1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portlet.shopping.action;
16  
17  import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
18  import com.liferay.portal.kernel.log.Log;
19  import com.liferay.portal.kernel.log.LogFactoryUtil;
20  import com.liferay.portal.kernel.util.HttpUtil;
21  import com.liferay.portal.kernel.util.ParamUtil;
22  import com.liferay.portal.util.PortalUtil;
23  import com.liferay.portlet.shopping.NoSuchOrderException;
24  import com.liferay.portlet.shopping.model.ShoppingOrder;
25  import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
26  import com.liferay.portlet.shopping.util.ShoppingPreferences;
27  import com.liferay.portlet.shopping.util.ShoppingUtil;
28  
29  import java.io.InputStreamReader;
30  import java.io.PrintWriter;
31  
32  import java.net.URL;
33  import java.net.URLConnection;
34  
35  import java.util.Enumeration;
36  
37  import javax.servlet.http.HttpServletRequest;
38  import javax.servlet.http.HttpServletResponse;
39  
40  import org.apache.struts.action.Action;
41  import org.apache.struts.action.ActionForm;
42  import org.apache.struts.action.ActionForward;
43  import org.apache.struts.action.ActionMapping;
44  
45  /**
46   * <a href="PayPalNotificationAction.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Brian Wing Shun Chan
49   */
50  public class PayPalNotificationAction extends Action {
51  
52      public ActionForward execute(
53              ActionMapping mapping, ActionForm form, HttpServletRequest request,
54              HttpServletResponse response)
55          throws Exception {
56  
57          String invoice = null;
58  
59          try {
60              if (_log.isDebugEnabled()) {
61                  _log.debug("Receiving notification from PayPal");
62              }
63  
64              String query = "cmd=_notify-validate";
65  
66              Enumeration<String> enu = request.getParameterNames();
67  
68              while (enu.hasMoreElements()) {
69                  String name = enu.nextElement();
70  
71                  String value = request.getParameter(name);
72  
73                  query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
74              }
75  
76              if (_log.isDebugEnabled()) {
77                  _log.debug("Sending response to PayPal " + query);
78              }
79  
80              URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
81  
82              URLConnection urlc = url.openConnection();
83  
84              urlc.setDoOutput(true);
85              urlc.setRequestProperty(
86                  "Content-Type","application/x-www-form-urlencoded");
87  
88              PrintWriter pw = new PrintWriter(urlc.getOutputStream());
89  
90              pw.println(query);
91  
92              pw.close();
93  
94              UnsyncBufferedReader unsyncBufferedReader =
95                  new UnsyncBufferedReader(
96                      new InputStreamReader(urlc.getInputStream()));
97  
98              String payPalStatus = unsyncBufferedReader.readLine();
99  
100             unsyncBufferedReader.close();
101 
102             String itemName = ParamUtil.getString(request, "item_name");
103             String itemNumber = ParamUtil.getString(request, "item_number");
104             invoice = ParamUtil.getString(request, "invoice");
105             String txnId = ParamUtil.getString(request, "txn_id");
106             String paymentStatus = ParamUtil.getString(
107                 request, "payment_status");
108             double paymentGross = ParamUtil.getDouble(request, "mc_gross");
109             String receiverEmail = ParamUtil.getString(
110                 request, "receiver_email");
111             String payerEmail = ParamUtil.getString(request, "payer_email");
112 
113             if (_log.isDebugEnabled()) {
114                 _log.debug("Receiving response from PayPal");
115                 _log.debug("Item name " + itemName);
116                 _log.debug("Item number " + itemNumber);
117                 _log.debug("Invoice " + invoice);
118                 _log.debug("Transaction ID " + txnId);
119                 _log.debug("Payment status " + paymentStatus);
120                 _log.debug("Payment gross " + paymentGross);
121                 _log.debug("Receiver email " + receiverEmail);
122                 _log.debug("Payer email " + payerEmail);
123             }
124 
125             if (payPalStatus.equals("VERIFIED") && validate(request)) {
126                 ShoppingOrderLocalServiceUtil.completeOrder(
127                     invoice, txnId, paymentStatus, paymentGross, receiverEmail,
128                     payerEmail, true);
129             }
130             else if (payPalStatus.equals("INVALID")) {
131             }
132 
133             return null;
134         }
135         catch (Exception e) {
136             PortalUtil.sendError(e, request, response);
137 
138             return null;
139         }
140     }
141 
142     protected boolean validate(HttpServletRequest request) throws Exception {
143 
144         // Invoice
145 
146         String ppInvoice = ParamUtil.getString(request, "invoice");
147 
148         ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
149             ppInvoice);
150 
151         ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
152             order.getCompanyId(), order.getGroupId());
153 
154         // Receiver email address
155 
156         String ppReceiverEmail = ParamUtil.getString(
157             request, "receiver_email");
158 
159         String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
160 
161         if (!payPalEmailAddress.equals(ppReceiverEmail)) {
162             return false;
163         }
164 
165         // Payment gross
166 
167         double ppGross = ParamUtil.getDouble(request, "mc_gross");
168 
169         double orderTotal = ShoppingUtil.calculateTotal(order);
170 
171         if (orderTotal != ppGross) {
172             return false;
173         }
174 
175         // Payment currency
176 
177         String ppCurrency = ParamUtil.getString(request, "mc_currency");
178 
179         String currencyId = shoppingPrefs.getCurrencyId();
180 
181         if (!currencyId.equals(ppCurrency)) {
182             return false;
183         }
184 
185         // Transaction ID
186 
187         String ppTxnId = ParamUtil.getString(request, "txn_id");
188 
189         try {
190             ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
191 
192             return false;
193         }
194         catch (NoSuchOrderException nsoe) {
195         }
196 
197         return true;
198     }
199 
200     private static Log _log = LogFactoryUtil.getLog(
201         PayPalNotificationAction.class);
202 
203 }