def test_with_govuk_pay_erroring_when_refreshing(self, requests_mock):
"""
Test that if GOV.UK Pay cancels the payment but errors when
refreshing the session, the session object is not updated
(but the GOV.UK payment is still cancelled).
This is okay as the session object will get refreshed at the next
opportunity.
"""
session = PaymentGatewaySessionFactory()
original_session_status = session.status
requests_mock.post(
govuk_url(f'payments/{session.govuk_payment_id}/cancel'),
status_code=204,
)
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=500,
)
with pytest.raises(GOVUKPayAPIException):
session.cancel()
session.refresh_from_db()
assert session.status == original_session_status
assert requests_mock.call_count == 2
def test_create_first_session(self, requests_mock, public_omis_api_client):
"""
Test a successful call to create a payment gateway session.
This starts a GOV.UK payment and creates an OMIS payment gateway session
object tracking it.
"""
# mock GOV.UK response
govuk_payment_id = '123abc123abc123abc123abc12'
next_url = 'https://payment.example.com/123abc'
json_response = {
'state': {'status': 'created', 'finished': False},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': next_url,
'method': 'GET',
},
},
}
requests_mock.post(
govuk_url('payments'), # create payment
status_code=201,
json=json_response,
)
requests_mock.get(
govuk_url(f'payments/{govuk_payment_id}'), # get payment
status_code=200,
json=json_response,
)
assert PaymentGatewaySession.objects.count() == 0
# make API call
order = OrderWithAcceptedQuoteFactory()
url = reverse(
'api-v3:public-omis:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
response = public_omis_api_client.post(url, json_={})
assert response.status_code == status.HTTP_201_CREATED
# check payment gateway session record created
assert PaymentGatewaySession.objects.count() == 1
session = PaymentGatewaySession.objects.first()
assert session.govuk_payment_id == govuk_payment_id
assert session.status == PaymentGatewaySessionStatus.CREATED
# check API response
assert response.json() == {
'id': str(session.id),
'created_on': format_date_or_datetime(session.created_on),
'status': PaymentGatewaySessionStatus.CREATED,
'payment_url': next_url,
}
def test_429_if_too_many_requests_made(
self,
local_memory_cache,
requests_mock,
monkeypatch,
public_omis_api_client,
):
"""Test that the throttling for the create endpoint works if its rate is set."""
monkeypatch.setitem(
settings.REST_FRAMEWORK['DEFAULT_THROTTLE_RATES'],
'payment_gateway_session.create',
'3/sec',
)
# mock GOV.UK response
govuk_payment_id = '123abc123abc123abc123abc12'
json_response = {
'state': {'status': 'created', 'finished': False},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': 'https://payment.example.com/123abc',
'method': 'GET',
},
},
}
requests_mock.post(
govuk_url('payments'), # create payment
status_code=201,
json=json_response,
)
requests_mock.get(
govuk_url(f'payments/{govuk_payment_id}'), # get payment
status_code=200,
json=json_response,
)
requests_mock.post(
govuk_url(f'payments/{govuk_payment_id}/cancel'), # cancel payment
status_code=204,
)
order = OrderWithAcceptedQuoteFactory()
url = reverse(
'api-v3:public-omis:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
# the 4th time it should error
for _ in range(3):
response = public_omis_api_client.post(url, json_={})
assert response.status_code == status.HTTP_201_CREATED
response = public_omis_api_client.post(url, json_={})
assert response.status_code == status.HTTP_429_TOO_MANY_REQUESTS
def test_500_if_govuk_pay_errors_when_cancelling(self, govuk_status_code,
requests_mock):
"""
Test that if GOV.UK Pay errors whilst cancelling some other ongoing
sessions/payments, the endpoint returns 500 to keep the system consistent.
Possible GOV.UK errors when cancelling:
- 400 - BAD REQUEST
- 401 - UNAUTHORIZED
- 404 - NOT FOUND
- 409 - CONFLICT
- 500 - INTERNAL SERVER ERROR
In all these cases we return 500 as all those GOV.UK errors are unexpected.
"""
order = OrderWithAcceptedQuoteFactory()
existing_session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.created,
)
# mock GOV.UK requests used to
# - refresh the existing payment gateway session
# - cancel the GOV.UK payment
requests_mock.get(
govuk_url(f'payments/{existing_session.govuk_payment_id}'),
status_code=200,
json={
'state': {
'status': existing_session.status
},
},
)
requests_mock.post(
govuk_url(f'payments/{existing_session.govuk_payment_id}/cancel'),
status_code=govuk_status_code,
)
# make API call
assert PaymentGatewaySession.objects.count() == 1
url = reverse(
'api-v3:omis-public:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.post(url)
assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
# check no session created
assert PaymentGatewaySession.objects.count() == 1
def test_atomicity_when_order_save_errors(self, requests_mock):
"""
Test that if the order.mark_as_paid() call fails, non of the changes persists.
"""
session = PaymentGatewaySessionFactory()
original_session_status = session.status
url = govuk_url(f'payments/{session.govuk_payment_id}')
requests_mock.get(
url,
status_code=200,
json={
'state': {
'status': 'success'
},
},
)
session.order.mark_as_paid = mock.MagicMock(side_effect=Exception())
with pytest.raises(Exception):
session.refresh_from_govuk_payment()
session.refresh_from_db()
assert session.status == original_session_status
assert requests_mock.call_count == 1
def test_with_different_govuk_payment_status_updates_session(
self,
govuk_status,
payment_url,
requests_mock,
):
"""
Test that if the GOV.UK payment status is not the same as the payment gateway session one,
the record is updated.
"""
# choose an initial status != from the govuk one to test the update
initial_status = PaymentGatewaySessionStatus.created
if initial_status == govuk_status:
initial_status = PaymentGatewaySessionStatus.started
session = PaymentGatewaySessionFactory(status=initial_status)
# mock GOV.UK call used to get the existing session
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=200,
json={
'state': {
'status': govuk_status
},
'payment_id': session.govuk_payment_id,
'_links': {
'next_url': None if not payment_url else {
'href': payment_url
},
},
},
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:detail',
kwargs={
'public_token': session.order.public_token,
'pk': session.id
},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
# refresh record
session.refresh_from_db()
assert session.status == govuk_status
# check API response
assert response.json() == {
'id': str(session.id),
'created_on': format_date_or_datetime(session.created_on),
'status': govuk_status,
'payment_url': payment_url,
}
def test_exception_if_govuk_pay_errors_when_creating(
self, govuk_status_code, requests_mock,
):
"""
Test that if GOV.UK Pay errors whilst creating a new payment, the method raises
GOVUKPayAPIException.
Possible GOV.UK Pay errors:
- 400 - BAD REQUEST
- 401 - UNAUTHORIZED
- 422 - UNPROCESSABLE ENTITY
- 500 - INTERNAL SERVER ERROR
"""
requests_mock.post(
govuk_url('payments'),
status_code=govuk_status_code,
)
assert PaymentGatewaySession.objects.count() == 0
order = OrderWithAcceptedQuoteFactory()
with pytest.raises(GOVUKPayAPIException):
PaymentGatewaySession.objects.create_from_order(order)
assert PaymentGatewaySession.objects.count() == 0
def test_with_different_govuk_payment_status_updates_session(
self, status, requests_mock):
"""
Test that if the GOV.UK payment status is not the same as the payment gateway session one,
the record is updated.
"""
# choose an initial status != from the govuk one to test the update
initial_status = PaymentGatewaySessionStatus.created
if initial_status == status:
initial_status = PaymentGatewaySessionStatus.started
session = PaymentGatewaySessionFactory(status=initial_status)
url = govuk_url(f'payments/{session.govuk_payment_id}')
requests_mock.get(
url,
status_code=200,
json={
'state': {
'status': status
},
},
)
assert session.refresh_from_govuk_payment()
session.refresh_from_db()
assert session.status == status
assert requests_mock.call_count == 1
def test_with_value(self, requests_mock):
"""
Test the value returned when the GOV.UK Pay response data includes next_url.
"""
govuk_payment_id = '123abc123abc123abc123abc12'
next_url = 'https://payment.example.com/123abc'
requests_mock.get(
govuk_url(f'payments/{govuk_payment_id}'),
status_code=200,
json={
'state': {
'status': 'started',
'finished': False
},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': next_url,
'method': 'GET',
},
},
},
)
session = PaymentGatewaySession(govuk_payment_id=govuk_payment_id)
assert session.get_payment_url() == next_url
def test_500_if_govuk_pay_errors(self, govuk_status_code, requests_mock):
"""
Test that if GOV.UK Pay errors whilst getting a payment, the endpoint returns 500.
Possible GOV.UK errors:
- 401 - UNAUTHORIZED
- 404 - NOT FOUND
- 500 - INTERNAL SERVER ERROR
"""
order = OrderWithAcceptedQuoteFactory()
session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.created,
)
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=govuk_status_code,
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:detail',
kwargs={
'public_token': order.public_token,
'pk': session.id
},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.get(url)
assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
def test_with_unchanged_govuk_payment_status_doesnt_change_anything(
self,
status,
requests_mock,
):
"""
Test that if the GOV.UK payment status is the same as the payment gateway session one,
(meaning that the payment gateway session is up-to-date), the record is not changed.
"""
session = PaymentGatewaySession(status=status)
url = govuk_url(f'payments/{session.govuk_payment_id}')
requests_mock.get(
url,
status_code=200,
json={
'state': {
'status': status,
'finished': False
},
},
)
assert not session.refresh_from_govuk_payment()
assert session.status == status
assert Payment.objects.count() == 0
assert requests_mock.call_count == 1
def test_one_failed_refresh_doesnt_stop_others(self, requests_mock):
"""
Test that if one refresh fails, the other ones are still carried on
and committed to the databasea.
In this example, pay-1 and pay-3 should get refreshed whilst pay-2
errors and shouldn't get refreshed.
"""
# mock calls to GOV.UK Pay
govuk_payment_ids = ['pay-1', 'pay-2', 'pay-3']
requests_mock.get(
govuk_url(f'payments/{govuk_payment_ids[0]}'),
status_code=200,
json={'state': {
'status': 'failed'
}},
)
requests_mock.get(
govuk_url(f'payments/{govuk_payment_ids[1]}'),
status_code=500,
)
requests_mock.get(
govuk_url(f'payments/{govuk_payment_ids[2]}'),
status_code=200,
json={'state': {
'status': 'failed'
}},
)
# populate db
sessions = PaymentGatewaySessionFactory.create_batch(
3,
status=PaymentGatewaySessionStatus.STARTED,
govuk_payment_id=factory.Iterator(govuk_payment_ids),
)
# make call
refresh_pending_payment_gateway_sessions(age_check=0)
# check result
for session in sessions:
session.refresh_from_db()
assert requests_mock.call_count == 3
assert sessions[0].status == PaymentGatewaySessionStatus.FAILED
assert sessions[1].status == PaymentGatewaySessionStatus.STARTED
assert sessions[2].status == PaymentGatewaySessionStatus.FAILED
def test_create_first_session_from_order(self, requests_mock, monkeypatch):
"""
Test the successful creation of the first payment gateway session for an order.
"""
monkeypatch.setattr(
'uuid.uuid4',
mock.Mock(return_value='0123abcd-0000-0000-0000-000000000000'),
)
# mock request
govuk_payment_id = '123abc123abc123abc123abc12'
govuk_payments_url = govuk_url('payments')
requests_mock.post(
govuk_payments_url,
status_code=201,
json={
'state': {'status': 'created', 'finished': False},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': 'https://payment.example.com/123abc',
'method': 'GET',
},
},
},
)
assert PaymentGatewaySession.objects.count() == 0
# call method
adviser = AdviserFactory()
order = OrderWithAcceptedQuoteFactory()
session = PaymentGatewaySession.objects.create_from_order(
order=order,
attrs={'created_by': adviser},
)
# check session
assert session.order == order
assert session.status == PaymentGatewaySessionStatus.CREATED
assert session.govuk_payment_id == govuk_payment_id
assert session.created_by == adviser
assert PaymentGatewaySession.objects.count() == 1
# check mocked request
assert requests_mock.call_count == 1
assert requests_mock.request_history[-1].url == govuk_payments_url
assert requests_mock.request_history[-1].json() == {
'amount': order.total_cost,
'reference': f'{order.reference}-0123ABCD',
'description': settings.GOVUK_PAY_PAYMENT_DESCRIPTION.format(
reference=order.reference,
),
'return_url': settings.GOVUK_PAY_RETURN_URL.format(
public_token=order.public_token,
session_id=session.pk,
),
}
def test_exception_if_govuk_pay_errors_when_cancelling(
self, govuk_status_code, requests_mock,
):
"""
Test that if GOV.UK Pay errors whilst cancelling some other ongoing
sessions/payments, the method raises GOVUKPayAPIException to keep the system consistent.
Possible GOV.UK Pay errors when cancelling:
- 400 - BAD REQUEST
- 401 - UNAUTHORIZED
- 404 - NOT FOUND
- 409 - CONFLICT
- 500 - INTERNAL SERVER ERROR
"""
order = OrderWithAcceptedQuoteFactory()
existing_session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.CREATED,
)
# mock GOV.UK requests used to
# - refresh the existing payment gateway session
# - cancel the GOV.UK payment
requests_mock.get(
govuk_url(f'payments/{existing_session.govuk_payment_id}'),
status_code=200,
json={
'state': {'status': existing_session.status},
},
)
requests_mock.post(
govuk_url(f'payments/{existing_session.govuk_payment_id}/cancel'),
status_code=govuk_status_code,
)
assert PaymentGatewaySession.objects.count() == 1
with pytest.raises(GOVUKPayAPIException):
PaymentGatewaySession.objects.create_from_order(order)
assert PaymentGatewaySession.objects.count() == 1
def test_cancel_updates_session(self, requests_mock):
"""
Test that if GOV.UK Pay cancels and acknowledges the change,
the session object is updated.
"""
session = PaymentGatewaySessionFactory()
requests_mock.post(
govuk_url(f'payments/{session.govuk_payment_id}/cancel'),
status_code=204,
)
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=200,
json={'state': {'status': 'cancelled'}},
)
session.cancel()
session.refresh_from_db()
assert session.status == PaymentGatewaySessionStatus.CANCELLED
assert requests_mock.call_count == 2
def test_get(self, order_status, session_status, requests_mock):
"""Test a successful call to get a payment gateway session."""
order = OrderFactory(status=order_status)
session = PaymentGatewaySessionFactory(
order=order,
status=session_status,
)
# mock GOV.UK Pay request used to get the existing session
next_url = 'https://payment.example.com/123abc'
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=200,
json={
'state': {
'status': session.status
},
'payment_id': session.govuk_payment_id,
'_links': {
'next_url': {
'href': next_url,
'method': 'GET',
},
},
},
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:detail',
kwargs={
'public_token': order.public_token,
'pk': session.id
},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
# check API response
assert response.json() == {
'id': str(session.id),
'created_on': format_date_or_datetime(session.created_on),
'status': session.status,
'payment_url': next_url,
}
def test_atomicity_when_govuk_pay_errors(self, requests_mock):
"""
Test that if GOV.UK Pay errors, none of the changes persists.
"""
session = PaymentGatewaySessionFactory()
original_session_status = session.status
url = govuk_url(f'payments/{session.govuk_payment_id}')
requests_mock.get(url, status_code=500)
with pytest.raises(GOVUKPayAPIException):
assert session.refresh_from_govuk_payment()
session.refresh_from_db()
assert session.status == original_session_status
assert requests_mock.call_count == 1
def test_refresh(self, requests_mock):
"""
Test that only ongoing sessions older than 60 minutes are refreshed against GOV.UK Pay.
Note that the value '60 minutes' is a parameter initialised in the test
and not part of the logic of the task.
"""
# mock call to GOV.UK Pay
requests_mock.register_uri(
'GET',
re.compile(govuk_url('payments/*')),
json={'state': {
'status': 'failed'
}},
)
# populate db
data = (
# shouldn't be included because modified_on == 59 mins ago
('2017-04-18 19:01', PaymentGatewaySessionStatus.STARTED),
# shouldn't be included because status != 'ongoing'
('2017-04-18 18:59', PaymentGatewaySessionStatus.SUCCESS),
('2017-04-18 18:59', PaymentGatewaySessionStatus.FAILED),
('2017-04-18 18:59', PaymentGatewaySessionStatus.CANCELLED),
('2017-04-18 18:59', PaymentGatewaySessionStatus.ERROR),
# should be included because modified_on >= 60 mins ago
('2017-04-18 19:00', PaymentGatewaySessionStatus.CREATED),
('2017-04-18 18:59', PaymentGatewaySessionStatus.STARTED),
('2017-04-17 20:00', PaymentGatewaySessionStatus.SUBMITTED),
)
sessions = []
for frozen_time, session_status in data:
with freeze_time(frozen_time):
sessions.append(
PaymentGatewaySessionFactory(status=session_status))
# make call
with freeze_time('2017-04-18 20:00'): # mocking now
refresh_pending_payment_gateway_sessions(age_check=60)
# check result
assert requests_mock.call_count == 3
for session in sessions[-3:]:
session.refresh_from_db()
assert session.status == PaymentGatewaySessionStatus.FAILED
def test_with_govuk_pay_erroring_when_cancelling(self, requests_mock):
"""
Test that if GOV.UK Pay errors when cancelling the payment,
the session object is not updated.
"""
session = PaymentGatewaySessionFactory()
original_session_status = session.status
requests_mock.post(
govuk_url(f'payments/{session.govuk_payment_id}/cancel'),
status_code=500,
)
with pytest.raises(GOVUKPayAPIException):
session.cancel()
session.refresh_from_db()
assert session.status == original_session_status
assert requests_mock.call_count == 1
def test_without_value(self, requests_mock):
"""
Test that an empty string is returned when the GOV.UK Pay response data
doesn't include next_url.
"""
govuk_payment_id = '123abc123abc123abc123abc12'
requests_mock.get(
govuk_url(f'payments/{govuk_payment_id}'),
status_code=200,
json={
'state': {'status': 'cancelled', 'finished': True},
'payment_id': govuk_payment_id,
'_links': {
'next_url': None,
},
},
)
session = PaymentGatewaySession(govuk_payment_id=govuk_payment_id)
assert session.get_payment_url() == ''
def test_500_if_govuk_pay_errors_when_creating(self, govuk_status_code,
requests_mock):
"""
Test that if GOV.UK Pay errors whilst creating a new payment, the endpoint returns 500.
Possible GOV.UK errors:
- 400 - BAD REQUEST
- 401 - UNAUTHORIZED
- 422 - UNPROCESSABLE ENTITY
- 500 - INTERNAL SERVER ERROR
In all these cases we return 500 as all those GOV.UK errors are unexpected.
"""
# mock GOV.UK response
requests_mock.post(
govuk_url('payments'),
status_code=govuk_status_code,
)
assert PaymentGatewaySession.objects.count() == 0
# make API call
order = OrderWithAcceptedQuoteFactory()
url = reverse(
'api-v3:omis-public:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.post(url)
assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
# check no session created
assert PaymentGatewaySession.objects.count() == 0
def test_exception_if_refresh_updates_order_status_to_paid(self, requests_mock):
"""
Test that if the system is not up-to-date, the order is in quote_accepted
but the GOV.UK payment happens, the method triggers a check on existing
sessions, realises that one finished successfully and records the payment
marking the order as 'paid'.
For this reason, the method raises APIConflictException as no other payment can be started.
"""
# set up db
order = OrderWithAcceptedQuoteFactory()
existing_session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.STARTED,
)
# mock GOV.UK requests used to refresh the payment session,
# GOV.UK Pay says that the payment completed successfully
requests_mock.get(
govuk_url(f'payments/{existing_session.govuk_payment_id}'),
status_code=200,
json={
'amount': order.total_cost,
'state': {'status': 'success'},
'email': '*****@*****.**',
'created_date': '2018-02-13T14:56:56.734Z',
'reference': '12345',
'card_details': {
'last_digits_card_number': '1111',
'cardholder_name': 'John Doe',
'expiry_date': '01/20',
'billing_address': {
'line1': 'line 1 address',
'line2': 'line 2 address',
'postcode': 'SW1A 1AA',
'city': 'London',
'country': 'GB',
},
'card_brand': 'Visa',
},
},
)
with pytest.raises(APIConflictException):
PaymentGatewaySession.objects.create_from_order(order)
# check session record
existing_session.refresh_from_db()
assert existing_session.status == PaymentGatewaySessionStatus.SUCCESS
# check order and payment
order.refresh_from_db()
assert order.status == OrderStatus.PAID
assert Payment.objects.count() == 1
payment = Payment.objects.first()
assert payment.amount == order.total_cost
assert payment.method == PaymentMethod.CARD
assert payment.received_on == dateutil_parse('2018-02-13').date()
assert payment.transaction_reference == '12345'
assert payment.cardholder_name == 'John Doe'
assert payment.billing_address_1 == 'line 1 address'
assert payment.billing_address_2 == 'line 2 address'
assert payment.billing_address_town == 'London'
assert payment.billing_address_postcode == 'SW1A 1AA'
assert payment.billing_address_country == 'GB'
assert payment.billing_email == '*****@*****.**'
assert payment.card_brand == 'Visa'
def test_with_govuk_payment_success_updates_order(self, requests_mock):
"""
Test that if the GOV.UK payment status is `success` and the payment gateway session is
out of date, the record is updated, the related order marked as `paid` and an OMIS
`payment.Payment` record created from the GOV.UK response data one.
"""
order = OrderWithAcceptedQuoteFactory()
session = PaymentGatewaySessionFactory(
status=PaymentGatewaySessionStatus.created,
order=order,
)
url = govuk_url(f'payments/{session.govuk_payment_id}')
response_json = {
'amount': order.total_cost,
'state': {
'status': 'success'
},
'email': '*****@*****.**',
'created_date': '2018-02-13T14:56:56.734Z',
'reference': '12345',
'card_details': {
'last_digits_card_number': '1111',
'cardholder_name': 'John Doe',
'expiry_date': '01/20',
'billing_address': {
'line1': 'line 1 address',
'line2': 'line 2 address',
'postcode': 'SW1A 1AA',
'city': 'London',
'country': 'GB',
},
'card_brand': 'Visa',
},
}
requests_mock.get(url, status_code=200, json=response_json)
assert session.refresh_from_govuk_payment()
# check session
session.refresh_from_db()
assert session.status == PaymentGatewaySessionStatus.success
# check order
order.refresh_from_db()
assert order.status == OrderStatus.paid
# check payment object
assert Payment.objects.filter(order=order).count() == 1
payment = Payment.objects.filter(order=order).first()
assert payment.amount == response_json['amount']
assert payment.method == PaymentMethod.card
assert payment.received_on == dateutil_parse('2018-02-13').date()
assert payment.transaction_reference == '12345'
assert payment.cardholder_name == 'John Doe'
assert payment.card_brand == 'Visa'
assert payment.billing_email == '*****@*****.**'
assert payment.billing_address_1 == 'line 1 address'
assert payment.billing_address_2 == 'line 2 address'
assert payment.billing_address_town == 'London'
assert payment.billing_address_postcode == 'SW1A 1AA'
assert payment.billing_address_country == 'GB'
assert requests_mock.call_count == 1
def test_create_cancels_other_ongoing_sessions(self, requests_mock):
"""
Test that creating a new payment gateway session cancels
the other ongoing sessions and GOV.UK payments.
Given:
- ongoing session 1
- ongoing session 2
- failed session 3
Calling this endpoint should:
- cancel GOV.UK payment related to session 1
- update the payment gateway session 1 status to 'cancelled'
- cancel GOV.UK payment related to session 2
- update the payment gateway session 2 status to 'cancelled'
- start a new GOV.UK payment
- create a payment gateway session related to it
"""
order = OrderWithAcceptedQuoteFactory()
existing_data = PaymentGatewaySessionFactory.create_batch(
3,
order=order,
status=factory.Iterator([
PaymentGatewaySessionStatus.created,
PaymentGatewaySessionStatus.started,
PaymentGatewaySessionStatus.failed,
]),
)
# mock GOV.UK requests used to:
# - refresh the payment gateway sessions
# - cancel the GOV.UK payments
# - refresh the payment gateway sessions again after the cancellation
for session in existing_data:
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
[
# this is for the initial refresh
{
'status_code': 200,
'json': {
'state': {
'status': session.status
}
},
},
# this is for the second refresh after cancelling
{
'status_code': 200,
'json': {
'state': {
'status': 'cancelled'
}
},
},
],
)
requests_mock.post(
govuk_url(f'payments/{session.govuk_payment_id}/cancel'),
status_code=204,
)
# mock GOV.UK call used to create a new payment session
govuk_payment_id = '123abc123abc123abc123abc12'
next_url = 'https://payment.example.com/123abc'
json_response = {
'state': {
'status': 'created',
'finished': False
},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': next_url,
'method': 'GET',
},
},
}
requests_mock.post(
govuk_url('payments'), # create payment
status_code=201,
json=json_response,
)
requests_mock.get(
govuk_url(f'payments/{govuk_payment_id}'), # get payment
status_code=200,
json=json_response,
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.post(url)
assert response.status_code == status.HTTP_201_CREATED
# check sessions cancelled
for existing_session in existing_data[:-1]:
existing_session.refresh_from_db()
assert existing_session.status == PaymentGatewaySessionStatus.cancelled
# check session record created
assert PaymentGatewaySession.objects.ongoing().count() == 1
session = PaymentGatewaySession.objects.ongoing().first()
assert session.govuk_payment_id == govuk_payment_id
# check API response
assert response.json() == {
'id': str(session.id),
'created_on': format_date_or_datetime(session.created_on),
'status': PaymentGatewaySessionStatus.created,
'payment_url': next_url,
}
def test_create_cancels_other_sessions(self, requests_mock):
"""
Test that creating a new payment gateway session cancels
the other ongoing sessions and GOV.UK payments.
Given:
- ongoing session 1
- ongoing session 2
- failed session 3
Calling .create_from_order should:
- cancel the GOV.UK payment related to session 1
- update the payment gateway session 1 status to 'cancelled'
- cancel the GOV.UK payment related to session 2
- update the payment gateway session 2 status to 'cancelled'
- start a new GOV.UK payment
- create a payment gateway session related to it
"""
order = OrderWithAcceptedQuoteFactory()
existing_data = PaymentGatewaySessionFactory.create_batch(
3,
order=order,
status=factory.Iterator([
PaymentGatewaySessionStatus.CREATED,
PaymentGatewaySessionStatus.STARTED,
PaymentGatewaySessionStatus.FAILED,
]),
)
# mock GOV.UK requests used to:
# - refresh the payment gateway sessions
# - cancel the GOV.UK payments
# - refresh the payment gateway sessions again after the cancellation
for session in existing_data:
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
[
# this is for the initial refresh
{
'status_code': 200,
'json': {'state': {'status': session.status}},
},
# this is for the second refresh after cancelling
{
'status_code': 200,
'json': {'state': {'status': 'cancelled'}},
},
],
)
requests_mock.post(
govuk_url(f'payments/{session.govuk_payment_id}/cancel'),
status_code=204,
)
# mock GOV.UK request used to create a new payment session
govuk_payment_id = '123abc123abc123abc123abc12'
requests_mock.post(
govuk_url('payments'),
status_code=201,
json={
'state': {'status': 'created', 'finished': False},
'payment_id': govuk_payment_id,
'_links': {
'next_url': {
'href': 'https://payment.example.com/123abc',
'method': 'GET',
},
},
},
)
assert PaymentGatewaySession.objects.count() == 3
session = PaymentGatewaySession.objects.create_from_order(order=order)
# check sessions cancelled
for existing_session in existing_data[:-1]:
existing_session.refresh_from_db()
assert existing_session.status == PaymentGatewaySessionStatus.CANCELLED
assert PaymentGatewaySession.objects.count() == 4
# check session record created
session.refresh_from_db()
assert session.govuk_payment_id == govuk_payment_id
# check mocked requests:
# 2 refresh / 2 cancel - 2 refresh / 1 create
assert requests_mock.call_count == (2 + 2 + 2 + 1)
assert requests_mock.request_history[-1].json() == {
'amount': order.total_cost,
'reference': f'{order.reference}-{str(session.id)[:8].upper()}',
'description': settings.GOVUK_PAY_PAYMENT_DESCRIPTION.format(
reference=order.reference,
),
'return_url': settings.GOVUK_PAY_RETURN_URL.format(
public_token=order.public_token,
session_id=session.id,
),
}
def test_with_govuk_payment_success_updates_order(self, requests_mock):
"""
Test that if the GOV.UK payment status is `success` and the payment gateway session is
out of date, the record is updated, the related order marked as `paid` and an OMIS
`payment.Payment` record created from the GOV.UK response data one.
"""
order = OrderWithAcceptedQuoteFactory()
session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.created,
)
# mock GOV.UK calls used to refresh the payment session
# Pay says that the payment completed successfully
requests_mock.get(
govuk_url(f'payments/{session.govuk_payment_id}'),
status_code=200,
json={
'amount': order.total_cost,
'state': {
'status': 'success'
},
'email': '*****@*****.**',
'reference': '12345',
'created_date': '2018-02-13T14:56:56.734Z',
'_links': {
'next_url': None,
},
'card_details': {
'last_digits_card_number': '1111',
'cardholder_name': 'John Doe',
'expiry_date': '01/20',
'billing_address': {
'line1': 'line 1 address',
'line2': 'line 2 address',
'postcode': 'SW1A 1AA',
'city': 'London',
'country': 'GB',
},
'card_brand': 'Visa',
},
},
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:detail',
kwargs={
'public_token': order.public_token,
'pk': session.id
},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
# check API response
assert response.json() == {
'id': str(session.id),
'created_on': format_date_or_datetime(session.created_on),
'status': PaymentGatewaySessionStatus.success,
'payment_url': '',
}
# check session record
session.refresh_from_db()
assert session.status == PaymentGatewaySessionStatus.success
# check order and payment
order.refresh_from_db()
assert order.status == OrderStatus.paid
assert Payment.objects.filter(order=order).count() == 1
def test_409_if_refresh_updates_order_status_to_paid(self, requests_mock):
"""
Test that if the system is not up-to-date, the order is in quote_accepted
but the GOV.UK payment happens, the endpoint triggers a check on existing
sessions, realises that one finished successfully and records the payment
marking the order as 'paid'.
For this reason, the endpoint returns 409 - Conflict as no other payment
can be made.
"""
# set up db
order = OrderWithAcceptedQuoteFactory()
existing_session = PaymentGatewaySessionFactory(
order=order,
status=PaymentGatewaySessionStatus.started,
)
# mock GOV.UK requests used to refresh the payment session.
# GOV.UK Pay says that the payment completed successfully
requests_mock.get(
govuk_url(f'payments/{existing_session.govuk_payment_id}'),
status_code=200,
json={
'amount': order.total_cost,
'state': {
'status': 'success'
},
'email': '*****@*****.**',
'reference': '12345',
'created_date': '2018-02-13T14:56:56.734Z',
'card_details': {
'last_digits_card_number': '1111',
'cardholder_name': 'John Doe',
'expiry_date': '01/20',
'billing_address': {
'line1': 'line 1 address',
'line2': 'line 2 address',
'postcode': 'SW1A 1AA',
'city': 'London',
'country': 'GB',
},
'card_brand': 'Visa',
},
},
)
# make API call
url = reverse(
'api-v3:omis-public:payment-gateway-session:collection',
kwargs={'public_token': order.public_token},
)
client = self.create_api_client(
scope=Scope.public_omis_front_end,
grant_type=Application.GRANT_CLIENT_CREDENTIALS,
)
response = client.post(url)
assert response.status_code == status.HTTP_409_CONFLICT
# check session record
existing_session.refresh_from_db()
assert existing_session.status == PaymentGatewaySessionStatus.success
# check order and pyament
order.refresh_from_db()
assert order.status == OrderStatus.paid
assert Payment.objects.filter(order=order).count() == 1
