Exemplo n.º 1
0
    def view(self, id):

        payment = Payment.find_by_id(id, abort_404=True)
        c.person = payment.invoice.person

        if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id), h.auth.has_organiser_role)):
            # Raise a no_auth error
            h.auth.no_role()

        c.is_organiser = False
        if h.auth.authorized(h.auth.has_organiser_role):
            c.is_organiser = True

        c.payment = PaymentReceived.find_by_payment(payment.id)

        c.validation_errors = []
        if c.payment is not None and c.payment.validation_errors is not None and len(c.payment.validation_errors) > 0:
            c.validation_errors = c.payment.validation_errors.split(';')

        same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
        same_email   = PaymentReceived.find_by_email(c.person.email_address)
        if c.payment is not None:
            same_invoice = same_invoice.filter("payment_id <> " + str(payment.id))
            same_email = same_email.filter("payment_id <> " + str(payment.id))
        c.related_payments = same_invoice.union(same_email)

        return render('/payment/view.mako')
Exemplo n.º 2
0
    def view(self, id):

        payment = Payment.find_by_id(id, abort_404=True)
        c.person = payment.invoice.person

        if not h.auth.authorized(
                h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id),
                          h.auth.has_organiser_role)):
            # Raise a no_auth error
            h.auth.no_role()

        c.is_organiser = False
        if h.auth.authorized(h.auth.has_organiser_role):
            c.is_organiser = True

        c.payment = PaymentReceived.find_by_payment(payment.id)

        c.validation_errors = []
        if c.payment is not None and c.payment.validation_errors is not None and len(
                c.payment.validation_errors) > 0:
            c.validation_errors = c.payment.validation_errors.split(';')

        same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
        same_email = PaymentReceived.find_by_email(c.person.email_address)
        if c.payment is not None:
            same_invoice = same_invoice.filter("payment_id <> " +
                                               str(payment.id))
            same_email = same_email.filter("payment_id <> " + str(payment.id))
        c.related_payments = same_invoice.union(same_email)

        return render('/payment/view.mako')
Exemplo n.º 3
0
    def new_manual(self, id):
        c.payment = Payment.find_by_id(id)
        payment = None
        c.person = c.payment.invoice.person

        defaults = {
            'payment.approved': 1,
            'payment.email_address': c.person.email_address,
            'payment.success_code': 'Received',
            'payment.amount_paid': c.payment.amount,
            'payment.currency_used': 'AUD',
        }

        form = render('/payment/new.mako')
        return htmlfill.render(form, defaults)
Exemplo n.º 4
0
    def new_manual(self, id):
        c.payment = Payment.find_by_id(id)
        payment = None
        c.person = c.payment.invoice.person


        defaults = {
            'payment.approved': 1,
            'payment.email_address': c.person.email_address,
            'payment.success_code': 'Received',
            'payment.amount_paid': c.payment.amount,
            'payment.currency_used': 'AUD',
        }

        form = render('/payment/new.mako')
        return htmlfill.render(form, defaults)
Exemplo n.º 5
0
    def _new_manual(self, id):
        """Create a new payment."""
        results = self.form_result['payment']

        # Check whether a payment has already been received for this payment object
        payment = Payment.find_by_id(id)
        received = PaymentReceived.find_by_payment(payment.id)
        if received is not None:
            print "WTF"
            # Ignore repeat payment
            return redirect_to(action='view', id=payment.id)

        client_ip = request.environ['REMOTE_ADDR']
        if 'HTTP_X_FORWARDED_FOR' in request.environ:
            client_ip = request.environ['HTTP_X_FORWARDED_FOR']

        results[
            'response_text'] = 'Manual payment processed by ' + h.signed_in_person(
            ).fullname()
        results['client_ip_zookeepr'] = client_ip
        results['client_ip_gateway'] = client_ip
        results['payment'] = payment

        c.payment_received = PaymentReceived(**results)
        c.payment_received.email_address.lower()

        if results['approved'] == 1:
            setattr(c.payment_received, 'approved', True)
        else:
            setattr(c.payment_received, 'approved', False)

        setattr(c.payment_received, 'validation_errors', '')
        setattr(c.payment_received, 'invoice', payment.invoice)

        meta.Session.add(c.payment_received)
        meta.Session.commit()

        return redirect_to(action='view', id=payment.id)
Exemplo n.º 6
0
    def _new_manual(self, id):
        """Create a new payment."""
        results = self.form_result['payment']

        # Check whether a payment has already been received for this payment object
        payment = Payment.find_by_id(id)
        received = PaymentReceived.find_by_payment(payment.id)
        if received is not None:
            print "WTF"
            # Ignore repeat payment
            return redirect_to(action='view', id=payment.id)

        client_ip = request.environ['REMOTE_ADDR']
        if 'HTTP_X_FORWARDED_FOR' in request.environ:
            client_ip = request.environ['HTTP_X_FORWARDED_FOR']

        results['response_text'] = 'Manual payment processed by ' + h.signed_in_person().fullname()
        results['client_ip_zookeepr'] = client_ip
        results['client_ip_gateway'] = client_ip
        results['payment'] = payment

        c.payment_received = PaymentReceived(**results)
        c.payment_received.email_address.lower()

        if results['approved'] == 1:
            setattr(c.payment_received, 'approved', True)
        else:
            setattr(c.payment_received, 'approved', False)

        setattr(c.payment_received, 'validation_errors', '')
        setattr(c.payment_received, 'invoice', payment.invoice)


        meta.Session.add(c.payment_received)
        meta.Session.commit()

        return redirect_to(action='view', id=payment.id)
Exemplo n.º 7
0
 def _to_python(self, value, state):
     payment = Payment.find_by_id(int(value), abort_404=False)
     if payment is None:
         raise Payment("Unknown payment ID.", value, state)
     else:
         return payment
Exemplo n.º 8
0
class PaymentController(BaseController):
    """This controller receives payment advice from the payment gateway.

    the url /payment/new receives the advice
    """
    @authorize(h.auth.has_organiser_role)
    def index(self):
        c.payment_collection = Payment.find_all()
        return render('/payment/list.mako')

    @authorize(h.auth.is_valid_user)
    def view(self, id):

        payment = Payment.find_by_id(id, abort_404=True)
        c.person = payment.invoice.person

        if not h.auth.authorized(
                h.auth.Or(h.auth.is_same_zookeepr_user(c.person.id),
                          h.auth.has_organiser_role)):
            # Raise a no_auth error
            h.auth.no_role()

        c.is_organiser = False
        if h.auth.authorized(h.auth.has_organiser_role):
            c.is_organiser = True

        c.payment = PaymentReceived.find_by_payment(payment.id)

        c.validation_errors = []
        if c.payment is not None and c.payment.validation_errors is not None and len(
                c.payment.validation_errors) > 0:
            c.validation_errors = c.payment.validation_errors.split(';')

        same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id)
        same_email = PaymentReceived.find_by_email(c.person.email_address)
        if c.payment is not None:
            same_invoice = same_invoice.filter("payment_id <> " +
                                               str(payment.id))
            same_email = same_email.filter("payment_id <> " + str(payment.id))
        c.related_payments = same_invoice.union(same_email)

        return render('/payment/view.mako')

    # No authentication because it's called directly by the payment gateway
    def new(self):
        schema = SecurePayPingSchema()
        try:
            form_result = schema.to_python(request.params)
        except validators.Invalid, error:
            return 'Invalid: %s' % error

        payment = None
        c.person = None

        fields = form_result
        c.response = {
            'payment_id': fields['payment_id'],
            'invoice_id': fields['invoice_id'],
            'success_code': fields['summary_code'],
            'amount_paid': fields['response_amount'],
            'currency_used': fields['currency'],
            'card_name': fields['card_name'],
            'card_type': fields['card_type'],
            'card_number': fields['card_number'],
            'card_expiry': fields['card_number'],
            'card_mac': fields['card_mac'],
            'auth_code': fields['response_code'],
            'gateway_ref': fields['bank_reference'],
            'response_text': fields['response_text'],
            'client_ip_gateway': fields['remote_ip'],
            'client_ip_zookeepr': request.environ.get('REMOTE_ADDR'),
            'email_address': fields['receipt_address']
        }

        if 'Approved' in c.response['response_text']:
            c.response['approved'] = True
        else:
            c.response['approved'] = False

        validation_errors = []

        if c.response is None:
            abort(500, ''.join(validation_errors))
        else:
            # Make sure the same browser created the zookeepr payment object and paid by credit card
            #if c.response['client_ip_gateway'] != c.response['client_ip_zookeepr']:
            #validation_errors.append('Mismatch in IP addresses: zookeepr=' + c.response['client_ip_zookeepr'] + ' gateway=' + c.response['client_ip_gateway'])

            # Get the payment object associated with this transaction
            payment = Payment.find_by_id(c.response['payment_id'])

        if payment is None:
            validation_errors.append(
                'Invalid payment ID from the payment gateway')
        else:
            c.person = payment.invoice.person

            # Check whether a payment has already been received for this payment object
            received = PaymentReceived.find_by_payment(payment.id)
            if received is not None:
                # Ignore repeat payment
                return redirect_to(action='view', id=payment.id)

            # Extra validation
            if c.response['amount_paid'] != payment.amount:
                validation_errors.append(
                    'Mismatch between amounts paid and invoiced')
            if c.response['invoice_id'] != payment.invoice.id:
                validation_errors.append(
                    'Mismatch between returned invoice ID and payment object')
            #if c.response['email_address'] != pxpay.munge_email(payment.invoice.person.email_address):
            #    validation_errors.append('Mismatch between returned email address and invoice object')
            if not c.person.is_from_common_country():
                validation_errors.append('Uncommon country: ' +
                                         c.person.country)

        c.pr = PaymentReceived(**c.response)
        c.pr.validation_errors = ';'.join(validation_errors)
        meta.Session.add(c.pr)
        meta.Session.commit()

        if len(validation_errors) > 0 and c.response['approved']:
            # Suspiciously approved transaction which needs to be checked manually
            email(lca_info['contact_email'],
                  render('/payment/suspicious_payment.mako'))

        if c.person is not None:
            email(c.person.email_address, render('/payment/response.mako'))

        # OK we now have a valid transaction, we redirect the user to the view page
        # so they can see if their transaction was accepted or declined
        return redirect_to(action='view', id=payment.id)
Exemplo n.º 9
0
 def _to_python(self, value, state):
     payment = Payment.find_by_id(int(value), abort_404=False)
     if payment is None:
         raise Payment("Unknown payment ID.", value, state)
     else:
         return payment