Sith/eboutic/views.py

302 lines
12 KiB
Python
Raw Normal View History

# -*- coding:utf-8 -*
#
# Copyright 2016,2017
# - Skia <skia@libskia.so>
#
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
# http://ae.utbm.fr.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License a published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
# Place - Suite 330, Boston, MA 02111-1307, USA.
#
#
2016-07-24 16:26:03 +00:00
from collections import OrderedDict
from datetime import datetime
import hmac
import base64
from OpenSSL import crypto
from django.urls import reverse_lazy
from django.views.generic import TemplateView, View
from django.http import HttpResponse, HttpResponseRedirect
from django.core.exceptions import SuspiciousOperation
from django.db import transaction, DataError
from django.utils.translation import ugettext as _
2016-07-24 16:26:03 +00:00
from django.conf import settings
2017-01-04 18:39:37 +00:00
from counter.models import Customer, Counter, ProductType, Selling
2017-06-12 07:50:08 +00:00
from eboutic.models import Basket, Invoice, InvoiceItem
class EbouticMain(TemplateView):
2018-10-04 19:29:19 +00:00
template_name = "eboutic/eboutic_main.jinja"
2016-07-26 17:39:19 +00:00
def make_basket(self, request):
2018-10-04 19:29:19 +00:00
if "basket_id" not in request.session.keys(): # Init the basket session entry
2016-07-26 17:39:19 +00:00
self.basket = Basket(user=request.user)
self.basket.save()
else:
2018-10-04 19:29:19 +00:00
self.basket = Basket.objects.filter(id=request.session["basket_id"]).first()
2016-07-26 17:39:19 +00:00
if self.basket is None:
self.basket = Basket(user=request.user)
self.basket.save()
2018-10-04 19:29:19 +00:00
request.session["basket_id"] = self.basket.id
2016-07-26 17:39:19 +00:00
request.session.modified = True
def get(self, request, *args, **kwargs):
2016-07-26 17:39:19 +00:00
if not request.user.is_authenticated():
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("core:login", args=self.args, kwargs=kwargs)
+ "?next="
+ request.path
)
2017-01-04 18:39:37 +00:00
self.object = Counter.objects.filter(type="EBOUTIC").first()
2016-07-26 17:39:19 +00:00
self.make_basket(request)
return super(EbouticMain, self).get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
2016-07-26 17:39:19 +00:00
if not request.user.is_authenticated():
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("core:login", args=self.args, kwargs=kwargs)
+ "?next="
+ request.path
)
2017-01-04 18:39:37 +00:00
self.object = Counter.objects.filter(type="EBOUTIC").first()
2016-07-26 17:39:19 +00:00
self.make_basket(request)
2018-10-04 19:29:19 +00:00
if "add_product" in request.POST["action"]:
self.add_product(request)
2018-10-04 19:29:19 +00:00
elif "del_product" in request.POST["action"]:
self.del_product(request)
return self.render_to_response(self.get_context_data(**kwargs))
2016-07-26 17:39:19 +00:00
def add_product(self, request):
""" Add a product to the basket """
2016-07-26 17:39:19 +00:00
try:
2018-10-04 19:29:19 +00:00
p = self.object.products.filter(id=int(request.POST["product_id"])).first()
if not p.buying_groups.exists():
self.basket.add_product(p)
for g in p.buying_groups.all():
if request.user.is_in_group(g.name):
self.basket.add_product(p)
break
2016-08-20 20:15:54 +00:00
except:
pass
def del_product(self, request):
""" Delete a product from the basket """
2016-07-26 17:39:19 +00:00
try:
2018-10-04 19:29:19 +00:00
p = self.object.products.filter(id=int(request.POST["product_id"])).first()
2016-07-26 17:39:19 +00:00
self.basket.del_product(p)
except:
pass
def get_context_data(self, **kwargs):
kwargs = super(EbouticMain, self).get_context_data(**kwargs)
2018-10-04 19:29:19 +00:00
kwargs["basket"] = self.basket
kwargs["eboutic"] = Counter.objects.filter(type="EBOUTIC").first()
kwargs["categories"] = ProductType.objects.all()
if not self.request.user.was_subscribed:
2018-10-04 19:29:19 +00:00
kwargs["categories"] = kwargs["categories"].exclude(
id=settings.SITH_PRODUCTTYPE_SUBSCRIPTION
)
return kwargs
2017-06-12 07:50:08 +00:00
class EbouticCommand(TemplateView):
2018-10-04 19:29:19 +00:00
template_name = "eboutic/eboutic_makecommand.jinja"
2016-07-24 16:26:03 +00:00
def get(self, request, *args, **kwargs):
2016-07-26 17:39:19 +00:00
if not request.user.is_authenticated():
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("core:login", args=self.args, kwargs=kwargs)
+ "?next="
+ request.path
)
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
2016-07-24 16:26:03 +00:00
def post(self, request, *args, **kwargs):
2016-07-26 16:28:36 +00:00
if not request.user.is_authenticated():
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("core:login", args=self.args, kwargs=kwargs)
+ "?next="
+ request.path
)
if "basket_id" not in request.session.keys():
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
self.basket = Basket.objects.filter(id=request.session["basket_id"]).first()
2016-07-26 17:39:19 +00:00
if self.basket is None:
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
2016-07-26 17:39:19 +00:00
else:
2018-10-04 19:29:19 +00:00
kwargs["basket"] = self.basket
return self.render_to_response(self.get_context_data(**kwargs))
2016-07-24 16:26:03 +00:00
def get_context_data(self, **kwargs):
kwargs = super(EbouticCommand, self).get_context_data(**kwargs)
2018-10-04 19:29:19 +00:00
kwargs["et_request"] = OrderedDict()
kwargs["et_request"]["PBX_SITE"] = settings.SITH_EBOUTIC_PBX_SITE
kwargs["et_request"]["PBX_RANG"] = settings.SITH_EBOUTIC_PBX_RANG
kwargs["et_request"]["PBX_IDENTIFIANT"] = settings.SITH_EBOUTIC_PBX_IDENTIFIANT
kwargs["et_request"]["PBX_TOTAL"] = int(self.basket.get_total() * 100)
kwargs["et_request"][
"PBX_DEVISE"
] = 978 # This is Euro. ET support only this value anyway
kwargs["et_request"]["PBX_CMD"] = self.basket.id
kwargs["et_request"]["PBX_PORTEUR"] = self.basket.user.email
kwargs["et_request"]["PBX_RETOUR"] = "Amount:M;BasketID:R;Auto:A;Error:E;Sig:K"
kwargs["et_request"]["PBX_HASH"] = "SHA512"
kwargs["et_request"]["PBX_TYPEPAIEMENT"] = "CARTE"
kwargs["et_request"]["PBX_TYPECARTE"] = "CB"
kwargs["et_request"]["PBX_TIME"] = str(
datetime.now().replace(microsecond=0).isoformat("T")
)
kwargs["et_request"]["PBX_HMAC"] = (
hmac.new(
settings.SITH_EBOUTIC_HMAC_KEY,
bytes(
"&".join(
["%s=%s" % (k, v) for k, v in kwargs["et_request"].items()]
),
"utf-8",
),
"sha512",
)
.hexdigest()
.upper()
)
2016-07-24 16:26:03 +00:00
return kwargs
2017-06-12 07:50:08 +00:00
class EbouticPayWithSith(TemplateView):
2018-10-04 19:29:19 +00:00
template_name = "eboutic/eboutic_payment_result.jinja"
def post(self, request, *args, **kwargs):
try:
with transaction.atomic():
2018-10-04 19:29:19 +00:00
if (
"basket_id" not in request.session.keys()
or not request.user.is_authenticated()
):
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
b = Basket.objects.filter(id=request.session["basket_id"]).first()
if (
b is None
or b.items.filter(
type_id=settings.SITH_COUNTER_PRODUCTTYPE_REFILLING
).exists()
):
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
2016-07-26 13:10:48 +00:00
c = Customer.objects.filter(user__id=b.user.id).first()
if c is None:
2018-10-04 19:29:19 +00:00
return HttpResponseRedirect(
reverse_lazy("eboutic:main", args=self.args, kwargs=kwargs)
)
kwargs["not_enough"] = True
if c.amount < b.get_total():
2016-07-26 13:10:48 +00:00
raise DataError(_("You do not have enough money to buy the basket"))
else:
eboutic = Counter.objects.filter(type="EBOUTIC").first()
for it in b.items.all():
2017-01-04 18:39:37 +00:00
product = eboutic.products.filter(id=it.product_id).first()
Selling(
2017-06-12 07:50:08 +00:00
label=it.product_name,
counter=eboutic,
club=product.club,
product=product,
seller=c.user,
customer=c,
unit_price=it.product_unit_price,
quantity=it.quantity,
payment_method="SITH_ACCOUNT",
).save()
2016-07-26 17:39:19 +00:00
b.delete()
2018-10-04 19:29:19 +00:00
kwargs["not_enough"] = False
request.session.pop("basket_id", None)
except DataError as e:
2018-10-04 19:29:19 +00:00
kwargs["not_enough"] = True
return self.render_to_response(self.get_context_data(**kwargs))
2017-06-12 07:50:08 +00:00
class EtransactionAutoAnswer(View):
# Response documentation http://www1.paybox.com/espace-integrateur-documentation/la-solution-paybox-system/gestion-de-la-reponse/
2016-07-24 16:26:03 +00:00
def get(self, request, *args, **kwargs):
2018-10-04 19:29:19 +00:00
if (
not "Amount" in request.GET.keys()
or not "BasketID" in request.GET.keys()
or not "Auto"
in request.GET.keys() # If not in the request it means the payment has been refused
2018-10-04 19:29:19 +00:00
or not "Error" in request.GET.keys()
or not "Sig" in request.GET.keys()
):
2016-07-26 13:10:48 +00:00
return HttpResponse("Bad arguments", status=400)
2016-07-24 16:26:03 +00:00
key = crypto.load_publickey(crypto.FILETYPE_PEM, settings.SITH_EBOUTIC_PUB_KEY)
cert = crypto.X509()
cert.set_pubkey(key)
2018-10-04 19:29:19 +00:00
sig = base64.b64decode(request.GET["Sig"])
2016-07-24 16:26:03 +00:00
try:
2018-10-04 19:29:19 +00:00
crypto.verify(
cert,
sig,
"&".join(request.META["QUERY_STRING"].split("&")[:-1]),
"sha1",
)
2016-07-24 16:26:03 +00:00
except:
2016-07-26 13:10:48 +00:00
return HttpResponse("Bad signature", status=400)
2018-10-04 19:29:19 +00:00
if request.GET["Error"] == "00000":
try:
with transaction.atomic():
2018-10-04 19:29:19 +00:00
b = (
Basket.objects.select_for_update()
.filter(id=request.GET["BasketID"])
.first()
)
if b is None:
raise SuspiciousOperation("Basket does not exists")
if int(b.get_total() * 100) != int(request.GET["Amount"]):
raise SuspiciousOperation(
"Basket total and amount do not match"
)
i = Invoice()
i.user = b.user
i.payment_method = "CARD"
i.save()
for it in b.items.all():
2018-10-04 19:29:19 +00:00
InvoiceItem(
invoice=i,
product_id=it.product_id,
product_name=it.product_name,
type_id=it.type_id,
product_unit_price=it.product_unit_price,
quantity=it.quantity,
).save()
i.validate()
b.delete()
except Exception as e:
2017-06-12 07:50:08 +00:00
return HttpResponse("Payment failed with error: " + repr(e), status=400)
2016-07-26 17:39:19 +00:00
return HttpResponse()
2016-07-24 16:26:03 +00:00
else:
2018-10-04 19:29:19 +00:00
return HttpResponse(
"Payment failed with error: " + request.GET["Error"], status=400
)