## Script (Python) "interswitch_cb2" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters= ##title= ## # $Id: interswitch_cb2.py 5182 2010-04-30 14:12:57Z henrik $ """ payment callback """ try: from Products.zdb import set_trace except: def set_trace(): pass import logging logger = logging.getLogger('Skins.interswitch_cb2') from AccessControl import Unauthorized import DateTime if context.portal_membership.isAnonymousUser(): return None request = context.REQUEST students = context.portal_url.getPortalObject().campus.students wftool = context.portal_workflow mtool = context.portal_membership member = mtool.getAuthenticatedMember() member_id = str(member) #student_id = context.getStudentId() access_info = context.waeup_tool.getAccessInfo(context) student_id = access_info['student_id'] if not context.isSectionOfficer() and (student_id is None or student_id != member_id): logger.info('%s tried to access payment object of %s' % (member_id,student_id)) referer = request.get('HTTP_REFERER','none') logger.info('%s:%s illegal access, referer = %s' % (member_id,student_id,referer)) real_ip = request.get('HTTP_X_REAL_IP',"none") logger.info('%s:%s illegal access, real_x_ip = %s' % (member_id,student_id,real_ip)) return context.REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url()) referer = request.get('HTTP_REFERER','none') real_ip = request.get('HTTP_X_REAL_IP',"none") logger.info('%s, callback referer = %s, IP = %s' % (student_id,referer,real_ip)) if not 'webpay.interswitchng.com' in referer and not 'waeup.org' in referer: logger.info('%s, wrong callback referer %s, callback rejected, IP = %s' % (student_id,referer,real_ip)) return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url()) student = getattr(students,student_id) resp_codes = (("desc","resp_desc"), ("resp","resp_code"), ("txnRef","pay_reference"), ("payRef","resp_pay_reference"), ("retRef","retRef"), ("cardNum","resp_card_num"), ("apprAmt","resp_approved_amount"), ) pd = {} for rc,pdk in resp_codes: pd[pdk] = request.get(rc,'') ## for testing purposes #pd['resp_desc'] = 'Simulated Callback' #pd['resp_pay_reference'] = 'XXXX' #pd['resp_code'] = '00' #pd['resp_card_num'] = '0000' #pd['resp_approved_amount'] = '99999999999999' if pd['resp_code'] == '00' and len(pd['resp_approved_amount']) > 4: pd['resp_approved_amount'] = pd['resp_approved_amount'][:-2] pd['status'] = 'paid' else: pd['resp_approved_amount'] = '0' pd['status'] = 'failed' review_state = wftool.getInfoFor(context,'review_state',None) if pd['resp_code'] == '': logger.info('%s requeried payment %s for %s and got empty response' % (member,context.getId(),student_id)) return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url()) if access_info['is_student'] and review_state == 'closed': wftool.doActionFor(context,'open') pay_doc = context.getContent() resp = pd['resp_code'] if resp == '00': try: amount = int(getattr(pay_doc,'amount',0)) surcharge = int(getattr(pay_doc,'surcharge',0)) resp_approved_amount = int(pd['resp_approved_amount']) #set_trace() if amount + surcharge != resp_approved_amount: logger.info('Warning: %s, approved amount %s and authorized amount %s are different for payment %s of %s' % (member,resp_approved_amount,amount+surcharge,context.getId(),student_id)) pd['status'] = 'failed' pd['resp_desc'] = 'Warning: approved amount in callback does not match!' resp = '' else: pass except: logger.info('%s: approved amount could not be verified for payment %s of %s' % (member,context.getId(),student_id)) pd['status'] = 'failed' pd['resp_desc'] = 'Warning: approved amount could not be verified!' resp = '' pay_doc.edit(mapping = pd) if resp == '00': logger.info('%s received valid callback' % student_id) logger.info('%s paid second instalment' % student_id) else: logger.info('%s received unsuccessful callback: %s' % (student_id,pd['resp_desc'])) review_state = wftool.getInfoFor(context,'review_state',None) if review_state == 'opened': wftool.doActionFor(context,'close') return request.RESPONSE.redirect("%s/waeup_document_view" % context.absolute_url())