# -*- coding: utf-8 -*- # eopayment - online payment library # Copyright (C) 2011-2020 Entr'ouvert # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . import codecs from unittest import TestCase from decimal import Decimal import base64 import mock import six from six.moves.urllib import parse as urllib from xml.etree import ElementTree as ET import eopayment.paybox as paybox import eopayment BACKEND_PARAMS = { 'platform': u'test', 'site': u'12345678', 'rang': u'001', 'identifiant': u'12345678', 'shared_secret': ( u'0123456789ABCDEF0123456789ABCDEF01234' u'56789ABCDEF0123456789ABCDEF0123456789' u'ABCDEF0123456789ABCDEF0123456789ABCDE' u'F0123456789ABCDEF' ), 'automatic_return_url': u'http://example.com/callback', } class PayboxTests(TestCase): if six.PY2: def assertRaisesRegex(self, *args, **kwargs): return self.assertRaisesRegexp(*args, **kwargs) def test_sign(self): key = (b'0123456789ABCDEF0123456789ABCDEF0123456789' b'ABCDEF0123456789ABCDEF0123456789ABCDEF0123' b'456789ABCDEF0123456789ABCDEF0123456789ABCD' b'EF') key = codecs.decode(key, 'hex') d = dict(paybox.sign([ ['PBX_SITE', u'12345678'], ['PBX_RANG', u'32'], ['PBX_IDENTIFIANT', u'12345678'], ['PBX_TOTAL', u'999'], ['PBX_DEVISE', u'978'], ['PBX_CMD', u'appel à Paybox'], ['PBX_PORTEUR', u'test@paybox.com'], ['PBX_RETOUR', u'Mt:M;Ref:R;Auto:A;Erreur:E'], ['PBX_HASH', u'SHA512'], ['PBX_TIME', u'2015-06-08T16:21:16+02:00'], ], key)) result = ( '7E74D8E9A0DBB65AAE51C5C50C2668FD98FC99AED' 'F18244BB1935F602B6C2E953B61FD84364F34FDB8' '8B049901C0A07F6040AF446BBF5589113F48A733D' '551D4' ) self.assertIn('PBX_HMAC', d) self.assertEqual(d['PBX_HMAC'], result) def test_request(self): backend = eopayment.Payment('paybox', BACKEND_PARAMS) time = '2015-07-15T18:26:32+02:00' email = 'bdauvergne@entrouvert.com' order_id = '20160216' transaction = '1234' amount = '19.99' transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time, manual_validation=False) self.assertEqual(kind, eopayment.FORM) self.assertEqual(transaction_id, '%s!%s' % (transaction, order_id)) root = ET.fromstring(str(what)) self.assertEqual(root.tag, 'form') self.assertEqual(root.attrib['method'], 'POST') self.assertEqual(root.attrib['action'], paybox.URLS['test']) expected_form_values = { 'PBX_RANG': '001', 'PBX_SITE': '12345678', 'PBX_IDENTIFIANT': '12345678', 'PBX_RETOUR': ( 'montant:M;reference:R;code_autorisation:A;' 'erreur:E;numero_appel:T;numero_transaction:S;' 'date_transaction:W;heure_transaction:Q;signature:K' ), 'PBX_TIME': time, 'PBX_PORTEUR': email, 'PBX_CMD': '%s!%s' % (transaction, order_id), 'PBX_TOTAL': amount.replace('.', ''), 'PBX_DEVISE': '978', 'PBX_HASH': 'SHA512', 'PBX_HMAC': ( 'A9F561A6EA79390F1741A6B72872470BC1A1688E4581' 'F097EC80B99D2038413AB350F2F5429FFA4F8D426D99' 'B72E038164642F6F9BA10D46837EE486EEB944A2' ), 'PBX_ARCHIVAGE': '20160216', 'PBX_REPONDRE_A': 'http://example.com/callback', 'PBX_AUTOSEULE': 'N' } form_params = {} for node in root: self.assertIn(node.attrib['type'], ('hidden', 'submit')) if node.attrib['type'] == 'submit': self.assertEqual(set(node.attrib.keys()), set(['type', 'value'])) if node.attrib['type'] == 'hidden': self.assertEqual(set(node.attrib.keys()), set(['type', 'name', 'value'])) name = node.attrib['name'] form_params[name] = node.attrib['value'] assert form_params == expected_form_values def test_request_with_capture_day(self): params = BACKEND_PARAMS.copy() time = '2018-08-21T10:26:32+02:00' email = 'user@entrouvert.com' order_id = '20180821' transaction = '1234' amount = '42.99' for capture_day in ('7', '07'): params['capture_day'] = capture_day backend = eopayment.Payment('paybox', params) transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time) root = ET.fromstring(str(what)) form_params = dict( ((node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertIn('PBX_DIFF', form_params) self.assertEqual(form_params['PBX_DIFF'], '07') # capture_day can be used as a request argument params = BACKEND_PARAMS.copy() backend = eopayment.Payment('paybox', params) transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time, capture_day='2') root = ET.fromstring(str(what)) form_params = dict((( node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertIn('PBX_DIFF', form_params) self.assertEqual(form_params['PBX_DIFF'], '02') # capture_day passed as a request argument # overrides capture_day from backend params params = BACKEND_PARAMS.copy() params['capture_day'] = '7' backend = eopayment.Payment('paybox', params) transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time, capture_day='2') root = ET.fromstring(str(what)) form_params = dict((( node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertIn('PBX_DIFF', form_params) self.assertEqual(form_params['PBX_DIFF'], '02') def test_request_with_authorization_only(self): params = BACKEND_PARAMS.copy() time = '2018-08-21T10:26:32+02:00' email = 'user@entrouvert.com' order_id = '20180821' transaction = '1234' amount = '42.99' params['capture_mode'] = 'AUTHOR_CAPTURE' backend = eopayment.Payment('paybox', params) transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time) root = ET.fromstring(str(what)) form_params = dict( ((node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertEqual(form_params['PBX_AUTOSEULE'], 'O') def test_response(self): backend = eopayment.Payment('paybox', BACKEND_PARAMS) order_id = '20160216' transaction = '1234' reference = '%s!%s' % (transaction, order_id) data = { 'montant': '4242', 'reference': reference, 'code_autorisation': 'A', 'erreur': '00000', 'date_transaction': '20200101', 'heure_transaction': '01:01:01'} response = backend.response(urllib.urlencode(data)) self.assertEqual(response.order_id, reference) assert not response.signed assert response.transaction_date.isoformat() == '2020-01-01T01:01:01+01:00' with self.assertRaisesRegex(eopayment.ResponseError, 'missing erreur or reference'): backend.response('foo=bar') def test_perform_operations(self): operations = {'validate': '00002', 'cancel': '00055'} for operation_name, operation_code in operations.items(): params = BACKEND_PARAMS.copy() params['cle'] = 'cancelling_key' backend = eopayment.Payment('paybox', params) bank_data = { 'numero_transaction': ['13957441'], 'numero_appel': ['30310733'], 'reference': ['830657461681'], } backend_raw_response = ( u'NUMTRANS=0013989865&NUMAPPEL=0030378572&NUMQUESTION=0013989862' u'&SITE=1999888&RANG=32&AUTORISATION=XXXXXX&CODEREPONSE=00000' u'&COMMENTAIRE=Demande traitée avec succès&REFABONNE=&PORTEUR=' ) backend_expected_response = {"CODEREPONSE": "00000", "RANG": "32", "AUTORISATION": "XXXXXX", "NUMTRANS": "0013989865", "PORTEUR": "", "COMMENTAIRE": u"Demande traitée avec succès", "SITE": "1999888", "NUMAPPEL": "0030378572", "REFABONNE": "", "NUMQUESTION": "0013989862"} with mock.patch('eopayment.paybox.requests.post') as requests_post: response = mock.Mock(status_code=200, text=backend_raw_response) requests_post.return_value = response backend_response = getattr(backend, operation_name)(Decimal('10'), bank_data) self.assertEqual(requests_post.call_args[0][0], 'https://preprod-ppps.paybox.com/PPPS.php') params_sent = requests_post.call_args[0][1] # make sure the date parameter is present assert 'DATEQ' in params_sent # don't care about its value params_sent.pop('DATEQ') expected_params = { 'CLE': 'cancelling_key', 'VERSION': '00103', 'TYPE': operation_code, 'MONTANT': '1000', 'NUMAPPEL': '30310733', 'NUMTRANS': '13957441', 'NUMQUESTION': '0013957441', 'REFERENCE': '830657461681', 'RANG': backend.backend.rang, 'SITE': backend.backend.site, 'DEVISE': backend.backend.devise } self.assertEqual(params_sent, expected_params) self.assertEqual(backend_response, backend_expected_response) params['platform'] = 'prod' backend = eopayment.Payment('paybox', params) with mock.patch('eopayment.paybox.requests.post') as requests_post: response = mock.Mock(status_code=200, text=backend_raw_response) requests_post.return_value = response getattr(backend, operation_name)(Decimal('10'), bank_data) self.assertEqual(requests_post.call_args[0][0], 'https://ppps.paybox.com/PPPS.php') with mock.patch('eopayment.paybox.requests.post') as requests_post: error_response = u"""CODEREPONSE=00015&COMMENTAIRE=PAYBOX : Transaction non trouvée""" response = mock.Mock(status_code=200, text=error_response) requests_post.return_value = response self.assertRaisesRegex( eopayment.ResponseError, 'Transaction non trouvée', getattr(backend, operation_name), Decimal('10'), bank_data) def test_validate_payment(self): params = BACKEND_PARAMS.copy() params['cle'] = 'cancelling_key' backend = eopayment.Payment('paybox', params) bank_data = { 'numero_transaction': ['13957441'], 'numero_appel': ['30310733'], 'reference': ['830657461681'] } backend_raw_response = ( u'NUMTRANS=0013989865&NUMAPPEL=0030378572&NUMQUESTION=0013989862' u'&SITE=1999888&RANG=32&AUTORISATION=XXXXXX&CODEREPONSE=00000' u'&COMMENTAIRE=Demande traitée avec succès&REFABONNE=&PORTEUR=' ) with mock.patch('eopayment.paybox.requests.post') as requests_post: response = mock.Mock(status_code=200, text=backend_raw_response) requests_post.return_value = response backend.validate(Decimal(12), bank_data) def test_rsa_signature_validation(self): pkey = '''-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUgYufHuheMztK1LhQSG6xsOzb UX4D2A/QcMvkEcRVXFx5tQqcE9/JnMqE41TF/ebn7jC/MBxxtPFkUN7+EZoeMN7x OWzAMDm/xsCWRvvel4GGixgm3aQRUPyTrlm4Ksy32Ya0rNnEDMAvB3dxOn7cp8GR ZdzrudBlevZXpr6iYwIDAQAB -----END PUBLIC KEY-----''' data = 'coin\n' sig64 = '''VCt3sgT0ecacmDEWWNVXJ+jGmIPBMApK42tBJV0FlDjpllOGPy8MsAmLW4/QjTtx z0Dkz0NjxvU+5WzQZh9Uuxr/egRCwV4NMRWqu0zaVVioeBvl4/5CWm4f4/1L9+0m FBFKOZhgBJnkC+l6+XhT4aYWKaQ4ocmOMV92yjeXTE4=''' self.assertTrue(paybox.verify(data, base64.b64decode(sig64), key=pkey)) def test_request_manual_validation(self): params = BACKEND_PARAMS.copy() time = '2018-08-21T10:26:32+02:00' email = 'user@entrouvert.com' order_id = '20180821' transaction = '1234' amount = '42.99' backend = eopayment.Payment('paybox', params) transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time) root = ET.fromstring(str(what)) form_params = dict(( (node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertIn('PBX_AUTOSEULE', form_params) self.assertEqual(form_params['PBX_AUTOSEULE'], 'N') transaction_id, kind, what = backend.request( Decimal(amount), email=email, orderid=order_id, transaction_id=transaction, time=time, manual_validation=True) root = ET.fromstring(str(what)) form_params = dict(( (node.attrib['name'], node.attrib['value']) for node in root if node.attrib['type'] == 'hidden')) self.assertIn('PBX_AUTOSEULE', form_params) self.assertEqual(form_params['PBX_AUTOSEULE'], 'O')