class Public::OrdersController < ApplicationController layout "public" http_basic_authenticate_with name: "nico", password: "852321nb", only: :paid_force before_filter :check_paybox_integrity!, :only => [:e_trans_cancel, :e_trans_ipn, :e_trans_refuse,:e_trans_effectue] protect_from_forgery :except => [:hipay_ipn] def billing @annonce_account = current_annonce_account @annonce_account.force_address = true end def new @no_search = true if params[:credit_product_id] @credit_product = CreditProduct.find(params[:credit_product_id]) @order = Order.new(:devise => Devise.find(@credit_product.devise)) session[:order] = @order session[:order].credit_product = @credit_product elsif session[:order] @order = Order.new(session[:order]) else end if params[:with_com] @order.with_com = true elsif @order.with_com = false end @annonce_account = current_annonce_account @annonce_account.force_address = true @order.annonce_account = @annonce_account if @order.billing_address? else render :action => :billing end end def create @order = Order.new session[:order] @annonce_account = current_annonce_account @order.annonce_account = @annonce_account @order.name = current_annonce_account.name @order.firstname = current_annonce_account.firstname @order.address = current_annonce_account.address @order.address2 = current_annonce_account.address2 @order.cp = current_annonce_account.cp @order.city = current_annonce_account.city @order.country = current_annonce_account.country @order.pro = current_annonce_account.pro @order.organisation = current_annonce_account.organisation @order.name = @order.credit_product.name @order.description = @order.credit_product.description @order.nbr_credits = @order.credit_product.nbr_credits_final(current_annonce_account) @order.validity = @order.credit_product.validity @order.price_ht = @order.credit_product.price_ht_final(current_annonce_account) @order.binary_points = @order.credit_product.binary_points_final(current_annonce_account) @order.binary_percentage = @order.credit_product.binary_percentage @order.nbr_parts = @order.credit_product.nbr_parts_final(current_annonce_account) @order.with_com = params[:with_com] if @order.with_com @order.com_amount = @order.evaluate_use_coms @order.amount_ht = @order.evaluate_price_with_coms_ht @order.amount_ttc = @order.evaluate_price_with_coms_ttc else @order.amount_ht = @order.credit_product.price_ht_final(current_annonce_account) @order.amount_ttc = @order.credit_product.price_ttc_final(current_annonce_account) end @order.cgv = params[:order][:cgv] @order.retractation = params[:order][:retractation] if @order.save #redirect_to paid_public_order_path(@order) if @order.with_com @commission = current_annonce_account.commissions.new(:commission_type_id => 5, :amount => ((@order.com_amount)*(-1.0))) @order.commission = @commission @order.save end if @order.amount_ht == 0 @order.paid = true @order.paid_at = Time.now @order.payment_type_id = 3 @order.save @order.after_paid(true) end else render :action => "new" end end def paid @order = current_annonce_account.orders.find(params[:id]) if @order.devise_id == 1 if Rails.env.development? @host_ts = "http://localhost:3000" @server_host = "https://preprod-tpeweb.e-transactions.fr/cgi/MYchoix_pagepaiement.cgi" @key = "a828b1a278581b8296aba818b9f3252f125a96ebe34d0f83fabd523dee60ca6dfed109c266d4b0a540ecc479c59c44846fe399756c267344f548e07e7a29f99f" elsif Rails.env.production? @host_ts = "https://sideplace.com" @server_host = "https://tpeweb.e-transactions.fr/cgi/MYchoix_pagepaiement.cgi" @key = "11003ee0bd90d3adc4df6a7a8f80e804079c0630b87fc8ad6f504ac4655224fb990e4d043d7f605454a229b7dd937dcece3a4d4e7115f01d686ddb6856f925ab" end require "time" require "openssl" require "base64" require "rack" options = { :site => "1351265", :rang => "01", :identifiant => "277631463", :total => (@order.amount_ttc*100).to_i.to_s, :devise => "978", :cmd => @order.id.to_s+"-"+SecureRandom.hex(3).to_s, :porteur => @order.annonce_account.email, :retour => "M:M;Ref:R;T:T;A:A;B:B;C:C;D:D;E:E;F:F;G:G;H:H;I:I;J:J;N:N;O:O;P:P;Q:Q;S:S;U:U;W:W;Y:Y;Z:Z;sign:K;", :annule => "#{@host_ts}/public/orders/e_trans_cancel", :effectue => "#{@host_ts}/public/orders/e_trans_effectue", :refuse => "#{@host_ts}/public/orders/e_trans_refuse", :repondre_a => "#{@host_ts}/public/orders/e_trans_ipn" } #Generation Hash + HMAC formatted_options = Hash[options.map { |k, v| ["PBX_#{k.to_s.upcase}", v] }] formatted_options["PBX_HASH"] = "SHA512" date_iso = Time.now.utc.iso8601 formatted_options["PBX_TIME"] = date_iso base_params_query = formatted_options.to_a.map { |a| a.join("=") }.join("&") key = @key binary_key = [key].pack("H*") signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha512'), binary_key, base_params_query).upcase formatted_options["PBX_HMAC"] = signature formatted_options @base_params_query = base_params_query @paybox_hash = formatted_options else end end def hipay_confirm @order = current_annonce_account.orders.find(params[:id]) flash[:notice] = "Merci pour votre paiement, si votre nombre de crédits n'a pas encore augmenté pas d'inquiétudes, cela peut prendre quelques minutes, merci de ré-actualiser la page." redirect_to public_my_account_path end def hipay_decline @order = current_annonce_account.orders.find(params[:id]) flash[:notice] = "Votre paiement n'a pas abouti, merci de bien vouloir essayer de nouveau ou nous contacter." redirect_to paid_public_order_path(@order) end def paid_by_hipay @order = current_annonce_account.orders.find(params[:id]) if Rails.env.development? @host_sp = "http://78.245.74.12" @host_hipay = "https://test-ws.hipay.com/soap/payment-v2?wsdl" @host_hipay = "https://ws.hipay.com/soap/payment-v2?wsdl" elsif Rails.env.production? @host_sp = "https://sideplace.com" @host_hipay = "https://ws.hipay.com/soap/payment-v2?wsdl" end @client = Savon.client(wsdl: @host_hipay, ssl_version: :TLSv1) @client.operations message = { :categoryId => 644, :amount => @order.amount_ttc, :rating => "ALL", :locale => "fr_FR", :customerIpAddress => request.ip, :merchantReference => @order.id , :description => "Commande de crédits d'annonce" , :executionDate => Time.now.to_s(:db), :manualCapture => 0, :customerEmail => @order.annonce_account.email, :urlCallback => @host_sp+hipay_ipn_public_orders_path(), :urlAccept => @host_sp+hipay_confirm_public_order_path(@order), :urlDecline => @host_sp+hipay_decline_public_order_path(@order), :urlCancel => @host_sp+paid_public_order_path(@order), :urlLogo => "https://sideplace.com/black_logo.png", } if @order.devise.code == "USD" message[:currency] = @order.devise.code message[:wsLogin] = "10850b5beb65cbfacbd748fa231652f2" message[:wsPassword] = "6df1b0ad1c55a1e511e33e7bc42ee3cc" message[:websiteId] = 283694 elsif @order.devise.code == "CAD" message[:currency] = @order.devise.code message[:wsLogin] = "4b914f9a84e773fa07aff82ed896dd9c" message[:wsPassword] = "26d098a1d239dca34c9c3aaf151a8673" message[:websiteId] = 285311 elsif @order.devise.code == "GBP" message[:currency] = @order.devise.code message[:wsLogin] = "8dfff4b14fb9fd7e79b79e50e22fe242" message[:wsPassword] = "7cd17cec7bbfccacfc96ff5f3710eb22" message[:websiteId] = 285319 elsif @order.devise.code == "CHF" message[:currency] = @order.devise.code message[:wsLogin] = "9c8bb8673a712c6bb4a2e3c89f760e98" message[:wsPassword] = "cff22a090bed10e0001754fb724c7843" message[:websiteId] = 285320 elsif @order.devise.code == "AUD" message[:currency] = @order.devise.code message[:wsLogin] = "22804a107d27702252ae8833fcc98b5e" message[:wsPassword] = "6b764308b87aef21a0ca7e88810d96e0" message[:websiteId] = 285345 elsif @order.devise.code == "EUR" message[:currency] = @order.devise.code message[:wsLogin] = "cb9db4d771d58fa1354747f8891c3875" message[:wsPassword] = "52d67e65baa8bd436a5dcbc7f3764efc" message[:websiteId] = 320499 end @response = @client.call(:generate, :message => {:parameters => message}) @response.body # => { find_user_response: { id: 42, name: 'Hoff' } } if @response.body[:generate_response][:generate_result][:redirect_url] and @response.body[:generate_response][:generate_result][:redirect_url].to_s redirect_to @response.body[:generate_response][:generate_result][:redirect_url].to_s end end def hipay_ipn data = Hash.from_xml(params[:xml]) @result = data["mapi"]["result"] logger.info "test" logger.debug @result logger.info "test" @order = Order.find(@result["idForMerchant"]) logger.debug @order @hipay_history = @order.hipay_histories.new @hipay_history[:operation] = @result["operation"] @hipay_history[:status] = @result["status"] @hipay_history[:transaction_date] = @result["date"].to_s+" "+@result["time"].to_s @hipay_history[:origamount] = @result["origAmount"] @hipay_history[:origcurrency] = @result["origCurrency"] @hipay_history[:idformerchant] = @result["idForMerchant"] @hipay_history[:emailclient] = @result["emailClient"] @hipay_history[:idclient] = @result["idClient"] @hipay_history[:merchantdatas] = @result["merchantDatas"] @hipay_history[:cardcountry] = @result["cardCountry"] @hipay_history[:ipcountry] = @result["ipCountry"] @hipay_history[:transid] = @result["transid"] @hipay_history[:is3ds] = @result["is3ds"] @hipay_history[:paymentmethod] = @result["paymentMethod"] @hipay_history[:customercountry] = @result["customerCountry"] @hipay_history[:returncode] = @result["returnCode"] @hipay_history[:returndescriptionshort] = @result["returnDescriptionShort"] @hipay_history[:returndescriptionlong] = @result["returnDescriptionLong"] @hipay_history.save if @hipay_history.operation == "capture" and @hipay_history.status == "ok" @order.paid = true @order.paid_at = Time.now @order.payment_type_id = 6 @order.save @order.after_paid else end render :inline => "ok" end def e_trans_cancel params[:order_id] =params[:Ref].split('-')[0] @order = current_annonce_account.orders.find(params[:order_id]) @etrans_history = EtransHistory.create( :order => @order, :M => params[:M], :R => params[:Ref], :T => params[:T], :A => params[:A], :B => params[:B], :C => params[:C], :D => params[:D], :E => params[:E], :F => params[:F], :G => params[:G], :H => params[:H], :I => params[:I], :J => params[:J], :K => params[:K], :N => params[:N], :O => params[:O], :P => params[:P], :Q => params[:Q], :S => params[:S], :U => params[:U], :W => params[:W], :Y => params[:Y], :Z => params[:Z] ) end def e_trans_refuse params[:order_id] =params[:Ref].split('-')[0] @order = current_annonce_account.orders.find(params[:order_id]) @etrans_history = EtransHistory.create( :order => @order, :M => params[:M], :R => params[:Ref], :T => params[:T], :A => params[:A], :B => params[:B], :C => params[:C], :D => params[:D], :E => params[:E], :F => params[:F], :G => params[:G], :H => params[:H], :I => params[:I], :J => params[:J], :K => params[:K], :N => params[:N], :O => params[:O], :P => params[:P], :Q => params[:Q], :S => params[:S], :U => params[:U], :W => params[:W], :Y => params[:Y], :Z => params[:Z] ) end def e_trans_ipn params[:order_id] =params[:Ref].split('-')[0] @order = Order.find(params[:order_id]) if !@order.paid and params[:E] == "00000" @etrans_history = EtransHistory.create( :order => @order, :M => params[:M], :R => params[:Ref], :T => params[:T], :A => params[:A], :B => params[:B], :C => params[:C], :D => params[:D], :E => params[:E], :F => params[:F], :G => params[:G], :H => params[:H], :I => params[:I], :J => params[:J], :K => params[:K], :N => params[:N], :O => params[:O], :P => params[:P], :Q => params[:Q], :S => params[:S], :U => params[:U], :W => params[:W], :Y => params[:Y], :Z => params[:Z] ) @order.paid = true @order.paid_at = Time.now @order.payment_type_id = 2 @order.save @order.after_paid end render :inline => "OK" end def e_trans_effectue params[:order_id] =params[:Ref].split('-')[0] @order = current_annonce_account.orders.find(params[:order_id]) if !@order.paid and params[:E] == "00000" @etrans_history = EtransHistory.create( :order => @order, :M => params[:M], :R => params[:Ref], :T => params[:T], :A => params[:A], :B => params[:B], :C => params[:C], :D => params[:D], :E => params[:E], :F => params[:F], :G => params[:G], :H => params[:H], :I => params[:I], :J => params[:J], :K => params[:K], :N => params[:N], :O => params[:O], :P => params[:P], :Q => params[:Q], :S => params[:S], :U => params[:U], :W => params[:W], :Y => params[:Y], :Z => params[:Z] ) @order.paid = true @order.paid_at = Time.now @order.payment_type_id = 2 @order.save @order.after_paid end end def paid_force @order = current_annonce_account.orders.find(params[:id]) if !@order.paid @order.paid = true @order.paid_at = Time.now @order.payment_type_id = 1 @order.save @order.after_paid(true) end redirect_to public_my_account_path end def bill_print_od @order = current_annonce_account.orders.find(params[:id]) render :layout => false end def bill_print @order = current_annonce_account.orders.find(params[:id]) @temp_file = "#{Rails.root}/pdf/order_bills/#{@order.bill_number}_temp.pdf" @final_file = "#{Rails.root}/pdf/order_bills/#{@order.bill_number}.pdf" view = ActionView::Base.new(Rails.root.join('app/views')) view.class.include ApplicationHelper view.class.include Rails.application.routes.url_helpers pdf = view.render( :pdf => "#{@order.bill_number}", :template => "public/orders/bill_print.html.haml", :locals => {:@order => @order}) # then save to a file pdf = WickedPdf.new.pdf_from_string(pdf, :margin => { top: 0, # default 10 (mm) bottom: 0, left: 0, right: 0 }) save_path = @temp_file File.open(save_path, 'wb') do |file| file << pdf end require 'posix/spawn' ::POSIX::Spawn::Child.new 'pdftk', @temp_file, 'background', Rails.root.join('pdf_stamp', 'orders.pdf').to_s, 'output', @final_file #pdftk /Users/nico/Dev/sideplace_app.old/pdf/order_bills/SP20150700003.pdf background fond.pdf output sortie.pdf @data_to_send = File.open( @final_file).read send_data @data_to_send, :filename =>"facture.pdf" , :type => 'application/pdf',:disposition => (params[:inline] ? 'inline' : "attachment") end def bills @no_search = true end protected def check_paybox_integrity! render :inline => "Bad response" unless params[:sign].present? request_fullpath = request.fullpath request_params = request_fullpath[request_fullpath.index("?")+1..request_fullpath.index("&sign")-1] request_sign = request_fullpath[request_fullpath.index("&sign")+6..-1] digest = OpenSSL::Digest::SHA1.new public_key = OpenSSL::PKey::RSA.new(File.read(Rails.root.join('pubkey.pem'))) @verif = public_key.verify(digest, Base64.decode64(Rack::Utils.unescape(request_sign)), request_params) if !@verif render :inline => "Bad integrity test" end end end