From 5dbd625fe366a98662678c627ecddc983ca963f1 Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Thu, 17 Dec 2015 09:53:22 +0100
Subject: [PATCH] handle callback calls with POST method (#9360)

---
 lingo/views.py        | 14 ++++++++++++--
 tests/test_payment.py | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/lingo/views.py b/lingo/views.py
index 67282f6..0684ac0 100644
--- a/lingo/views.py
+++ b/lingo/views.py
@@ -170,10 +170,10 @@ class PayView(View):
 
 
 class CallbackView(View):
-    def get(self, request, *args, **kwargs):
+    def handle_callback(self, request, backend_response, **kwargs):
         regie = Regie.objects.get(id=kwargs.get('regie_pk'))
         payment = eopayment.Payment(regie.service, regie.service_options)
-        payment_response = payment.response(request.environ['QUERY_STRING'])
+        payment_response = payment.response(backend_response)
         if not payment_response.result == eopayment.CANCELLED:
             # cancellation are not signed...
             assert payment_response.signed is True
@@ -204,6 +204,16 @@ class CallbackView(View):
 
         return HttpResponse()
 
+    def get(self, request, *args, **kwargs):
+        return self.handle_callback(request, request.environ['QUERY_STRING'], **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        return self.handle_callback(request, request.body, **kwargs)
+
+    @csrf_exempt
+    def dispatch(self, *args, **kwargs):
+        return super(CallbackView, self).dispatch(*args, **kwargs)
+
 
 class ReturnView(View):
 
diff --git a/tests/test_payment.py b/tests/test_payment.py
index df91a39..e5d531c 100644
--- a/tests/test_payment.py
+++ b/tests/test_payment.py
@@ -1,6 +1,7 @@
 import pytest
 from datetime import datetime, timedelta
 import urlparse
+import urllib
 from decimal import Decimal
 import json
 
@@ -106,3 +107,40 @@ def test_add_amount_to_basket(regie, user):
     assert resp.status_code == 200
     assert json.loads(resp.content) == {'result': 'success'}
     assert BasketItem.objects.filter(amount=Decimal('76.22')).exists()
+
+
+def test_payment_callback(regie, user):
+    item = BasketItem.objects.create(user=user, regie=regie,
+                        subject='test_item', amount='10.5',
+                        source_url='/testitem')
+    login()
+    resp = client.post(reverse('lingo-pay'), {'item': [item.pk],
+                        'regie': regie.pk})
+    assert resp.status_code == 302
+    location = resp.get('location')
+    parsed = urlparse.urlparse(location)
+    qs = urlparse.parse_qs(parsed.query)
+    transaction_id = qs['transaction_id'][0]
+    data = {'transaction_id': transaction_id, 'signed': True,
+            'amount': qs['amount'][0], 'ok': True}
+
+    # call callback with GET
+    get_resp = client.get(qs['return_url'][0], data)
+    assert get_resp.status_code == 200
+    assert Transaction.objects.get(order_id=transaction_id).status == 3
+
+    resp = client.post(reverse('lingo-pay'), {'item': [item.pk],
+                        'regie': regie.pk})
+    assert resp.status_code == 302
+    location = resp.get('location')
+    parsed = urlparse.urlparse(location)
+    qs = urlparse.parse_qs(parsed.query)
+    transaction_id = qs['transaction_id'][0]
+    data = {'transaction_id': transaction_id, 'signed': True,
+            'amount': qs['amount'][0], 'ok': True}
+
+    # call callback with POST
+    post_resp = client.post(qs['return_url'][0], urllib.urlencode(data),
+                    content_type='text/html')
+    assert post_resp.status_code == 200
+    assert Transaction.objects.get(order_id=transaction_id).status == 3