예제 #1
0
def add_to_cart(product_id, quantity):
    cart = Cart.get_current()
    cart.add_product(product_id, quantity)
    response = make_response()
    response.set_cookie('cart', cart.jsonified_data)
    flash("Add succeeded!", 'success')
    return response
예제 #2
0
def remove_from_cart(product_id):
    cart = Cart.get_current()
    cart.remove_product(product_id)
    response = make_response()
    response.set_cookie('cart', cart.jsonified_data)

    flash("Remove succeeded!", 'success')
    return response
예제 #3
0
def show_cart():
    # if request.session.user is None:
    #     return redirect(url_for('home.login', next=request.url))
    cart = Cart.get_current()
    products = cart.products

    if request.method == 'POST':
        pass
    return render_template('sites/shop/cart.html', products=products, cart=cart)
예제 #4
0
def checkout():
    cart = Cart.get_current()
    oi = cart
    oi.data['total'] = cart.sum_value
    oi = oi.jsonified_data
    merchant_publickey = get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['public_key']
    paymentgateway_publickey = get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key']

    products = cart.products
    return render_template('sites/shop/checkout.html', products=products, cart=cart, oi=oi, kum=merchant_publickey, kupg=paymentgateway_publickey)
예제 #5
0
def password():
    data = request.form.to_dict()
    # Fetch Data
    k6_encrypted_kum = data.get('k6_encrypted_kum')
    k6_encrypted_kupg = data.get('k6_encrypted_kupg')
    iv6 = data.get('iv6')
    authdata_and_hashed_k6encrypted = data.get('authdata_and_hashed_k6encrypted')
    pwd_kuisencrypted_and_hashed_k6encrypted = data.get('pwd_kuisencrypted_and_hashed_k6encrypted')
    bank_name = data.get('bank_name', None)

    # Decrypt K6
    krm = RSA.importKey(get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['private_key'])
    k6 = merchant_decrypt_k1(k6_encrypted_kum)

    # Decrypt Authdata
    authdata_and_hashed = decrypt_aes(k6, iv6, authdata_and_hashed_k6encrypted)
    authdata = authdata_and_hashed[:-32]
    hashed = authdata_and_hashed[len(authdata):]

    # Hash authdata
    authdata_hashed = SHA256.new(authdata).hexdigest()
    authdata_hashed = bytes.fromhex(authdata_hashed)

    if not authdata_hashed == hashed:
        msg = ErrorMessages.MISMATCH_DIGEST
        return make_response(json({'status': 'NO', 'message': msg}))

    # Encrypt AuthData with k7
    k7 = Random.get_random_bytes(16)
    authdata_encrypted_k7 = encrypt_aes(k7, authdata.decode())

    # Encrypt K7 with Kupg
    kupg = RSA.importKey(get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key'])
    k7_encrypted_kupg = encrypt_rsa(kupg, k7)

    # Sign authdata_encrypted_k7 with Krm
    authdata_signature = sign_message(krm, authdata)

    # Base64 Encode
    b64_pwd_kuisencrypted_and_hashed_k6encrypted = base64.b64encode(pwd_kuisencrypted_and_hashed_k6encrypted.encode())
    b64_k7_encrypted_kupg = base64.b64encode(k7_encrypted_kupg)
    b64_authdata_signature = base64.b64encode(authdata_signature)
    b64_authdata_encrypted_k7 = base64.b64encode(authdata_encrypted_k7)
    b64_k6_encrypted_kupg = base64.b64encode(k6_encrypted_kupg.encode())
    b64_iv6 = base64.b64encode(iv6.encode())

    gateway_response = requests.post(Api.SEND_GATEWAY_PASSWORD,
                                     data={
                                         'b64_pwd_kuisencrypted_and_hashed_k6encrypted': b64_pwd_kuisencrypted_and_hashed_k6encrypted.decode(),
                                         'b64_k7_encrypted_kupg': b64_k7_encrypted_kupg,
                                         'b64_authdata_signature': b64_authdata_signature,
                                         'b64_authdata_encrypted_k7': b64_authdata_encrypted_k7,
                                         'b64_k6_encrypted_kupg': b64_k6_encrypted_kupg,
                                         'b64_iv6': b64_iv6,
                                         'session_id': request.cookies.get(SESSION_KEY),
                                         'bank_name': bank_name})

    if gateway_response.status_code != 200:
        msg = ErrorMessages.FAILED_CONNECT_GATEWAY
        return make_response(json({'status': 'NO', 'message': msg}))

    gateway_response = gateway_response.json()['data']

    if gateway_response.get('status') != 'YES':
        msg = ErrorMessages.TRANSACTION_FAILED
        return make_response(json({'status': 'NO', 'message': msg}))

    # Fetch Data
    b64_payment_response_encrypted = gateway_response.get('b64_payment_response_encrypted')
    b64_k8_encrypted_kum = gateway_response.get('b64_k8_encrypted_kum')
    b64_payment_response_signature = gateway_response.get('b64_payment_response_signature')

    # Decode base64
    payment_response_encrypted = base64.b64decode(b64_payment_response_encrypted)
    k8_encrypted_kum = base64.b64decode(b64_k8_encrypted_kum)
    payment_response_signature = base64.b64decode(b64_payment_response_signature)

    # Decrypt K8_KUM
    k8 = decrypt_rsa(krm, k8_encrypted_kum)

    # Decrypt payment_response_encrypted
    payment_response = AESCipher(k8).decrypt(payment_response_encrypted)

    if verify_rsa(kupg, payment_response, payment_response_signature):
        if payment_response.decode() == Messages.TRANSACTION_VERIFIED:
            cart = Cart.get_current()
            products = cart.products
            msg = render_template('mail_order.html', products=products, cart=cart)
            user = request.session.user
            from app import mail

            message = Message(subject="Mua Hàng Thành Công",
                              html=msg,
                              sender=("Anh Thu Shop", "*****@*****.**"),
                              recipients=[user.email])
            mail.send(message)
            cart = Cart.get_current()
            cart.data = {}
            response = make_response(json(
                {'status': 'YES', 'payment_response': payment_response.decode(), 'url': url_for('home.index')}))
            response.set_cookie('cart', cart.jsonified_data)
            return response
        elif payment_response.decode() == ErrorMessages.NOT_ENOUGH_MONEY:
            msg = ErrorMessages.NOT_ENOUGH_MONEY
        else:
            msg = ErrorMessages.FAILED_VERIFY_TRANSACTION
        return make_response(json({'status': 'NO', 'message': msg}))