public override string GeneratePaymentWindow(IShopOrder order, Uri currentUri)
{
var links = new XElement("div",
new XElement("form",
new XAttribute("target", "_blank"),
new XAttribute("method", "post"),
new XAttribute("action", CallbackUrl),
new XElement("input",
new XAttribute("type", "hidden"),
new XAttribute("name", "orderid"),
new XAttribute("value", order.Id)),
new XElement("input",
new XAttribute("type", "submit"),
new XAttribute("value", "Callback"))),
new XElement("a",
new XAttribute("href", CancelUrl),
new XAttribute("target", "_blank"), "Cancel"),
new XElement("a",
new XAttribute("href", ParseContinueUrl(order, currentUri)),
new XAttribute("target", "_blank"), "Continue")
);
var html = new XElement("html",
new XElement("head",
new XElement("title", "Payment window")),
new XElement("body", links));
return(html.ToString());
}
public static IEnumerable <IShopOrderLog> GetLog(this IShopOrder order)
{
using (var data = new DataConnection())
{
return(data.Get <IShopOrderLog>().Where(l => l.ShopOrderId == order.Id).ToList());
}
}
private void Receipt(IShopOrder order)
{
var pageUrlOverride = OrderProcessor.HandleContinue(_context, order);
if (!String.IsNullOrEmpty(pageUrlOverride))
{
RedirectOrIFrame(pageUrlOverride);
return;
}
var pageUrl = DefaultOrderProcessor.GetPageUrl(Config.ReceiptPageId);
if (String.IsNullOrEmpty(pageUrl))
{
pageUrl = DefaultOrderProcessor.GetPageUrl(Config.MainPageId);
if (String.IsNullOrEmpty(pageUrl))
{
pageUrl = "/";
}
}
pageUrl = pageUrl + "?orderid=" + order.Id;
RedirectOrIFrame(pageUrl);
}
public override string GeneratePaymentWindow(IShopOrder order, Uri currentUri)
{
// http://tech.dibs.dk/integration_methods/flexwin/parameters/
var currency = ResolveCurrency(order);
var amount = GetMinorCurrencyUnit(order.OrderTotal, currency).ToString("0", CultureInfo.InvariantCulture);
var acceptUrl = ParseUrl(ContinueUrl, currentUri);
var paytype = String.IsNullOrEmpty(PaymentMethods) ? "DK" : PaymentMethods;
// optional parameters
var test = IsTestMode ? "yes" : String.Empty;
var md5Key = CalcMd5Key(MerchantId, order.Id, currency, amount);
var cancelUrl = ParseUrl(CancelUrl, currentUri);
var callbackUrl = ParseUrl(CallbackUrl, currentUri);
var data = new NameValueCollection
{
{ "merchant", MerchantId },
{ "amount", amount },
{ "accepturl", acceptUrl },
{ "orderid", order.Id },
{ "currency", ((int)currency).ToString() },
{ "uniqueoid", UniqueOID },
{ "test", test },
{ "md5key", md5Key },
{ "lang", Language },
{ "cancelurl", cancelUrl },
{ "callbackurl", callbackUrl },
{ "paytype", paytype }
};
return(GetFormPost(order, data));
}
public static IPaymentRequest GetPaymentRequest(this IShopOrder order)
{
using (var data = new DataConnection())
{
return(data.Get <IPaymentRequest>().SingleOrDefault(r => r.ShopOrderId == order.Id));
}
}
protected string GetFormPost(IShopOrder order, NameValueCollection param)
{
var formName = GetType().Name;
var form = new XElement("form",
new XAttribute("name", formName),
new XAttribute("method", "post"),
new XAttribute("action", PaymentWindowEndpoint));
foreach (string name in param.Keys)
{
var value = param[name];
form.Add(new XElement("input",
new XAttribute("name", name),
new XAttribute("type", "hidden"),
new XAttribute("value", value)
));
}
var html = new XElement("html",
new XElement("head",
new XElement("title", "Payment window")),
new XElement("body",
new XAttribute("onload", $"document.{formName}.submit()"),
form));
order.WriteLog("Payment window generated", form.ToString());
return(html.ToString());
}
public static IPaymentRequest CreatePaymentRequest(this IShopOrder order, string provider)
{
return(CreatePaymentRequest(order, new CreatePaymentRequestOptions
{
Provider = provider
}));
}
protected override void OnInit(EventArgs e)
{
using (var data = new DataConnection())
{
ShopOrder = data.Get <IShopOrder>().Single(o => o.Id == Request.QueryString["id"]);
}
base.OnInit(e);
}
private bool TryAuthorizeOrder(JObject json, out IShopOrder order)
{
var orderId = json["order_id"].Value <string>();
using (var data = new DataConnection())
{
order = data.Get <IShopOrder>().SingleOrDefault(f => f.Id == orderId);
if (order == null)
{
ECommerceLog.WriteLog("Invalid orderid " + orderId);
return(false);
}
if (order.PaymentStatus == (int)PaymentStatus.Authorized)
{
order.WriteLog("debug", "Payment is already authorized");
return(true);
}
var accepted = json["accepted"].Value <bool>();
if (!accepted)
{
order.WriteLog("debug", "Payment wasn't accepted");
return(false);
}
var testMode = json["test_mode"].Value <bool>();
if (testMode && !IsTestMode)
{
order.WriteLog("debug", "Payment was made with a test card but we're not in testmode");
return(false);
}
var paymentRequest = order.GetPaymentRequest();
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = json.ToString();
paymentRequest.AuthorizationTransactionId = json["id"].Value <int>().ToString();
paymentRequest.PaymentMethod = json["metadata"]["type"].Value <string>();
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
return(true);
}
}
protected Currency ResolveCurrency(IShopOrder order)
{
var currency = Config.DefaultCurrency;
if (Enum.TryParse <Currency>(order.Currency, out currency))
{
return(currency);
}
return(Config.DefaultCurrency);
}
protected override void OnInit(EventArgs e)
{
using (var data = new DataConnection())
{
ShopOrder = data.Get <IShopOrder>().Single(o => o.Id == Request.QueryString["id"]);
var logEntries = data.Get <IShopOrderLog>().Where(l => l.ShopOrderId == ShopOrder.Id).OrderBy(l => l.Timestamp).ToList();
rpt.DataSource = logEntries;
rpt.DataBind();
}
base.OnInit(e);
}
protected override void HandleCallbackInternal(HttpContextBase context, IShopOrder order)
{
// http://tech.dibs.dk/integration_methods/flexwin/return_pages/
var form = context.Request.Form;
var statuscode = GetFormString("statuscode", form);
if (statuscode != StatusOk)
{
order.WriteLog("debug", "Error in status, values is " + statuscode + " but " + StatusOk + " was expected");
return;
}
var authkey = GetFormString("authkey", form);
var transact = GetFormString("transact", form);
var currency = ResolveCurrency(order);
var amount = GetMinorCurrencyUnit(order.OrderTotal, currency).ToString("0", CultureInfo.InvariantCulture);
if (HasMd5Key())
{
var isValid = authkey == CalcAuthKey(transact, currency, amount);
if (!isValid)
{
order.WriteLog("debug", "Error, MD5 Check doesn't match. This may just be an error in the setting or it COULD be a hacker trying to fake a completed order");
return;
}
}
using (var data = new DataConnection())
{
var paymentRequest = order.GetPaymentRequest();
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = form.ToXml();
paymentRequest.AuthorizationTransactionId = transact;
paymentRequest.PaymentMethod = GetFormString("paytype", form);
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
}
}
public static IShopOrderLog WriteLog(this IShopOrder order, string logTitle, string logData)
{
using (var data = new DataConnection())
{
var entry = data.CreateNew <IShopOrderLog>();
entry.Id = Guid.NewGuid();
entry.ShopOrderId = order.Id;
entry.Timestamp = DateTime.UtcNow;
entry.Title = logTitle;
entry.Data = logData;
return(data.Add(entry));
}
}
public static void CreatePaymentRequest(this IShopOrder order, string provider)
{
Verify.ArgumentCondition(ECommerce.Providers.ContainsKey(provider), "provider", String.Format("Provider '{0}' doesn't exist", provider));
using (var data = new DataConnection())
{
var request = data.CreateNew <IPaymentRequest>();
request.ShopOrderId = order.Id;
request.ProviderName = provider;
request.Accepted = false;
data.Add(request);
}
}
private static void PostProcessOrder(IShopOrder order, DataConnection data)
{
order.WriteLog("postprocessing");
try
{
ECommerce.OrderProcessor.PostProcessOrder(order);
order.PostProcessed = true;
data.Update(order);
order.WriteLog("postprocessed");
}
catch (Exception ex)
{
order.WriteLog("postprocessing error", ex.ToString());
}
}
public static IPaymentRequest CreatePaymentRequest(this IShopOrder order, CreatePaymentRequestOptions options)
{
var provider = options.Provider;
Verify.ArgumentCondition(ECommerce.Providers.ContainsKey(provider), nameof(provider), $"Provider '{provider}' doesn't exist");
using (var data = new DataConnection())
{
var request = data.CreateNew <IPaymentRequest>();
request.ShopOrderId = order.Id;
request.ProviderName = provider;
request.Accepted = false;
request.CancelUrl = options.CancelUrl;
request = data.Add(request);
return(request);
}
}
protected override void HandleCallbackInternal(HttpContextBase context, IShopOrder order)
{
using (var data = new DataConnection())
{
var form = context.Request.Form;
var paymentRequest = order.GetPaymentRequest();
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = form.ToXml();
paymentRequest.AuthorizationTransactionId = Guid.NewGuid().ToString().Substring(0, 32);
paymentRequest.PaymentMethod = PaymentMethods;
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
}
}
public override string GeneratePaymentWindow(IShopOrder order, IPaymentRequest paymentRequest, Uri currentUri)
{
var currency = ResolveCurrency(order);
var amount = GetMinorCurrencyUnit(order.OrderTotal, currency).ToString("0", CultureInfo.InvariantCulture);
var continueUrl = ParseContinueUrl(order, currentUri);
var cancelUrl = ParseUrl(paymentRequest.CancelUrl ?? CancelUrl, currentUri);
var callbackUrl = ParseUrl(CallbackUrl, currentUri);
var param = new NameValueCollection
{
{ "version", "v10" },
{ "merchant_id", MerchantId },
{ "agreement_id", AgreementId },
{ "order_id", order.Id },
{ "amount", amount },
{ "currency", currency.ToString() },
{ "continueurl", continueUrl },
{ "cancelurl", cancelUrl },
{ "callbackurl", callbackUrl },
{ "language", Language }
};
if (!String.IsNullOrEmpty(PaymentMethods))
{
param.Add("payment_methods", PaymentMethods);
}
if (!IsTestMode && !String.IsNullOrEmpty(GoogleTrackingId))
{
param.Add("google_analytics_tracking_id", GoogleTrackingId);
}
var checksum = Sign(param);
param.Add("checksum", checksum);
return(GetFormPost(order, param));
}
public override async Task <bool> IsPaymentAuthorizedAsync(IShopOrder order)
{
var isAuthorized = await base.IsPaymentAuthorizedAsync(order);
if (isAuthorized)
{
return(true);
}
using (var client = new HttpClient())
{
var url = new Uri(ApiEndpoint, "/payments?order_id=" + order.Id);
var request = new HttpRequestMessage(HttpMethod.Get, url);
var byteArray = Encoding.ASCII.GetBytes(":" + ApiUserApiKey);
var base64 = Convert.ToBase64String(byteArray);
request.Headers.Add("Accept-Version", "v10");
request.Headers.Authorization = new AuthenticationHeaderValue("Basic", base64);
var response = await client.SendAsync(request);
var input = await response.Content.ReadAsStringAsync();
var json = (JArray)JsonConvert.DeserializeObject(input);
if (json.Count != 1)
{
return(false);
}
var obj = (JObject)json[0];
return(TryAuthorizeOrder(obj, out order));
}
}
protected Currency ResolveCurrency(IShopOrder order)
{
return(Enum.TryParse <Currency>(order.Currency, out var currency) ? currency : Config.DefaultCurrency);
}
protected virtual void HandleCallbackInternal(HttpContextBase context, IShopOrder order)
{
}
protected override void HandleCallbackInternal(HttpContextBase context, IShopOrder order)
{
/* Documentation. Response data fields
* msgtype /^[a-z]$/ Defines which action was performed - Each message type is described in detail later
* ordernumber /^[a-zA-Z0-9]{4,20}$/ A value specified by merchant in the initial request.
* amount /^[0-9]{1,10}$/ The amount defined in the request in its smallest unit. In example, 1 EUR is written 100.
* currency /^[A-Z]{3}$/ The transaction currency as the 3-letter ISO 4217 alphabetical code.
* time /^[0-9]{12}$/ The time of which the message was handled. Format is YYMMDDHHIISS.
* state /^[1-9]{1,2}$/ The current state of the transaction. See http://quickpay.net/faq/transaction-states/
* qpstat /^[0-9]{3}$/ Return code from QuickPay. See http://quickpay.net/faq/status-codes/
* qpstatmsg /^[\w -.]{1,}$/ A message detailing errors and warnings if any.
* chstat /^[0-9]{3}$/ Return code from the clearing house. Please refer to the clearing house documentation.
* chstatmsg /^[\w -.]{1,}$/ A message from the clearing house detailing errors and warnings if any.
* merchant /^[\w -.]{1,100}$/ The QuickPay merchant name
* merchantemail /^[\w_-.\@]{6,}$/ The QuickPay merchant email/username
* transaction /^[0-9]{1,32}$/ The id assigned to the current transaction.
* cardtype /^[\w-]{1,32}$/ The card type used to authorize the transaction.
* cardnumber /^[\w\s]{,32}$/ A truncated version of the card number - eg. 'XXXX XXXX XXXX 1234'. Note: This field will be empty for other message types than 'authorize' and 'subscribe'.
* cardexpire /^[\w\s]{,4}$/ Expire date on the card used in a 'subscribe'. Notation is 'yymm'. Note: This field will be empty for other message types than 'subscribe'.
* splitpayment /^[0|1]$/ Spitpayment enabled on transaction. See http://quickpay.net/features/split-payment/ for more information. (API v4 only)
* fraudprobability /^[low|medium|high]?$/ Fraud probability if fraudcheck was performed. (API v4 only)
* fraudremarks /^.*?$/ Fraud remarks if fraudcheck was performed. (API v4 only)
* fraudreport /^.*?$/ Fraud report if given. (API v4 only)
* fee /^[0-9]{,10}$/ Will contain the calculated fee, if autofee was activated in request. See http://quickpay.net/features/transaction-fees/ for more information.
* md5check /^[a-z0-9]{32}$/ A MD5 checksum to ensure data integrity. See http://quickpay.net/faq/md5check/ for more information.
* TESTNUMBERS
* I testmode kan man fremprovokere fejlrespons ved, at sende kortoplysninger der indeholder et bogstav, f.eks:
*
* Cart that WILL FAIL
* Korntnr: 4571123412341234, Udløbsdato: 09/12 og cvd: 12a.
*
* Så bliver kortet afvist, selv om der køres i testmode.
*
* Cart that WILL SUCEED
* En succesrespons kan opnåes ved at bruge f.eks.:
*
* Kortnr: 4571123412341234, Udløbsdato: 09/12 og cvd: 123.
*
* Possible status codes
* Code Description
* 000 Approved.
* 001 Rejected by clearing house. See field 'chstat' and 'chstatmsg' for further explanation.
* 002 Communication error.
* 003 Card expired.
* 004 Transition is not allowed for transaction current state.
* 005 Authorization is expired.
* 006 Error reported by clearing house.
* 007 Error reported by QuickPay.
* 008 Error in request data.
*/
var form = context.Request.Form;
var qpstat = GetFormString("qpstat", form);
if (qpstat != StatusOk)
{
order.WriteLog("debug", "Error in status, values is " + qpstat + " but " + StatusOk + " was expected");
return;
}
var msgtype = GetFormString("msgtype", form);
var amount = GetFormString("amount", form);
var currency = GetFormString("currency", form);
var time = GetFormString("time", form);
var state = GetFormString("state", form);
var qpstatmsg = GetFormString("qpstatmsg", form);
var chstat = GetFormString("chstat", form);
var chstatmsg = GetFormString("chstatmsg", form);
var merchant = GetFormString("merchant", form);
var merchantemail = GetFormString("merchantemail", form);
var transactionId = GetFormString("transaction", form);
var cardtype = GetFormString("cardtype", form);
var cardnumber = GetFormString("cardnumber", form);
var cardexpire = GetFormString("cardexpire", form);
var splitpayment = GetFormString("splitpayment", form);
var fraudprobability = GetFormString("fraudprobability", form);
var fraudremarks = GetFormString("fraudremarks", form);
var fraudreport = GetFormString("fraudreport", form);
var fee = GetFormString("fee", form);
var md5Check = GetFormString("md5check", form);
var serverMd5Check = GetMd5(String.Concat(
msgtype, order.Id, amount, currency, time, state, qpstat, qpstatmsg, chstat, chstatmsg,
merchant, merchantemail, transactionId, cardtype, cardnumber, cardexpire, splitpayment,
fraudprobability, fraudremarks, fraudreport, fee, Md5Secret
));
if (md5Check != serverMd5Check)
{
order.WriteLog("debug", "Error, MD5 Check doesn't match. This may just be an error in the setting or it COULD be a hacker trying to fake a completed order");
return;
}
using (var data = new DataConnection())
{
var paymentRequest = order.GetPaymentRequest();
paymentRequest.Accepted = true;
paymentRequest.AuthorizationData = form.ToXml();
paymentRequest.AuthorizationTransactionId = transactionId;
paymentRequest.PaymentMethod = cardtype;
data.Update(paymentRequest);
order.PaymentStatus = (int)PaymentStatus.Authorized;
data.Update(order);
order.WriteLog("authorized");
}
}
public override string GeneratePaymentWindow(IShopOrder order, IPaymentRequest paymentRequest, Uri currentUri)
{
/* Documentation. Request data fields
* Name Regular expression Description
* protocol /^4$/ Defines the version of the protocol. 4 is the latest
* msgtype /^(authorize|subscribe)$/`` Defines wether the transaction should be a standard payment or a subscription payment.
* merchant /^[0-9]{8}$/ The QuickPayId
* language /^[a-z]{2}$/ The language to use in the HTML pages as 2-letter ISO 639-1 alphabetical code. See http://quickpay.net/features/languages/ for supported languages.
* ordernumber /^[a-zA-Z0-9]{4,20}$/ A value by merchant's own choise. Must be unique for each transaction. Usually an incrementing sequence. The value may be reflected in the your bank account list.
* amount /^[0-9]{1,9}$/ The transaction amount in its smallest unit. In example, 1 EUR is written 100.
* currency /^[A-Z]{3}$/ The transaction currency as the 3-letter ISO 4217 alphabetical code. See http://quickpay.net/features/multi-currency/ for more info
* continueurl !^https?://! QuickPay will redirect to this URL upon a succesful transaction.
* cancelurl !^https?://! QuickPay will redirect to this URL if transaction is cancelled.
* callbackurl !^https?://! QuickPay will make a call back to this URL with the result of the transaction. See http://quickpay.net/faq/callbackurl/ for more information.
* autocapture /^[0-1]{,1}$/ If set to 1, the transaction will be captured automatically. See http://quickpay.net/features/autocapture/ for more information. Note: autocapture is only valid for message type 'authorize'
* autofee /^[0-1]{,1}$/ If set to 1, the fee charged by the acquirer will be calculated and added to the transaction amount. See http://quickpay.net/features/transaction-fees/ for more information.
* cardtypelock /^[a-zA-Z,-]{0,}$/ Lock to card type. Multiple card types allowed by comma separation. See http://quickpay.net/features/cardtypelock/ for available values. From V4 cardtypelock=creditcard is default
* description /^[\w _-.]{,20}$/ A value by the merchant's own choise. Used for identifying a subscription payment. Note: Required for message type 'subscribe'.
* group /^[0-9]{0,9}$/ Add subscription to this subscription group - (API v4 only)
* testmode /^[0-1]{,1}$/ Enables inline testing. If set to '1', QuickPay will handle this and only this transaction in test-mode, while QuickPay is in production-mode.
* splitpayment /^[0-1]{0,1}$/ Enable split payment on transaction - (API v4 only)
* md5check /^[a-z0-9]{32}$/ A MD5 checksum to ensure data integrity. See http://quickpay.net/faq/md5check/ for more information.
*/
var ordernumber = order.Id;
var currency = ResolveCurrency(order);
var amount = GetMinorCurrencyUnit(order.OrderTotal, currency).ToString("0", CultureInfo.InvariantCulture);
var continueUrl = ParseContinueUrl(order, currentUri);
var cancelUrl = ParseUrl(paymentRequest.CancelUrl ?? CancelUrl, currentUri);
// optional parameters
var callbackurl = ParseUrl(CallbackUrl, currentUri);
var autocapture = String.Empty;
var autofee = String.Empty;
var cardtypelock = PaymentMethods ?? String.Empty;
var description = String.Empty;
var group = String.Empty;
var testmode = IsTestMode ? "1" : String.Empty;
var splitpayment = String.Empty;
// optional end
var stringToMd5 = String.Concat(
Protocol, Msgtype, MerchantId, Language, ordernumber, amount, currency, continueUrl, cancelUrl,
callbackurl, autocapture, autofee, cardtypelock, description, group, testmode, splitpayment,
Md5Secret);
var md5Check = GetMd5(stringToMd5);
var param = new NameValueCollection
{
{ "protocol", Protocol },
{ "msgtype", Msgtype },
{ "merchant", MerchantId },
{ "language", Language },
{ "ordernumber", ordernumber },
{ "amount", amount },
{ "currency", currency.ToString() },
{ "continueurl", continueUrl },
{ "cancelurl", cancelUrl },
{ "callbackurl", callbackurl },
{ "autocapture", autocapture },
{ "autofee", autofee },
{ "cardtypelock", cardtypelock },
{ "description", description },
{ "group", group },
{ "testmode", testmode },
{ "splitpayment", splitpayment },
{ "md5check", md5Check }
};
return(GetFormPost(order, param));
}
protected static string ParseContinueUrl(IShopOrder order, Uri currentUri)
{
return(ParseUrl(ContinueUrl + "?orderid=" + order.Id, currentUri));
}
public abstract string GeneratePaymentWindow(IShopOrder order, IPaymentRequest paymentRequest, Uri currentUri);
public virtual string HandleContinue(HttpContextBase context, IShopOrder order)
{
return(null);
}
public static IShopOrderLog WriteLog(this IShopOrder order, string logTitle)
{
return(WriteLog(order, logTitle, null));
}
public virtual Task <bool> IsPaymentAuthorizedAsync(IShopOrder order)
{
return(Task.FromResult(order.PaymentStatus == (int)PaymentStatus.Authorized));
}
public static void CreatePaymentRequest(this IShopOrder order)
{
var defaultProvider = ECommerceSection.GetSection().DefaultProvider;
CreatePaymentRequest(order, defaultProvider);
}
public virtual void PostProcessOrder(IShopOrder order)
{
}
