1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portlet.shopping.action;
16  
17  import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
18  import com.liferay.portal.kernel.io.unsync.UnsyncPrintWriter;
19  import com.liferay.portal.kernel.log.Log;
20  import com.liferay.portal.kernel.log.LogFactoryUtil;
21  import com.liferay.portal.kernel.util.HttpUtil;
22  import com.liferay.portal.kernel.util.ParamUtil;
23  import com.liferay.portal.util.PortalUtil;
24  import com.liferay.portlet.shopping.NoSuchOrderException;
25  import com.liferay.portlet.shopping.model.ShoppingOrder;
26  import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
27  import com.liferay.portlet.shopping.util.ShoppingPreferences;
28  import com.liferay.portlet.shopping.util.ShoppingUtil;
29  
30  import java.io.InputStreamReader;
31  import java.io.PrintWriter;
32  
33  import java.net.URL;
34  import java.net.URLConnection;
35  
36  import java.util.Enumeration;
37  
38  import javax.servlet.http.HttpServletRequest;
39  import javax.servlet.http.HttpServletResponse;
40  
41  import org.apache.struts.action.Action;
42  import org.apache.struts.action.ActionForm;
43  import org.apache.struts.action.ActionForward;
44  import org.apache.struts.action.ActionMapping;
45  
46  /**
47   * <a href="PayPalNotificationAction.java.html"><b><i>View Source</i></b></a>
48   *
49   * @author Brian Wing Shun Chan
50   */
51  public class PayPalNotificationAction extends Action {
52  
53      public ActionForward execute(
54              ActionMapping mapping, ActionForm form, HttpServletRequest request,
55              HttpServletResponse response)
56          throws Exception {
57  
58          String invoice = null;
59  
60          try {
61              if (_log.isDebugEnabled()) {
62                  _log.debug("Receiving notification from PayPal");
63              }
64  
65              String query = "cmd=_notify-validate";
66  
67              Enumeration<String> enu = request.getParameterNames();
68  
69              while (enu.hasMoreElements()) {
70                  String name = enu.nextElement();
71  
72                  String value = request.getParameter(name);
73  
74                  query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
75              }
76  
77              if (_log.isDebugEnabled()) {
78                  _log.debug("Sending response to PayPal " + query);
79              }
80  
81              URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
82  
83              URLConnection urlc = url.openConnection();
84  
85              urlc.setDoOutput(true);
86              urlc.setRequestProperty(
87                  "Content-Type","application/x-www-form-urlencoded");
88  
89              PrintWriter pw = new UnsyncPrintWriter(urlc.getOutputStream());
90  
91              pw.println(query);
92  
93              pw.close();
94  
95              UnsyncBufferedReader unsyncBufferedReader =
96                  new UnsyncBufferedReader(
97                      new InputStreamReader(urlc.getInputStream()));
98  
99              String payPalStatus = unsyncBufferedReader.readLine();
100 
101             unsyncBufferedReader.close();
102 
103             String itemName = ParamUtil.getString(request, "item_name");
104             String itemNumber = ParamUtil.getString(request, "item_number");
105             invoice = ParamUtil.getString(request, "invoice");
106             String txnId = ParamUtil.getString(request, "txn_id");
107             String paymentStatus = ParamUtil.getString(
108                 request, "payment_status");
109             double paymentGross = ParamUtil.getDouble(request, "mc_gross");
110             String receiverEmail = ParamUtil.getString(
111                 request, "receiver_email");
112             String payerEmail = ParamUtil.getString(request, "payer_email");
113 
114             if (_log.isDebugEnabled()) {
115                 _log.debug("Receiving response from PayPal");
116                 _log.debug("Item name " + itemName);
117                 _log.debug("Item number " + itemNumber);
118                 _log.debug("Invoice " + invoice);
119                 _log.debug("Transaction ID " + txnId);
120                 _log.debug("Payment status " + paymentStatus);
121                 _log.debug("Payment gross " + paymentGross);
122                 _log.debug("Receiver email " + receiverEmail);
123                 _log.debug("Payer email " + payerEmail);
124             }
125 
126             if (payPalStatus.equals("VERIFIED") && validate(request)) {
127                 ShoppingOrderLocalServiceUtil.completeOrder(
128                     invoice, txnId, paymentStatus, paymentGross, receiverEmail,
129                     payerEmail, true);
130             }
131             else if (payPalStatus.equals("INVALID")) {
132             }
133 
134             return null;
135         }
136         catch (Exception e) {
137             PortalUtil.sendError(e, request, response);
138 
139             return null;
140         }
141     }
142 
143     protected boolean validate(HttpServletRequest request) throws Exception {
144 
145         // Invoice
146 
147         String ppInvoice = ParamUtil.getString(request, "invoice");
148 
149         ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
150             ppInvoice);
151 
152         ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
153             order.getCompanyId(), order.getGroupId());
154 
155         // Receiver email address
156 
157         String ppReceiverEmail = ParamUtil.getString(
158             request, "receiver_email");
159 
160         String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
161 
162         if (!payPalEmailAddress.equals(ppReceiverEmail)) {
163             return false;
164         }
165 
166         // Payment gross
167 
168         double ppGross = ParamUtil.getDouble(request, "mc_gross");
169 
170         double orderTotal = ShoppingUtil.calculateTotal(order);
171 
172         if (orderTotal != ppGross) {
173             return false;
174         }
175 
176         // Payment currency
177 
178         String ppCurrency = ParamUtil.getString(request, "mc_currency");
179 
180         String currencyId = shoppingPrefs.getCurrencyId();
181 
182         if (!currencyId.equals(ppCurrency)) {
183             return false;
184         }
185 
186         // Transaction ID
187 
188         String ppTxnId = ParamUtil.getString(request, "txn_id");
189 
190         try {
191             ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
192 
193             return false;
194         }
195         catch (NoSuchOrderException nsoe) {
196         }
197 
198         return true;
199     }
200 
201     private static Log _log = LogFactoryUtil.getLog(
202         PayPalNotificationAction.class);
203 
204 }