2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# Copyright 2023 © AE UTBM
|
|
|
|
# ae@utbm.fr / ae.info@utbm.fr
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# This file is part of the website of the UTBM Student Association (AE UTBM),
|
|
|
|
# https://ae.utbm.fr.
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# You can find the source code of the website at https://github.com/ae-utbm/sith3
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
|
|
|
|
# SEE : https://raw.githubusercontent.com/ae-utbm/sith3/master/LICENSE
|
|
|
|
# OR WITHIN THE LOCAL FILE "LICENSE"
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
|
|
|
#
|
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
import base64
|
|
|
|
import json
|
2022-12-14 07:38:41 +00:00
|
|
|
from datetime import datetime
|
|
|
|
from urllib.parse import unquote
|
2024-06-24 11:07:36 +00:00
|
|
|
|
|
|
|
import sentry_sdk
|
2024-06-26 13:29:05 +00:00
|
|
|
from cryptography.exceptions import InvalidSignature
|
|
|
|
from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15
|
|
|
|
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
|
|
|
|
from cryptography.hazmat.primitives.hashes import SHA1
|
|
|
|
from cryptography.hazmat.primitives.serialization import load_pem_public_key
|
2022-09-25 19:29:42 +00:00
|
|
|
from django.conf import settings
|
|
|
|
from django.contrib.auth.decorators import login_required
|
|
|
|
from django.core.exceptions import SuspiciousOperation
|
2024-06-24 11:07:36 +00:00
|
|
|
from django.db import DatabaseError, transaction
|
|
|
|
from django.http import HttpRequest, HttpResponse
|
|
|
|
from django.shortcuts import redirect, render
|
2022-09-25 19:29:42 +00:00
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
from django.views.decorators.http import require_GET, require_POST
|
|
|
|
from django.views.generic import TemplateView, View
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2022-11-28 16:03:46 +00:00
|
|
|
from counter.forms import BillingInfoForm
|
2024-06-24 11:07:36 +00:00
|
|
|
from counter.models import Counter, Customer, Product
|
2022-09-25 19:29:42 +00:00
|
|
|
from eboutic.forms import BasketForm
|
|
|
|
from eboutic.models import Basket, Invoice, InvoiceItem, get_eboutic_products
|
2016-07-21 23:19:50 +00:00
|
|
|
|
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
@login_required
|
|
|
|
@require_GET
|
|
|
|
def eboutic_main(request: HttpRequest) -> HttpResponse:
|
|
|
|
"""
|
|
|
|
Main view of the eboutic application.
|
|
|
|
Return an Http response whose content is of type text/html.
|
|
|
|
The latter represents the page from which a user can see
|
|
|
|
the catalogue of products that he can buy and fill
|
|
|
|
his shopping cart.
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
The purchasable products are those of the eboutic which
|
|
|
|
belong to a category of products of a product category
|
|
|
|
(orphan products are inaccessible).
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
If the session contains a key-value pair that associates "errors"
|
|
|
|
with a list of strings, this pair is removed from the session
|
|
|
|
and its value displayed to the user when the page is rendered.
|
|
|
|
"""
|
|
|
|
errors = request.session.pop("errors", None)
|
|
|
|
products = get_eboutic_products(request.user)
|
|
|
|
context = {
|
|
|
|
"errors": errors,
|
|
|
|
"products": products,
|
|
|
|
"customer_amount": request.user.account_balance,
|
|
|
|
}
|
|
|
|
return render(request, "eboutic/eboutic_main.jinja", context)
|
2016-07-21 23:19:50 +00:00
|
|
|
|
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
@require_GET
|
|
|
|
@login_required
|
|
|
|
def payment_result(request, result: str) -> HttpResponse:
|
|
|
|
context = {"success": result == "success"}
|
|
|
|
return render(request, "eboutic/eboutic_payment_result.jinja", context)
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2017-06-12 07:50:08 +00:00
|
|
|
|
2016-07-21 23:19:50 +00:00
|
|
|
class EbouticCommand(TemplateView):
|
2018-10-04 19:29:19 +00:00
|
|
|
template_name = "eboutic/eboutic_makecommand.jinja"
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
@method_decorator(login_required)
|
2022-11-28 16:03:46 +00:00
|
|
|
def post(self, request, *args, **kwargs):
|
2022-09-25 19:29:42 +00:00
|
|
|
return redirect("eboutic:main")
|
2016-07-24 16:26:03 +00:00
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
@method_decorator(login_required)
|
2022-11-28 16:03:46 +00:00
|
|
|
def get(self, request: HttpRequest, *args, **kwargs):
|
2022-09-25 19:29:42 +00:00
|
|
|
form = BasketForm(request)
|
|
|
|
if not form.is_valid():
|
|
|
|
request.session["errors"] = form.get_error_messages()
|
|
|
|
request.session.modified = True
|
|
|
|
res = redirect("eboutic:main")
|
|
|
|
res.set_cookie("basket_items", form.get_cleaned_cookie(), path="/eboutic")
|
|
|
|
return res
|
|
|
|
|
2022-11-28 16:03:46 +00:00
|
|
|
basket = Basket.from_session(request.session)
|
|
|
|
if basket is not None:
|
2022-09-25 19:29:42 +00:00
|
|
|
basket.clear()
|
2016-07-26 17:39:19 +00:00
|
|
|
else:
|
2022-09-25 19:29:42 +00:00
|
|
|
basket = Basket.objects.create(user=request.user)
|
2022-11-28 16:03:46 +00:00
|
|
|
request.session["basket_id"] = basket.id
|
|
|
|
request.session.modified = True
|
2022-09-25 19:29:42 +00:00
|
|
|
|
2022-12-14 07:38:41 +00:00
|
|
|
items = json.loads(unquote(request.COOKIES["basket_items"]))
|
2022-11-28 16:03:46 +00:00
|
|
|
items.sort(key=lambda item: item["id"])
|
|
|
|
ids = [item["id"] for item in items]
|
|
|
|
quantities = [item["quantity"] for item in items]
|
|
|
|
products = Product.objects.filter(id__in=ids)
|
|
|
|
for product, qty in zip(products, quantities):
|
|
|
|
basket.add_product(product, qty)
|
2022-09-25 19:29:42 +00:00
|
|
|
kwargs["basket"] = basket
|
2016-07-21 23:19:50 +00:00
|
|
|
return self.render_to_response(self.get_context_data(**kwargs))
|
|
|
|
|
2016-07-24 16:26:03 +00:00
|
|
|
def get_context_data(self, **kwargs):
|
2022-11-28 16:03:46 +00:00
|
|
|
# basket is already in kwargs when the method is called
|
|
|
|
default_billing_info = None
|
2019-10-24 12:40:26 +00:00
|
|
|
if hasattr(self.request.user, "customer"):
|
2022-11-28 16:03:46 +00:00
|
|
|
customer = self.request.user.customer
|
|
|
|
kwargs["customer_amount"] = customer.amount
|
|
|
|
if hasattr(customer, "billing_infos"):
|
|
|
|
default_billing_info = customer.billing_infos
|
2019-10-24 12:40:26 +00:00
|
|
|
else:
|
|
|
|
kwargs["customer_amount"] = None
|
2022-11-28 16:03:46 +00:00
|
|
|
kwargs["must_fill_billing_infos"] = default_billing_info is None
|
|
|
|
if not kwargs["must_fill_billing_infos"]:
|
|
|
|
# the user has already filled its billing_infos, thus we can
|
|
|
|
# get it without expecting an error
|
|
|
|
data = kwargs["basket"].get_e_transaction_data()
|
|
|
|
data = {"data": [{"key": key, "value": val} for key, val in data]}
|
|
|
|
kwargs["billing_infos"] = json.dumps(data)
|
|
|
|
kwargs["billing_form"] = BillingInfoForm(instance=default_billing_info)
|
2016-07-24 16:26:03 +00:00
|
|
|
return kwargs
|
|
|
|
|
2017-06-12 07:50:08 +00:00
|
|
|
|
2022-11-28 16:03:46 +00:00
|
|
|
@login_required
|
|
|
|
@require_GET
|
|
|
|
def e_transaction_data(request):
|
|
|
|
basket = Basket.from_session(request.session)
|
|
|
|
if basket is None:
|
|
|
|
return HttpResponse(status=404, content=json.dumps({"data": []}))
|
|
|
|
data = basket.get_e_transaction_data()
|
|
|
|
data = {"data": [{"key": key, "value": val} for key, val in data]}
|
|
|
|
return HttpResponse(status=200, content=json.dumps(data))
|
|
|
|
|
|
|
|
|
2022-09-25 19:29:42 +00:00
|
|
|
@login_required
|
|
|
|
@require_POST
|
|
|
|
def pay_with_sith(request):
|
|
|
|
basket = Basket.from_session(request.session)
|
|
|
|
refilling = settings.SITH_COUNTER_PRODUCTTYPE_REFILLING
|
|
|
|
if basket is None or basket.items.filter(type_id=refilling).exists():
|
|
|
|
return redirect("eboutic:main")
|
|
|
|
c = Customer.objects.filter(user__id=basket.user.id).first()
|
|
|
|
if c is None:
|
|
|
|
return redirect("eboutic:main")
|
|
|
|
if c.amount < basket.get_total():
|
|
|
|
res = redirect("eboutic:payment_result", "failure")
|
|
|
|
else:
|
|
|
|
eboutic = Counter.objects.filter(type="EBOUTIC").first()
|
2022-11-28 16:03:46 +00:00
|
|
|
sales = basket.generate_sales(eboutic, c.user, "SITH_ACCOUNT")
|
2016-07-21 23:19:50 +00:00
|
|
|
try:
|
|
|
|
with transaction.atomic():
|
2022-11-28 16:03:46 +00:00
|
|
|
for sale in sales:
|
|
|
|
sale.save()
|
2022-09-25 19:29:42 +00:00
|
|
|
basket.delete()
|
2022-11-28 16:03:46 +00:00
|
|
|
request.session.pop("basket_id", None)
|
|
|
|
res = redirect("eboutic:payment_result", "success")
|
2022-09-25 19:29:42 +00:00
|
|
|
except DatabaseError as e:
|
|
|
|
with sentry_sdk.push_scope() as scope:
|
|
|
|
scope.user = {"username": request.user.username}
|
|
|
|
scope.set_extra("someVariable", e.__repr__())
|
|
|
|
sentry_sdk.capture_message(
|
|
|
|
f"Erreur le {datetime.now()} dans eboutic.pay_with_sith"
|
|
|
|
)
|
|
|
|
res = redirect("eboutic:payment_result", "failure")
|
|
|
|
res.delete_cookie("basket_items", "/eboutic")
|
|
|
|
return res
|
2016-07-21 23:19:50 +00:00
|
|
|
|
2017-06-12 07:50:08 +00:00
|
|
|
|
2016-07-21 23:19:50 +00:00
|
|
|
class EtransactionAutoAnswer(View):
|
2023-04-20 12:43:46 +00:00
|
|
|
# Response documentation
|
|
|
|
# https://www1.paybox.com/espace-integrateur-documentation/la-solution-paybox-system/gestion-de-la-reponse/
|
2016-07-24 16:26:03 +00:00
|
|
|
def get(self, request, *args, **kwargs):
|
2022-11-28 16:03:46 +00:00
|
|
|
required = {"Amount", "BasketID", "Error", "Sig"}
|
|
|
|
if not required.issubset(set(request.GET.keys())):
|
2016-07-26 13:10:48 +00:00
|
|
|
return HttpResponse("Bad arguments", status=400)
|
2024-06-26 13:29:05 +00:00
|
|
|
pubkey: RSAPublicKey = load_pem_public_key(
|
|
|
|
settings.SITH_EBOUTIC_PUB_KEY.encode("utf-8")
|
|
|
|
)
|
|
|
|
signature = base64.b64decode(request.GET["Sig"])
|
2016-07-24 16:26:03 +00:00
|
|
|
try:
|
2024-06-26 13:29:05 +00:00
|
|
|
data = "&".join(request.META["QUERY_STRING"].split("&")[:-1])
|
|
|
|
pubkey.verify(signature, data.encode("utf-8"), PKCS1v15(), SHA1())
|
|
|
|
except InvalidSignature:
|
2016-07-26 13:10:48 +00:00
|
|
|
return HttpResponse("Bad signature", status=400)
|
2022-02-28 08:57:41 +00:00
|
|
|
# Payment authorized:
|
|
|
|
# * 'Error' is '00000'
|
|
|
|
# * 'Auto' is in the request
|
|
|
|
if request.GET["Error"] == "00000" and "Auto" in request.GET.keys():
|
2016-11-09 23:35:13 +00:00
|
|
|
try:
|
|
|
|
with transaction.atomic():
|
2018-10-04 19:29:19 +00:00
|
|
|
b = (
|
|
|
|
Basket.objects.select_for_update()
|
|
|
|
.filter(id=request.GET["BasketID"])
|
|
|
|
.first()
|
|
|
|
)
|
2016-11-09 23:35:13 +00:00
|
|
|
if b is None:
|
|
|
|
raise SuspiciousOperation("Basket does not exists")
|
2019-03-15 00:48:42 +00:00
|
|
|
if int(b.get_total() * 100) != int(request.GET["Amount"]):
|
|
|
|
raise SuspiciousOperation(
|
|
|
|
"Basket total and amount do not match"
|
|
|
|
)
|
2016-11-09 23:35:13 +00:00
|
|
|
i = Invoice()
|
|
|
|
i.user = b.user
|
|
|
|
i.payment_method = "CARD"
|
|
|
|
i.save()
|
|
|
|
for it in b.items.all():
|
2018-10-04 19:29:19 +00:00
|
|
|
InvoiceItem(
|
|
|
|
invoice=i,
|
|
|
|
product_id=it.product_id,
|
|
|
|
product_name=it.product_name,
|
|
|
|
type_id=it.type_id,
|
|
|
|
product_unit_price=it.product_unit_price,
|
|
|
|
quantity=it.quantity,
|
|
|
|
).save()
|
2016-11-09 23:35:13 +00:00
|
|
|
i.validate()
|
|
|
|
b.delete()
|
|
|
|
except Exception as e:
|
2022-01-04 13:45:19 +00:00
|
|
|
return HttpResponse(
|
|
|
|
"Basket processing failed with error: " + repr(e), status=500
|
|
|
|
)
|
2022-09-25 19:29:42 +00:00
|
|
|
return HttpResponse("Payment successful", status=200)
|
2016-07-24 16:26:03 +00:00
|
|
|
else:
|
2018-10-04 19:29:19 +00:00
|
|
|
return HttpResponse(
|
2022-01-04 13:45:19 +00:00
|
|
|
"Payment failed with error: " + request.GET["Error"], status=202
|
2018-10-04 19:29:19 +00:00
|
|
|
)
|