public IActionResult SetCookie(string data)
{
string decodedData;
try
{
decodedData = DirectPaymentsHelper.DecodePaymentRequest(data);
}
catch
{
return(this.BadRequest());
}
// set payment data cookie
this.Response.Cookies.Append(PaymentDataCookie, decodedData,
new CookieOptions
{
SameSite = SameSiteMode.Lax,
HttpOnly = true,
IsEssential = true,
MaxAge = TimeSpan.FromMinutes(CookieValidityInMinutes)
});
return(this.RedirectToAction("Process"));
}
public async Task <IActionResult> Pay(string id)
{
try
{
var order = await this.ordersService.GetByIdAsync(id);
if (order == null ||
order.UserName != this.User.Identity.Name ||
order.PaymentStatus != PaymentStatus.Pending)
{
return(this.RedirectToAction("My", "Orders"));
}
var paymentInfo = new
{
Amount = order.ProductPrice,
Description = order.ProductName,
this.destinationBankAccountConfiguration.DestinationBankName,
this.destinationBankAccountConfiguration.DestinationBankCountry,
this.destinationBankAccountConfiguration.DestinationBankSwiftCode,
this.destinationBankAccountConfiguration.DestinationBankAccountUniqueId,
this.destinationBankAccountConfiguration.RecipientName,
// ! PaymentInfo can also contain custom properties
// ! that will be returned on payment completion
// ! OrderId is a custom property and is not required
OrderId = order.Id
};
// generate the returnUrl where the payment result will be received
var returnUrl = this.directPaymentsConfiguration.SiteUrl + ReturnPath;
// generate signed payment request
var paymentRequest = DirectPaymentsHelper.GeneratePaymentRequest(
paymentInfo, this.directPaymentsConfiguration.SiteKey, returnUrl);
// redirect the user to the CentralApi for payment processing
var paymentPostRedirectModel = new PaymentPostRedirectModel
{
Url = this.directPaymentsConfiguration.CentralApiPaymentUrl,
PaymentDataFormKey = PaymentDataFormKey,
PaymentData = paymentRequest
};
return(this.View("PaymentPostRedirect", paymentPostRedirectModel));
}
catch
{
return(this.RedirectToAction("My", "Orders"));
}
}
public async Task <IActionResult> ReceiveConfirmation(string data)
{
if (data == null)
{
return(this.BadRequest());
}
dynamic paymentInfo = DirectPaymentsHelper.ProcessPaymentResult(
data,
this.directPaymentsConfiguration.SiteKey,
this.directPaymentsConfiguration.CentralApiPublicKey);
if (paymentInfo == null)
{
// if the returned PaymentInfo is null, it has not been parsed or verified successfully
return(this.BadRequest());
}
// extract the orderId from the PaymentInfo
string orderId;
try
{
orderId = paymentInfo.OrderId;
}
catch
{
return(this.BadRequest());
}
if (orderId == null)
{
return(this.BadRequest());
}
// find the order in the database
var order = await this.ordersService.GetByIdAsync(orderId);
// check if the order does not exist or the payment has already been completed
if (order == null || order.PaymentStatus != PaymentStatus.Pending)
{
return(this.RedirectToAction("My", "Orders"));
}
// mark the payment as completed
await this.ordersService.SetPaymentStatus(orderId, PaymentStatus.Completed);
return(this.RedirectToAction("My", "Orders"));
}
public async Task <IActionResult> Continue([FromForm] string bankId)
{
bool cookieExists = this.Request.Cookies.TryGetValue(PaymentDataCookie, out string data);
if (!cookieExists)
{
return(this.BadRequest());
}
try
{
var request = DirectPaymentsHelper.ParsePaymentRequest(data);
if (request == null)
{
return(this.BadRequest());
}
var bank = await this.bankService.GetBankByIdAsync <BankPaymentServiceModel>(bankId);
if (bank?.PaymentUrl == null)
{
return(this.BadRequest());
}
// generate PaymentProof containing the bank's public key
// and merchant's original PaymentInfo signature
string proofRequest = DirectPaymentsHelper.GeneratePaymentRequestWithProof(request,
bank.ApiKey, this.configuration.Key);
// redirect the user to their bank for payment completion
var paymentPostRedirectModel = new PaymentPostRedirectModel
{
Url = bank.PaymentUrl,
PaymentDataFormKey = PaymentDataFormKey,
PaymentData = proofRequest
};
return(this.View("PaymentPostRedirect", paymentPostRedirectModel));
}
catch
{
return(this.BadRequest());
}
}
public async Task <IActionResult> Process()
{
bool cookieExists = this.Request.Cookies.TryGetValue(PaymentDataCookie, out var data);
if (!cookieExists)
{
return(this.RedirectToHome());
}
try
{
dynamic paymentRequest =
DirectPaymentsHelper.ParsePaymentRequest(data, this.bankConfiguration.CentralApiPublicKey);
if (paymentRequest == null)
{
return(this.BadRequest());
}
dynamic paymentInfo = DirectPaymentsHelper.GetPaymentInfo(paymentRequest);
var userId = await this.userService.GetUserIdByUsernameAsync(this.User.Identity.Name);
var model = new PaymentConfirmBindingModel
{
Amount = paymentInfo.Amount,
Description = paymentInfo.Description,
DestinationBankName = paymentInfo.DestinationBankName,
DestinationBankCountry = paymentInfo.DestinationBankCountry,
DestinationBankAccountUniqueId = paymentInfo.DestinationBankAccountUniqueId,
RecipientName = paymentInfo.RecipientName,
OwnAccounts = await this.GetAllAccountsAsync(userId),
DataHash = DirectPaymentsHelper.Sha256Hash(data)
};
return(this.View(model));
}
catch
{
return(this.BadRequest());
}
}
public async Task <IActionResult> Process()
{
bool cookieExists = this.Request.Cookies.TryGetValue(PaymentDataCookie, out string data);
if (!cookieExists)
{
return(this.BadRequest());
}
try
{
var request = DirectPaymentsHelper.ParsePaymentRequest(data);
if (request == null)
{
return(this.BadRequest());
}
var paymentInfo = DirectPaymentsHelper.GetPaymentInfo(request);
var banks = (await this.bankService.GetAllBanksSupportingPaymentsAsync <BankListingServiceModel>())
.Select(Mapper.Map <BankListingViewModel>)
.ToArray();
var viewModel = new PaymentSelectBankViewModel
{
Amount = paymentInfo.Amount,
Description = paymentInfo.Description,
Banks = banks
};
return(this.View(viewModel));
}
catch
{
return(this.BadRequest());
}
}
public async Task <IActionResult> PayAsync(PaymentConfirmBindingModel model)
{
bool cookieExists = this.Request.Cookies.TryGetValue(PaymentDataCookie, out var data);
if (!this.ModelState.IsValid ||
!cookieExists ||
model.DataHash != DirectPaymentsHelper.Sha256Hash(data))
{
return(this.PaymentFailed(NotificationMessages.PaymentStateInvalid));
}
var account =
await this.bankAccountService.GetByIdAsync <BankAccountDetailsServiceModel>(model.AccountId);
if (account == null || account.UserUserName != this.User.Identity.Name)
{
return(this.Forbid());
}
try
{
// read and validate payment data
dynamic paymentRequest =
DirectPaymentsHelper.ParsePaymentRequest(data, this.bankConfiguration.CentralApiPublicKey);
if (paymentRequest == null)
{
return(this.PaymentFailed(NotificationMessages.PaymentStateInvalid));
}
dynamic paymentInfo = DirectPaymentsHelper.GetPaymentInfo(paymentRequest);
string returnUrl = paymentRequest.ReturnUrl;
// transfer money to destination account
var serviceModel = new GlobalTransferDto
{
Amount = paymentInfo.Amount,
Description = paymentInfo.Description,
DestinationBankName = paymentInfo.DestinationBankName,
DestinationBankCountry = paymentInfo.DestinationBankCountry,
DestinationBankSwiftCode = paymentInfo.DestinationBankSwiftCode,
DestinationBankAccountUniqueId = paymentInfo.DestinationBankAccountUniqueId,
RecipientName = paymentInfo.RecipientName,
SourceAccountId = model.AccountId
};
var result = await this.globalTransferHelper.TransferMoneyAsync(serviceModel);
if (result != GlobalTransferResult.Succeeded)
{
return(this.PaymentFailed(result == GlobalTransferResult.InsufficientFunds
? NotificationMessages.InsufficientFunds
: NotificationMessages.TryAgainLaterError));
}
// delete cookie to prevent accidental duplicate payments
this.Response.Cookies.Delete(PaymentDataCookie);
// return signed success response
var response = DirectPaymentsHelper.GenerateSuccessResponse(paymentRequest,
this.bankConfiguration.Key);
return(this.Ok(new
{
success = true,
returnUrl = HttpUtility.HtmlEncode(returnUrl),
data = response
}));
}
catch
{
return(this.PaymentFailed(NotificationMessages.PaymentStateInvalid));
}
}
