1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portlet.shopping.action;
21  
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.util.HttpUtil;
25  import com.liferay.portal.kernel.util.ParamUtil;
26  import com.liferay.portal.util.PortalUtil;
27  import com.liferay.portlet.shopping.NoSuchOrderException;
28  import com.liferay.portlet.shopping.model.ShoppingOrder;
29  import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
30  import com.liferay.portlet.shopping.util.ShoppingPreferences;
31  import com.liferay.portlet.shopping.util.ShoppingUtil;
32  
33  import java.io.BufferedReader;
34  import java.io.InputStreamReader;
35  import java.io.PrintWriter;
36  
37  import java.net.URL;
38  import java.net.URLConnection;
39  
40  import java.util.Enumeration;
41  
42  import javax.servlet.http.HttpServletRequest;
43  import javax.servlet.http.HttpServletResponse;
44  
45  import org.apache.struts.action.Action;
46  import org.apache.struts.action.ActionForm;
47  import org.apache.struts.action.ActionForward;
48  import org.apache.struts.action.ActionMapping;
49  
50  /**
51   * <a href="PayPalNotificationAction.java.html"><b><i>View Source</i></b></a>
52   *
53   * @author Brian Wing Shun Chan
54   *
55   */
56  public class PayPalNotificationAction extends Action {
57  
58      public ActionForward execute(
59              ActionMapping mapping, ActionForm form, HttpServletRequest request,
60              HttpServletResponse response)
61          throws Exception {
62  
63          String invoice = null;
64  
65          try {
66              if (_log.isDebugEnabled()) {
67                  _log.debug("Receiving notification from PayPal");
68              }
69  
70              String query = "cmd=_notify-validate";
71  
72              Enumeration<String> enu = request.getParameterNames();
73  
74              while (enu.hasMoreElements()) {
75                  String name = enu.nextElement();
76  
77                  String value = request.getParameter(name);
78  
79                  query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
80              }
81  
82              if (_log.isDebugEnabled()) {
83                  _log.debug("Sending response to PayPal " + query);
84              }
85  
86              URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
87  
88              URLConnection urlc = url.openConnection();
89  
90              urlc.setDoOutput(true);
91              urlc.setRequestProperty(
92                  "Content-Type","application/x-www-form-urlencoded");
93  
94              PrintWriter pw = new PrintWriter(urlc.getOutputStream());
95  
96              pw.println(query);
97  
98              pw.close();
99  
100             BufferedReader br = new BufferedReader(
101                 new InputStreamReader(urlc.getInputStream()));
102 
103             String payPalStatus = br.readLine();
104 
105             br.close();
106 
107             String itemName = ParamUtil.getString(request, "item_name");
108             String itemNumber = ParamUtil.getString(request, "item_number");
109             invoice = ParamUtil.getString(request, "invoice");
110             String txnId = ParamUtil.getString(request, "txn_id");
111             String paymentStatus = ParamUtil.getString(
112                 request, "payment_status");
113             double paymentGross = ParamUtil.getDouble(request, "mc_gross");
114             String receiverEmail = ParamUtil.getString(
115                 request, "receiver_email");
116             String payerEmail = ParamUtil.getString(request, "payer_email");
117 
118             if (_log.isDebugEnabled()) {
119                 _log.debug("Receiving response from PayPal");
120                 _log.debug("Item name " + itemName);
121                 _log.debug("Item number " + itemNumber);
122                 _log.debug("Invoice " + invoice);
123                 _log.debug("Transaction ID " + txnId);
124                 _log.debug("Payment status " + paymentStatus);
125                 _log.debug("Payment gross " + paymentGross);
126                 _log.debug("Receiver email " + receiverEmail);
127                 _log.debug("Payer email " + payerEmail);
128             }
129 
130             if (payPalStatus.equals("VERIFIED") && validate(request)) {
131                 ShoppingOrderLocalServiceUtil.completeOrder(
132                     invoice, txnId, paymentStatus, paymentGross, receiverEmail,
133                     payerEmail, true);
134             }
135             else if (payPalStatus.equals("INVALID")) {
136             }
137 
138             return null;
139         }
140         catch (Exception e) {
141             PortalUtil.sendError(e, request, response);
142 
143             return null;
144         }
145     }
146 
147     protected boolean validate(HttpServletRequest request) throws Exception {
148 
149         // Invoice
150 
151         String ppInvoice = ParamUtil.getString(request, "invoice");
152 
153         ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
154             ppInvoice);
155 
156         ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
157             order.getCompanyId(), order.getGroupId());
158 
159         // Receiver email address
160 
161         String ppReceiverEmail = ParamUtil.getString(
162             request, "receiver_email");
163 
164         String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
165 
166         if (!payPalEmailAddress.equals(ppReceiverEmail)) {
167             return false;
168         }
169 
170         // Payment gross
171 
172         double ppGross = ParamUtil.getDouble(request, "mc_gross");
173 
174         double orderTotal = ShoppingUtil.calculateTotal(order);
175 
176         if (orderTotal != ppGross) {
177             return false;
178         }
179 
180         // Payment currency
181 
182         String ppCurrency = ParamUtil.getString(request, "mc_currency");
183 
184         String currencyId = shoppingPrefs.getCurrencyId();
185 
186         if (!currencyId.equals(ppCurrency)) {
187             return false;
188         }
189 
190         // Transaction ID
191 
192         String ppTxnId = ParamUtil.getString(request, "txn_id");
193 
194         try {
195             ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
196 
197             return false;
198         }
199         catch (NoSuchOrderException nsoe) {
200         }
201 
202         return true;
203     }
204 
205     private static Log _log =
206         LogFactoryUtil.getLog(PayPalNotificationAction.class);
207 
208 }