def record_authorization(self, request, format, reply_log_entry):
# If the transaction already exists, do nothing
if Transaction.objects.filter(reference=request.data.get('transaction_id')).exists():
logger.warning('Duplicate transaction_id received from CyberSource: %s' % request.data.get('transaction_id'))
return redirect(settings.REDIRECT_SUCCESS)
# Compare reference number to the order number cached in the session
if request.data.get('req_reference_number') != request.session.get(CHECKOUT_ORDER_NUM):
raise SuspiciousOperation("req_reference_number doesn't match user session")
# Get the (currently frozen) basket from the session reference
try:
basket = Basket.objects.get(id=request.session.get(CHECKOUT_BASKET_ID))
except Basket.DoesNotExist:
raise SuspiciousOperation("no basket in session")
assign_basket_strategy(basket, request)
# Get the basket and serializer prepared to place an order
data = self._build_checkout_data(request, basket)
ser = self.get_checkout_serializer(request, data)
if not ser.is_valid():
return Response(ser.errors, status.HTTP_400_BAD_REQUEST)
# Check if the authorization was declined
if request.data.get('decision') != self.DECISION_ACCEPT:
messages.add_message(request._request, messages.ERROR, settings.CARD_REJECT_ERROR)
basket.thaw()
return redirect(settings.REDIRECT_FAIL)
# Everything checks out. Place the order and record the transaction.
order = ser.save()
# Save the payment token. We'll need to send this to PnP so they can complete the transaction
token = self._record_payment_token(request, reply_log_entry)
# Record the transaction information and, if it was declined, make the user try again
self._record_payment(order, token, request, reply_log_entry)
# Mark order as authorized since we've successfully auth'd the card
order.set_status(settings.ORDER_STATUS_SUCCESS)
# Run post order placement tasks
self.send_confirmation_message(order, self.communication_type_code)
signals.order_placed.send(
sender=self.__class__,
order=order)
# Clean up the session
for key in (CHECKOUT_BASKET_ID, CHECKOUT_ORDER_NUM, CHECKOUT_SHIPPING_CODE):
if key in request.session:
del request.session[key]
request.session.modified = True
request.session[CHECKOUT_ORDER_ID] = order.id
return redirect(settings.REDIRECT_SUCCESS)
def get(self, request, pk=None, format=None):
line = self.get_object()
basket = get_basket(request)
# if the line is from the current basket, use the serializer that
# computes the prices by using the strategy.
if line.basket == basket:
assign_basket_strategy(line.basket, request)
ser = serializers.BasketLineSerializer(instance=line, context={'request': request})
return Response(ser.data)
return super(LineDetail, self).get(request, pk, format)
def to_representation(self, obj):
# This override is needed to reflect offer discounts or strategy
# related prices immediately in the response
operations.assign_basket_strategy(obj.basket, self.context['request'])
# Oscar stores the calculated discount in line._discount_incl_tax or
# line._discount_excl_tax when offers are applied. So by just
# retrieving the line from the db you will loose this values, that's
# why we need to get the line from the in-memory resultset here
lines = (x for x in obj.basket.all_lines() if x.id == obj.id)
line = next(lines, None)
return super(BasketLineSerializer, self).to_representation(line)
def get(self, request, pk=None, format=None):
line = self.get_object()
basket = operations.get_basket(request)
# if the line is from the current basket, use the serializer that
# computes the prices by using the strategy.
if line.basket == basket:
operations.assign_basket_strategy(line.basket, request)
ser = BasketLineSerializer(instance=line,
context={'request': request})
return Response(ser.data)
return super(LineDetail, self).get(request, pk, format)
def to_representation(self, obj):
# This override is needed to reflect offer discounts or strategy
# related prices immediately in the response
operations.assign_basket_strategy(obj.basket, self.context['request'])
# Oscar stores the calculated discount in line._discount_incl_tax or
# line._discount_excl_tax when offers are applied. So by just
# retrieving the line from the db you will loose this values, that's
# why we need to get the line from the in-memory resultset here
lines = (x for x in obj.basket.all_lines() if x.id == obj.id)
line = next(lines, None)
return super(BasketLineSerializer, self).to_representation(line)
def get_queryset(self):
basket_pk = self.kwargs.get("pk")
basket = self.check_basket_permission(self.request,
basket_pk=basket_pk)
prepped_basket = operations.assign_basket_strategy(
basket, self.request)
return prepped_basket.all_lines()
def get(
self, request, pk, format=None
): # pylint: disable=redefined-builtin,arguments-differ
basket = self.check_basket_permission(request, basket_pk=pk)
prepped_basket = operations.assign_basket_strategy(basket, request)
self.queryset = prepped_basket.all_lines()
return super(LineList, self).get(request, format)
def get(self, request, pk=None, format=None):
if pk is not None:
basket = self.check_basket_permission(request, pk)
prepped_basket = operations.assign_basket_strategy(basket, request)
self.queryset = prepped_basket.all_lines()
self.serializer_class = serializers.BasketLineSerializer
return super(LineList, self).get(request, format)
def get(self, request, pk=None, format=None):
if pk is not None:
basket = self.check_basket_permission(request, pk)
prepped_basket = operations.assign_basket_strategy(basket, request)
self.queryset = prepped_basket.all_lines()
self.serializer_class = BasketLineSerializer
return super(LineList, self).get(request, format)
def validate(self, attrs):
request = self.context['request']
if request.user.is_anonymous():
if not settings.OSCAR_ALLOW_ANON_CHECKOUT:
message = _('Anonymous checkout forbidden')
raise serializers.ValidationError(message)
if not attrs.get('guest_email'):
# Always require the guest email field if the user is anonymous
message = _('Guest email is required for anonymous checkouts')
raise serializers.ValidationError(message)
else:
if 'guest_email' in attrs:
# Don't store guest_email field if the user is authenticated
del attrs['guest_email']
basket = attrs.get('basket')
basket = assign_basket_strategy(basket, request)
if basket.num_items <= 0:
message = _('Cannot checkout with empty basket')
raise serializers.ValidationError(message)
shipping_method = self._shipping_method(
request, basket,
attrs.get('shipping_method_code'),
attrs.get('shipping_address')
)
shipping_charge = shipping_method.calculate(basket)
posted_shipping_charge = attrs.get('shipping_charge')
if posted_shipping_charge is not None:
posted_shipping_charge = prices.Price(**posted_shipping_charge)
# test submitted data.
if not posted_shipping_charge == shipping_charge:
message = _('Shipping price incorrect %s != %s' % (
posted_shipping_charge, shipping_charge
))
raise serializers.ValidationError(message)
posted_total = attrs.get('total')
total = OrderTotalCalculator().calculate(basket, shipping_charge)
if posted_total is not None:
if posted_total != total.incl_tax:
message = _('Total incorrect %s != %s' % (
posted_total,
total.incl_tax
))
raise serializers.ValidationError(message)
# update attrs with validated data.
attrs['total'] = total
attrs['shipping_method'] = shipping_method
attrs['shipping_charge'] = shipping_charge
attrs['basket'] = basket
return attrs
def validate(self, attrs):
request = self.context['request']
if request.user.is_anonymous:
if not settings.OSCAR_ALLOW_ANON_CHECKOUT:
message = _('Anonymous checkout forbidden')
raise serializers.ValidationError(message)
if not attrs.get('guest_email'):
# Always require the guest email field if the user is anonymous
message = _('Guest email is required for anonymous checkouts')
raise serializers.ValidationError(message)
else:
if 'guest_email' in attrs:
# Don't store guest_email field if the user is authenticated
del attrs['guest_email']
basket = attrs.get('basket')
basket = assign_basket_strategy(basket, request)
if basket.num_items <= 0:
message = _('Cannot checkout with empty basket')
raise serializers.ValidationError(message)
shipping_method = self._shipping_method(
request, basket,
attrs.get('shipping_method_code'),
attrs.get('shipping_address')
)
shipping_charge = shipping_method.calculate(basket)
posted_shipping_charge = attrs.get('shipping_charge')
if posted_shipping_charge is not None:
posted_shipping_charge = prices.Price(**posted_shipping_charge)
# test submitted data.
if not posted_shipping_charge == shipping_charge:
message = _('Shipping price incorrect %s != %s' % (
posted_shipping_charge, shipping_charge
))
raise serializers.ValidationError(message)
posted_total = attrs.get('total')
total = OrderTotalCalculator().calculate(basket, shipping_charge)
if posted_total is not None:
if posted_total != total.incl_tax:
message = _('Total incorrect %s != %s' % (
posted_total,
total.incl_tax
))
raise serializers.ValidationError(message)
# update attrs with validated data.
attrs['total'] = total
attrs['shipping_method'] = shipping_method
attrs['shipping_charge'] = shipping_charge
attrs['basket'] = basket
return attrs
def get(self, request, pk=None, format=None):
if pk is not None:
basket = self.check_basket_permission(request, pk)
prepped_basket = assign_basket_strategy(basket, request)
self.queryset = prepped_basket.all_lines()
self.serializer_class = serializers.BasketLineSerializer
elif not request.user.is_staff:
self.permission_denied(request)
return super(LineList, self).get(request, format)
def get_queryset(self):
pk = self.kwargs.get('pk')
if pk is not None: # usually we need the lines of the basket
basket = self.check_basket_permission(self.request, basket_pk=pk)
prepped_basket = assign_basket_strategy(basket, self.request)
return prepped_basket.all_lines()
elif self.request.user.is_staff: # admin users can view a bit more
return super(LineList, self).get_queryset()
else: # non admin users can view nothing at all here.
return self.permission_denied(self.request)
def get_queryset(self):
pk = self.kwargs.get('pk')
if pk is not None: # usually we need the lines of the basket
basket = self.check_basket_permission(self.request, basket_pk=pk)
prepped_basket = assign_basket_strategy(basket, self.request)
return prepped_basket.all_lines()
elif self.request.user.is_staff: # admin users can view a bit more
return super(LineList, self).get_queryset()
else: # non admin users can view nothing at all here.
return self.permission_denied(self.request)
def validate(self, attrs):
request = self.context["request"]
if request.user.is_anonymous:
if not settings.OSCAR_ALLOW_ANON_CHECKOUT:
message = _("Anonymous checkout forbidden")
raise serializers.ValidationError(message)
if not attrs.get("guest_email"):
# Always require the guest email field if the user is anonymous
message = _("Guest email is required for anonymous checkouts")
raise serializers.ValidationError(message)
else:
if "guest_email" in attrs:
# Don't store guest_email field if the user is authenticated
del attrs["guest_email"]
basket = attrs.get("basket")
basket = assign_basket_strategy(basket, request)
if basket.num_items <= 0:
message = _("Cannot checkout with empty basket")
raise serializers.ValidationError(message)
shipping_method = self._shipping_method(
request,
basket,
attrs.get("shipping_method_code"),
attrs.get("shipping_address"),
)
shipping_charge = shipping_method.calculate(basket)
posted_shipping_charge = attrs.get("shipping_charge")
if posted_shipping_charge is not None:
posted_shipping_charge = prices.Price(**posted_shipping_charge)
# test submitted data.
if not posted_shipping_charge == shipping_charge:
message = _(
"Shipping price incorrect %s != %s"
% (posted_shipping_charge, shipping_charge)
)
raise serializers.ValidationError(message)
posted_total = attrs.get("total")
total = OrderTotalCalculator().calculate(basket, shipping_charge)
if posted_total is not None:
if posted_total != total.incl_tax:
message = _("Total incorrect %s != %s" % (posted_total, total.incl_tax))
raise serializers.ValidationError(message)
# update attrs with validated data.
attrs["order_total"] = total
attrs["shipping_method"] = shipping_method
attrs["shipping_charge"] = shipping_charge
attrs["basket"] = basket
return attrs
def get(self, request, pk=None, format=None):
if pk is not None:
email = request.query_params.get('email', None)
print(email)
if email is not None:
request.user = User.objects.filter(email=email).first()
basket = self.check_basket_permission(request, pk)
prepped_basket = operations.assign_basket_strategy(basket, request)
self.queryset = prepped_basket.all_lines()
self.serializer_class = BasketLineSerializer
return super(MyLineList, self).get(request, format)
def validate(self, attrs):
request = self.context['request']
if request.user.is_anonymous() and not settings.OSCAR_ALLOW_ANON_CHECKOUT:
message = _('Anonymous checkout forbidden')
raise serializers.ValidationError(message)
basket = attrs.get('basket')
basket = assign_basket_strategy(basket, request)
shipping_method = self._shipping_method(
request, basket,
attrs.get('shipping_method_code'),
attrs.get('shipping_address')
)
shipping_charge = shipping_method.calculate(basket)
posted_shipping_charge = attrs.get('shipping_charge')
if posted_shipping_charge is not None:
posted_shipping_charge = prices.Price(**posted_shipping_charge)
# test submitted data.
if not posted_shipping_charge == shipping_charge:
message = _('Shipping price incorrect %s != %s' % (
posted_shipping_charge, shipping_charge
))
raise serializers.ValidationError(message)
posted_total = attrs.get('total')
total = OrderTotalCalculator().calculate(basket, shipping_charge)
if posted_total is not None:
if posted_total != total.incl_tax:
message = _('Total incorrect %s != %s' % (
posted_total,
total.incl_tax
))
raise serializers.ValidationError(message)
# update attrs with validated data.
attrs['total'] = total
attrs['shipping_method'] = shipping_method
attrs['shipping_charge'] = shipping_charge
attrs['basket'] = basket
return attrs
def get_object(self):
basket = super(BasketDetail, self).get_object()
return assign_basket_strategy(basket, self.request)
def get_object(self):
basket = super(BasketDetail, self).get_object()
return assign_basket_strategy(basket, self.request)
def get_object(self, queryset=None):
basket = super(BasketDetail, self).get_object(queryset)
return assign_basket_strategy(basket, self.request)
