def postfinance_ipn(self, request): """ Similar to paypal's IPN, postfinance will send an instant notification to the website, passing the following parameters in the URL: orderID=Test27& currency=CHF& amount=54& PM=CreditCard& ACCEPTANCE=test123& STATUS=9& CARDNO=XXXXXXXXXXXX3333&ED=0317& CN=Testauzore+Testos& TRXDATE=11/08/10& PAYID=8628366& NCERROR=0& BRAND=VISA& IPCTY=CH& CCCTY=US& ECI=7& CVCCheck=NO& AAVCheck=NO& VC=NO& IP=84.226.127.220& SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63 Cornfirms that payment has been completed and marks invoice as paid. This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server http connection with parameters passed in the POST fields. """ data = request.REQUEST # Verify that the info is valid (with the SHA sum) valid = security_check(data, settings.POSTFINANCE_SECRET_KEY) if valid: # TODO: Save order details in the database (with a postfinance model) order_id = data['orderID'] order = self.shop.get_order_for_id(order_id) # Get the order from either the POST or the GET parameters transaction_id = data['PAYID'] amount = data['amount'] # This actually records the payment in the shop's database self.shop.confirm_payment(order, amount, transaction_id, self.backend_name) return HttpResponse('OKAY') else: # Checksum failed return HttpResponseBadRequest()
def confirm_payment_data(self, data): try: valid = security_check(data, settings.POSTFINANCE_SHAOUT_KEY) except KeyError: valid = False if valid: order_id = data['orderID'] try: order = self.shop.get_order_for_id(order_id) except models.ObjectDoesNotExist: raise Http404('Order does not exist on this machine') transaction_id = data['PAYID'] amount = data['amount'] # Create an IPN transaction trace in the database ipn, created = PostfinanceIPN.objects.get_or_create( orderID=order_id, defaults=dict( currency=data.get('currency', ''), amount=data.get('amount', ''), PM=data.get('PM', ''), ACCEPTANCE=data.get('ACCEPTANCE', ''), STATUS=data.get('STATUS', ''), CARDNO=data.get('CARDNO', ''), CN=data.get('CN', ''), TRXDATE=data.get('TRXDATE', ''), PAYID=data.get('PAYID', ''), NCERROR=data.get('NCERROR', ''), BRAND=data.get('BRAND', ''), IPCTY=data.get('IPCTY', ''), CCCTY=data.get('CCCTY', ''), ECI=data.get('ECI', ''), CVCCheck=data.get('CVCCheck', ''), AAVCheck=data.get('AAVCheck', ''), VC=data.get('VC', ''), IP=data.get('IP', ''), SHASIGN=data.get('SHASIGN', ''), ) ) if created: # This actually records the payment in the shop's database self.shop.confirm_payment(order, amount, transaction_id, self.backend_name) return True else: # Checksum failed return False
def postfinance_ipn(self, request): """ Similar to paypal's IPN, postfinance will send an instant notification to the website, passing the following parameters in the URL: orderID=Test27& currency=CHF& amount=54& PM=CreditCard& ACCEPTANCE=test123& STATUS=9& CARDNO=XXXXXXXXXXXX3333&ED=0317& CN=Testauzore+Testos& TRXDATE=11/08/10& PAYID=8628366& NCERROR=0& BRAND=VISA& IPCTY=CH& CCCTY=US& ECI=7& CVCCheck=NO& AAVCheck=NO& VC=NO& IP=84.226.127.220& SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63 Confirms that payment has been completed and marks invoice as paid. This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server http connection with parameters passed in the POST fields. """ data = request.REQUEST # Verify that the info is valid (with the SHA sum) # Beware, the SHA Secret Key may be different than POSTFINANCE_SECRET_KEY here because postfinance allows # to set a SHA-OUT Key as well: Konfiguration -> Technische Informationen -> Transaktions-Feedback -> # Sicherheit der Anfrageparameter -> SHA-1-OUT Signatur valid = security_check(data, settings.POSTFINANCE_SECRET_KEY) if valid: order_id = data['orderID'] order = self.shop.get_order_for_id( order_id ) # Get the order from either the POST or the GET parameters transaction_id = data['PAYID'] amount = data['amount'] # Create an IPN transaction trace in the database # Beware, these parameters only get returned if you select them in the e-payment # backend: Konfiguration -> Technische Informationen -> Transaktions-Feedback -> # Dynamische e-Commerce parameter PostfinanceIPN.objects.create( orderID=data.get('orderID', ''), currency=data.get('currency', ''), amount=data.get('amount', ''), PM=data.get('PM', ''), ACCEPTANCE=data.get('ACCEPTANCE', ''), STATUS=data.get('STATUS', ''), CARDNO=data.get('CARDNO', ''), CN=data.get('CN', ''), TRXDATE=data.get('TRXDATE', ''), PAYID=data.get('PAYID', ''), NCERROR=data.get('NCERROR', ''), BRAND=data.get('BRAND', ''), IPCTY=data.get('IPCTY', ''), CCCTY=data.get('CCCTY', ''), ECI=data.get('ECI', ''), CVCCheck=data.get('CVCCheck', ''), AAVCheck=data.get('AAVCheck', ''), VC=data.get('VC', ''), IP=data.get('IP', ''), SHASIGN=data.get('SHASIGN', ''), ) # This actually records the payment in the shop's database self.shop.confirm_payment(order, amount, transaction_id, self.backend_name) return HttpResponse('OKAY') else: # Checksum failed return HttpResponseBadRequest()
def postfinance_ipn(self, request): """ Similar to paypal's IPN, postfinance will send an instant notification to the website, passing the following parameters in the URL: orderID=Test27& currency=CHF& amount=54& PM=CreditCard& ACCEPTANCE=test123& STATUS=9& CARDNO=XXXXXXXXXXXX3333&ED=0317& CN=Testauzore+Testos& TRXDATE=11/08/10& PAYID=8628366& NCERROR=0& BRAND=VISA& IPCTY=CH& CCCTY=US& ECI=7& CVCCheck=NO& AAVCheck=NO& VC=NO& IP=84.226.127.220& SHASIGN=CEE483B0557B8E3437A55094221E15C7DB6A0D63 Confirms that payment has been completed and marks invoice as paid. This can come from two sources: Wither the client was redirected to our success page from postfinance (and so the order information is contained in GET parameters), or the client messed up and postfinance sends us a direct server-to-server http connection with parameters passed in the POST fields. """ data = request.REQUEST # Verify that the info is valid (with the SHA sum) # Beware, the SHA Secret Key may be different than POSTFINANCE_SECRET_KEY here because postfinance allows # to set a SHA-OUT Key as well: Konfiguration -> Technische Informationen -> Transaktions-Feedback -> # Sicherheit der Anfrageparameter -> SHA-1-OUT Signatur valid = security_check(data, settings.POSTFINANCE_SECRET_KEY) if valid: order_id = data['orderID'] order = self.shop.get_order_for_id(order_id) # Get the order from either the POST or the GET parameters transaction_id = data['PAYID'] amount = data['amount'] # Create an IPN transaction trace in the database # Beware, these parameters only get returned if you select them in the e-payment # backend: Konfiguration -> Technische Informationen -> Transaktions-Feedback -> # Dynamische e-Commerce parameter PostfinanceIPN.objects.create( orderID=data.get('orderID', ''), currency=data.get('currency', ''), amount=data.get('amount', ''), PM=data.get('PM', ''), ACCEPTANCE=data.get('ACCEPTANCE', ''), STATUS=data.get('STATUS', ''), CARDNO=data.get('CARDNO', ''), CN=data.get('CN', ''), TRXDATE=data.get('TRXDATE', ''), PAYID=data.get('PAYID', ''), NCERROR=data.get('NCERROR', ''), BRAND=data.get('BRAND', ''), IPCTY=data.get('IPCTY', ''), CCCTY=data.get('CCCTY', ''), ECI=data.get('ECI', ''), CVCCheck=data.get('CVCCheck', ''), AAVCheck=data.get('AAVCheck', ''), VC=data.get('VC', ''), IP=data.get('IP', ''), SHASIGN=data.get('SHASIGN', ''), ) # This actually records the payment in the shop's database self.shop.confirm_payment(order, amount, transaction_id, self.backend_name) return HttpResponse('OKAY') else: # Checksum failed return HttpResponseBadRequest()