public override async Task <IShopOrder> HandleCallbackAsync(HttpContextBase context)
{
var orderid = await ResolveOrderIdFromRequestAsync(context.Request);
using (var data = new DataConnection())
{
var order = data.Get <IShopOrder>().Single(f => f.Id == orderid);
if (order == null)
{
ECommerceLog.WriteLog("Error, no order with number " + orderid);
return(null);
}
var form = context.Request.Form;
var paymentRequest = data.Get <IPaymentRequest>().Single(r => r.ShopOrderId == order.Id);
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = OrderDataToXml(form);
paymentRequest.AuthorizationTransactionId = Guid.NewGuid().ToString().Substring(0, 32);
paymentRequest.PaymentMethod = PaymentMethods;
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
return(order);
}
}
private bool TryAuthorizeOrder(JObject json, out IShopOrder order)
{
var orderId = json["order_id"].Value <string>();
using (var data = new DataConnection())
{
order = data.Get <IShopOrder>().SingleOrDefault(f => f.Id == orderId);
if (order == null)
{
ECommerceLog.WriteLog("Invalid orderid " + orderId);
return(false);
}
if (order.PaymentStatus == (int)PaymentStatus.Authorized)
{
order.WriteLog("debug", "Payment is already authorized");
return(true);
}
var accepted = json["accepted"].Value <bool>();
if (!accepted)
{
order.WriteLog("debug", "Payment wasn't accepted");
return(false);
}
var testMode = json["test_mode"].Value <bool>();
if (testMode && !IsTestMode)
{
order.WriteLog("debug", "Payment was made with a test card but we're not in testmode");
return(false);
}
var paymentRequest = data.Get <IPaymentRequest>().Single(r => r.ShopOrderId == orderId);
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = json.ToString();
paymentRequest.AuthorizationTransactionId = json["id"].Value <int>().ToString();
paymentRequest.PaymentMethod = json["metadata"]["type"].Value <string>();
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
return(true);
}
}
public void Execute(BackgroundProcessContext context)
{
try
{
SetCultureFromWebConfig();
ECommerceLog.WriteLog("Worker is starting, orderprocessor is " + ECommerce.OrderProcessor.GetType().FullName);
var ticker = 60;
using (ThreadDataManager.EnsureInitialize())
{
while (!context.IsShutdownRequested)
{
try
{
if (!_processOrdersNow && ticker != 60)
{
continue;
}
_processOrdersNow = false;
PostProcessPendingOrders(context);
}
catch (Exception ex)
{
ECommerceLog.WriteLog("Unhandled error when postprocessing orders", ex);
}
finally
{
if (ticker == 60)
{
ticker = 0;
}
ticker = ticker + 1;
context.CancellationToken.WaitHandle.WaitOne(OneSecond);
context.CancellationToken.ThrowIfCancellationRequested();
}
}
}
}
catch (OperationCanceledException) { }
catch (Exception ex)
{
ECommerceLog.WriteLog("Unhandled error in ThreadDataManager, worker is stopping", ex);
}
}
public override async Task <IShopOrder> HandleCallbackAsync(HttpContextBase context)
{
//http://tech.quickpay.net/api/callback/
var input = await GetRequestContentsAsync(context.Request);
var checkSum = context.Request.Headers.Get("Quickpay-Checksum-Sha256");
if (checkSum != Sign(input, PrivateKey))
{
ECommerceLog.WriteLog("Error validating the checksum");
return(null);
}
var json = (JObject)JsonConvert.DeserializeObject(input);
IShopOrder order;
return(TryAuthorizeOrder(json, out order) ? order : null);
}
public override async Task <IShopOrder> HandleCallbackAsync(HttpContextBase context)
{
// http://tech.dibs.dk/integration_methods/flexwin/return_pages/
var orderid = await ResolveOrderIdFromRequestAsync(context.Request);
using (var data = new DataConnection())
{
var order = data.Get <IShopOrder>().SingleOrDefault(f => f.Id == orderid);
if (order == null)
{
ECommerceLog.WriteLog("Error, no order with number " + orderid);
return(null);
}
if (order.PaymentStatus == (int)PaymentStatus.Authorized)
{
order.WriteLog("debug", "Payment is already authorized");
return(order);
}
var form = context.Request.Form;
var statuscode = GetFormString("statuscode", form);
if (statuscode != StatusOk)
{
order.WriteLog("debug", "Error in status, values is " + statuscode + " but " + StatusOk + " was expected");
return(order);
}
var authkey = GetFormString("authkey", form);
var transact = GetFormString("transact", form);
var currency = ResolveCurrency(order);
var amount = GetMinorCurrencyUnit(order.OrderTotal, currency).ToString("0", CultureInfo.InvariantCulture);
var isValid = authkey == CalcAuthKey(transact, currency, amount);
if (!isValid)
{
order.WriteLog("debug", "Error, MD5 Check doesn't match. This may just be an error in the setting or it COULD be a hacker trying to fake a completed order");
return(order);
}
var paymentRequest = data.Get <IPaymentRequest>().Single(r => r.ShopOrderId == order.Id);
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = OrderDataToXml(form);
paymentRequest.AuthorizationTransactionId = transact;
paymentRequest.PaymentMethod = GetFormString("paytype", form);
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
return(order);
}
}
public override async Task <IShopOrder> HandleCallbackAsync(HttpContextBase context)
{
/* Documentation. Response data fields
* msgtype /^[a-z]$/ Defines which action was performed - Each message type is described in detail later
* ordernumber /^[a-zA-Z0-9]{4,20}$/ A value specified by merchant in the initial request.
* amount /^[0-9]{1,10}$/ The amount defined in the request in its smallest unit. In example, 1 EUR is written 100.
* currency /^[A-Z]{3}$/ The transaction currency as the 3-letter ISO 4217 alphabetical code.
* time /^[0-9]{12}$/ The time of which the message was handled. Format is YYMMDDHHIISS.
* state /^[1-9]{1,2}$/ The current state of the transaction. See http://quickpay.net/faq/transaction-states/
* qpstat /^[0-9]{3}$/ Return code from QuickPay. See http://quickpay.net/faq/status-codes/
* qpstatmsg /^[\w -.]{1,}$/ A message detailing errors and warnings if any.
* chstat /^[0-9]{3}$/ Return code from the clearing house. Please refer to the clearing house documentation.
* chstatmsg /^[\w -.]{1,}$/ A message from the clearing house detailing errors and warnings if any.
* merchant /^[\w -.]{1,100}$/ The QuickPay merchant name
* merchantemail /^[\w_-.\@]{6,}$/ The QuickPay merchant email/username
* transaction /^[0-9]{1,32}$/ The id assigned to the current transaction.
* cardtype /^[\w-]{1,32}$/ The card type used to authorize the transaction.
* cardnumber /^[\w\s]{,32}$/ A truncated version of the card number - eg. 'XXXX XXXX XXXX 1234'. Note: This field will be empty for other message types than 'authorize' and 'subscribe'.
* cardexpire /^[\w\s]{,4}$/ Expire date on the card used in a 'subscribe'. Notation is 'yymm'. Note: This field will be empty for other message types than 'subscribe'.
* splitpayment /^[0|1]$/ Spitpayment enabled on transaction. See http://quickpay.net/features/split-payment/ for more information. (API v4 only)
* fraudprobability /^[low|medium|high]?$/ Fraud probability if fraudcheck was performed. (API v4 only)
* fraudremarks /^.*?$/ Fraud remarks if fraudcheck was performed. (API v4 only)
* fraudreport /^.*?$/ Fraud report if given. (API v4 only)
* fee /^[0-9]{,10}$/ Will contain the calculated fee, if autofee was activated in request. See http://quickpay.net/features/transaction-fees/ for more information.
* md5check /^[a-z0-9]{32}$/ A MD5 checksum to ensure data integrity. See http://quickpay.net/faq/md5check/ for more information.
* TESTNUMBERS
* I testmode kan man fremprovokere fejlrespons ved, at sende kortoplysninger der indeholder et bogstav, f.eks:
*
* Cart that WILL FAIL
* Korntnr: 4571123412341234, Udløbsdato: 09/12 og cvd: 12a.
*
* Så bliver kortet afvist, selv om der køres i testmode.
*
* Cart that WILL SUCEED
* En succesrespons kan opnåes ved at bruge f.eks.:
*
* Kortnr: 4571123412341234, Udløbsdato: 09/12 og cvd: 123.
*
* Possible status codes
* Code Description
* 000 Approved.
* 001 Rejected by clearing house. See field 'chstat' and 'chstatmsg' for further explanation.
* 002 Communication error.
* 003 Card expired.
* 004 Transition is not allowed for transaction current state.
* 005 Authorization is expired.
* 006 Error reported by clearing house.
* 007 Error reported by QuickPay.
* 008 Error in request data.
*/
var orderId = await ResolveOrderIdFromRequestAsync(context.Request);
using (var data = new DataConnection())
{
var order = data.Get <IShopOrder>().SingleOrDefault(f => f.Id == orderId);
if (order == null)
{
ECommerceLog.WriteLog("Error, no order with number " + orderId);
return(null);
}
if (order.PaymentStatus == (int)PaymentStatus.Authorized)
{
order.WriteLog("debug", "Payment is already authorized");
return(order);
}
var form = context.Request.Form;
var qpstat = GetFormString("qpstat", form);
if (qpstat != StatusOk)
{
order.WriteLog("debug", "Error in status, values is " + qpstat + " but " + StatusOk + " was expected");
return(order);
}
var msgtype = GetFormString("msgtype", form);
var amount = GetFormString("amount", form);
var currency = GetFormString("currency", form);
var time = GetFormString("time", form);
var state = GetFormString("state", form);
var qpstatmsg = GetFormString("qpstatmsg", form);
var chstat = GetFormString("chstat", form);
var chstatmsg = GetFormString("chstatmsg", form);
var merchant = GetFormString("merchant", form);
var merchantemail = GetFormString("merchantemail", form);
var transactionId = GetFormString("transaction", form);
var cardtype = GetFormString("cardtype", form);
var cardnumber = GetFormString("cardnumber", form);
var cardexpire = GetFormString("cardexpire", form);
var splitpayment = GetFormString("splitpayment", form);
var fraudprobability = GetFormString("fraudprobability", form);
var fraudremarks = GetFormString("fraudremarks", form);
var fraudreport = GetFormString("fraudreport", form);
var fee = GetFormString("fee", form);
var md5Check = GetFormString("md5check", form);
var serverMd5Check = GetMd5(String.Concat(
msgtype, orderId, amount, currency, time, state, qpstat, qpstatmsg, chstat, chstatmsg,
merchant, merchantemail, transactionId, cardtype, cardnumber, cardexpire, splitpayment,
fraudprobability, fraudremarks, fraudreport, fee, Md5Secret
));
if (md5Check != serverMd5Check)
{
order.WriteLog("debug", "Error, MD5 Check doesn't match. This may just be an error in the setting or it COULD be a hacker trying to fake a completed order");
return(order);
}
var paymentRequest = data.Get <IPaymentRequest>().Single(r => r.ShopOrderId == order.Id);
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = OrderDataToXml(form);
paymentRequest.AuthorizationTransactionId = transactionId;
paymentRequest.PaymentMethod = cardtype;
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
return(order);
}
}
