8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-25 22:22:26 +00:00

Stockage en BDD des identifiants comnpay.

This commit is contained in:
Hugo LEVY-FALK 2018-01-15 01:06:54 +01:00
parent 6188e4bbc4
commit cd3a94fbe3
7 changed files with 139 additions and 6 deletions

1
.gitignore vendored
View file

@ -5,3 +5,4 @@ re2o.png
__pycache__/* __pycache__/*
static_files/* static_files/*
static/logo/* static/logo/*
media/*

View file

@ -11,6 +11,8 @@ from django.utils.datastructures import MultiValueDictKeyError
from django.http import HttpResponse, HttpResponseBadRequest from django.http import HttpResponse, HttpResponseBadRequest
from collections import OrderedDict from collections import OrderedDict
from preferences.models import AssoOption
from .models import Facture from .models import Facture
from .payment_utils.comnpay import Payment as ComnpayPayment from .payment_utils.comnpay import Payment as ComnpayPayment
@ -36,6 +38,7 @@ def refuse_payment(request):
@csrf_exempt @csrf_exempt
def ipn(request): def ipn(request):
option, _created = AssoOption.objects.get_or_create()
p = ComnpayPayment() p = ComnpayPayment()
order = ('idTpe', 'idTransaction', 'montant', 'result', 'sec', ) order = ('idTpe', 'idTransaction', 'montant', 'result', 'sec', )
try: try:
@ -43,7 +46,7 @@ def ipn(request):
except MultiValueDictKeyError: except MultiValueDictKeyError:
return HttpResponseBadRequest("HTTP/1.1 400 Bad Request") return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")
if not p.validSec(data, "DEMO"): if not p.validSec(data, option.payment_pass):
return HttpResponseBadRequest("HTTP/1.1 400 Bad Request") return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")
result = True if (request.POST['result'] == 'OK') else False result = True if (request.POST['result'] == 'OK') else False
@ -51,7 +54,7 @@ def ipn(request):
idTransaction = request.POST['idTransaction'] idTransaction = request.POST['idTransaction']
# On vérifie que le paiement nous est destiné # On vérifie que le paiement nous est destiné
if not idTpe == "DEMO": if not idTpe == option.payment_id:
return HttpResponseBadRequest("HTTP/1.1 400 Bad Request") return HttpResponseBadRequest("HTTP/1.1 400 Bad Request")
try: try:
@ -78,10 +81,14 @@ def ipn(request):
def comnpay(facture, request): def comnpay(facture, request):
host = request.get_host() host = request.get_host()
option, _created = AssoOption.objects.get_or_create()
p = ComnpayPayment( p = ComnpayPayment(
"DEMO", str(option.payment_id),
"DEMO", str(option.payment_pass),
'https://' + host + reverse('cotisations:accept_payment', kwargs={'factureid':facture.id}), 'https://' + host + reverse(
'cotisations:accept_payment',
kwargs={'factureid':facture.id}
),
'https://' + host + reverse('cotisations:refuse_payment'), 'https://' + host + reverse('cotisations:refuse_payment'),
'https://' + host + reverse('cotisations:ipn'), 'https://' + host + reverse('cotisations:ipn'),
"", "",
@ -90,7 +97,11 @@ def comnpay(facture, request):
r = { r = {
'action' : 'https://secure.homologation.comnpay.com', 'action' : 'https://secure.homologation.comnpay.com',
'method' : 'POST', 'method' : 'POST',
'content' : p.buildSecretHTML("Rechargement du solde", facture.prix(), idTransaction=str(facture.id)), 'content' : p.buildSecretHTML(
"Rechargement du solde",
facture.prix(),
idTransaction=str(facture.id)
),
'amount' : facture.prix, 'amount' : facture.prix,
} }
return r return r

53
preferences/aes_field.py Normal file
View file

@ -0,0 +1,53 @@
import string
import binascii
from random import choice
from Crypto.Cipher import AES
from django.db import models
from django.conf import settings
EOD = '`%EofD%`' # This should be something that will not occur in strings
def genstring(length=16, chars=string.printable):
return ''.join([choice(chars) for i in range(length)])
def encrypt(key, s):
obj = AES.new(key)
datalength = len(s) + len(EOD)
if datalength < 16:
saltlength = 16 - datalength
else:
saltlength = 16 - datalength % 16
ss = ''.join([s, EOD, genstring(saltlength)])
return obj.encrypt(ss)
def decrypt(key, s):
obj = AES.new(key)
ss = obj.decrypt(s)
return ss.split(bytes(EOD, 'utf-8'))[0]
class AESEncryptedField(models.CharField):
def save_form_data(self, instance, data):
setattr(instance, self.name,
binascii.b2a_base64(encrypt(settings.AES_KEY, data)))
def value_from_object(self, obj):
return decrypt(settings.AES_KEY,
binascii.a2b_base64(getattr(obj, self.attname))).decode('utf-8')
def to_python(self, value):
if value is None:
return None
return decrypt(settings.AES_KEY,
binascii.a2b_base64(value)).decode('utf-8')
def from_db_value(self, value, expression, connection, *args):
if value is None:
return value
return decrypt(settings.AES_KEY,
binascii.a2b_base64(value)).decode('utf-8')

View file

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-01-14 23:03
from __future__ import unicode_literals
from django.db import migrations, models
import preferences.aes_field
class Migration(migrations.Migration):
dependencies = [
('preferences', '0038_auto_20180114_2209'),
]
operations = [
migrations.AddField(
model_name='assooption',
name='payment_id',
field=models.CharField(max_length=255, null=True),
),
migrations.AddField(
model_name='assooption',
name='payment_pass',
field=preferences.aes_field.AESEncryptedField(max_length=255, null=True),
),
]

View file

@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-01-14 23:10
from __future__ import unicode_literals
from django.db import migrations, models
import preferences.aes_field
class Migration(migrations.Migration):
dependencies = [
('preferences', '0039_auto_20180115_0003'),
]
operations = [
migrations.AlterField(
model_name='assooption',
name='payment_id',
field=models.CharField(default='', max_length=255),
),
migrations.AlterField(
model_name='assooption',
name='payment_pass',
field=preferences.aes_field.AESEncryptedField(default='', max_length=255),
),
]

View file

@ -28,6 +28,8 @@ from __future__ import unicode_literals
from django.db import models from django.db import models
import cotisations.models import cotisations.models
from .aes_field import AESEncryptedField
class OptionalUser(models.Model): class OptionalUser(models.Model):
"""Options pour l'user : obligation ou nom du telephone, """Options pour l'user : obligation ou nom du telephone,
@ -471,6 +473,16 @@ class AssoOption(models.Model):
choices=PAYMENT, choices=PAYMENT,
default='NONE', default='NONE',
) )
payment_id = models.CharField(
max_length=255,
default='',
)
payment_pass = AESEncryptedField(
max_length=255,
default='',
)
class Meta: class Meta:
permissions = ( permissions = (
("view_assooption", "Peut voir les options de l'asso"), ("view_assooption", "Peut voir les options de l'asso"),

View file

@ -26,6 +26,10 @@ SECRET_KEY = 'SUPER_SECRET_KEY'
DB_PASSWORD = 'SUPER_SECRET_DB' DB_PASSWORD = 'SUPER_SECRET_DB'
# AES key for secret key encryption
AES_KEY = 'WHAT_A_WONDERFULL_KEY'
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False DEBUG = False