001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.shopping.action;
016    
017    import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
018    import com.liferay.portal.kernel.io.unsync.UnsyncPrintWriter;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.HttpUtil;
022    import com.liferay.portal.kernel.util.ParamUtil;
023    import com.liferay.portal.util.PortalUtil;
024    import com.liferay.portlet.shopping.NoSuchOrderException;
025    import com.liferay.portlet.shopping.model.ShoppingOrder;
026    import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
027    import com.liferay.portlet.shopping.util.ShoppingPreferences;
028    import com.liferay.portlet.shopping.util.ShoppingUtil;
029    
030    import java.io.InputStreamReader;
031    import java.io.PrintWriter;
032    
033    import java.net.URL;
034    import java.net.URLConnection;
035    
036    import java.util.Enumeration;
037    
038    import javax.servlet.http.HttpServletRequest;
039    import javax.servlet.http.HttpServletResponse;
040    
041    import org.apache.struts.action.Action;
042    import org.apache.struts.action.ActionForm;
043    import org.apache.struts.action.ActionForward;
044    import org.apache.struts.action.ActionMapping;
045    
046    /**
047     * @author Brian Wing Shun Chan
048     */
049    public class PayPalNotificationAction extends Action {
050    
051            public ActionForward execute(
052                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
053                            HttpServletResponse response)
054                    throws Exception {
055    
056                    String invoice = null;
057    
058                    try {
059                            if (_log.isDebugEnabled()) {
060                                    _log.debug("Receiving notification from PayPal");
061                            }
062    
063                            String query = "cmd=_notify-validate";
064    
065                            Enumeration<String> enu = request.getParameterNames();
066    
067                            while (enu.hasMoreElements()) {
068                                    String name = enu.nextElement();
069    
070                                    String value = request.getParameter(name);
071    
072                                    query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
073                            }
074    
075                            if (_log.isDebugEnabled()) {
076                                    _log.debug("Sending response to PayPal " + query);
077                            }
078    
079                            URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
080    
081                            URLConnection urlc = url.openConnection();
082    
083                            urlc.setDoOutput(true);
084                            urlc.setRequestProperty(
085                                    "Content-Type","application/x-www-form-urlencoded");
086    
087                            PrintWriter pw = new UnsyncPrintWriter(urlc.getOutputStream());
088    
089                            pw.println(query);
090    
091                            pw.close();
092    
093                            UnsyncBufferedReader unsyncBufferedReader =
094                                    new UnsyncBufferedReader(
095                                            new InputStreamReader(urlc.getInputStream()));
096    
097                            String payPalStatus = unsyncBufferedReader.readLine();
098    
099                            unsyncBufferedReader.close();
100    
101                            String itemName = ParamUtil.getString(request, "item_name");
102                            String itemNumber = ParamUtil.getString(request, "item_number");
103                            invoice = ParamUtil.getString(request, "invoice");
104                            String txnId = ParamUtil.getString(request, "txn_id");
105                            String paymentStatus = ParamUtil.getString(
106                                    request, "payment_status");
107                            double paymentGross = ParamUtil.getDouble(request, "mc_gross");
108                            String receiverEmail = ParamUtil.getString(
109                                    request, "receiver_email");
110                            String payerEmail = ParamUtil.getString(request, "payer_email");
111    
112                            if (_log.isDebugEnabled()) {
113                                    _log.debug("Receiving response from PayPal");
114                                    _log.debug("Item name " + itemName);
115                                    _log.debug("Item number " + itemNumber);
116                                    _log.debug("Invoice " + invoice);
117                                    _log.debug("Transaction ID " + txnId);
118                                    _log.debug("Payment status " + paymentStatus);
119                                    _log.debug("Payment gross " + paymentGross);
120                                    _log.debug("Receiver email " + receiverEmail);
121                                    _log.debug("Payer email " + payerEmail);
122                            }
123    
124                            if (payPalStatus.equals("VERIFIED") && validate(request)) {
125                                    ShoppingOrderLocalServiceUtil.completeOrder(
126                                            invoice, txnId, paymentStatus, paymentGross, receiverEmail,
127                                            payerEmail, true);
128                            }
129                            else if (payPalStatus.equals("INVALID")) {
130                            }
131    
132                            return null;
133                    }
134                    catch (Exception e) {
135                            PortalUtil.sendError(e, request, response);
136    
137                            return null;
138                    }
139            }
140    
141            protected boolean validate(HttpServletRequest request) throws Exception {
142    
143                    // Invoice
144    
145                    String ppInvoice = ParamUtil.getString(request, "invoice");
146    
147                    ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
148                            ppInvoice);
149    
150                    ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
151                            order.getCompanyId(), order.getGroupId());
152    
153                    // Receiver email address
154    
155                    String ppReceiverEmail = ParamUtil.getString(
156                            request, "receiver_email");
157    
158                    String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
159    
160                    if (!payPalEmailAddress.equals(ppReceiverEmail)) {
161                            return false;
162                    }
163    
164                    // Payment gross
165    
166                    double ppGross = ParamUtil.getDouble(request, "mc_gross");
167    
168                    double orderTotal = ShoppingUtil.calculateTotal(order);
169    
170                    if (orderTotal != ppGross) {
171                            return false;
172                    }
173    
174                    // Payment currency
175    
176                    String ppCurrency = ParamUtil.getString(request, "mc_currency");
177    
178                    String currencyId = shoppingPrefs.getCurrencyId();
179    
180                    if (!currencyId.equals(ppCurrency)) {
181                            return false;
182                    }
183    
184                    // Transaction ID
185    
186                    String ppTxnId = ParamUtil.getString(request, "txn_id");
187    
188                    try {
189                            ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
190    
191                            return false;
192                    }
193                    catch (NoSuchOrderException nsoe) {
194                    }
195    
196                    return true;
197            }
198    
199            private static Log _log = LogFactoryUtil.getLog(
200                    PayPalNotificationAction.class);
201    
202    }