2012-08-16 00:46:41 +04:00
|
|
|
import calendar
|
2013-03-07 22:39:29 +04:00
|
|
|
import hashlib
|
2012-08-01 00:15:57 +04:00
|
|
|
import sys
|
2012-08-16 00:46:41 +04:00
|
|
|
import time
|
2012-07-25 22:23:42 +04:00
|
|
|
import urlparse
|
2013-03-07 22:39:29 +04:00
|
|
|
import uuid
|
2013-05-03 04:49:49 +04:00
|
|
|
from urllib import urlencode
|
2012-07-25 22:23:42 +04:00
|
|
|
|
|
|
|
from django import http
|
2012-10-23 04:36:38 +04:00
|
|
|
from django.conf import settings
|
2012-07-25 22:23:42 +04:00
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
|
2013-01-19 03:31:11 +04:00
|
|
|
import bleach
|
2012-07-25 22:23:42 +04:00
|
|
|
import commonware.log
|
2013-03-07 22:39:29 +04:00
|
|
|
import waffle
|
2013-05-03 04:49:49 +04:00
|
|
|
from tower import ugettext as _
|
2012-07-25 22:23:42 +04:00
|
|
|
|
|
|
|
from addons.decorators import (addon_view_factory, can_be_purchased,
|
|
|
|
has_not_purchased)
|
|
|
|
import amo
|
|
|
|
from amo.decorators import json_view, login_required, post_required, write
|
|
|
|
from amo.helpers import absolutify
|
|
|
|
from amo.urlresolvers import reverse
|
2013-02-11 21:50:11 +04:00
|
|
|
from lib.cef_loggers import app_pay_cef
|
|
|
|
from lib.crypto.webpay import (InvalidSender, parse_from_webpay,
|
|
|
|
sign_webpay_jwt)
|
2012-07-25 22:23:42 +04:00
|
|
|
from mkt.webapps.models import Webapp
|
|
|
|
from stats.models import ClientData, Contribution
|
|
|
|
|
2012-10-23 05:10:30 +04:00
|
|
|
from . import webpay_tasks as tasks
|
2012-07-25 22:23:42 +04:00
|
|
|
|
|
|
|
log = commonware.log.getLogger('z.purchase')
|
|
|
|
addon_view = addon_view_factory(qs=Webapp.objects.valid)
|
|
|
|
|
|
|
|
|
2013-03-07 22:39:29 +04:00
|
|
|
def start_purchase(request, addon):
|
2013-06-12 02:00:37 +04:00
|
|
|
log.debug('Starting purchase of app: %s by user: %s'
|
2013-03-07 22:39:29 +04:00
|
|
|
% (addon.pk, request.amo_user.pk))
|
2013-06-12 02:00:37 +04:00
|
|
|
amount = addon.get_price(region=request.REGION.id)
|
2013-03-07 22:39:29 +04:00
|
|
|
uuid_ = hashlib.md5(str(uuid.uuid4())).hexdigest()
|
|
|
|
# L10n: {0} is the addon name.
|
|
|
|
contrib_for = (_(u'Firefox Marketplace purchase of {0}')
|
|
|
|
.format(addon.name))
|
|
|
|
|
2013-06-12 02:00:37 +04:00
|
|
|
currency = request.REGION.default_currency
|
2013-03-07 22:39:29 +04:00
|
|
|
return amount, currency, uuid_, contrib_for
|
|
|
|
|
|
|
|
|
2012-12-22 03:28:28 +04:00
|
|
|
def make_ext_id(addon_pk):
|
|
|
|
"""
|
|
|
|
Generates a webpay/solitude external ID for this addon's primary key.
|
|
|
|
"""
|
|
|
|
# This namespace is currently necessary because app products
|
|
|
|
# are mixed into an application's own in-app products.
|
|
|
|
# Maybe we can fix that.
|
2012-12-27 23:31:05 +04:00
|
|
|
# Also, we may use various dev/stage servers with the same
|
|
|
|
# Bango test API.
|
|
|
|
domain = getattr(settings, 'DOMAIN', None)
|
|
|
|
if not domain:
|
|
|
|
domain = 'marketplace-dev'
|
|
|
|
ext_id = domain.split('.')[0]
|
|
|
|
return '%s:%s' % (ext_id, addon_pk)
|
2012-12-22 03:28:28 +04:00
|
|
|
|
|
|
|
|
2012-07-25 22:23:42 +04:00
|
|
|
@login_required
|
|
|
|
@addon_view
|
|
|
|
@write
|
|
|
|
@post_required
|
|
|
|
@json_view
|
|
|
|
def prepare_pay(request, addon):
|
2013-05-03 00:12:13 +04:00
|
|
|
return _prepare_pay(request, addon)
|
|
|
|
|
|
|
|
|
|
|
|
@can_be_purchased
|
|
|
|
@has_not_purchased
|
|
|
|
def _prepare_pay(request, addon):
|
|
|
|
"""Prepare a JWT to pass into navigator.pay()"""
|
2012-07-25 22:23:42 +04:00
|
|
|
amount, currency, uuid_, contrib_for = start_purchase(request, addon)
|
|
|
|
log.debug('Storing contrib for uuid: %s' % uuid_)
|
|
|
|
Contribution.objects.create(addon_id=addon.id, amount=amount,
|
|
|
|
source=request.REQUEST.get('src', ''),
|
|
|
|
source_locale=request.LANG,
|
|
|
|
uuid=str(uuid_), type=amo.CONTRIB_PENDING,
|
|
|
|
paykey=None, user=request.amo_user,
|
|
|
|
price_tier=addon.premium.price,
|
|
|
|
client_data=ClientData.get_or_create(request))
|
2012-09-06 01:55:58 +04:00
|
|
|
|
2013-01-19 03:31:11 +04:00
|
|
|
# Until atob() supports encoded HTML we are stripping all tags.
|
|
|
|
# See bug 831524
|
|
|
|
app_summary = bleach.clean(unicode(addon.summary), strip=True, tags=[])
|
|
|
|
|
2012-12-21 05:20:31 +04:00
|
|
|
acct = addon.app_payment_account.payment_account
|
2013-02-11 21:50:11 +04:00
|
|
|
seller_uuid = acct.solitude_seller.uuid
|
2013-01-31 22:26:41 +04:00
|
|
|
issued_at = calendar.timegm(time.gmtime())
|
2013-03-29 02:52:30 +04:00
|
|
|
icons = {}
|
|
|
|
for size in amo.ADDON_ICON_SIZES:
|
|
|
|
icons[str(size)] = absolutify(addon.get_icon_url(size))
|
2013-01-31 22:26:41 +04:00
|
|
|
req = {
|
|
|
|
'iss': settings.APP_PURCHASE_KEY,
|
|
|
|
'typ': settings.APP_PURCHASE_TYP,
|
|
|
|
'aud': settings.APP_PURCHASE_AUD,
|
|
|
|
'iat': issued_at,
|
|
|
|
'exp': issued_at + 3600, # expires in 1 hour
|
|
|
|
'request': {
|
|
|
|
'name': unicode(addon.name),
|
|
|
|
'description': app_summary,
|
2013-05-02 23:17:22 +04:00
|
|
|
'pricePoint': addon.premium.price.name,
|
2013-01-31 22:26:41 +04:00
|
|
|
'id': make_ext_id(addon.pk),
|
|
|
|
'postbackURL': absolutify(reverse('webpay.postback')),
|
|
|
|
'chargebackURL': absolutify(reverse('webpay.chargeback')),
|
|
|
|
'productData': urlencode({'contrib_uuid': uuid_,
|
|
|
|
'seller_uuid': seller_uuid,
|
|
|
|
'addon_id': addon.pk}),
|
2013-03-29 02:52:30 +04:00
|
|
|
'icons': icons,
|
2013-01-31 22:26:41 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
jwt_ = sign_webpay_jwt(req)
|
2013-01-16 21:48:39 +04:00
|
|
|
log.debug('Preparing webpay JWT for addon %s: %s' % (addon, jwt_))
|
2013-03-07 22:19:28 +04:00
|
|
|
app_pay_cef.log(request, 'Preparing JWT', 'preparing_jwt',
|
|
|
|
'Preparing JWT for: %s' % (addon.pk), severity=3)
|
2013-05-03 04:49:49 +04:00
|
|
|
|
|
|
|
if request.API:
|
|
|
|
url = reverse('api_dispatch_detail', kwargs={
|
|
|
|
'resource_name': 'status', 'api_name': 'webpay',
|
|
|
|
'uuid': uuid_})
|
|
|
|
else:
|
|
|
|
url = reverse('webpay.pay_status', args=[addon.app_slug, uuid_])
|
|
|
|
return {'webpayJWT': jwt_, 'contribStatusURL': url}
|
2012-07-25 22:23:42 +04:00
|
|
|
|
|
|
|
|
|
|
|
@login_required
|
|
|
|
@addon_view
|
|
|
|
@write
|
|
|
|
@json_view
|
|
|
|
def pay_status(request, addon, contrib_uuid):
|
|
|
|
"""
|
|
|
|
Return JSON dict of {status: complete|incomplete}.
|
|
|
|
|
|
|
|
The status of the payment is only complete when it exists by uuid,
|
|
|
|
was purchased by the logged in user, and has been marked paid by the
|
|
|
|
JWT postback. After that the UI is free to call app/purchase/record
|
|
|
|
to generate a receipt.
|
|
|
|
"""
|
|
|
|
au = request.amo_user
|
|
|
|
qs = Contribution.objects.filter(uuid=contrib_uuid,
|
|
|
|
addon__addonpurchase__user=au,
|
|
|
|
type=amo.CONTRIB_PURCHASE)
|
|
|
|
return {'status': 'complete' if qs.exists() else 'incomplete'}
|
|
|
|
|
|
|
|
|
|
|
|
@csrf_exempt
|
|
|
|
@write
|
|
|
|
@post_required
|
|
|
|
def postback(request):
|
2013-01-31 04:35:46 +04:00
|
|
|
"""Verify signature and set contribution to paid."""
|
2013-02-11 21:50:11 +04:00
|
|
|
signed_jwt = request.POST.get('notice', '')
|
2012-09-12 04:17:12 +04:00
|
|
|
try:
|
2012-10-23 05:10:30 +04:00
|
|
|
data = parse_from_webpay(signed_jwt, request.META.get('REMOTE_ADDR'))
|
2013-02-11 21:50:11 +04:00
|
|
|
except InvalidSender, exc:
|
|
|
|
app_pay_cef.log(request, 'Unknown app', 'invalid_postback',
|
|
|
|
'Ignoring invalid JWT %r: %s' % (signed_jwt, exc),
|
|
|
|
severity=4)
|
2012-09-12 04:17:12 +04:00
|
|
|
return http.HttpResponseBadRequest()
|
|
|
|
|
|
|
|
pd = urlparse.parse_qs(data['request']['productData'])
|
2012-08-01 00:15:57 +04:00
|
|
|
contrib_uuid = pd['contrib_uuid'][0]
|
|
|
|
try:
|
|
|
|
contrib = Contribution.objects.get(uuid=contrib_uuid)
|
|
|
|
except Contribution.DoesNotExist:
|
|
|
|
etype, val, tb = sys.exc_info()
|
2013-01-31 04:35:46 +04:00
|
|
|
raise LookupError('JWT (iss:%s, aud:%s) for trans_id %s '
|
2012-08-01 00:15:57 +04:00
|
|
|
'links to contrib %s which doesn\'t exist'
|
2012-09-12 04:17:12 +04:00
|
|
|
% (data['iss'], data['aud'],
|
|
|
|
data['response']['transactionID'],
|
|
|
|
contrib_uuid)), None, tb
|
|
|
|
|
2013-02-12 04:57:51 +04:00
|
|
|
trans_id = data['response']['transactionID']
|
|
|
|
log.info('webpay postback: fulfilling purchase for contrib %s with '
|
|
|
|
'transaction %s' % (contrib, trans_id))
|
2013-03-07 22:19:28 +04:00
|
|
|
app_pay_cef.log(request, 'Purchase complete', 'purchase_complete',
|
|
|
|
'Purchase complete for: %s' % (contrib.addon.pk),
|
|
|
|
severity=3)
|
2013-02-12 04:57:51 +04:00
|
|
|
contrib.update(transaction_id=trans_id, type=amo.CONTRIB_PURCHASE)
|
2012-08-01 00:15:57 +04:00
|
|
|
|
2013-01-22 02:17:12 +04:00
|
|
|
tasks.send_purchase_receipt.delay(contrib.pk)
|
2013-02-12 04:57:51 +04:00
|
|
|
return http.HttpResponse(trans_id)
|
2012-09-12 04:17:12 +04:00
|
|
|
|
|
|
|
|
2012-07-25 22:23:42 +04:00
|
|
|
@csrf_exempt
|
2012-09-12 04:17:12 +04:00
|
|
|
@write
|
2012-07-25 22:23:42 +04:00
|
|
|
@post_required
|
|
|
|
def chargeback(request):
|
|
|
|
"""
|
2013-01-29 00:48:51 +04:00
|
|
|
Verify signature from and create a refund contribution tied
|
2012-09-12 04:17:12 +04:00
|
|
|
to the original transaction.
|
2012-07-25 22:23:42 +04:00
|
|
|
"""
|
2013-01-31 04:35:46 +04:00
|
|
|
raise NotImplementedError
|