def test_hash(self): """ Tests the hash function. Basically just hardcodes the answer. """ self.assertEqual(processor_hash('test'), 'GqNJWF7X7L07nEhqMAZ+OVyks1Y=') self.assertEqual(processor_hash('edx '), '/KowheysqM2PFYuxVKg0P8Flfk4=')
def _is_signature_valid(post_params): """ Return a bool indicating whether the client sent us a valid signature in the payment page request. """ # Calculate the fields signature fields_sig = processor_hash(post_params.get('orderPage_signedFields')) # Retrieve the list of signed fields signed_fields = post_params.get('orderPage_signedFields').split(',') # Calculate the public signature hash_val = ",".join([ "{0}={1}".format(key, post_params[key]) for key in signed_fields ]) + ",signedFieldsPublicSignature={0}".format(fields_sig) public_sig = processor_hash(hash_val) return public_sig == post_params.get('orderPage_signaturePublic')
def response_post_params(cls, post_params): """ Calculate the POST params we want to send back to the client. """ resp_params = { # Indicate whether the payment was successful "decision": "ACCEPT" if cls.PAYMENT_STATUS_RESPONSE == "success" else "REJECT", # Reflect back whatever the client sent us, # defaulting to `None` if a paramter wasn't received "course_id": post_params.get('course_id'), "orderAmount": post_params.get('amount'), "ccAuthReply_amount": post_params.get('amount'), "orderPage_transactionType": post_params.get('orderPage_transactionType'), "orderPage_serialNumber": post_params.get('orderPage_serialNumber'), "orderNumber": post_params.get('orderNumber'), "orderCurrency": post_params.get('currency'), "match": post_params.get('match'), "merchantID": post_params.get('merchantID'), # Send fake user data "billTo_firstName": "John", "billTo_lastName": "Doe", "billTo_street1": "123 Fake Street", "billTo_state": "MA", "billTo_city": "Boston", "billTo_postalCode": "02134", "billTo_country": "us", # Send fake data for other fields "card_cardType": "001", "card_accountNumber": "############1111", "card_expirationMonth": "08", "card_expirationYear": "2019", "paymentOption": "card", "orderPage_environment": "TEST", "orderPage_requestToken": "unused", "reconciliationID": "39093601YKVO1I5D", "ccAuthReply_authorizationCode": "888888", "ccAuthReply_avsCodeRaw": "I1", "reasonCode": "100", "requestID": "3777139938170178147615", "ccAuthReply_reasonCode": "100", "ccAuthReply_authorizedDateTime": "2013-08-28T181954Z", "ccAuthReply_processorResponse": "100", "ccAuthReply_avsCode": "X", # We don't use these signatures "transactionSignature": "unused=", "decision_publicSignature": "unused=", "orderAmount_publicSignature": "unused=", "orderNumber_publicSignature": "unused=", "orderCurrency_publicSignature": "unused=", } # Indicate which fields we are including in the signature # Order is important signed_fields = [ 'billTo_lastName', 'orderAmount', 'course_id', 'billTo_street1', 'card_accountNumber', 'orderAmount_publicSignature', 'orderPage_serialNumber', 'orderCurrency', 'reconciliationID', 'decision', 'ccAuthReply_processorResponse', 'billTo_state', 'billTo_firstName', 'card_expirationYear', 'billTo_city', 'billTo_postalCode', 'orderPage_requestToken', 'ccAuthReply_amount', 'orderCurrency_publicSignature', 'orderPage_transactionType', 'ccAuthReply_authorizationCode', 'decision_publicSignature', 'match', 'ccAuthReply_avsCodeRaw', 'paymentOption', 'billTo_country', 'reasonCode', 'ccAuthReply_reasonCode', 'orderPage_environment', 'card_expirationMonth', 'merchantID', 'orderNumber_publicSignature', 'requestID', 'orderNumber', 'ccAuthReply_authorizedDateTime', 'card_cardType', 'ccAuthReply_avsCode' ] # Add the list of signed fields resp_params['signedFields'] = ",".join(signed_fields) # Calculate the fields signature signed_fields_sig = processor_hash(resp_params['signedFields']) # Calculate the public signature hash_val = ",".join([ "{0}={1}".format(key, resp_params[key]) for key in signed_fields ]) + ",signedFieldsPublicSignature={0}".format(signed_fields_sig) resp_params['signedDataPublicSignature'] = processor_hash(hash_val) return resp_params