示例#1
0
        /// <summary>
        /// Action performed right after Sage pay Redirects from the Notification page. **It does not validate the session (if inside an iframe)
        /// </summary>
        /// <returns></returns>
        public ActionResult ResponsePage()
        {
            var storeScope = this.GetActiveStoreScopeConfiguration(_storeService, _workContext);
            var sagePayServerPaymentSettings = _settingService.LoadSetting <SagePayServerPaymentSettings>(storeScope);

            var model = new PaymentSagePayServerModel();

            var strOrderGuid = Request.QueryString["uid"];

            var transx = _sagePayServerTransactionService.GetSagePayServerTransactionByVendorTxCode(strOrderGuid);

            if (transx == null)
            {
                model.Warnings.Add(String.Format("SagePay Server vendor transaction code {0} does not exist.", strOrderGuid));
                return(View("Nop.Plugin.Payments.SagePayServer.Views.PaymentSagePayServer.ResponsePage", model));
            }

            model.IsOnePageCheckout = UseOnePageCheckout();

            model.UseIframe = (sagePayServerPaymentSettings.Profile == ProfileValues.Low || model.IsOnePageCheckout);

            if ((transx.Status == "OK") || (transx.Status == "AUTHENTICATED") || (transx.Status == "REGISTERED"))
            {
                model.OrderGuid = transx.VendorTxCode;
            }
            else
            {
                model.Warnings.Add(transx.StatusDetail);
            }

            return(View("Nop.Plugin.Payments.SagePayServer.Views.PaymentSagePayServer.ResponsePage", model));
        }
        /// <summary>
        /// Process a payment
        /// </summary>
        /// <param name="processPaymentRequest">Payment info required for an order processing</param>
        /// <returns>Process payment result</returns>
        public ProcessPaymentResult ProcessPayment(ProcessPaymentRequest processPaymentRequest)
        {
            var result = new ProcessPaymentResult();

            var orderGuid = processPaymentRequest.OrderGuid;


            if (orderGuid == Guid.NewGuid())
            {
                result.AddError("SagePay Server transaction code does not exist!");
                return(result);
            }

            var transx = _sagePayServerTransactionService.GetSagePayServerTransactionByVendorTxCode(orderGuid.ToString());

            if (transx == null)
            {
                result.AddError(String.Format("SagePay Server transaction code {0} does not exist.", orderGuid.ToString()));
                return(result);
            }

            if ((transx.Status == "OK") || (transx.Status == "AUTHENTICATED") || (transx.Status == "REGISTERED"))
            {
                if (_sagePayServerPaymentSettings.TransactType == SagePayServerPaymentSettings.TransactTypeValues.PAYMENT)
                {
                    result.NewPaymentStatus = PaymentStatus.Paid;
                }
                else if (_sagePayServerPaymentSettings.TransactType == SagePayServerPaymentSettings.TransactTypeValues.DEFERRED)
                {
                    result.NewPaymentStatus = PaymentStatus.Authorized;
                }
                else
                {
                    result.NewPaymentStatus = PaymentStatus.Pending;
                }
                result.AuthorizationTransactionId     = transx.Id.ToString();
                result.AuthorizationTransactionCode   = transx.VPSTxId;
                result.AuthorizationTransactionResult = transx.ToString();
            }
            else
            {
                result.AddError(transx.StatusDetail);
            }


            return(result);
        }
示例#3
0
        /// <summary>
        /// Process a payment right after order is created
        /// </summary>
        /// <param name="processPaymentRequest">Payment info required for an order processing</param>
        /// <returns>Process payment result</returns>
        public ProcessPaymentResult ProcessPayment(ProcessPaymentRequest processPaymentRequest)
        {
            var result = new ProcessPaymentResult();

            var transx = _sagePayServerTransactionService.GetSagePayServerTransactionByVendorTxCode(processPaymentRequest.OrderGuid.ToString());

            if (transx == null)
            {
                result.AddError(String.Format("SagePay Server transaction code {0} does not exist.", processPaymentRequest.OrderGuid));
                return(result);
            }

            if ((transx.Status == "OK") || (transx.Status == "AUTHENTICATED") || (transx.Status == "REGISTERED"))
            {
                switch (_sagePayServerPaymentSettings.TransactType)
                {
                case TransactTypeValues.Payment:
                    var releaseResult = _sagePayServerWorkflowService.ReleaseTransaction(processPaymentRequest.OrderGuid.ToString(), processPaymentRequest.OrderTotal);

                    if (releaseResult.Success)
                    {
                        result.NewPaymentStatus         = PaymentStatus.Paid;
                        result.CaptureTransactionResult = releaseResult.Message;
                    }
                    else
                    {
                        result.AddError(releaseResult.Message);
                    }

                    break;

                case TransactTypeValues.Deferred:
                    result.NewPaymentStatus = PaymentStatus.Authorized;
                    break;

                default:
                    result.NewPaymentStatus = PaymentStatus.Pending;
                    break;
                }

                result.AuthorizationTransactionId     = transx.Id.ToString(CultureInfo.InvariantCulture);
                result.AuthorizationTransactionCode   = transx.VpsTxId;
                result.AuthorizationTransactionResult = transx.ToString();
            }
            else
            {
                result.AddError(transx.StatusDetail);
            }


            return(result);
        }
        /// <summary>
        /// This method is called when payment is submitted inside the iframe. This method is called from Sagepay not from us, that's why the response is a string what Sagepay is expected.
        /// This page is required to validate if the website that originated the transaction is the same one receiving the parameters (to avoid tampering with)
        /// </summary>
        /// <param name="strTxAuthNo"></param>
        /// <param name="strAvscv2"></param>
        /// <param name="strAddressResult"></param>
        /// <param name="strPostCodeResult"></param>
        /// <param name="strCv2Result"></param>
        /// <param name="strGiftAid"></param>
        /// <param name="str3DSecureStatus"></param>
        /// <param name="strCavv"></param>
        /// <param name="strAddressStatus"></param>
        /// <param name="strPayerStatus"></param>
        /// <param name="strCardType"></param>
        /// <param name="strLast4Digits"></param>
        /// <param name="strVpsTxId"></param>
        /// <param name="strVpsSignature"></param>
        /// <param name="strStatus"></param>
        /// <param name="strStatusDetail"></param>
        /// <param name="strVendorTxCode"></param>
        /// <returns></returns>
        public string ValidateTransaction(string strTxAuthNo, string strAvscv2, string strAddressResult, string strPostCodeResult, string strCv2Result, string strGiftAid, string str3DSecureStatus, string strCavv,
                                          string strAddressStatus, string strPayerStatus, string strCardType, string strLast4Digits, string strVpsTxId, string strVpsSignature, string strStatus, string strStatusDetail, string strVendorTxCode)
        {
            var strVendorName = _sagePayServerPaymentSettings.VendorName.ToLower();

            //Obtain from DB
            var transx = _sagePayServerTransactionService.GetSagePayServerTransactionByVendorTxCode(strVendorTxCode);

            if (transx == null)
            {
                strStatusDetail = "Vendor Transaction code " + strVendorTxCode + " does not exist.";

                return("Status=INVALID" + Environment.NewLine +
                       "RedirectURL=" + _webHelper.GetStoreLocation() + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                       "StatusDetail=" + strStatusDetail);
            }

            if (string.IsNullOrWhiteSpace(transx.SecurityKey))
            {
                strStatusDetail = "Security Key for transaction " + strVendorTxCode + " is empty.";


                return("Status=INVALID" + Environment.NewLine +
                       "RedirectURL=" + _webHelper.GetStoreLocation() + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                       "StatusDetail=" + strStatusDetail);
            }



            //Update DB with what we've got so far
            transx.VpsTxId            = strVpsTxId;
            transx.VpsSignature       = strVpsSignature;
            transx.Status             = strStatus;
            transx.StatusDetail       = strStatusDetail;
            transx.TxAuthNo           = strTxAuthNo;
            transx.Avscv2             = strAvscv2;
            transx.AddressResult      = strAddressResult;
            transx.PostCodeResult     = strPostCodeResult;
            transx.Cv2Result          = strCv2Result;
            transx.GiftAid            = strGiftAid;
            transx.ThreeDSecureStatus = str3DSecureStatus;
            transx.Cavv          = strCavv;
            transx.AddressStatus = strAddressStatus;
            transx.PayerStatus   = strPayerStatus;
            transx.CardType      = strCardType;
            transx.Last4Digits   = strLast4Digits;

            //Update DB with what we've got so far
            _sagePayServerTransactionService.UpdateSagePayServerTransaction(transx);

            var strMessage = strVpsTxId + strVendorTxCode + strStatus + strTxAuthNo + strVendorName + strAvscv2 + transx.SecurityKey +
                             strAddressResult + strPostCodeResult + strCv2Result + strGiftAid + str3DSecureStatus + strCavv +
                             strAddressStatus + strPayerStatus + strCardType + strLast4Digits;

            //Because Sagepay also hashed all these variables, we also need to do the same to verify that they are the same
            var strMySignature = SagePayHelper.HashMd5(strMessage);

            if (strMySignature != strVpsSignature)
            {
                transx.StatusDetail = "Your server was unable to register this transaction with Sage Pay. Cannot match the MD5 Hash. Order might be tampered with: " + strMessage;

                _sagePayServerTransactionService.UpdateSagePayServerTransaction(transx);

                return("Status=INVALID" + Environment.NewLine +
                       "RedirectURL=" + _webHelper.GetStoreLocation() + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                       "StatusDetail=Your server was unable to register this transaction with Sage Pay. Cannot match the MD5 Hash. Order might be tampered with");
            }

            //Always send a Status of OK if we've read everything correctly. Only INVALID for messages with a Status of ERROR
            var responseStatus = strStatus == "ERROR" ? "INVALID" : "OK";

            return("Status=" + responseStatus + Environment.NewLine +
                   "RedirectURL=" + _webHelper.GetStoreLocation() + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode);
        }
示例#5
0
        public ActionResult NotificationPage()
        {
            string strTxAuthNo       = String.Empty;
            string strAVSCV2         = String.Empty;
            string strAddressResult  = String.Empty;
            string strPostCodeResult = String.Empty;
            string strCV2Result      = String.Empty;
            string strGiftAid        = String.Empty;
            string str3DSecureStatus = String.Empty;
            string strCAVV           = String.Empty;
            string strAddressStatus  = String.Empty;
            string strPayerStatus    = String.Empty;
            string strCardType       = String.Empty;
            string strLast4Digits    = String.Empty;

            string strVPSTxId      = (String)Request.Params["VPSTxId"];
            string strVPSSignature = (String)Request.Params["VPSSignature"];
            string strStatus       = (String)Request.Params["Status"];
            string strStatusDetail = (String)Request.Params["StatusDetail"];
            string strVendorTxCode = (String)Request.Params["VendorTxCode"];


            string strVendorName = _sagePayServerPaymentSettings.VendorName.ToLower();

            //Obtain from DB
            var transx = _sagePayServerTransactionService.GetSagePayServerTransactionByVendorTxCode(strVendorTxCode);


            var returnUrl = _sagePayServerPaymentSettings.ReturnFullyQualifiedDomainName;

            if (transx == null)
            {
                strStatusDetail = "Vendor Transaction code " + strVendorTxCode + " does not exist.";

                return(Content("Status=INVALID" + Environment.NewLine +
                               "RedirectURL=" + returnUrl + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                               "StatusDetail=" + strStatusDetail));
            }

            if (string.IsNullOrWhiteSpace(transx.SecurityKey))
            {
                strStatusDetail = "Security Key for transaction " + strVendorTxCode + " is empty.";

                return(Content("Status=INVALID" + Environment.NewLine +
                               "RedirectURL=" + returnUrl + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                               "StatusDetail=" + strStatusDetail));
            }



            if (String.IsNullOrWhiteSpace(Request.Params["TxAuthNo"]) == false)
            {
                strTxAuthNo = (string)Request.Params["TxAuthNo"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["AVSCV2"]) == false)
            {
                strAVSCV2 = (string)Request.Params["AVSCV2"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["AddressResult"]) == false)
            {
                strAddressResult = (string)Request.Params["AddressResult"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["PostCodeResult"]) == false)
            {
                strPostCodeResult = (string)Request.Params["PostCodeResult"];
            }

            if (String.IsNullOrWhiteSpace(Request.Params["CV2Result"]) == false)
            {
                strCV2Result = (string)Request.Params["CV2Result"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["GiftAid"]) == false)
            {
                strGiftAid = (string)Request.Params["GiftAid"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["3DSecureStatus"]) == false)
            {
                str3DSecureStatus = (string)Request.Params["3DSecureStatus"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["CAVV"]) == false)
            {
                strCAVV = (string)Request.Params["CAVV"];
            }

            if (String.IsNullOrWhiteSpace(Request.Params["AddressStatus"]) == false)
            {
                strAddressStatus = (string)Request.Params["AddressStatus"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["PayerStatus"]) == false)
            {
                strPayerStatus = (string)Request.Params["PayerStatus"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["CardType"]) == false)
            {
                strCardType = (string)Request.Params["CardType"];
            }
            if (String.IsNullOrWhiteSpace(Request.Params["Last4Digits"]) == false)
            {
                strLast4Digits = (string)Request.Params["Last4Digits"];
            }


            //Update DB with what we've got so far
            transx.VPSTxId            = strVPSTxId;
            transx.VPSSignature       = strVPSSignature;
            transx.Status             = strStatus;
            transx.StatusDetail       = strStatusDetail;
            transx.TxAuthNo           = strTxAuthNo;
            transx.AVSCV2             = strAVSCV2;
            transx.AddressResult      = strAddressResult;
            transx.PostCodeResult     = strPostCodeResult;
            transx.CV2Result          = strCV2Result;
            transx.GiftAid            = strGiftAid;
            transx.ThreeDSecureStatus = str3DSecureStatus;
            transx.CAVV          = strCAVV;
            transx.AddressStatus = strAddressStatus;
            transx.PayerStatus   = strPayerStatus;
            transx.CardType      = strCardType;
            transx.Last4Digits   = strLast4Digits;

            //Update DB with what we've got so far
            _sagePayServerTransactionService.UpdateSagePayServerTransaction(transx);

            string strMessage = strVPSTxId + strVendorTxCode + strStatus + strTxAuthNo + strVendorName + strAVSCV2 + transx.SecurityKey +
                                strAddressResult + strPostCodeResult + strCV2Result + strGiftAid + str3DSecureStatus + strCAVV +
                                strAddressStatus + strPayerStatus + strCardType + strLast4Digits;

            string strMySignature = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(strMessage, "MD5");

            if (strMySignature != strVPSSignature)
            {
                transx.StatusDetail = "Your server was unable to register this transaction with Sage Pay. Cannot match the MD5 Hash. Order might be tampered with: " + strMessage;

                _sagePayServerTransactionService.UpdateSagePayServerTransaction(transx);

                return(Content("Status=INVALID" + Environment.NewLine +
                               "RedirectURL=" + returnUrl + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode + Environment.NewLine +
                               "StatusDetail=Your server was unable to register this transaction with Sage Pay. Cannot match the MD5 Hash. Order might be tampered with"));
            }

            //Always send a Status of OK if we've read everything correctly. Only INVALID for messages with a Status of ERROR
            string strResponseStatus = String.Empty;

            if (strStatus == "ERROR")
            {
                strResponseStatus = "INVALID";
            }
            else
            {
                strResponseStatus = "OK";
            }

            return(Content("Status=" + strResponseStatus + Environment.NewLine +
                           "RedirectURL=" + returnUrl + "Plugins/PaymentSagePayServer/ResponsePage?uid=" + strVendorTxCode));
        }