source: main/kofacustom.nigeria/trunk/src/kofacustom/nigeria/etranzact/studentsbrowser.py @ 16189

Last change on this file since 16189 was 15974, checked in by Henrik Bettermann, 5 years ago

Do not allow to submit forms to other companies than payment.r_company.

File size: 8.6 KB
Line 
1## $Id: studentsbrowser.py 15599 2019-09-20 13:24:59Z henrik $
2##
3## Copyright (C) 2017 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import grok
19import hashlib
20from datetime import datetime, timedelta
21from zope.component import getUtility
22from zope.security import checkPermission
23from waeup.kofa.interfaces import IKofaUtils
24from waeup.kofa.utils.helpers import to_timezone
25from waeup.kofa.browser.layout import UtilityView, KofaPage
26from waeup.kofa.browser.viewlets import ManageActionButton
27from kofacustom.nigeria.etranzact.helpers import (
28    write_payments_log, process_response, query_history)
29from kofacustom.nigeria.students.browser import NigeriaOnlinePaymentDisplayFormPage as NOPDPStudent
30from kofacustom.nigeria.payments.interfaces import INigeriaOnlinePayment
31from kofacustom.nigeria.students.interfaces import INigeriaStudentOnlinePayment
32from kofacustom.nigeria.interfaces import MessageFactory as _
33
34from kofacustom.nigeria.etranzact.tests import (
35    TERMINAL_ID, HOST, HTTPS, SECRET_KEY, LOGO_URL, GATEWAY_AMT)
36
37grok.templatedir('browser_templates')
38
39def webconnect_module_activated(session, payment):
40    if payment.r_company and payment.r_company != 'etranzact':
41        return False
42    try:
43        return getattr(grok.getSite()['configuration'][str(session)],
44            'etranzact_webconnect_enabled', False)
45    except KeyError:
46        return False
47
48class EtranzactActionButtonStudent(ManageActionButton):
49    grok.order(1)
50    grok.context(INigeriaOnlinePayment)
51    grok.view(NOPDPStudent)
52    grok.require('waeup.payStudent')
53    icon = 'actionicon_pay.png'
54    text = _('Pay via Etranzact WebConnect')
55    target = 'goto_etranzact'
56
57    @property
58    def target_url(self):
59        if not webconnect_module_activated(
60            self.context.student.current_session, self.context):
61            return ''
62        if self.context.p_state != 'unpaid':
63            return ''
64        return self.view.url(self.view.context, self.target)
65
66class EtranzactRequeryActionButtonStudent(ManageActionButton):
67    grok.order(2)
68    grok.context(INigeriaOnlinePayment)
69    grok.view(NOPDPStudent)
70    grok.require('waeup.payStudent')
71    icon = 'actionicon_call.png'
72    text = _('Requery Etranzact WebConnect History')
73    target = 'requery_history'
74
75    @property
76    def target_url(self):
77        if not webconnect_module_activated(
78            self.context.student.current_session, self.context):
79            return ''
80        if self.context.p_state in ('paid', 'waived', 'scholarship'):
81            return ''
82        return self.view.url(self.view.context, self.target)
83
84class EtranzactPageStudent(KofaPage):
85    """ View which sends a POST request to the Etranzact payment gateway.
86    """
87    grok.context(INigeriaStudentOnlinePayment)
88    grok.name('goto_etranzact')
89    grok.template('goto_etranzact')
90    grok.require('waeup.payStudent')
91    label = _('Pay via Etranzact')
92    submit_button = _('Pay now')
93
94    host = HOST
95    https = HTTPS
96    secret_key = SECRET_KEY
97    terminal_id = TERMINAL_ID
98    logo_url = LOGO_URL
99    gateway_amt = GATEWAY_AMT
100
101    @property
102    def action(self):
103        if self.https:
104            return 'https://' + self.host + '/webconnect/v3/caller.jsp'
105        return 'http://' + self.host + '/webconnect/v3/caller.jsp'
106
107    def init_update(self):
108        if self.context.p_state == 'paid':
109            return _("Payment ticket can't be re-sent to Etranzact.")
110        now = datetime.utcnow()
111        if self.context.creation_date.tzinfo is not None:
112            # That's bad. Please store timezone-naive datetimes only!
113            now = self.context.creation_date.tzinfo.localize(now)
114        time_delta = now - self.context.creation_date
115        if time_delta.days > 7:
116            return _("This payment ticket is too old. Please create a new ticket.")
117        # In contrast to the procedure in the Remita and Interswitch modules,
118        # we do not call requery_history but receive and evaluate
119        # the response form from Etranzact directly. This is possible
120        # because Etranzact provides the FINAL_CHECKSUM hash value
121        # which authenticates the response.
122        self.responseurl = self.url(self.context, 'receive_etranzact')
123        self.transaction_id = self.context.p_id
124        hashargs =      self.amount + self.terminal_id + self.transaction_id \
125            + self.responseurl + self.secret_key
126        self.hashvalue = hashlib.md5(hashargs).hexdigest()
127        self.customer = self.context.student
128        return
129
130    def update(self):
131        if not webconnect_module_activated(
132            self.context.student.current_session, self.context):
133            self.flash(_('Forbidden'), type='danger')
134            self.redirect(self.url(self.context, '@@index'))
135            return
136        # Already now it becomes an Etranzact payment. We set the net amount
137        # and add the gateway amount.
138        if not self.context.r_company:
139            self.context.net_amt = self.context.amount_auth
140            self.context.amount_auth += self.gateway_amt
141            self.context.gateway_amt = self.gateway_amt
142            self.context.r_company = u'etranzact'
143        self.amount = "%.1f" % self.context.amount_auth
144        error = self.init_update()
145        if error:
146            self.flash(error, type='danger')
147            self.redirect(self.url(self.context, '@@index'))
148            return
149        return
150
151class EtranzactReceiveResponseStudent(NOPDPStudent):
152    """ View that receives the response from eTrantact payment gateway.
153    """
154    grok.name('receive_etranzact')
155
156    secret_key = SECRET_KEY
157    terminal_id = TERMINAL_ID
158
159    def update(self):
160        super(EtranzactReceiveResponseStudent, self).update()
161        if not webconnect_module_activated(
162            self.context.student.current_session, self.context):
163            self.flash(_('Forbidden'), type='danger')
164            self.redirect(self.url(self.context, '@@index'))
165            return
166        student = self.context.student
167        form = self.request.form
168        verify = False
169        if self.context.p_state == 'paid':
170            verify = True
171        success, msg, log = process_response(self.context, form, self, verify)
172        student.writeLogMessage(self, log)
173        if not success:
174            self.flash(msg, type='danger')
175            return
176        write_payments_log(student.student_id, self.context)
177        flashtype, msg, log = self.context.doAfterStudentPayment()
178        if log is not None:
179            student.writeLogMessage(self, log)
180        self.flash(msg, type=flashtype)
181        return
182
183class EtranzactRequestPaymentStatusPageStudent(UtilityView, grok.View):
184    """ Request webservice view for the Etranzact gateway.
185    """
186    grok.context(INigeriaStudentOnlinePayment)
187    grok.name('requery_history')
188    grok.require('waeup.payStudent')
189
190    host = HOST
191    https = HTTPS
192    secret_key = SECRET_KEY
193    terminal_id = TERMINAL_ID
194    logo_url = LOGO_URL
195
196    def update(self):
197        if not webconnect_module_activated(
198            self.context.student.current_session, self.context):
199            self.flash(_('Forbidden'), type='danger')
200            self.redirect(self.url(self.context, '@@index'))
201            return
202        if self.context.p_state in ('paid', 'waived', 'scholarship'):
203            self.flash(_('This ticket has already been paid.'), type='danger')
204            return
205        student = self.context.student
206        verify = False
207        raw, form = query_history(self.host, self.terminal_id,
208                                  self.context.p_id, self.https)
209        success, msg, log = process_response(self.context, form, self, verify)
210        student.writeLogMessage(self, log)
211        if not success:
212            self.flash(msg, type='danger')
213            return
214        write_payments_log(student.student_id, self.context)
215        flashtype, msg, log = self.context.doAfterStudentPayment()
216        if log is not None:
217            student.writeLogMessage(self, log)
218        self.flash(msg, type=flashtype)
219        return
220
221    def render(self):
222        self.redirect(self.url(self.context))
223        return
Note: See TracBrowser for help on using the repository browser.