public ActionResult Notify(SagePayResponse response) { // SagePay should have sent back the order ID if (string.IsNullOrEmpty(response.VendorTxCode)) { return new ErrorResult(); } // Get the order out of our "database" var order = _orderRepository.GetById(response.VendorTxCode); // IF there was no matching order, send a TransactionNotfound error if (order == null) { return new TransactionNotFoundResult(response.VendorTxCode); } // Check if the signature is valid. // Note that we need to look up the vendor name from our configuration. if (!response.IsSignatureValid(order.SecurityKey, SagePayMvc.Configuration.Current.VendorName)) { return new InvalidSignatureResult(response.VendorTxCode); } // All good - tell SagePay it's safe to charge the customer. return new ValidOrderResult(order.VendorTxCode, response); }
public ValidOrderResult(string vendorTxCode, SagePayResponse response) : base(vendorTxCode) { this.response = response; }
public void Setup() { context = new MockHttpContext(); controller = new TestController(context); response = new SagePayResponse(); result = new ValidOrderResult("foo", response); }
public void Setup() { response = TestHelper.CreateValidResponse(); }
/// <summary> /// Perform the main call for the API and collect the response /// </summary> /// <param name="command">api command name</param> /// <param name="xmldata">optional extra data for api</param> /// <returns>new SagePayResponse or null if communication error</returns> protected SagePayResponse ProcessAPI(string command, string xmldata) { // get the requiest HttpWebRequest httpRequest = (HttpWebRequest)WebRequest.Create(Url); httpRequest.Method = "POST"; // build data string data = BuildCommandString(command, Vendor, User, xmldata, Password); // apply signature MD5 md5 = new MD5CryptoServiceProvider(); byte[] hash = md5.ComputeHash(Encoding.UTF8.GetBytes(data)); string sig = BitConverter.ToString(hash).Replace("-", string.Empty); // rebuild with signature data = "XML=<vspaccess>" + BuildCommandString(command, Vendor, User, xmldata, null, sig) + "</vspaccess>"; // get the data byte[] bytes = Encoding.UTF8.GetBytes(data); httpRequest.ContentType = "application/x-www-form-urlencoded"; httpRequest.ContentLength = data.Length; // get the request stream Stream requestStream = httpRequest.GetRequestStream(); requestStream.Write(bytes, 0, bytes.Length); requestStream.Close(); // call the sagepay url and get response SagePayResponse sagePayResponse = null; HttpWebResponse response = (HttpWebResponse)httpRequest.GetResponse(); try { if (response.StatusCode == HttpStatusCode.OK) { Stream responseStream = response.GetResponseStream(); //string contentType = response.ContentType; StreamReader reader = new StreamReader(responseStream, Encoding.UTF8); try { sagePayResponse = new SagePayResponse(reader.ReadToEnd()); } finally { reader.Close(); } } } finally { response.Close(); } return sagePayResponse; }
public ActionResult PaymentNotification(SagePayResponse response) { if (response != null) { tbl_Orders order = ECommerceService.GetOrderByVendorCode(response.VendorTxCode, this.DomainID); if (order != null) { if (response.IsSignatureValid(order.SecurityKey, DomainService.GetSettingsValue(BL.SettingsKey.sagePayVendorName, this.DomainID))) { long txAuthCode = 0; long.TryParse(response.TxAuthNo, out txAuthCode); ECommerceService.UpdateOrderPayment(response.VendorTxCode, response.AddressResult, response.AddressStatus, response.AVSCV2, response.CAVV, response.CV2Result, response.GiftAid.Equals("1") ? true : false, response.PostCodeResult, response.Last4Digits, response.PayerStatus, order.SecurityKey, response.Status.ToString(), txAuthCode, response.VPSTxId, response.ThreeDSecureStatus, order.TxType, order.Currency, order.OrderID); switch (response.Status) { case ResponseType.Abort: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Aborted); break; case ResponseType.Authenticated: ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid); break; case ResponseType.Invalid: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Invalid); break; case ResponseType.Malformed: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Malformed); break; case ResponseType.NotAuthed: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_NotAuthed); break; case ResponseType.Ok: ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid); break; case ResponseType.Registered: ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid); break; case ResponseType.Rejected: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Rejected); break; case ResponseType.Unknown: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Unknown); break; default: Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Error); break; } return(new SagePayMvc.ActionResults.ValidOrderResult(response.VendorTxCode, response)); } Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Invalid signature.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); return(new SagePayMvc.ActionResults.InvalidSignatureResult(response.VendorTxCode)); } Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Can not find order in our database.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail)); return(new SagePayMvc.ActionResults.TransactionNotFoundResult(response.VendorTxCode)); } Log.Error("Payment failed, no response."); return(new SagePayMvc.ActionResults.ErrorResult()); }
public void SetResponse(Guid userGuid, SagePayResponse response) { _cartSessionManager.SetSessionValue(SagePayTransactionResponseKey, userGuid, response, SessionDataTimeoutDefaults.PaymentInfo, true); }