New annoying banner.
[wolnelektury.git] / src / club / payu / views.py
1 from hashlib import md5, sha256
2 from django.conf import settings
3 from django import http
4 from django.shortcuts import get_object_or_404
5 from django.utils.decorators import method_decorator
6 from django.utils.translation import get_language
7 from django.views.decorators.csrf import csrf_exempt
8 from django.views.generic import FormView, TemplateView, View
9
10
11 class Payment(TemplateView):
12     pass
13
14
15 class RecPayment(FormView):
16     """ Set form_class to a CardTokenForm. """
17     template_name = 'payu/rec_payment.html'
18
19     def get_context_data(self, *args, **kwargs):
20         ctx = super().get_context_data(*args, **kwargs)
21
22         schedule = self.get_schedule()
23         pos = self.get_pos()
24
25         widget_args = {
26             'merchant-pos-id': pos.pos_id,
27             'shop-name': "SHOW NAME",
28             'total-amount': str(int(schedule.amount * 100)),
29             'currency-code': pos.currency_code,
30             'customer-language': get_language(), # filter to pos.languages
31             'customer-email': schedule.email,
32             'store-card': 'true',
33             'recurring-payment': 'true',
34         }
35         widget_sig = sha256(
36             (
37                 "".join(v for (k, v) in sorted(widget_args.items())) +
38                 pos.secondary_key
39             ).encode('utf-8')
40         ).hexdigest()
41
42         ctx['widget_args'] = widget_args
43         ctx['widget_sig'] = widget_sig
44         ctx['schedule'] = schedule
45         ctx['pos'] = pos
46         return ctx
47
48     def form_valid(self, form):
49         form.save(self)
50         return super().form_valid(form)
51
52
53
54 @method_decorator(csrf_exempt, name='dispatch')
55 class NotifyView(View):
56     """ Set `order_model` in subclass. """
57     def post(self, request, pk):
58         order = get_object_or_404(self.order_model, pk=pk)
59
60         try:
61             openpayu = request.META['HTTP_OPENPAYU_SIGNATURE']
62             openpayu = dict(term.split('=') for term in openpayu.split(';'))
63             assert openpayu['algorithm'] == 'MD5'
64             assert openpayu['content'] == 'DOCUMENT'
65             assert openpayu['sender'] == 'checkout'
66             sig = openpayu['signature']
67         except (KeyError, ValueError, AssertionError):
68             return http.HttpResponseBadRequest('bad')
69
70         document = request.body + order.get_pos().secondary_key.encode('latin1')
71         if md5(document).hexdigest() != sig:
72             return http.HttpResponseBadRequest('wrong')
73
74         notification = order.notification_set.create(
75             body=request.body
76         )
77         notification.apply()
78
79         return http.HttpResponse('ok')