public ActionResult Notify(SagePayResponse response)
{
// SagePay should have sent back the order ID
if (string.IsNullOrEmpty(response.VendorTxCode))
{
return(new ErrorResult());
}
// Get the order out of our "database"
var order = _orderRepository.GetById(response.VendorTxCode);
// IF there was no matching order, send a TransactionNotfound error
if (order == null)
{
return(new TransactionNotFoundResult(response.VendorTxCode));
}
// Check if the signature is valid.
// Note that we need to look up the vendor name from our configuration.
if (!response.IsSignatureValid(order.SecurityKey, SagePayMvc.Configuration.Current.VendorName))
{
return(new InvalidSignatureResult(response.VendorTxCode));
}
// All good - tell SagePay it's safe to charge the customer.
return(new ValidOrderResult(order.VendorTxCode, response));
}
public ActionResult Notification(SagePayResponse response)
{
var vendorTxCode = response.VendorTxCode;
if (string.IsNullOrEmpty(vendorTxCode))
{
return(new ErrorResult());
}
var cart = _sagePayCartLoader.GetCart(vendorTxCode);
if (cart == null || cart.CartGuid.ToString() != vendorTxCode ||
_sagePayService.GetCartTotal(cart.UserGuid) != cart.TotalToPay)
{
ResetSessionInfo(cart,
new FailureDetails
{
Message =
"There was an error communicating with SagePay. No funds have been transferred. Please try again, and if you continue to have errors please contact support"
});
return(new TransactionNotFoundResult(vendorTxCode));
}
if (!response.IsSignatureValid(_sagePayService.GetSecurityKey(cart.UserGuid), _sagePaySettings.VendorName))
{
ResetSessionInfo(cart,
new FailureDetails
{
Message =
"There was an error communicating with SagePay. No funds have been transferred. Please try again, and if you continue to have errors please contact support"
});
return(new InvalidSignatureResult(vendorTxCode));
}
if (!response.WasTransactionSuccessful)
{
ResetSessionInfo(cart, new FailureDetails
{
Message =
"SagePay was unable to authorise payment with the provided details. Please confirm they are correct, or try another means of payment"
});
}
else
{
_sagePayService.SetResponse(cart.UserGuid, response);
_orderPlacementService.PlaceOrder(cart, o =>
{
o.PaymentStatus = PaymentStatus.Paid;
o.ShippingStatus = ShippingStatus.Unshipped;
o.AuthorisationToken = response.BankAuthCode;
});
}
return(new ValidOrderResult(vendorTxCode, response));
}
public ActionResult Notify(SagePayResponse response) {
// SagePay should have sent back the order ID
if (string.IsNullOrEmpty(response.VendorTxCode)) {
return new ErrorResult();
}
// Get the order out of our "database"
var order = _orderRepository.GetById(response.VendorTxCode);
// IF there was no matching order, send a TransactionNotfound error
if (order == null) {
return new TransactionNotFoundResult(response.VendorTxCode);
}
// Check if the signature is valid.
// Note that we need to look up the vendor name from our configuration.
if (!response.IsSignatureValid(order.SecurityKey, SagePayMvc.Configuration.Current.VendorName)) {
return new InvalidSignatureResult(response.VendorTxCode);
}
// All good - tell SagePay it's safe to charge the customer.
return new ValidOrderResult(order.VendorTxCode, response);
}
public void Returns_false_for_invalid_signature()
{
response.VPSSignature = "foo";
response.IsSignatureValid(TestHelper.ValidSecurityKey, TestHelper.VendorName).ShouldBeFalse();
}
public ActionResult PaymentNotification(SagePayResponse response)
{
if (response != null)
{
tbl_Orders order = ECommerceService.GetOrderByVendorCode(response.VendorTxCode, this.DomainID);
if (order != null)
{
if (response.IsSignatureValid(order.SecurityKey, DomainService.GetSettingsValue(BL.SettingsKey.sagePayVendorName, this.DomainID)))
{
long txAuthCode = 0;
long.TryParse(response.TxAuthNo, out txAuthCode);
ECommerceService.UpdateOrderPayment(response.VendorTxCode, response.AddressResult, response.AddressStatus, response.AVSCV2, response.CAVV,
response.CV2Result, response.GiftAid.Equals("1") ? true : false, response.PostCodeResult, response.Last4Digits, response.PayerStatus,
order.SecurityKey, response.Status.ToString(), txAuthCode, response.VPSTxId, response.ThreeDSecureStatus, order.TxType, order.Currency, order.OrderID);
switch (response.Status)
{
case ResponseType.Abort:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Aborted);
break;
case ResponseType.Authenticated:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Invalid:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Invalid);
break;
case ResponseType.Malformed:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Malformed);
break;
case ResponseType.NotAuthed:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_NotAuthed);
break;
case ResponseType.Ok:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Registered:
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.Paid);
break;
case ResponseType.Rejected:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Rejected);
break;
case ResponseType.Unknown:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Unknown);
break;
default:
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
ECommerceService.UpdateOrderPaymentStatus(order.OrderID, BL.PaymentStatus.SagePay_Error);
break;
}
return(new SagePayMvc.ActionResults.ValidOrderResult(response.VendorTxCode, response));
}
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Invalid signature.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
return(new SagePayMvc.ActionResults.InvalidSignatureResult(response.VendorTxCode));
}
Log.Error(String.Format("Payment failed for order '{0}', status: '{1}', details '{2}'. Can not find order in our database.", response.VendorTxCode, response.Status.ToString(), response.StatusDetail));
return(new SagePayMvc.ActionResults.TransactionNotFoundResult(response.VendorTxCode));
}
Log.Error("Payment failed, no response.");
return(new SagePayMvc.ActionResults.ErrorResult());
}