public ActionResult Notify(SagePayResponse response) {
// SagePay should have sent back the order ID
if (string.IsNullOrEmpty(response.VendorTxCode)) {
return new ErrorResult();
}
// Get the order out of our "database"
var order = _orderRepository.GetById(response.VendorTxCode);
// IF there was no matching order, send a TransactionNotfound error
if (order == null) {
return new TransactionNotFoundResult(response.VendorTxCode);
}
// Check if the signature is valid.
// Note that we need to look up the vendor name from our configuration.
if (!response.IsSignatureValid(order.SecurityKey, SagePayMvc.Configuration.Current.VendorName)) {
return new InvalidSignatureResult(response.VendorTxCode);
}
// All good - tell SagePay it's safe to charge the customer.
return new ValidOrderResult(order.VendorTxCode, response);
}
public ValidOrderResult(string vendorTxCode, SagePayResponse response) : base(vendorTxCode) {
this.response = response;
}
public void Setup()
{
context = new MockHttpContext();
controller = new TestController(context);
response = new SagePayResponse();
result = new ValidOrderResult("foo", response);
}
public void Setup() {
response = TestHelper.CreateValidResponse();
}
public void Setup()
{
response = TestHelper.CreateValidResponse();
}
/// <summary>
/// Perform the main call for the API and collect the response
/// </summary>
/// <param name="command">api command name</param>
/// <param name="xmldata">optional extra data for api</param>
/// <returns>new SagePayResponse or null if communication error</returns>
protected SagePayResponse ProcessAPI(string command, string xmldata)
{
// get the requiest
HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(Url);
httpRequest.Method = "POST";
// build data
string data = BuildCommandString(command, Vendor, User, xmldata, Password);
// apply signature
MD5 md5 = new MD5CryptoServiceProvider();
byte[] hash = md5.ComputeHash(Encoding.UTF8.GetBytes(data));
string sig = BitConverter.ToString(hash).Replace("-", string.Empty);
// rebuild with signature
data = "XML=<vspaccess>" + BuildCommandString(command, Vendor, User, xmldata, null, sig) + "</vspaccess>";
// get the data
byte[] bytes = Encoding.UTF8.GetBytes(data);
httpRequest.ContentType = "application/x-www-form-urlencoded";
httpRequest.ContentLength = data.Length;
// get the request stream
Stream requestStream = httpRequest.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
// call the sagepay url and get response
SagePayResponse sagePayResponse = null;
HttpWebResponse response = (HttpWebResponse)httpRequest.GetResponse();
try
{
if (response.StatusCode == HttpStatusCode.OK)
{
Stream responseStream = response.GetResponseStream();
//string contentType = response.ContentType;
StreamReader reader = new StreamReader(responseStream, Encoding.UTF8);
try
{
sagePayResponse = new SagePayResponse(reader.ReadToEnd());
}
finally
{
reader.Close();
}
}
}
finally
{
response.Close();
}
return sagePayResponse;
}
public ActionResult PaymentNotification(SagePayResponse response)
{
if (response != null)
{
tbl_Orders order = ECommerceService.GetOrderByVendorCode(response.VendorTxCode, this.DomainID);
if (order != null)
{
if (response.IsSignatureValid(order.SecurityKey, DomainService.GetSettingsValue(BL.SettingsKey.sagePayVendorName, this.DomainID)))
{
long txAuthCode = 0;
long.TryParse(response.TxAuthNo, out txAuthCode);
ECommerceService.UpdateOrderPayment(response.VendorTxCode, response.AddressResult, response.AddressStatus, response.AVSCV2, response.CAVV,
response.CV2Result, response.GiftAid.Equals("1") ? true : false, response.PostCodeResult, response.Last4Digits, response.PayerStatus,
order.SecurityKey, response.Status.ToString(), txAuthCode, response.VPSTxId, response.ThreeDSecureStatus, order.TxType, order.Currency, order.OrderID);
switch (response.Status)
{
case ResponseType.Abort:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Aborted);
break;
case ResponseType.Authenticated:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Invalid:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Invalid);
break;
case ResponseType.Malformed:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Malformed);
break;
case ResponseType.NotAuthed:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_NotAuthed);
break;
case ResponseType.Ok:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Registered:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Rejected:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Rejected);
break;
case ResponseType.Unknown:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Unknown);
break;
default:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Error);
break;
}
return(new SagePayMvc.ActionResults.ValidOrderResult(response.VendorTxCode, response));
}
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Invalid signature.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
return(new SagePayMvc.ActionResults.InvalidSignatureResult(response.VendorTxCode));
}
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Can not find order in our database.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
return(new SagePayMvc.ActionResults.TransactionNotFoundResult(response.VendorTxCode));
}
Log.Error("Payment failed, no response.");
return(new SagePayMvc.ActionResults.ErrorResult());
}
public ValidOrderResult(string vendorTxCode, SagePayResponse response) : base(vendorTxCode)
{
this.response = response;
}
public void SetResponse(Guid userGuid, SagePayResponse response)
{
_cartSessionManager.SetSessionValue(SagePayTransactionResponseKey, userGuid, response, SessionDataTimeoutDefaults.PaymentInfo, true);
}
