def test_unknown_affiliation_given(self, get_db):
"""Make sure that the affiliation we see is valid."""
cursor = unittest.mock.Mock()
get_db.cursor.return_value = cursor
with self.assertRaises(errors.InvalidAffiliation):
db.add_membership(42, '20.00', datetime.now(), 'MX')
cursor.execute.assert_not_called()
def test_insufficient_payment_given(self, get_db):
"""Ensure that the payment received was the amount expected."""
cursor = unittest.mock.Mock()
get_db.cursor.return_value = cursor
with self.assertRaises(errors.IncorrectPayment):
db.add_membership(42, '1.23', datetime.now(), 'NA')
cursor.execute.assert_not_called()
def test_old_payment_values(self, get_db):
"""Ensure that the old annual dues are not processed."""
cursor = unittest.mock.Mock()
get_db.cursor.return_value = cursor
old_now_invalid = {
'MA': 20, # MIT affiliates: formerly $20, now $30
'NA': 25, # Non-affiliates: formerly $25, now $40
'ML': 25, # MIT alumni: formerly $25, now $40
'NU': 15, # Non-MIT undergrads: formerly $15, now $40
'NG': 15, # Non-MIT grad stuents: formerly $15, now $40
}
for code, price in old_now_invalid.items():
with self.assertRaises(errors.IncorrectPayment):
db.add_membership(42, f'{price}.00', datetime.now(), code)
cursor.execute.assert_not_called()
def add_membership():
""" Process a CyberSource transaction & create/update membership. """
data = request.form
if data['decision'] != 'ACCEPT':
return json.jsonify(), 204 # Transaction canceled, declined, etc.
if data['req_merchant_defined_data1'] != 'membership':
return json.jsonify(), 204 # Some other payment, we don't care
# If we lack the secret key to verify signatures, we can rely on the web
# server itself to provide access control (and skip signature verification)
if current_app.config['VERIFY_CYBERSOURCE_SIGNATURE']:
secret_key = current_app.config['CYBERSOURCE_SECRET_KEY']
if not signature_valid(data, secret_key):
return json.jsonify(), 401
# From the given email, ask the trips database for all their verified emails
email = data['req_merchant_defined_data3'] # NOT req_bill_to_email
primary, all_emails = other_verified_emails(email)
# Identify datetime (in UTC) when the transaction was completed
dt_paid = datetime.strptime(data['signed_date_time'],
CYBERSOURCE_DT_FORMAT)
# Fetch membership, ideally for primary email, but otherwise most recent
person_id = db.person_to_update(primary, all_emails)
if person_id and db.already_inserted_membership(person_id, dt_paid):
return json.jsonify(), 202 # Most likely already processed
# If no membership exists, create one under the primary email
if not person_id:
first_name = data['req_bill_to_forename']
last_name = data['req_bill_to_surname']
person_id = db.add_person(first_name, last_name, primary)
two_letter_affiliation_code = data.get('req_merchant_defined_data2')
_, expires = db.add_membership(person_id, data['req_amount'], dt_paid,
two_letter_affiliation_code)
db.commit()
try:
update_membership(primary, membership_expires=expires)
except URLError:
if extensions.sentry:
extensions.sentry.captureException()
return json.jsonify(), 201