicable, next steps. The default implementation returns the verbose name of the payment provider. :param order: The order object """ return '' def payment_refund_supported(self, payment: OrderPayment) -> bool: """ Will be called to check if the provider supports automatic refunding for this payment. """ return False def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: """ Will be called to check if the provider supports automatic partial refunding for this payment. """ return False def execute_refund(self, refund: OrderRefund): """ Will be called to execute an refund. Note that refunds have an amount property and can be partial. This should transfer the money back (if possible). On success, you should call ``refund.done()``. On failure, you should raise a PaymentException. """ raise PaymentException(_('Automatic refunds are not supported by this payment provider.')) def shred_payment_info(self, obj: Union[OrderPayment, OrderRefund]): """ When personal data is removed from an event, this method is called to scrub payment-related data from a payment or refund. By default, it removes all info from the ``info`` attribute. You can override this behavior if you want to retain attributes that are not personal data on their own, i.e. a reference to a transaction in an external system. You can also override this to scrub more data, e.g. data from external sources that is saved in LogEntry objects or other places. :param order: An order """ obj.info = '{}' obj.save(update_fields=['info'])
class Tinkoff(BasePaymentProvider): identifier = 'tinkoff' verbose_name = _('Credit card') abort_pending_allowed = False refunds_allowed = True def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'tinkoff', event) @property def is_enabled(self) -> bool: return self.settings.get('_enabled', as_type=bool) def payment_form_render(self, request) -> str: template = get_template('pretix_tinkoff/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'form': self.payment_form(request) } return template.render(ctx) def checkout_prepare(self, request, total): return True def payment_is_valid_session(self, request): return True def checkout_confirm_render(self, request) -> str: template = get_template('pretix_tinkoff/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'form': self.payment_form(request) } return template.render(ctx) def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if payment.state == OrderPayment.PAYMENT_STATE_FAILED: data = self.status(payment_info) if data.get('Status') == 'CONFIRMED': payment.order.log_action('pretix_tinkoff.event.CONFIRMED') payment.confirm() logger.info("Failed Payment check status: {}".format(data)) else: payment_info = None template = get_template('pretix_tinkoff/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'provider': self, } return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def payment_refund_supported(self, payment: OrderPayment) -> bool: return self.refunds_allowed def payment_partial_refund_supported(self, payment: OrderPayment): return False def execute_payment(self, request: HttpRequest, payment: OrderPayment): pay_data = { "NotificationURL": build_absolute_uri(self.event, 'plugins:pretix_tinkoff:webhook', kwargs={ 'payment': payment.pk }), "SuccessURL": build_absolute_uri(self.event, 'plugins:pretix_tinkoff:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1(payment.order.secret.lower().encode()).hexdigest(), 'action': 'success' }), "FailURL": build_absolute_uri(self.event, 'plugins:pretix_tinkoff:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1(payment.order.secret.lower().encode()).hexdigest(), 'action': 'fail' }), 'Amount': int(payment.amount * 100), 'OrderId': "{}-{}".format(self.event.slug.upper(), payment.order.code), 'Description': "Order {}-{}".format(self.event.slug.upper(), payment.order.code), 'DATA': { 'organizer': self.event.organizer.slug, 'event': self.event.slug, 'order': payment.order.code, 'payment': payment.local_id, 'order-full-code': payment.order.full_code }, 'PayType': "O" } try: req = self._init(pay_data) except HTTPError: logger.exception('Tinkoff error: %s' % req) if req['Success'] == False: logger.exception('Tinkoff error: %s' % req) payment.info_data = { 'error': True, 'detail': req } payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save() payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'data': payment.info_data }) raise PaymentException(_('We had trouble communicating with Tinkoff. Please try again and get in touch ' 'with us if this problem persists. Detail: {}'.format(req['Details']))) ReferencedTinkoffTransaction.objects.get_or_create(order=payment.order, payment=payment, reference=req['PaymentId']) LogTransaction(paymentid=req['PaymentId'], order=payment.order, payment=payment, method='get', meta_info=json.dumps(req)) payment.info = json.dumps(req) payment.state = OrderPayment.PAYMENT_STATE_CREATED logger.info('pay_request: {}'.format(pay_data)) logger.info('pay_response: {}'.format(payment.info)) payment.save(update_fields=['info']) return self.redirect(request, req['PaymentURL']) def redirect(self, request, url): if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return ( build_absolute_uri(request.event, 'plugins:pretix_tinkoff:redirect') + '?url=' + urllib.parse.quote(signer.sign(url)) ) else: return str(url) def execute_refund(self, refund: OrderRefund): payment_data = refund.payment.info_data data = { 'PaymentId': payment_data['PaymentId'], 'Amount': int(refund.amount * 100) } logger.info('refund_request:{}'.format(data)) req = self.cancel(data) refund.info_data = json.dumps(req) refund.save(update_fields=['info']) logger.info('refund_response:{}'.format(req)) if req['Success'] == False: raise PaymentException(_('Refunding the amount via Tinkoff failed: {}'.format(req['Details']))) else: if req['Status'] == 'REFUNDED': refund.done() @property def secret_key(self): return self.settings.terminal_password @property def terminal_key(self): return self.settings.terminal_key def _init(self, payment): response = self._request('INIT', requests.post, payment).json() return response def _request(self, url, method, data): url = get_config()['URLS'][url] data.update({ 'TerminalKey': self.settings.terminal_key, 'Token': self._token(data), }) pay_request = method(url, data=json.dumps(data, cls=Encoder), headers={'Content-Type': 'application/json'}) pay_request.raise_for_status() if pay_request.status_code != 200: raise logger.exception('Tinkoff bad status code') return pay_request def _token(self, data): base = [ ['Password', self.settings.terminal_password], ] if 'TerminalKey' not in data: base.append(['TerminalKey', self.settings.terminal_key]) for name_token, value_token in data.items(): if name_token == 'Token': continue if isinstance(value_token, bool): base.append([name_token, str(value_token).lower()]) elif not isinstance(value_token, list) or not isinstance(value_token, dict): base.append([name_token, value_token]) base.sort(key=lambda i: i[0]) values = ''.join(map(lambda i: str(i[1]), base)) m = hashlib.sha256() m.update(values.encode()) return m.hexdigest() def token_correct(self, token, data): return token == self._token(data) def resend(self, payment): response = self._request('RESEND', requests.post, {}).json() return response def status(self, payment): response = self._request('GET_STATE', requests.post, {'PaymentId': payment['PaymentId']}).json() return response def cancel(self, payment): response = self._request('CANCEL', requests.post, payment).json() return response
class BasePaymentProvider: """ This is the base class for all payment providers. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) # Default values if self.settings.get('_fee_reverse_calc') is None: self.settings.set('_fee_reverse_calc', True) def __str__(self): return self.identifier @property def is_implicit(self) -> bool: """ Returns whether or whether not this payment provider is an "implicit" payment provider that will *always* and unconditionally be used if is_allowed() returns True and does not require any input. This is intended to be used by the FreePaymentProvider, which skips the payment choice page. By default, this returns ``False``. Please do not set this if you don't know exactly what you are doing. """ return False @property def is_meta(self) -> bool: """ Returns whether or whether not this payment provider is a "meta" payment provider that only works as a settings holder for other payment providers and should never be used directly. This is a trick to implement payment gateways with multiple payment methods but unified payment settings. Take a look at the built-in stripe provider to see how this might be used. By default, this returns ``False``. """ return False @property def is_enabled(self) -> bool: """ Returns whether or whether not this payment provider is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) @property def test_mode_message(self) -> str: """ If this property is set to a string, this will be displayed when this payment provider is selected while the event is in test mode. You should use it to explain to your user how your plugin behaves, e.g. if it falls back to a test mode automatically as well or if actual payments will be performed. If you do not set this (or, return ``None``), pretix will show a default message warning the user that this plugin does not support test mode payments. """ return None def calculate_fee(self, price: Decimal) -> Decimal: """ Calculate the fee for this payment provider which will be added to final price before fees (but after taxes). It should include any taxes. The default implementation makes use of the setting ``_fee_abs`` for an absolute fee and ``_fee_percent`` for a percentage. :param price: The total value without the payment method fee, after taxes. """ fee_abs = self.settings.get('_fee_abs', as_type=Decimal, default=0) fee_percent = self.settings.get('_fee_percent', as_type=Decimal, default=0) fee_reverse_calc = self.settings.get('_fee_reverse_calc', as_type=bool, default=True) places = settings.CURRENCY_PLACES.get(self.event.currency, 2) if fee_reverse_calc: return ((price + fee_abs) * (1 / (1 - fee_percent / 100)) - price).quantize(Decimal('1') / 10**places, ROUND_HALF_UP) else: return (price * fee_percent / 100 + fee_abs).quantize( Decimal('1') / 10**places, ROUND_HALF_UP) @property def verbose_name(self) -> str: """ A human-readable name for this payment provider. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card via Stripe'. """ raise NotImplementedError() # NOQA @property def public_name(self) -> str: """ A human-readable name for this payment provider to be shown to the public. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card', but 'Credit card via Stripe' might be to explicit. By default, this is the same as ``verbose_name`` """ return self.verbose_name @property def identifier(self) -> str: """ A short and unique identifier for this payment provider. This should only contain lowercase letters and in most cases will be the same as your package name. """ raise NotImplementedError() # NOQA @property def abort_pending_allowed(self) -> bool: """ Whether or not a user can abort a payment in pending start to switch to another payment method. This returns ``False`` by default which is no guarantee that aborting a pending payment can never happen, it just hides the frontend button to avoid users accidentally committing double payments. """ return False @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled``, ``_fee_abs``, ``_fee_percent`` and ``_availability_date`` settings mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('bank_details', forms.CharField( widget=forms.Textarea, label=_('Bank account details'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ places = settings.CURRENCY_PLACES.get(self.event.currency, 2) d = OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable payment method'), required=False, )), ('_availability_date', RelativeDateField( label=_('Available until'), help_text= _('Users will not be able to choose this payment provider after the given date.' ), required=False, )), ('_invoice_text', I18nFormField( label=_('Text on invoices'), help_text= _('Will be printed just below the payment figures and above the closing text on invoices. ' 'This will only be used if the invoice is generated before the order is paid. If the ' 'invoice is generated later, it will show a text stating that it has already been paid.' ), required=False, widget=I18nTextarea, widget_kwargs={'attrs': { 'rows': '2' }})), ('_total_min', forms.DecimalField( label=_('Minimum order total'), help_text= _('This payment will be available only if the order total is equal to or exceeds the given ' 'value. The order total for this purpose may be computed without taking the fees imposed ' 'by this payment method into account.'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places))), ('_total_max', forms.DecimalField( label=_('Maximum order total'), help_text= _('This payment will be available only if the order total is equal to or below the given ' 'value. The order total for this purpose may be computed without taking the fees imposed ' 'by this payment method into account.'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places))), ('_fee_abs', forms.DecimalField(label=_('Additional fee'), help_text=_('Absolute value'), localize=True, required=False, decimal_places=places, widget=DecimalTextInput(places=places))), ('_fee_percent', forms.DecimalField( label=_('Additional fee'), help_text=_('Percentage of the order total.'), localize=True, required=False, )), ('_fee_reverse_calc', forms.BooleanField( label=_( 'Calculate the fee from the total value including the fee.' ), help_text= _('We recommend to enable this if you want your users to pay the payment fees of your ' 'payment provider. <a href="{docs_url}" target="_blank" rel="noopener">Click here ' 'for detailed information on what this does.</a> Don\'t forget to set the correct fees ' 'above!'). format( docs_url= 'https://docs.pretix.eu/en/latest/user/payments/fees.html' ), required=False)), ('_restricted_countries', forms.MultipleChoiceField( label=_('Restrict to countries'), choices=Countries(), help_text= _('Only allow choosing this payment provider for invoice addresses in the selected ' 'countries. If you don\'t select any country, all countries are allowed. This is only ' 'enabled if the invoice address is required.'), widget=forms.CheckboxSelectMultiple( attrs={'class': 'scrolling-multiple-choice'}), required=False, disabled=not self.event.settings.invoice_address_required)), ]) d['_restricted_countries']._as_type = list return d def settings_form_clean(self, cleaned_data): """ Overriding this method allows you to inject custom validation into the settings form. :param cleaned_data: Form data as per previous validations. :return: Please return the modified cleaned_data """ return cleaned_data def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ return "" def render_invoice_text(self, order: Order, payment: OrderPayment) -> str: """ This is called when an invoice for an order with this payment provider is generated. The default implementation returns the content of the _invoice_text configuration variable (an I18nString), or an empty string if unconfigured. For paid orders, the default implementation always renders a string stating that the invoice is already paid. """ if order.status == Order.STATUS_PAID: return pgettext_lazy( 'invoice', 'The payment for this invoice has already been received.') return self.settings.get('_invoice_text', as_type=LazyI18nString, default='') @property def payment_form_fields(self) -> dict: """ This is used by the default implementation of :py:meth:`payment_form`. It should return an object similar to :py:attr:`settings_form_fields`. The default implementation returns an empty dictionary. """ return {} def payment_form(self, request: HttpRequest) -> Form: """ This is called by the default implementation of :py:meth:`payment_form_render` to obtain the form that is displayed to the user during the checkout process. The default implementation constructs the form using :py:attr:`payment_form_fields` and sets appropriate prefixes for the form and all fields and fills the form with data form the user's session. If you overwrite this, we strongly suggest that you inherit from ``PaymentProviderForm`` (from this module) that handles some nasty issues about required fields for you. """ form = PaymentProviderForm( data=(request.POST if request.method == 'POST' and request.POST.get("payment") == self.identifier else None), prefix='payment_%s' % self.identifier, initial={ k.replace('payment_%s_' % self.identifier, ''): v for k, v in request.session.items() if k.startswith('payment_%s_' % self.identifier) }) form.fields = self.payment_form_fields for k, v in form.fields.items(): v._required = v.required v.required = False v.widget.is_required = False return form def _is_still_available(self, now_dt=None, cart_id=None, order=None): now_dt = now_dt or now() tz = pytz.timezone(self.event.settings.timezone) availability_date = self.settings.get('_availability_date', as_type=RelativeDateWrapper) if availability_date: if self.event.has_subevents and cart_id: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=CartPosition.objects.filter( cart_id=cart_id, event=self.event).values_list( 'subevent', flat=True)) ]) elif self.event.has_subevents and order: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=order.positions.values_list('subevent', flat=True)) ]) elif self.event.has_subevents: logger.error('Payment provider is not subevent-ready.') return False else: availability_date = availability_date.datetime( self.event).date() return availability_date >= now_dt.astimezone(tz).date() return True def is_allowed(self, request: HttpRequest, total: Decimal = None) -> bool: """ You can use this method to disable this payment provider for certain groups of users, products or other criteria. If this method returns ``False``, the user will not be able to select this payment method. This will only be called during checkout, not on retrying. The default implementation checks for the _availability_date setting to be either unset or in the future and for the _total_max and _total_min requirements to be met. It also checks the ``_restrict_countries`` setting. :param total: The total value without the payment method fee, after taxes. .. versionchanged:: 1.17.0 The ``total`` parameter has been added. For backwards compatibility, this method is called again without this parameter if it raises a ``TypeError`` on first try. """ timing = self._is_still_available( cart_id=get_or_create_cart_id(request)) pricing = True if (self.settings._total_max is not None or self.settings._total_min is not None) and total is None: raise ImproperlyConfigured( 'This payment provider does not support maximum or minimum amounts.' ) if self.settings._total_max is not None: pricing = pricing and total <= Decimal(self.settings._total_max) if self.settings._total_min is not None: pricing = pricing and total >= Decimal(self.settings._total_min) def get_invoice_address(): if not hasattr(request, '_checkout_flow_invoice_address'): cs = cart_session(request) iapk = cs.get('invoice_address') if not iapk: request._checkout_flow_invoice_address = InvoiceAddress() else: try: request._checkout_flow_invoice_address = InvoiceAddress.objects.get( pk=iapk, order__isnull=True) except InvoiceAddress.DoesNotExist: request._checkout_flow_invoice_address = InvoiceAddress( ) return request._checkout_flow_invoice_address if self.event.settings.invoice_address_required: restricted_countries = self.settings.get('_restricted_countries', as_type=list) if restricted_countries: ia = get_invoice_address() if str(ia.country) not in restricted_countries: return False return timing and pricing def payment_form_render(self, request: HttpRequest, total: Decimal) -> str: """ When the user selects this provider as their preferred payment method, they will be shown the HTML you return from this method. The default implementation will call :py:meth:`payment_form` and render the returned form. If your payment method doesn't require the user to fill out form fields, you should just return a paragraph of explanatory text. """ form = self.payment_form(request) template = get_template( 'pretixpresale/event/checkout_payment_form_default.html') ctx = {'request': request, 'form': form} return template.render(ctx) def checkout_confirm_render(self, request) -> str: """ If the user has successfully filled in their payment data, they will be redirected to a confirmation page which lists all details of their order for a final review. This method should return the HTML which should be displayed inside the 'Payment' box on this page. In most cases, this should include a short summary of the user's input and a short explanation on how the payment process will continue. """ raise NotImplementedError() # NOQA def payment_pending_render(self, request: HttpRequest, payment: OrderPayment) -> str: """ Render customer-facing instructions on how to proceed with a pending payment :return: HTML """ return "" def checkout_prepare(self, request: HttpRequest, cart: Dict[str, Any]) -> Union[bool, str]: """ Will be called after the user selects this provider as their payment method. If you provided a form to the user to enter payment data, this method should at least store the user's input into their session. This method should return ``False`` if the user's input was invalid, ``True`` if the input was valid and the frontend should continue with default behavior or a string containing a URL if the user should be redirected somewhere else. On errors, you should use Django's message framework to display an error message to the user (or the normal form validation error messages). The default implementation stores the input into the form returned by :py:meth:`payment_form` in the user's session. If your payment method requires you to redirect the user to an external provider, this might be the place to do so. .. IMPORTANT:: If this is called, the user has not yet confirmed their order. You may NOT do anything which actually moves money. :param cart: This dictionary contains at least the following keys: positions: A list of ``CartPosition`` objects that are annotated with the special attributes ``count`` and ``total`` because multiple objects of the same content are grouped into one. raw: The raw list of ``CartPosition`` objects in the users cart total: The overall total *including* the fee for the payment method. payment_fee: The fee for the payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_is_valid_session(self, request: HttpRequest) -> bool: """ This is called at the time the user tries to place the order. It should return ``True`` if the user's session is valid and all data your payment provider requires in future steps is present. """ raise NotImplementedError() # NOQA def execute_payment(self, request: HttpRequest, payment: OrderPayment) -> str: """ After the user has confirmed their purchase, this method will be called to complete the payment process. This is the place to actually move the money if applicable. You will be passed an :py:class:`pretix.base.models.OrderPayment` object that contains the amount of money that should be paid. If you need any special behavior, you can return a string containing the URL the user will be redirected to. If you are done with your process you should return the user to the order's detail page. If the payment is completed, you should call ``payment.confirm()``. Please note that this might raise a ``Quota.QuotaExceededException`` if (and only if) the payment term of this order is over and some of the items are sold out. You should use the exception message to display a meaningful error to the user. The default implementation just returns ``None`` and therefore leaves the order unpaid. The user will be redirected to the order's detail page by default. On errors, you should raise a ``PaymentException``. :param order: The order object :param payment: An ``OrderPayment`` instance """ return None def order_pending_mail_render(self, order: Order, payment: OrderPayment) -> str: """ After the user has submitted their order, they will receive a confirmation email. You can return a string from this method if you want to add additional information to this email. :param order: The order object :param payment: The payment object """ return "" def order_change_allowed(self, order: Order) -> bool: """ Will be called to check whether it is allowed to change the payment method of an order to this one. The default implementation checks for the _availability_date setting to be either unset or in the future, as well as for the _total_max, _total_min and _restricted_countries settings. :param order: The order object """ ps = order.pending_sum if self.settings._total_max is not None and ps > Decimal( self.settings._total_max): return False if self.settings._total_min is not None and ps < Decimal( self.settings._total_min): return False restricted_countries = self.settings.get('_restricted_countries', as_type=list) if restricted_countries: try: ia = order.invoice_address except InvoiceAddress.DoesNotExist: return True else: if str(ia.country) not in restricted_countries: return False return self._is_still_available(order=order) def payment_prepare(self, request: HttpRequest, payment: OrderPayment) -> Union[bool, str]: """ Will be called if the user retries to pay an unpaid order (after the user filled in e.g. the form returned by :py:meth:`payment_form`) or if the user changes the payment method. It should return and report errors the same way as :py:meth:`checkout_prepare`, but receives an ``Order`` object instead of a cart object. Note: The ``Order`` object given to this method might be different from the version stored in the database as it's total will already contain the payment fee for the new payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_control_render(self, request: HttpRequest, payment: OrderPayment) -> str: """ Will be called if the *event administrator* views the details of a payment. It should return HTML code containing information regarding the current payment status and, if applicable, next steps. The default implementation returns the verbose name of the payment provider. :param order: The order object """ return '' def payment_refund_supported(self, payment: OrderPayment) -> bool: """ Will be called to check if the provider supports automatic refunding for this payment. """ return False def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: """ Will be called to check if the provider supports automatic partial refunding for this payment. """ return False def execute_refund(self, refund: OrderRefund): """ Will be called to execute an refund. Note that refunds have an amount property and can be partial. This should transfer the money back (if possible). On success, you should call ``refund.done()``. On failure, you should raise a PaymentException. """ raise PaymentException( _('Automatic refunds are not supported by this payment provider.')) def shred_payment_info(self, obj: Union[OrderPayment, OrderRefund]): """ When personal data is removed from an event, this method is called to scrub payment-related data from a payment or refund. By default, it removes all info from the ``info`` attribute. You can override this behavior if you want to retain attributes that are not personal data on their own, i.e. a reference to a transaction in an external system. You can also override this to scrub more data, e.g. data from external sources that is saved in LogEntry objects or other places. :param order: An order """ obj.info = '{}' obj.save(update_fields=['info']) def api_payment_details(self, payment: OrderPayment): """ Will be called to populate the ``details`` parameter of the payment in the REST API. :param payment: The payment in question. :return: A serializable dictionary """ return {}
class WirecardMethod(BasePaymentProvider): method = '' wc_payment_type = 'SELECT' statement_length = 32 order_ref_length = 32 abort_pending_allowed = True def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'wirecard', event) @property def identifier(self): return 'wirecard_{}'.format(self.method) @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_form_render(self, request) -> str: template = get_template('pretix_wirecard/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_confirm_render(self, request) -> str: template = get_template( 'pretix_wirecard/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_prepare(self, request, total): return True def payment_is_valid_session(self, request): return True def execute_payment(self, request: HttpRequest, payment: OrderPayment): request.session['wirecard_nonce'] = get_random_string(length=12) request.session['wirecard_order_secret'] = payment.order.secret request.session['wirecard_payment'] = payment.pk return eventreverse( self.event, 'plugins:pretix_wirecard:redirect', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), }) def sign_parameters(self, params: dict, order: list = None) -> dict: keys = order or (list(params.keys()) + ['requestFingerprintOrder', 'secret']) params['requestFingerprintOrder'] = ','.join(keys) payload = ''.join( self.settings.get('secret') if k == 'secret' else params[k] for k in keys) params['requestFingerprint'] = hmac.new( self.settings.get('secret').encode(), payload.encode(), hashlib.sha512).hexdigest().upper() return params def params_for_payment(self, payment, request): if not request.session.get('wirecard_nonce'): request.session['wirecard_nonce'] = get_random_string(length=12) request.session['wirecard_order_secret'] = payment.order.secret request.session['wirecard_payment'] = payment.pk hash = hashlib.sha1(payment.order.secret.lower().encode()).hexdigest() # TODO: imageURL, cssURL? return { 'customerId': self.settings.get('customer_id'), 'shopId': self.settings.get('shop_id', ''), 'language': payment.order.locale[:2], 'paymentType': self.wc_payment_type, 'amount': str(payment.amount), 'currency': self.event.currency, 'orderDescription': _('Order {event}-{code}').format(event=self.event.slug.upper(), code=payment.order.code), 'successUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hash, }), 'cancelUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hash, }), 'failureUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hash, }), 'confirmUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:confirm', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hash, }).replace(':8000', ''), # TODO: Remove 'pendingUrl': build_absolute_uri(self.event, 'plugins:pretix_wirecard:confirm', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hash, }), 'duplicateRequestCheck': 'yes', 'serviceUrl': self.event.settings.imprint_url, 'customerStatement': str(_('ORDER {order} EVENT {event} BY {organizer}')).format( event=self.event.slug.upper(), order=payment.order.code, organizer=self.event.organizer.name)[:self.statement_length - 1], 'orderReference': '{code}{id}'.format(code=payment.order.code, id=request.session.get('wirecard_nonce')) [:self.order_ref_length - 1], 'displayText': _('Order {} for event {} by {}').format(payment.order.code, self.event.name, self.event.organizer.name), 'pretix_orderCode': payment.order.code, 'pretix_eventSlug': self.event.slug, 'pretix_organizerSlug': self.event.organizer.slug, 'pretix_nonce': request.session.get('wirecard_nonce'), } def payment_pending_render(self, request: HttpRequest, payment: OrderPayment): retry = True try: if payment.info_data['paymentState'] == 'PENDING': retry = False except KeyError: pass template = get_template('pretix_wirecard/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'retry': retry, 'order': payment.order } return template.render(ctx) def payment_control_render(self, request: HttpRequest, payment: OrderPayment): template = get_template('pretix_wirecard/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment.info_data, 'order': payment.order, 'provname': self.verbose_name } return template.render(ctx) def order_can_retry(self, order): return True def payment_partial_refund_supported(self, payment: OrderPayment): return bool(self.settings.get('toolkit_password')) def payment_refund_supported(self, payment: OrderPayment): return bool(self.settings.get('toolkit_password')) def _refund(self, order_number, amount, currency, language): params = { 'customerId': self.settings.get('customer_id'), 'shopId': self.settings.get('shop_id', ''), 'toolkitPassword': self.settings.get('toolkit_password'), 'command': 'refund', 'language': language, 'orderNumber': order_number, 'amount': str(amount), 'currency': currency } r = requests.post( 'https://checkout.wirecard.com/page/toolkit.php', data=self.sign_parameters(params, [ 'customerId', 'shopId', 'toolkitPassword', 'secret', 'command', 'language', 'orderNumber', 'amount', 'currency' ])) retvals = parse_qs(r.text) if retvals['status'][0] != '0': logger.error('Wirecard error during refund: %s' % r.text) raise PaymentException( _('Wirecard reported an error: {msg}').format( msg=retvals['message'][0])) def execute_refund(self, refund: OrderRefund): try: self._refund(refund.payment.info_data['orderNumber'], refund.amount, self.event.currency, refund.order.locale[:2]) except requests.exceptions.RequestException as e: logger.exception('Wirecard error: %s' % str(e)) raise PaymentException( _('We had trouble communicating with Wirecard. Please try again and contact ' 'support if the problem persists.')) else: refund.done() def shred_payment_info(self, obj: Union[OrderPayment, OrderRefund]): d = obj.info_data new = {'_shreded': True} for k in ('paymentState', 'amount', 'authenticated', 'paymentType', 'pretix_orderCode', 'currency', 'orderNumber', 'financialInstitution', 'message', 'mandateId', 'dueDate'): if k in d: new[k] = d[k] obj.info_data = new obj.save(update_fields=['info']) for le in obj.order.all_logentries().filter( action_type="pretix_wirecard.wirecard.event").exclude(data=""): d = le.parsed_data new = {'_shreded': True} for k in ('paymentState', 'amount', 'authenticated', 'paymentType', 'pretix_orderCode', 'currency', 'orderNumber', 'financialInstitution', 'message', 'mandateId', 'dueDate'): if k in d: new[k] = d[k] le.data = json.dumps(new) le.shredded = True le.save(update_fields=['data', 'shredded'])
class Paypal(BasePaymentProvider): identifier = 'paypal' verbose_name = _('PayPal') payment_form_fields = OrderedDict([]) def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'paypal', event) @property def test_mode_message(self): if self.settings.connect_client_id and not self.settings.secret: # in OAuth mode, sandbox mode needs to be set global is_sandbox = self.settings.connect_endpoint == 'sandbox' else: is_sandbox = self.settings.get('endpoint') == 'sandbox' if is_sandbox: return _( 'The PayPal sandbox is being used, you can test without actually sending money but you will need a ' 'PayPal sandbox user to log in.') return None @property def settings_form_fields(self): if self.settings.connect_client_id and not self.settings.secret: # PayPal connect if self.settings.connect_user_id: fields = [ ('connect_user_id', forms.CharField(label=_('PayPal account'), disabled=True)), ] else: return {} else: fields = [ ('client_id', forms.CharField( label=_('Client ID'), max_length=80, min_length=80, help_text= _('<a target="_blank" rel="noopener" href="{docs_url}">{text}</a>' ). format(text=_( 'Click here for a tutorial on how to obtain the required keys' ), docs_url= 'https://docs.pretix.eu/en/latest/user/payments/paypal.html' ))), ('secret', forms.CharField( label=_('Secret'), max_length=80, min_length=80, )), ('endpoint', forms.ChoiceField( label=_('Endpoint'), initial='live', choices=( ('live', 'Live'), ('sandbox', 'Sandbox'), ), )), ] d = OrderedDict(fields + list(super().settings_form_fields.items())) d.move_to_end('_enabled', False) return d def get_connect_url(self, request): request.session['payment_paypal_oauth_event'] = request.event.pk self.init_api() return Tokeninfo.authorize_url({'scope': 'openid profile email'}) def settings_content_render(self, request): if self.settings.connect_client_id and not self.settings.secret: # Use PayPal connect if not self.settings.connect_user_id: return ( "<p>{}</p>" "<a href='{}' class='btn btn-primary btn-lg'>{}</a>" ).format( _('To accept payments via PayPal, you will need an account at PayPal. By clicking on the ' 'following button, you can either create a new PayPal account connect pretix to an existing ' 'one.'), self.get_connect_url(request), _('Connect with {icon} PayPal').format( icon='<i class="fa fa-paypal"></i>')) else: return ( "<button formaction='{}' class='btn btn-danger'>{}</button>" ).format( reverse('plugins:paypal:oauth.disconnect', kwargs={ 'organizer': self.event.organizer.slug, 'event': self.event.slug, }), _('Disconnect from PayPal')) else: return "<div class='alert alert-info'>%s<br /><code>%s</code></div>" % ( _('Please configure a PayPal Webhook to the following endpoint in order to automatically cancel orders ' 'when payments are refunded externally.'), build_global_uri('plugins:paypal:webhook')) def init_api(self): if self.settings.connect_client_id and not self.settings.secret: paypalrestsdk.set_config( mode="sandbox" if "sandbox" in self.settings.connect_endpoint else 'live', client_id=self.settings.connect_client_id, client_secret=self.settings.connect_secret_key, openid_client_id=self.settings.connect_client_id, openid_client_secret=self.settings.connect_secret_key, openid_redirect_uri=urlquote( build_global_uri('plugins:paypal:oauth.return'))) else: paypalrestsdk.set_config( mode="sandbox" if "sandbox" in self.settings.get('endpoint') else 'live', client_id=self.settings.get('client_id'), client_secret=self.settings.get('secret')) def payment_is_valid_session(self, request): return (request.session.get('payment_paypal_id', '') != '' and request.session.get('payment_paypal_payer', '') != '') def payment_form_render(self, request) -> str: template = get_template( 'pretixplugins/paypal/checkout_payment_form.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def checkout_prepare(self, request, cart): self.init_api() kwargs = {} if request.resolver_match and 'cart_namespace' in request.resolver_match.kwargs: kwargs['cart_namespace'] = request.resolver_match.kwargs[ 'cart_namespace'] if request.event.settings.payment_paypal_connect_user_id: try: userinfo = Tokeninfo.create_with_refresh_token( request.event.settings.payment_paypal_connect_refresh_token ).userinfo() except BadRequest as ex: ex = json.loads(ex.content) messages.error( request, '{}: {} ({})'.format( _('We had trouble communicating with PayPal'), ex['error_description'], ex['correlation_id'])) return request.event.settings.payment_paypal_connect_user_id = userinfo.email payee = { "email": request.event.settings.payment_paypal_connect_user_id, # If PayPal ever offers a good way to get the MerchantID via the Identifity API, # we should use it instead of the merchant's eMail-address # "merchant_id": request.event.settings.payment_paypal_connect_user_id, } else: payee = {} payment = paypalrestsdk.Payment({ 'header': { 'PayPal-Partner-Attribution-Id': 'ramiioSoftwareentwicklung_SP' }, 'intent': 'sale', 'payer': { "payment_method": "paypal", }, "redirect_urls": { "return_url": build_absolute_uri(request.event, 'plugins:paypal:return', kwargs=kwargs), "cancel_url": build_absolute_uri(request.event, 'plugins:paypal:abort', kwargs=kwargs), }, "transactions": [{ "item_list": { "items": [{ "name": __('Order for %s') % str(request.event), "quantity": 1, "price": self.format_price(cart['total']), "currency": request.event.currency }] }, "amount": { "currency": request.event.currency, "total": self.format_price(cart['total']) }, "description": __('Event tickets for {event}').format( event=request.event.name), "payee": payee }] }) request.session['payment_paypal_order'] = None return self._create_payment(request, payment) def format_price(self, value): return str( round_decimal( value, self.event.currency, { # PayPal behaves differently than Stripe in deciding what currencies have decimal places # Source https://developer.paypal.com/docs/classic/api/currency_codes/ 'HUF': 0, 'JPY': 0, 'MYR': 0, 'TWD': 0, # However, CLPs are not listed there while PayPal requires us not to send decimal places there. WTF. 'CLP': 0, # Let's just guess that the ones listed here are 0-based as well # https://developers.braintreepayments.com/reference/general/currencies 'BIF': 0, 'DJF': 0, 'GNF': 0, 'KMF': 0, 'KRW': 0, 'LAK': 0, 'PYG': 0, 'RWF': 0, 'UGX': 0, 'VND': 0, 'VUV': 0, 'XAF': 0, 'XOF': 0, 'XPF': 0, })) @property def abort_pending_allowed(self): return False def _create_payment(self, request, payment): try: if payment.create(): if payment.state not in ('created', 'approved', 'pending'): messages.error( request, _('We had trouble communicating with PayPal')) logger.error('Invalid payment state: ' + str(payment)) return request.session['payment_paypal_id'] = payment.id for link in payment.links: if link.method == "REDIRECT" and link.rel == "approval_url": if request.session.get('iframe_session', False): signer = signing.Signer(salt='safe-redirect') return (build_absolute_uri( request.event, 'plugins:paypal:redirect') + '?url=' + urllib.parse.quote(signer.sign(link.href))) else: return str(link.href) else: messages.error(request, _('We had trouble communicating with PayPal')) logger.error('Error on creating payment: ' + str(payment.error)) except Exception as e: messages.error(request, _('We had trouble communicating with PayPal')) logger.exception('Error on creating payment: ' + str(e)) def checkout_confirm_render(self, request) -> str: """ Returns the HTML that should be displayed when the user selected this provider on the 'confirm order' page. """ template = get_template( 'pretixplugins/paypal/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings } return template.render(ctx) def execute_payment(self, request: HttpRequest, payment: OrderPayment): if (request.session.get('payment_paypal_id', '') == '' or request.session.get('payment_paypal_payer', '') == ''): raise PaymentException( _('We were unable to process your payment. See below for details on how to ' 'proceed.')) self.init_api() pp_payment = paypalrestsdk.Payment.find( request.session.get('payment_paypal_id')) ReferencedPayPalObject.objects.get_or_create(order=payment.order, payment=payment, reference=pp_payment.id) if str(pp_payment.transactions[0].amount.total) != str(payment.amount) or pp_payment.transactions[0].amount.currency \ != self.event.currency: logger.error('Value mismatch: Payment %s vs paypal trans %s' % (payment.id, str(pp_payment))) raise PaymentException( _('We were unable to process your payment. See below for details on how to ' 'proceed.')) return self._execute_payment(pp_payment, request, payment) def _execute_payment(self, payment, request, payment_obj): if payment.state == 'created': payment.replace([{ "op": "replace", "path": "/transactions/0/item_list", "value": { "items": [{ "name": __('Order {slug}-{code}').format( slug=self.event.slug.upper(), code=payment_obj.order.code), "quantity": 1, "price": self.format_price(payment_obj.amount), "currency": payment_obj.order.event.currency }] } }, { "op": "replace", "path": "/transactions/0/description", "value": __('Order {order} for {event}').format( event=request.event.name, order=payment_obj.order.code) }]) try: payment.execute( {"payer_id": request.session.get('payment_paypal_payer')}) except Exception as e: messages.error(request, _('We had trouble communicating with PayPal')) logger.exception('Error on creating payment: ' + str(e)) for trans in payment.transactions: for rr in trans.related_resources: if hasattr(rr, 'sale') and rr.sale: if rr.sale.state == 'pending': messages.warning( request, _('PayPal has not yet approved the payment. We will inform you as ' 'soon as the payment completed.')) payment_obj.info = json.dumps(payment.to_dict()) payment_obj.state = OrderPayment.PAYMENT_STATE_PENDING payment_obj.save() return payment_obj.refresh_from_db() if payment.state == 'pending': messages.warning( request, _('PayPal has not yet approved the payment. We will inform you as soon as the ' 'payment completed.')) payment_obj.info = json.dumps(payment.to_dict()) payment_obj.state = OrderPayment.PAYMENT_STATE_PENDING payment_obj.save() return if payment.state != 'approved': payment_obj.fail(info=payment.to_dict()) logger.error('Invalid state: %s' % str(payment)) raise PaymentException( _('We were unable to process your payment. See below for details on how to ' 'proceed.')) if payment_obj.state == OrderPayment.PAYMENT_STATE_CONFIRMED: logger.warning( 'PayPal success event even though order is already marked as paid' ) return try: payment_obj.info = json.dumps(payment.to_dict()) payment_obj.save(update_fields=['info']) payment_obj.confirm() except Quota.QuotaExceededException as e: raise PaymentException(str(e)) except SendMailException: messages.warning( request, _('There was an error sending the confirmation mail.')) return None def payment_pending_render(self, request, payment) -> str: retry = True try: if payment.info and payment.info_data['state'] == 'pending': retry = False except KeyError: pass template = get_template('pretixplugins/paypal/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'retry': retry, 'order': payment.order } return template.render(ctx) def matching_id(self, payment: OrderPayment): sale_id = None for trans in payment.info_data.get('transactions', []): for res in trans.get('related_resources', []): if 'sale' in res and 'id' in res['sale']: sale_id = res['sale']['id'] return sale_id or payment.info_data.get('id', None) def api_payment_details(self, payment: OrderPayment): sale_id = None for trans in payment.info_data.get('transactions', []): for res in trans.get('related_resources', []): if 'sale' in res and 'id' in res['sale']: sale_id = res['sale']['id'] return { "payer_email": payment.info_data.get('payer', {}).get('payer_info', {}).get('email'), "payer_id": payment.info_data.get('payer', {}).get('payer_info', {}).get('payer_id'), "cart_id": payment.info_data.get('cart', None), "payment_id": payment.info_data.get('id', None), "sale_id": sale_id, } def payment_control_render(self, request: HttpRequest, payment: OrderPayment): template = get_template('pretixplugins/paypal/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment.info_data, 'order': payment.order } return template.render(ctx) def payment_partial_refund_supported(self, payment: OrderPayment): return True def payment_refund_supported(self, payment: OrderPayment): return True def execute_refund(self, refund: OrderRefund): self.init_api() sale = None for res in refund.payment.info_data['transactions'][0][ 'related_resources']: for k, v in res.items(): if k == 'sale': sale = paypalrestsdk.Sale.find(v['id']) break pp_refund = sale.refund({ "amount": { "total": self.format_price(refund.amount), "currency": refund.order.event.currency } }) if not pp_refund.success(): raise PaymentException( _('Refunding the amount via PayPal failed: {}').format( pp_refund.error)) else: sale = paypalrestsdk.Payment.find(refund.payment.info_data['id']) refund.payment.info = json.dumps(sale.to_dict()) refund.info = json.dumps(pp_refund.to_dict()) refund.done() def payment_prepare(self, request, payment_obj): self.init_api() if request.event.settings.payment_paypal_connect_user_id: userinfo = Tokeninfo.create_with_refresh_token( request.event.settings.payment_paypal_connect_refresh_token ).userinfo() request.event.settings.payment_paypal_connect_user_id = userinfo.email payee = { "email": request.event.settings.payment_paypal_connect_user_id, # If PayPal ever offers a good way to get the MerchantID via the Identifity API, # we should use it instead of the merchant's eMail-address # "merchant_id": request.event.settings.payment_paypal_connect_user_id, } else: payee = {} payment = paypalrestsdk.Payment({ 'header': { 'PayPal-Partner-Attribution-Id': 'ramiioSoftwareentwicklung_SP' }, 'intent': 'sale', 'payer': { "payment_method": "paypal", }, "redirect_urls": { "return_url": build_absolute_uri(request.event, 'plugins:paypal:return'), "cancel_url": build_absolute_uri(request.event, 'plugins:paypal:abort'), }, "transactions": [{ "item_list": { "items": [{ "name": __('Order {slug}-{code}').format( slug=self.event.slug.upper(), code=payment_obj.order.code), "quantity": 1, "price": self.format_price(payment_obj.amount), "currency": payment_obj.order.event.currency }] }, "amount": { "currency": request.event.currency, "total": self.format_price(payment_obj.amount) }, "description": __('Order {order} for {event}').format( event=request.event.name, order=payment_obj.order.code), "payee": payee }] }) request.session['payment_paypal_order'] = payment_obj.order.pk request.session['payment_paypal_payment'] = payment_obj.pk return self._create_payment(request, payment) def shred_payment_info(self, obj): if obj.info: d = json.loads(obj.info) new = { 'id': d.get('id'), 'payer': { 'payer_info': { 'email': '█' } }, 'update_time': d.get('update_time'), 'transactions': [{ 'amount': t.get('amount') } for t in d.get('transactions', [])], '_shredded': True } obj.info = json.dumps(new) obj.save(update_fields=['info']) for le in obj.order.all_logentries().filter( action_type="pretix.plugins.paypal.event").exclude(data=""): d = le.parsed_data if 'resource' in d: d['resource'] = { 'id': d['resource'].get('id'), 'sale_id': d['resource'].get('sale_id'), 'parent_payment': d['resource'].get('parent_payment'), } le.data = json.dumps(d) le.shredded = True le.save(update_fields=['data', 'shredded']) def render_invoice_text(self, order: Order, payment: OrderPayment) -> str: if order.status == Order.STATUS_PAID: if payment.info_data.get('id', None): try: return '{}\r\n{}: {}\r\n{}: {}'.format( _('The payment for this invoice has already been received.' ), _('PayPal payment ID'), payment.info_data['id'], _('PayPal sale ID'), payment.info_data['transactions'] [0]['related_resources'][0]['sale']['id']) except (KeyError, IndexError): return '{}\r\n{}: {}'.format( _('The payment for this invoice has already been received.' ), _('PayPal payment ID'), payment.info_data['id']) else: return super().render_invoice_text(order, payment) return self.settings.get('_invoice_text', as_type=LazyI18nString, default='')
class BaseTicketOutput: """ This is the base class for all ticket outputs. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('ticketoutput', self.identifier, event) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns whether or whether not this output is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) @property def multi_download_enabled(self) -> bool: """ Returns whether or not the ``generate_order`` method may be called. Returns ``True`` by default. """ return True def generate(self, position: OrderPosition) -> Tuple[str, str, str]: """ This method should generate the download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. Alternatively, you can pass a tuple consisting of an arbitrary string, ``text/uri-list`` and a single URL. In this case, the user will be redirected to this link instead of being asked to download a generated file. .. note:: If the event uses the event series feature (internally called subevents) and your generated ticket contains information like the event name or date, you probably want to display the properties of the subevent. A common pattern to do this would be a declaration ``ev = position.subevent or position.order.event`` and then access properties that are present on both classes like ``ev.name`` or ``ev.date_from``. .. note:: Should you elect to use the URI redirection feature instead of offering downloads, you should also set the ``multi_download_enabled``-property to ``False``. """ raise NotImplementedError() def generate_order(self, order: Order) -> Tuple[str, str, str]: """ This method is the same as order() but should not generate one file per order position but instead one file for the full order. This method is optional to implement. If you don't implement it, the default implementation will offer a zip file of the generate() results for the order positions. This method should generate a download file and return a tuple consisting of a filename, a file type and file content. The extension will be taken from the filename which is otherwise ignored. If you override this method, make sure that positions that are addons (i.e. ``addon_to`` is set) are only outputted if the event setting ``ticket_download_addons`` is active. Do the same for positions that are non-admission without ``ticket_download_nonadm`` active. If you want, you can just iterate over ``order.positions_with_tickets`` which applies the appropriate filters for you. """ with tempfile.TemporaryDirectory() as d: with ZipFile(os.path.join(d, 'tmp.zip'), 'w') as zipf: for pos in order.positions_with_tickets: fname, __, content = self.generate(pos) zipf.writestr( '{}-{}{}'.format(order.code, pos.positionid, os.path.splitext(fname)[1]), content) with open(os.path.join(d, 'tmp.zip'), 'rb') as zipf: return '{}-{}.zip'.format( order.code, self.identifier), 'application/zip', zipf.read() @property def verbose_name(self) -> str: """ A human-readable name for this ticket output. This should be short but self-explanatory. Good examples include 'PDF tickets' and 'Passbook'. """ raise NotImplementedError() # NOQA @property def identifier(self) -> str: """ A short and unique identifier for this ticket output. This should only contain lowercase letters and in most cases will be the same as your package name. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled`` setting mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('paper_size', forms.CharField( label=_('Paper size'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable output'), required=False, )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass @property def download_button_text(self) -> str: """ The text on the download button in the frontend. """ return _('Download ticket') @property def download_button_icon(self) -> str: """ The Font Awesome icon on the download button in the frontend. """ return 'fa-download' @property def preview_allowed(self) -> bool: """ By default, the ``generate()`` method is called for generating a preview in the pretix backend. In case your plugin cannot generate previews for any reason, you can manually disable it here. """ return True @property def javascript_required(self) -> bool: """ If this property is set to true, the download-button for this ticket-type will not be displayed when the user's browser has JavaScript disabled. Defaults to ``False`` """ return False
def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('ticketoutput', self.identifier, event)
class BasePaymentProvider: """ This is the base class for all payment providers. """ def __init__(self, event: Event): self.event = event self.settings = SettingsSandbox('payment', self.identifier, event) # Default values if self.settings.get('_fee_reverse_calc') is None: self.settings.set('_fee_reverse_calc', True) def __str__(self): return self.identifier @property def is_enabled(self) -> bool: """ Returns whether or whether not this payment provider is enabled. By default, this is determined by the value of the ``_enabled`` setting. """ return self.settings.get('_enabled', as_type=bool) def calculate_fee(self, price: Decimal) -> Decimal: """ Calculate the fee for this payment provider which will be added to final price before fees (but after taxes). It should include any taxes. The default implementation makes use of the setting ``_fee_abs`` for an absolute fee and ``_fee_percent`` for a percentage. :param price: The total value without the payment method fee, after taxes. """ fee_abs = self.settings.get('_fee_abs', as_type=Decimal, default=0) fee_percent = self.settings.get('_fee_percent', as_type=Decimal, default=0) fee_reverse_calc = self.settings.get('_fee_reverse_calc', as_type=bool, default=True) if fee_reverse_calc: return round_decimal((price + fee_abs) * (1 / (1 - fee_percent / 100)) - price) else: return round_decimal(price * fee_percent / 100) + fee_abs @property def verbose_name(self) -> str: """ A human-readable name for this payment provider. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card via Stripe'. """ raise NotImplementedError() # NOQA @property def public_name(self) -> str: """ A human-readable name for this payment provider to be shown to the public. This should be short but self-explaining. Good examples include 'Bank transfer' and 'Credit card', but 'Credit card via Stripe' might be to explicit. By default, this is the same as ``verbose_name`` """ return self.verbose_name @property def identifier(self) -> str: """ A short and unique identifier for this payment provider. This should only contain lowercase letters and in most cases will be the same as your packagename. """ raise NotImplementedError() # NOQA @property def settings_form_fields(self) -> dict: """ When the event's administrator visits the event configuration page, this method is called to return the configuration fields available. It should therefore return a dictionary where the keys should be (unprefixed) settings keys and the values should be corresponding Django form fields. The default implementation returns the appropriate fields for the ``_enabled``, ``_fee_abs``, ``_fee_percent`` and ``_availability_date`` settings mentioned above. We suggest that you return an ``OrderedDict`` object instead of a dictionary and make use of the default implementation. Your implementation could look like this:: @property def settings_form_fields(self): return OrderedDict( list(super().settings_form_fields.items()) + [ ('bank_details', forms.CharField( widget=forms.Textarea, label=_('Bank account details'), required=False )) ] ) .. WARNING:: It is highly discouraged to alter the ``_enabled`` field of the default implementation. """ return OrderedDict([ ('_enabled', forms.BooleanField( label=_('Enable payment method'), required=False, )), ('_fee_abs', forms.DecimalField(label=_('Additional fee'), help_text=_('Absolute value'), required=False)), ('_fee_percent', forms.DecimalField(label=_('Additional fee'), help_text=_('Percentage'), required=False)), ('_availability_date', RelativeDateField( label=_('Available until'), help_text= _('Users will not be able to choose this payment provider after the given date.' ), required=False, )), ('_fee_reverse_calc', forms.BooleanField( label=_( 'Calculate the fee from the total value including the fee.' ), help_text= _('We recommend you to enable this if you want your users to pay the payment fees of your ' 'payment provider. <a href="{docs_url}" target="_blank">Click here ' 'for detailled information on what this does.</a> Don\'t forget to set the correct fees ' 'above!'). format( docs_url= 'https://docs.pretix.eu/en/latest/user/payments/fees.html' ), required=False)), ('_invoice_text', I18nFormField( label=_('Text on invoices'), help_text= _('Will be printed just below the payment figures and above the closing text on invoices.' ), required=False, widget=I18nTextarea, )), ]) def settings_content_render(self, request: HttpRequest) -> str: """ When the event's administrator visits the event configuration page, this method is called. It may return HTML containing additional information that is displayed below the form fields configured in ``settings_form_fields``. """ pass def render_invoice_text(self, order: Order) -> str: """ This is called when an invoice for an order with this payment provider is generated. The default implementation returns the content of the _invoice_text configuration variable (an I18nString), or an empty string if unconfigured. """ return self.settings.get('_invoice_text', as_type=LazyI18nString, default='') @property def payment_form_fields(self) -> dict: """ This is used by the default implementation of :py:meth:`checkout_form`. It should return an object similar to :py:attr:`settings_form_fields`. The default implementation returns an empty dictionary. """ return {} def payment_form(self, request: HttpRequest) -> Form: """ This is called by the default implementation of :py:meth:`checkout_form_render` to obtain the form that is displayed to the user during the checkout process. The default implementation constructs the form using :py:attr:`checkout_form_fields` and sets appropriate prefixes for the form and all fields and fills the form with data form the user's session. If you overwrite this, we strongly suggest that you inherit from ``PaymentProviderForm`` (from this module) that handles some nasty issues about required fields for you. """ form = PaymentProviderForm( data=(request.POST if request.method == 'POST' else None), prefix='payment_%s' % self.identifier, initial={ k.replace('payment_%s_' % self.identifier, ''): v for k, v in request.session.items() if k.startswith('payment_%s_' % self.identifier) }) form.fields = self.payment_form_fields for k, v in form.fields.items(): v._required = v.required v.required = False v.widget.is_required = False return form def _is_still_available(self, now_dt=None, cart_id=None, order=None): now_dt = now_dt or now() tz = pytz.timezone(self.event.settings.timezone) availability_date = self.settings.get('_availability_date', as_type=RelativeDateWrapper) if availability_date: if self.event.has_subevents and cart_id: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=CartPosition.objects.filter( cart_id=cart_id, event=self.event).values_list( 'subevent', flat=True)) ]) elif self.event.has_subevents and order: availability_date = min([ availability_date.datetime(se).date() for se in self.event.subevents.filter( id__in=order.positions.values_list('subevent', flat=True)) ]) elif self.event.has_subevents: logger.error('Payment provider is not subevent-ready.') return False else: availability_date = availability_date.datetime( self.event).date() return availability_date >= now_dt.astimezone(tz).date() return True def is_allowed(self, request: HttpRequest) -> bool: """ You can use this method to disable this payment provider for certain groups of users, products or other criteria. If this method returns ``False``, the user will not be able to select this payment method. This will only be called during checkout, not on retrying. The default implementation checks for the _availability_date setting to be either unset or in the future. """ return self._is_still_available(cart_id=request.session.session_key) def payment_form_render(self, request: HttpRequest) -> str: """ When the user selects this provider as his prefered payment method, they will be shown the HTML you return from this method. The default implementation will call :py:meth:`checkout_form` and render the returned form. If your payment method doesn't require the user to fill out form fields, you should just return a paragraph of explanatory text. """ form = self.payment_form(request) template = get_template( 'pretixpresale/event/checkout_payment_form_default.html') ctx = {'request': request, 'form': form} return template.render(ctx) def checkout_confirm_render(self, request) -> str: """ If the user has successfully filled in his payment data, they will be redirected to a confirmation page which lists all details of his order for a final review. This method should return the HTML which should be displayed inside the 'Payment' box on this page. In most cases, this should include a short summary of the user's input and a short explanation on how the payment process will continue. """ raise NotImplementedError() # NOQA def checkout_prepare(self, request: HttpRequest, cart: Dict[str, Any]) -> Union[bool, str]: """ Will be called after the user selects this provider as his payment method. If you provided a form to the user to enter payment data, this method should at least store the user's input into his session. This method should return ``False`` if the user's input was invalid, ``True`` if the input was valid and the frontend should continue with default behaviour or a string containing a URL if the user should be redirected somewhere else. On errors, you should use Django's message framework to display an error message to the user (or the normal form validation error messages). The default implementation stores the input into the form returned by :py:meth:`payment_form` in the user's session. If your payment method requires you to redirect the user to an external provider, this might be the place to do so. .. IMPORTANT:: If this is called, the user has not yet confirmed his or her order. You may NOT do anything which actually moves money. :param cart: This dictionary contains at least the following keys: positions: A list of ``CartPosition`` objects that are annotated with the special attributes ``count`` and ``total`` because multiple objects of the same content are grouped into one. raw: The raw list of ``CartPosition`` objects in the users cart total: The overall total *including* the fee for the payment method. payment_fee: The fee for the payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def payment_is_valid_session(self, request: HttpRequest) -> bool: """ This is called at the time the user tries to place the order. It should return ``True`` if the user's session is valid and all data your payment provider requires in future steps is present. """ raise NotImplementedError() # NOQA def payment_perform(self, request: HttpRequest, order: Order) -> str: """ After the user has confirmed their purchase, this method will be called to complete the payment process. This is the place to actually move the money if applicable. If you need any special behaviour, you can return a string containing the URL the user will be redirected to. If you are done with your process you should return the user to the order's detail page. If the payment is completed, you should call ``pretix.base.services.orders.mark_order_paid(order, provider, info)`` with ``provider`` being your :py:attr:`identifier` and ``info`` being any string you might want to store for later usage. Please note that ``mark_order_paid`` might raise a ``Quota.QuotaExceededException`` if (and only if) the payment term of this order is over and some of the items are sold out. You should use the exception message to display a meaningful error to the user. The default implementation just returns ``None`` and therefore leaves the order unpaid. The user will be redirected to the order's detail page by default. On errors, you should raise a ``PaymentException``. :param order: The order object """ return None def order_pending_mail_render(self, order: Order) -> str: """ After the user has submitted their order, they will receive a confirmation email. You can return a string from this method if you want to add additional information to this email. :param order: The order object """ return "" def order_pending_render(self, request: HttpRequest, order: Order) -> str: """ If the user visits a detail page of an order which has not yet been paid but this payment method was selected during checkout, this method will be called to provide HTML content for the 'payment' box on the page. It should contain instructions on how to continue with the payment process, either in form of text or buttons/links/etc. :param order: The order object """ raise NotImplementedError() # NOQA def order_change_allowed(self, order: Order) -> bool: """ Will be called to check whether it is allowed to change the payment method of an order to this one. The default implementation checks for the _availability_date setting to be either unset or in the future. :param order: The order object """ return self._is_still_available(order=order) def order_can_retry(self, order: Order) -> bool: """ Will be called if the user views the detail page of an unpaid order to determine whether the user should be presented with an option to retry the payment. The default implementation always returns False. If you want to enable retrials for your payment method, the best is to just return ``self._is_still_available()`` from this method to disable it as soon as the method gets disabled or the methods end date is reached. The retry workflow is also used if a user switches to this payment method for an existing order! :param order: The order object """ return False def retry_prepare(self, request: HttpRequest, order: Order) -> Union[bool, str]: """ Deprecated, use order_prepare instead """ raise DeprecationWarning( 'retry_prepare is deprecated, use order_prepare instead') return self.order_prepare(request, order) def order_prepare(self, request: HttpRequest, order: Order) -> Union[bool, str]: """ Will be called if the user retries to pay an unpaid order (after the user filled in e.g. the form returned by :py:meth:`payment_form`) or if the user changes the payment method. It should return and report errors the same way as :py:meth:`checkout_prepare`, but receives an ``Order`` object instead of a cart object. Note: The ``Order`` object given to this method might be different from the version stored in the database as it's total will already contain the payment fee for the new payment method. """ form = self.payment_form(request) if form.is_valid(): for k, v in form.cleaned_data.items(): request.session['payment_%s_%s' % (self.identifier, k)] = v return True else: return False def order_paid_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the user views the detail page of a paid order which is associated with this payment provider. It should return HTML code which should be displayed to the user or None, if there is nothing to say (like the default implementation does). :param order: The order object """ return None def order_control_render(self, request: HttpRequest, order: Order) -> str: """ Will be called if the *event administrator* views the detail page of an order which is associated with this payment provider. It should return HTML code containing information regarding the current payment status and, if applicable, next steps. The default implementation returns the verbose name of the payment provider. :param order: The order object """ return _('Payment provider: %s' % self.verbose_name) def order_control_refund_render(self, order: Order, request: HttpRequest = None) -> str: """ Will be called if the event administrator clicks an order's 'refund' button. This can be used to display information *before* the order is being refunded. It should return HTML code which should be displayed to the user. It should contain information about to which extend the money will be refunded automatically. :param order: The order object :param request: The HTTP request .. versionchanged:: 1.6 The parameter ``request`` has been added. """ return '<div class="alert alert-warning">%s</div>' % _( 'The money can not be automatically refunded, ' 'please transfer the money back manually.') def order_control_refund_perform(self, request: HttpRequest, order: Order) -> Union[bool, str]: """ Will be called if the event administrator confirms the refund. This should transfer the money back (if possible). You can return the URL the user should be redirected to if you need special behaviour or None to continue with default behaviour. On failure, you should use Django's message framework to display an error message to the user. The default implementation sets the Order's state to refunded and shows a success message. :param request: The HTTP request :param order: The order object """ from pretix.base.services.orders import mark_order_refunded mark_order_refunded(order, user=request.user) messages.success( request, _('The order has been marked as refunded. Please transfer the money ' 'back to the buyer manually.'))
def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'stripe', event)
def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'mete', event) self.logger = logging.getLogger("Mete-Provider")
class AdyenMethod(BasePaymentProvider): identifier = '' method = '' def __init__(self, event: Event): super().__init__(event) self.settings = SettingsSandbox('payment', 'adyen', event) @property def test_mode_message(self): if self.settings.test_merchant_account and self.settings.test_api_key: return mark_safe( _('The Adyen plugin is operating in test mode. You can use one of <a {args}>many test ' 'cards</a> to perform a transaction. No money will actually be transferred.' ). format( args= 'href="https://docs.adyen.com/development-resources/test-cards/test-card-numbers" ' 'target="_blank"')) return None @property def settings_form_fields(self): return {} @property def is_enabled(self) -> bool: return self.settings.get( '_enabled', as_type=bool) and self.settings.get( 'method_{}'.format(self.method), as_type=bool) def payment_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_partial_refund_supported(self, payment: OrderPayment) -> bool: return True def payment_prepare(self, request, payment): return self.checkout_prepare(request, None) def checkout_prepare(self, request: HttpRequest, cart: Dict[str, Any]) -> Union[bool, str]: payment_method_data = request.POST.get( '{}-{}'.format('adyen_paymentMethodData', self.method), '') request.session['{}-{}'.format('payment_adyen_paymentMethodData', self.method)] = payment_method_data if payment_method_data == '': messages.warning( request, _('You may need to enable JavaScript for Adyen payments.')) return False return True def payment_is_valid_session(self, request): return request.session.get( '{}-{}'.format('payment_adyen_paymentMethodData', self.method), '') != '' def _amount_to_decimal(self, cents): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return round_decimal(float(cents) / (10**places), self.event.currency) def _decimal_to_int(self, amount): places = settings.CURRENCY_PLACES.get(self.event.currency, 2) return int(amount * 10**places) def _get_amount(self, payment): return self._decimal_to_int(payment.amount) def statement_descriptor(self, payment, length=22): return '{event}-{code} {eventname}'.format( event=self.event.slug.upper(), code=payment.order.code, eventname=re.sub('[^a-zA-Z0-9 ]', '', str(self.event.name)))[:length] @property def api_kwargs(self): kwargs = { 'merchantAccount': self.settings.test_merchant_account if self.event.testmode else self.settings.prod_merchant_account, 'applicationInfo': { 'merchantApplication': { 'name': 'pretix-adyen', 'version': PluginApp.PretixPluginMeta.version, }, 'externalPlatform': { 'name': 'pretix', 'version': __version__, 'integrator': settings.PRETIX_INSTANCE_NAME, } } } return kwargs def _init_api(self, env=None): self.adyen = Adyen.Adyen( app_name='pretix', xapikey=self.settings.test_api_key if self.event.testmode else self.settings.prod_api_key, # API-calls go only to -live in prod - not to -live-au or -live-us like in the frontend. platform=env if env else 'test' if self.event.testmode else 'live', live_endpoint_prefix=self.settings.prod_prefix) def checkout_confirm_render(self, request) -> str: template = get_template('pretix_adyen/checkout_payment_confirm.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self } return template.render(ctx) def payment_can_retry(self, payment): return self._is_still_available(order=payment.order) def _charge_source(self, request, source, payment): pass def payment_pending_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) else: payment_info = None template = get_template('pretix_adyen/pending.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'provider': self, 'order': payment.order, 'payment': payment, 'payment_info': payment_info, 'payment_hash': hashlib.sha1(payment.order.secret.lower().encode()).hexdigest() } return template.render(ctx) def api_payment_details(self, payment: OrderPayment): return { "id": payment.info_data.get("id", None), "payment_method": payment.info_data.get("payment_method", None) } def payment_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if 'amount' in payment_info: payment_info['amount'][ 'value'] /= 10**settings.CURRENCY_PLACES.get( self.event.currency, 2) else: payment_info = None template = get_template('pretix_adyen/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def refund_control_render(self, request, payment) -> str: if payment.info: payment_info = json.loads(payment.info) if 'amount' in payment_info: payment_info['amount'][ 'value'] /= 10**settings.CURRENCY_PLACES.get( self.event.currency, 2) else: payment_info = None template = get_template('pretix_adyen/control.html') ctx = { 'request': request, 'event': self.event, 'settings': self.settings, 'payment_info': payment_info, 'payment': payment, 'method': self.method, 'provider': self, } return template.render(ctx) def execute_refund(self, refund: OrderRefund): self._init_api() payment_info = refund.payment.info_data if not payment_info: raise PaymentException(_('No payment information found.')) rqdata = { 'modificationAmount': { 'value': self._get_amount(refund), 'currency': self.event.currency, }, 'originalReference': payment_info['pspReference'], 'merchantOrderReference': '{event}-{code}'.format(event=self.event.slug.upper(), code=refund.order.code), 'reference': '{event}-{code}-R-{payment}'.format(event=self.event.slug.upper(), code=refund.order.code, payment=refund.local_id), 'shopperStatement': self.statement_descriptor(refund), 'captureDelayHours': 0, **self.api_kwargs } try: result = self.adyen.payment.refund(rqdata) except AdyenError as e: logger.exception('AdyenError: %s' % str(e)) return refund.info = json.dumps(result.message) refund.state = OrderRefund.REFUND_STATE_TRANSIT refund.save() refund.order.log_action('pretix.event.order.refund.created', { 'local_id': refund.local_id, 'provider': refund.provider, }) def _get_originKey(self, env): originkeyenv = 'originkey_{}'.format(env) if not self.settings[originkeyenv]: self._init_api(env) origin_domains = {'originDomains': [settings.SITE_URL]} try: result = self.adyen.checkout.origin_keys(origin_domains) self.settings[originkeyenv] = result.message['originKeys'][ settings.SITE_URL] except AdyenError as e: logger.exception('AdyenError: %s' % str(e)) return self.settings.get(originkeyenv, '') def execute_payment(self, request: HttpRequest, payment: OrderPayment): self._init_api() try: payment_method_data = json.loads(request.session['{}-{}'.format( 'payment_adyen_paymentMethodData', self.method)]) rqdata = { 'amount': { 'value': self._get_amount(payment), 'currency': self.event.currency, }, 'merchantOrderReference': '{event}-{code}'.format(event=self.event.slug.upper(), code=payment.order.code), 'reference': '{event}-{code}-P-{payment}'.format( event=self.event.slug.upper(), code=payment.order.code, payment=payment.local_id), 'shopperStatement': self.statement_descriptor(payment), 'paymentMethod': payment_method_data['paymentMethod'], 'returnUrl': build_absolute_uri( self.event, 'plugins:pretix_adyen:return', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), }), 'channel': 'Web', 'origin': settings.SITE_URL, 'captureDelayHours': 0, 'shopperInteraction': 'Ecommerce', **self.api_kwargs } if self.method == "scheme": rqdata['additionalData'] = {'allow3DS2': 'true'} rqdata['browserInfo'] = payment_method_data['browserInfo'] # Since we do not have the IP-address of the customer, we cannot pass rqdata['shopperIP']. try: result = self.adyen.checkout.payments(rqdata) except AdyenError as e: logger.exception('Adyen error: %s' % str(e)) payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.info = json.dumps({ 'refusalReason': json.loads(e.raw_response or {}).get('message', '') }) payment.save() payment.order.log_action( 'pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider, 'message': json.loads(e.raw_response or {}).get('message', '') }) raise PaymentException( _('We had trouble communicating with Adyen. Please try again and get in touch ' 'with us if this problem persists.')) if 'action' in result.message: payment.info = json.dumps(result.message) payment.state = OrderPayment.PAYMENT_STATE_CREATED payment.save() payment.order.log_action('pretix.event.order.payment.started', { 'local_id': payment.local_id, 'provider': payment.provider }) return build_absolute_uri( self.event, 'plugins:pretix_adyen:sca', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), }) else: payment.info = json.dumps(result.message) payment.save() self._handle_resultcode(payment) finally: del request.session['{}-{}'.format( 'payment_adyen_paymentMethodData', self.method)] def _handle_resultcode(self, payment: OrderPayment): payment_info = json.loads(payment.info) if payment_info['resultCode'] in [ 'AuthenticationFinished', 'ChallengeShopper', 'IdentifyShopper', 'PresentToShopper', 'Received', 'RedirectShopper', ]: # At this point, the payment has already been created - so no need to set the status or log it again # payment.state = OrderPayment.PAYMENT_STATE_CREATED pass elif payment_info['resultCode'] in ['Error', 'Refused']: payment.state = OrderPayment.PAYMENT_STATE_FAILED payment.save(update_fields=['state']) payment.order.log_action('pretix.event.order.payment.failed', { 'local_id': payment.local_id, 'provider': payment.provider }) elif payment_info['resultCode'] == 'Cancelled': payment.state = OrderPayment.PAYMENT_STATE_CANCELED payment.save(update_fields=['state']) payment.order.log_action('pretix.event.order.payment.canceled', { 'local_id': payment.local_id, 'provider': payment.provider }) elif payment_info['resultCode'] == 'Pending': payment.state = OrderPayment.PAYMENT_STATE_PENDING payment.save(update_fields=['state']) # Nothing we can log here... elif payment_info['resultCode'] == 'Authorised': payment.confirm() return payment.state def _handle_action(self, request: HttpRequest, payment: OrderPayment, statedata=None, payload=None, md=None, pares=None): self._init_api() payment_info = json.loads(payment.info) try: if statedata: result = self.adyen.checkout.payments_details( json.loads(statedata)) elif payload: result = self.adyen.checkout.payments_details({ 'paymentData': payment_info['paymentData'], 'details': { 'payload': payload, }, }) elif md and pares: result = self.adyen.checkout.payments_details({ 'paymentData': payment_info['paymentData'], 'details': { 'MD': md, 'PaRes': pares, }, }) else: messages.error( request, _('Sorry, there was an error in the payment process.')) return eventreverse(self.event, 'presale:event.order', kwargs={ 'order': payment.order.code, 'secret': payment.order.secret }) except AdyenError as e: logger.exception('AdyenError: %s' % str(e)) messages.error( request, _('Sorry, there was an error in the payment process.')) return eventreverse(self.event, 'presale:event.order', kwargs={ 'order': payment.order.code, 'secret': payment.order.secret }) payment.info = json.dumps(result.message) payment.save(update_fields=['info']) if 'action' in result.message: return build_absolute_uri( self.event, 'plugins:pretix_adyen:sca', kwargs={ 'order': payment.order.code, 'payment': payment.pk, 'hash': hashlib.sha1( payment.order.secret.lower().encode()).hexdigest(), }) else: state = self._handle_resultcode(payment) return eventreverse(self.event, 'presale:event.order', kwargs={ 'order': payment.order.code, 'secret': payment.order.secret }) + ('?paid=yes' if state in [ OrderPayment.PAYMENT_STATE_CONFIRMED, OrderPayment.PAYMENT_STATE_PENDING ] else '') def is_allowed(self, request: HttpRequest, total: Decimal = None) -> bool: global_allowed = super().is_allowed(request, total) if request.event.testmode: local_allowed = request.event.settings.payment_adyen_test_merchant_account \ and request.event.settings.payment_adyen_test_api_key \ and request.event.settings.payment_adyen_test_hmac_key else: local_allowed = request.event.settings.payment_adyen_prod_merchant_account \ and request.event.settings.payment_adyen_prod_api_key \ and request.event.settings.payment_adyen_prod_hmac_key \ and request.event.settings.payment_adyen_prod_prefix if global_allowed and local_allowed: self._init_api() def get_invoice_address(): if not hasattr(request, '_checkout_flow_invoice_address'): cs = cart_session(request) iapk = cs.get('invoice_address') if not iapk: request._checkout_flow_invoice_address = InvoiceAddress( ) else: try: request._checkout_flow_invoice_address = InvoiceAddress.objects.get( pk=iapk, order__isnull=True) except InvoiceAddress.DoesNotExist: request._checkout_flow_invoice_address = InvoiceAddress( ) return request._checkout_flow_invoice_address rqdata = { 'amount': { 'value': self._decimal_to_int(total), 'currency': self.event.currency }, 'channel': 'Web', **self.api_kwargs } ia = get_invoice_address() if ia.country: rqdata['countryCode'] = str(ia.country) try: response = self.adyen.checkout.payment_methods(rqdata) if any( d.get('type', None) == self.method for d in response.message['paymentMethods']): self.payment_methods = json.dumps(response.message) return True except AdyenError as e: logger.exception('AdyenError: %s' % str(e)) return False return False def payment_form_render(self, request, total) -> str: template = get_template('pretix_adyen/checkout_payment_form.html') if not hasattr(self, 'payment_methods'): self.is_allowed(request, total) ctx = { 'method': self.method, 'paymentMethodsResponse': self.payment_methods, } return template.render(ctx)