def view(self, id):
payment = Payment.find_by_id(id, abort_404=True)
c.person = payment.invoice.person
if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id), h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.is_organiser = False
if h.auth.authorized(h.auth.has_organiser_role):
c.is_organiser = True
c.payment = PaymentReceived.find_by_payment(payment.id)
c.validation_errors = []
if c.payment is not None and c.payment.validation_errors is not None and len(c.payment.validation_errors) > 0:
c.validation_errors = c.payment.validation_errors.split(';')
same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
same_email = PaymentReceived.find_by_email(c.person.email_address)
if c.payment is not None:
same_invoice = same_invoice.filter("payment_id <> " + str(payment.id))
same_email = same_email.filter("payment_id <> " + str(payment.id))
c.related_payments = same_invoice.union(same_email)
return render('/payment/view.mako')
def view(self, id):
payment = Payment.find_by_id(id, abort_404=True)
c.person = payment.invoice.person
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.is_organiser = False
if h.auth.authorized(h.auth.has_organiser_role):
c.is_organiser = True
c.payment = PaymentReceived.find_by_payment(payment.id)
c.validation_errors = []
if c.payment is not None and c.payment.validation_errors is not None and len(
c.payment.validation_errors) > 0:
c.validation_errors = c.payment.validation_errors.split(';')
same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
same_email = PaymentReceived.find_by_email(c.person.email_address)
if c.payment is not None:
same_invoice = same_invoice.filter("payment_id <> " +
str(payment.id))
same_email = same_email.filter("payment_id <> " + str(payment.id))
c.related_payments = same_invoice.union(same_email)
return render('/payment/view.mako')
def new_manual(self, id):
c.payment = Payment.find_by_id(id)
payment = None
c.person = c.payment.invoice.person
defaults = {
'payment.approved': 1,
'payment.email_address': c.person.email_address,
'payment.success_code': 'Received',
'payment.amount_paid': c.payment.amount,
'payment.currency_used': 'AUD',
}
form = render('/payment/new.mako')
return htmlfill.render(form, defaults)
def new_manual(self, id):
c.payment = Payment.find_by_id(id)
payment = None
c.person = c.payment.invoice.person
defaults = {
'payment.approved': 1,
'payment.email_address': c.person.email_address,
'payment.success_code': 'Received',
'payment.amount_paid': c.payment.amount,
'payment.currency_used': 'AUD',
}
form = render('/payment/new.mako')
return htmlfill.render(form, defaults)
def _new_manual(self, id):
"""Create a new payment."""
results = self.form_result['payment']
# Check whether a payment has already been received for this payment object
payment = Payment.find_by_id(id)
received = PaymentReceived.find_by_payment(payment.id)
if received is not None:
print "WTF"
# Ignore repeat payment
return redirect_to(action='view', id=payment.id)
client_ip = request.environ['REMOTE_ADDR']
if 'HTTP_X_FORWARDED_FOR' in request.environ:
client_ip = request.environ['HTTP_X_FORWARDED_FOR']
results[
'response_text'] = 'Manual payment processed by ' + h.signed_in_person(
).fullname()
results['client_ip_zookeepr'] = client_ip
results['client_ip_gateway'] = client_ip
results['payment'] = payment
c.payment_received = PaymentReceived(**results)
c.payment_received.email_address.lower()
if results['approved'] == 1:
setattr(c.payment_received, 'approved', True)
else:
setattr(c.payment_received, 'approved', False)
setattr(c.payment_received, 'validation_errors', '')
setattr(c.payment_received, 'invoice', payment.invoice)
meta.Session.add(c.payment_received)
meta.Session.commit()
return redirect_to(action='view', id=payment.id)
def _new_manual(self, id):
"""Create a new payment."""
results = self.form_result['payment']
# Check whether a payment has already been received for this payment object
payment = Payment.find_by_id(id)
received = PaymentReceived.find_by_payment(payment.id)
if received is not None:
print "WTF"
# Ignore repeat payment
return redirect_to(action='view', id=payment.id)
client_ip = request.environ['REMOTE_ADDR']
if 'HTTP_X_FORWARDED_FOR' in request.environ:
client_ip = request.environ['HTTP_X_FORWARDED_FOR']
results['response_text'] = 'Manual payment processed by ' + h.signed_in_person().fullname()
results['client_ip_zookeepr'] = client_ip
results['client_ip_gateway'] = client_ip
results['payment'] = payment
c.payment_received = PaymentReceived(**results)
c.payment_received.email_address.lower()
if results['approved'] == 1:
setattr(c.payment_received, 'approved', True)
else:
setattr(c.payment_received, 'approved', False)
setattr(c.payment_received, 'validation_errors', '')
setattr(c.payment_received, 'invoice', payment.invoice)
meta.Session.add(c.payment_received)
meta.Session.commit()
return redirect_to(action='view', id=payment.id)
def _to_python(self, value, state):
payment = Payment.find_by_id(int(value), abort_404=False)
if payment is None:
raise Payment("Unknown payment ID.", value, state)
else:
return payment
class PaymentController(BaseController):
"""This controller receives payment advice from the payment gateway.
the url /payment/new receives the advice
"""
@authorize(h.auth.has_organiser_role)
def index(self):
c.payment_collection = Payment.find_all()
return render('/payment/list.mako')
@authorize(h.auth.is_valid_user)
def view(self, id):
payment = Payment.find_by_id(id, abort_404=True)
c.person = payment.invoice.person
if not h.auth.authorized(
h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id),
h.auth.has_organiser_role)):
# Raise a no_auth error
h.auth.no_role()
c.is_organiser = False
if h.auth.authorized(h.auth.has_organiser_role):
c.is_organiser = True
c.payment = PaymentReceived.find_by_payment(payment.id)
c.validation_errors = []
if c.payment is not None and c.payment.validation_errors is not None and len(
c.payment.validation_errors) > 0:
c.validation_errors = c.payment.validation_errors.split(';')
same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
same_email = PaymentReceived.find_by_email(c.person.email_address)
if c.payment is not None:
same_invoice = same_invoice.filter("payment_id <> " +
str(payment.id))
same_email = same_email.filter("payment_id <> " + str(payment.id))
c.related_payments = same_invoice.union(same_email)
return render('/payment/view.mako')
# No authentication because it's called directly by the payment gateway
def new(self):
schema = SecurePayPingSchema()
try:
form_result = schema.to_python(request.params)
except validators.Invalid, error:
return 'Invalid: %s' % error
payment = None
c.person = None
fields = form_result
c.response = {
'payment_id': fields['payment_id'],
'invoice_id': fields['invoice_id'],
'success_code': fields['summary_code'],
'amount_paid': fields['response_amount'],
'currency_used': fields['currency'],
'card_name': fields['card_name'],
'card_type': fields['card_type'],
'card_number': fields['card_number'],
'card_expiry': fields['card_number'],
'card_mac': fields['card_mac'],
'auth_code': fields['response_code'],
'gateway_ref': fields['bank_reference'],
'response_text': fields['response_text'],
'client_ip_gateway': fields['remote_ip'],
'client_ip_zookeepr': request.environ.get('REMOTE_ADDR'),
'email_address': fields['receipt_address']
}
if 'Approved' in c.response['response_text']:
c.response['approved'] = True
else:
c.response['approved'] = False
validation_errors = []
if c.response is None:
abort(500, ''.join(validation_errors))
else:
# Make sure the same browser created the zookeepr payment object and paid by credit card
#if c.response['client_ip_gateway'] != c.response['client_ip_zookeepr']:
#validation_errors.append('Mismatch in IP addresses: zookeepr=' + c.response['client_ip_zookeepr'] + ' gateway=' + c.response['client_ip_gateway'])
# Get the payment object associated with this transaction
payment = Payment.find_by_id(c.response['payment_id'])
if payment is None:
validation_errors.append(
'Invalid payment ID from the payment gateway')
else:
c.person = payment.invoice.person
# Check whether a payment has already been received for this payment object
received = PaymentReceived.find_by_payment(payment.id)
if received is not None:
# Ignore repeat payment
return redirect_to(action='view', id=payment.id)
# Extra validation
if c.response['amount_paid'] != payment.amount:
validation_errors.append(
'Mismatch between amounts paid and invoiced')
if c.response['invoice_id'] != payment.invoice.id:
validation_errors.append(
'Mismatch between returned invoice ID and payment object')
#if c.response['email_address'] != pxpay.munge_email(payment.invoice.person.email_address):
# validation_errors.append('Mismatch between returned email address and invoice object')
if not c.person.is_from_common_country():
validation_errors.append('Uncommon country: ' +
c.person.country)
c.pr = PaymentReceived(**c.response)
c.pr.validation_errors = ';'.join(validation_errors)
meta.Session.add(c.pr)
meta.Session.commit()
if len(validation_errors) > 0 and c.response['approved']:
# Suspiciously approved transaction which needs to be checked manually
email(lca_info['contact_email'],
render('/payment/suspicious_payment.mako'))
if c.person is not None:
email(c.person.email_address, render('/payment/response.mako'))
# OK we now have a valid transaction, we redirect the user to the view page
# so they can see if their transaction was accepted or declined
return redirect_to(action='view', id=payment.id)
def _to_python(self, value, state):
payment = Payment.find_by_id(int(value), abort_404=False)
if payment is None:
raise Payment("Unknown payment ID.", value, state)
else:
return payment