Merge branch 'ipn' of github.com:zyphlar/Open-Source-Access-Control-Web-Interface into ipn

2013-08-24 03:44:00 -07:00 · 2013-08-24 03:44:00 -07:00 · 805148ee40
commit 805148ee40
parent f111769b20 eb782f11d5
6 changed files with 69 additions and 15 deletions
--- a/app/controllers/ipns_controller.rb
+++ b/app/controllers/ipns_controller.rb
@ -15,11 +15,21 @@ class IpnsController < ApplicationController
  end

  def create
-    #TODO: ensure the request is actually from paypal
    @ipn = Ipn.new_from_dynamic_params(params)
    @ipn.data = params.to_json
    @ipn.save
    render :nothing => true
+    unless @ipn.validate!
+      Rails.logger.error "Unable to validate IPN: #{@ipn.inspect}"
+    end
+  end
+
+  def validate
+    if @ipn.validate!
+      redirect_to ipns_url, :notice => 'Valid!' 
+    else
+      redirect_to ipns_url, :notice => 'INVALID'
+    end
  end

  def link
--- a/app/models/ipn.rb
+++ b/app/models/ipn.rb
@ -1,3 +1,4 @@
+require 'net/http'
 class Ipn < ActiveRecord::Base
  attr_accessible :data
  belongs_to :payment
@ -16,6 +17,32 @@ class Ipn < ActiveRecord::Base
    return ipn
  end

+  # Post back to Paypal to make sure it's valid
+  def validate!
+    uri = URI.parse('https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate')
+
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.open_timeout = 60
+    http.read_timeout = 60
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    http.use_ssl = true
+    response = http.post(uri.request_uri, self.data,
+                         'Content-Length' => "#{self.data.size}",
+                         'User-Agent' => "Ruby on Rails"
+                       ).body
+
+    unless ["VERIFIED", "INVALID"].include?(response)
+      Rails.logger.error "Faulty paypal result: #{response}"
+      return false
+    end
+    unless response == "VERIFIED"
+      Rails.logger.error "Invalid IPN: #{response}" 
+      return false
+    end
+
+    return true
+  end
+
  def link_payment
    create_payment
  end
@ -26,25 +53,34 @@ class Ipn < ActiveRecord::Base
    user = User.find_by_email(self.payer_email)
    user = User.find_by_payee(self.payer_email) if user.nil? && self.payer_email.present?

-    # Only create payments if the amount matches a member level
+    # Only create payments if the IPN matches a member
    if user.present?
-      if User.member_levels[self.payment_gross.to_i].present?
-        payment = Payment.new
-        payment.date = self.payment_date
-        payment.user_id = user.id
-        payment.amount = self.payment_gross
-        if payment.save
-          self.payment_id = payment.id
-          self.save!
+      # And is a payment (not a cancellation, etc)
+      payment_types = ["subscr_payment","send_money"]
+      if payment_types.include?(self.txn_type)
+        # And a member level
+        if User.member_levels[self.payment_gross.to_i].present?
+          payment = Payment.new
+          payment.date = Date.strptime(self.payment_date, "%H:%M:%S %b %e, %Y %Z")
+          payment.user_id = user.id
+          payment.amount = self.payment_gross
+          if payment.save
+            self.payment_id = payment.id
+            self.save!
+          else
+            return [false, "Unable to link payment. Payment error: #{payment.errors.full_messages.first}"]
+          end
        else
-          return [false, "Unable to link payment. Payment error: #{payment.errors.full_messages.first}"]
+          return [false, "Unable to link payment. Couldn't find membership level '#{self.payment_gross.to_i}'."]
        end
      else
-        return [false, "Unable to link payment. Couldn't find membership level '#{self.payment_gross.to_i}'."]
+        return [false, "Unable to link payment. Transaction is a '#{self.txn_type}' instead of '#{payment_types.inspect}'."]
      end
    else
      return [false, "Unable to link payment. Couldn't find user/payee '#{self.payer_email}'."]
    end
+
+    return [true]
  end

 end
--- a/app/views/ipns/index.html.erb
+++ b/app/views/ipns/index.html.erb
@ -11,7 +11,13 @@
        <td><%= ipn.payment_date %></td>
        <td><%= ipn.first_name %> <%= ipn.last_name %></td> 
        <td><%= ipn.item_name %></td>
-        <td><%= ipn.payment_gross %></td>
+        <td>
+          <% if ipn.payment_gross.blank? %>
+            <%= ipn.txn_type %>
+          <% else %>
+            <%= ipn.payment_gross %>
+          <% end %>
+        </td>
        <td>
          <% if ipn.payment.present? %>
            <%= link_to "Linked Payment", ipn.payment %>
@ -20,6 +26,7 @@
          <% end %>
        </td>
        <td><%= link_to "Details", ipn %></td>
+        <td><%= link_to "Validate", validate_ipn_path(ipn) %></td>
      </tr>
    <% end %>
  </table>
--- a/app/views/ipns/new.html.erb
+++ b/app/views/ipns/new.html.erb
@ -35,7 +35,7 @@
  </div>
  <div class="field">
    <%= label_tag :payment_date %>
-    <%= text_field_tag :payment_date, Date.today.to_s %>
+    <%= text_field_tag :payment_date, "20:46:54 Jun 20, 2013 PDT" %>
  </div>
  <div class="field">
    <%= label_tag :txn_type %>
--- a/app/views/payments/show.html.erb
+++ b/app/views/payments/show.html.erb
@ -1,6 +1,6 @@
 <p>
  <b>User:</b>
-  <%= @payment.user.name_with_payee_and_member_level unless @payment.user.blank? %>
+  <%= link_to @payment.user.name_with_payee_and_member_level, @payment.user unless @payment.user.blank? %>
 </p>

 <p>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,6 +1,7 @@
 Dooraccess::Application.routes.draw do
  resources :ipns
  match 'ipns/:id/link' => 'ipns#link', :as => :link_ipn
+  match 'ipns/:id/validate' => 'ipns#validate', :as => :validate_ipn

  resources :payments