diff --git a/eopayment/__init__.py b/eopayment/__init__.py index 95ec008..52c7061 100644 --- a/eopayment/__init__.py +++ b/eopayment/__init__.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- -from common import URL, HTML, FORM, RECEIVED, ACCEPTED, PAID, DENIED, CANCELED, CANCELLED, ERROR +from common import (URL, HTML, FORM, RECEIVED, ACCEPTED, PAID, DENIED, + CANCELED, CANCELLED, ERROR, ResponseError) __all__ = ['Payment', 'URL', 'HTML', 'FORM', 'SIPS', 'SYSTEMPAY', 'SPPLUS', 'TIPI', 'DUMMY', 'get_backend', 'RECEIVED', 'ACCEPTED', diff --git a/eopayment/common.py b/eopayment/common.py index e421878..0a5881f 100644 --- a/eopayment/common.py +++ b/eopayment/common.py @@ -27,6 +27,10 @@ ERROR = 99 ORDERID_TRANSACTION_SEPARATOR = '!' +class ResponseError(Exception): + pass + + class PaymentResponse(object): '''Holds a generic view on the result of payment transaction response. diff --git a/eopayment/dummy.py b/eopayment/dummy.py index 7c2db23..3c02f14 100644 --- a/eopayment/dummy.py +++ b/eopayment/dummy.py @@ -10,7 +10,7 @@ try: except ImportError: from urlparse import parse_qs -from common import PaymentCommon, URL, PaymentResponse, PAID, ERROR +from common import PaymentCommon, URL, PaymentResponse, PAID, ERROR, ResponseError __all__ = [ 'Payment' ] @@ -122,6 +122,8 @@ class Payment(PaymentCommon): def response(self, query_string, logger=LOGGER, **kwargs): form = parse_qs(query_string) + if not 'transaction_id' in form: + raise ResponseError() transaction_id = form.get('transaction_id',[''])[0] form[self.BANK_ID] = transaction_id diff --git a/eopayment/ogone.py b/eopayment/ogone.py index e6a65e4..0872a34 100644 --- a/eopayment/ogone.py +++ b/eopayment/ogone.py @@ -5,7 +5,8 @@ import urlparse from decimal import Decimal, ROUND_HALF_UP from common import (PaymentCommon, PaymentResponse, FORM, CANCELLED, PAID, - ERROR, Form, DENIED, ACCEPTED, ORDERID_TRANSACTION_SEPARATOR) + ERROR, Form, DENIED, ACCEPTED, ORDERID_TRANSACTION_SEPARATOR, + ResponseError) def N_(message): return message ENVIRONMENT_TEST = 'TEST' @@ -528,6 +529,8 @@ class Payment(PaymentCommon): def response(self, query_string, **kwargs): params = urlparse.parse_qs(query_string, True) params = dict((key.upper(), params[key][0]) for key in params) + if not set(params) >= set(['ORDERID', 'PAYID', 'STATUS', 'NCERROR']): + raise ResponseError() reference = params['ORDERID'] transaction_id = params['PAYID'] status = params['STATUS'] diff --git a/eopayment/paybox.py b/eopayment/paybox.py index a6973ae..2ebed40 100644 --- a/eopayment/paybox.py +++ b/eopayment/paybox.py @@ -17,7 +17,7 @@ import string import warnings from common import (PaymentCommon, PaymentResponse, FORM, PAID, ERROR, Form, - ORDERID_TRANSACTION_SEPARATOR) + ORDERID_TRANSACTION_SEPARATOR, ResponseError) __all__ = ['sign', 'Payment'] @@ -253,6 +253,8 @@ class Payment(PaymentCommon): def response(self, query_string, callback=False, **kwargs): d = urlparse.parse_qs(query_string, True, False) + if not set(d) >= set(['erreur', 'reference']): + raise ResponseError() signed = False if 'signature' in d: sig = d['signature'][0] diff --git a/eopayment/sips.py b/eopayment/sips.py index 301d414..ef5f1c6 100644 --- a/eopayment/sips.py +++ b/eopayment/sips.py @@ -9,7 +9,7 @@ import os.path import uuid import warnings -from common import PaymentCommon, HTML, PaymentResponse +from common import PaymentCommon, HTML, PaymentResponse, ResponseError from cb import CB_RESPONSE_CODES ''' @@ -159,6 +159,8 @@ class Payment(PaymentCommon): def response(self, query_string, **kwargs): form = urlparse.parse_qs(query_string) + if not DATA in form: + raise ResponseError() params = {'message': form[DATA][0]} result = self.execute('response', params) d = dict(zip(RESPONSE_PARAMS, result)) diff --git a/eopayment/sips2.py b/eopayment/sips2.py index f2f4620..1a99571 100644 --- a/eopayment/sips2.py +++ b/eopayment/sips2.py @@ -8,7 +8,8 @@ import hashlib from gettext import gettext as _ import warnings -from common import PaymentCommon, FORM, Form, PaymentResponse, PAID, ERROR, CANCELED +from common import (PaymentCommon, FORM, Form, PaymentResponse, PAID, ERROR, + CANCELED, ResponseError) __all__ = ['Payment'] @@ -190,10 +191,9 @@ class Payment(PaymentCommon): def response(self, query_string, **kwargs): form = urlparse.parse_qs(query_string) + if not set(form) >= set(['Data', 'Seal', 'InterfaceVersion']): + raise ResponseError() self.logger.debug('received query string %r', form) - assert 'Data' in form - assert 'Seal' in form - assert 'InterfaceVersion' in form data = self.decode_data(form['Data'][0]) seal = form['Seal'][0] self.logger.debug('parsed response %r seal %r', data, seal) diff --git a/eopayment/spplus.py b/eopayment/spplus.py index af3136a..d6e7b48 100644 --- a/eopayment/spplus.py +++ b/eopayment/spplus.py @@ -14,7 +14,7 @@ import warnings import Crypto.Cipher.DES from common import (PaymentCommon, URL, PaymentResponse, RECEIVED, ACCEPTED, - PAID, ERROR) + PAID, ERROR, ResponseError) def N_(message): return message @@ -176,6 +176,8 @@ class Payment(PaymentCommon): def response(self, query_string, logger=LOGGER, **kwargs): form = urlparse.parse_qs(query_string) + if not set(form) >= set([REFERENCE, ETAT, REFSFP]): + raise ResponseError() for key, value in form.iteritems(): form[key] = value[0] logger.debug('received query_string %s' % query_string) diff --git a/eopayment/systempayv2.py b/eopayment/systempayv2.py index 4442668..bb1412a 100644 --- a/eopayment/systempayv2.py +++ b/eopayment/systempayv2.py @@ -8,7 +8,8 @@ import urlparse import warnings from gettext import gettext as _ -from common import PaymentCommon, PaymentResponse, PAID, ERROR, FORM, Form +from common import (PaymentCommon, PaymentResponse, PAID, ERROR, FORM, Form, + ResponseError) from cb import CB_RESPONSE_CODES __all__ = ['Payment'] @@ -338,6 +339,8 @@ class Payment(PaymentCommon): def response(self, query_string, **kwargs): fields = urlparse.parse_qs(query_string, True) + if not set(fields) >= set([SIGNATURE, VADS_CTX_MODE, VADS_AUTH_RESULT]): + raise ResponseError() for key, value in fields.iteritems(): fields[key] = value[0] copy = fields.copy() diff --git a/eopayment/tipi.py b/eopayment/tipi.py index 0342965..13f6fd0 100644 --- a/eopayment/tipi.py +++ b/eopayment/tipi.py @@ -2,7 +2,7 @@ from decimal import Decimal, ROUND_DOWN from common import (PaymentCommon, PaymentResponse, URL, PAID, DENIED, - CANCELLED, ERROR) + CANCELLED, ERROR, ResponseError) from urllib import urlencode from urlparse import parse_qs from gettext import gettext as _ @@ -136,6 +136,8 @@ class Payment(PaymentCommon): def response(self, query_string, **kwargs): fields = parse_qs(query_string, True) + if not set(fields) >= set(['refdet', 'resultrans']): + raise ResponseError() for key, value in fields.iteritems(): fields[key] = value[0] refdet = fields.get('refdet') diff --git a/tests/test_ogone.py b/tests/test_ogone.py index ee210dd..5108223 100644 --- a/tests/test_ogone.py +++ b/tests/test_ogone.py @@ -3,6 +3,7 @@ import urllib import eopayment import eopayment.ogone as ogone +from eopayment import ResponseError PSPID = '2352566' @@ -52,3 +53,10 @@ class OgoneTests(TestCase): 'payid': '32100123', 'status': 9, 'ncerror': 0} response = ogone_backend.response(urllib.urlencode(data)) self.assertEqual(response.order_id, order_id) + + def test_bad_response(self): + ogone_backend = eopayment.Payment('ogone', BACKEND_PARAMS) + order_id = 'myorder' + data = {'payid': '32100123', 'status': 9, 'ncerror': 0} + with self.assertRaises(ResponseError): + response = ogone_backend.response(urllib.urlencode(data))