001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.shopping.action;
016    
017    import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.HttpUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.UnsyncPrintWriterPool;
023    import com.liferay.portal.util.PortalUtil;
024    import com.liferay.portlet.shopping.NoSuchOrderException;
025    import com.liferay.portlet.shopping.model.ShoppingOrder;
026    import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
027    import com.liferay.portlet.shopping.util.ShoppingPreferences;
028    import com.liferay.portlet.shopping.util.ShoppingUtil;
029    
030    import java.io.InputStreamReader;
031    import java.io.PrintWriter;
032    
033    import java.net.URL;
034    import java.net.URLConnection;
035    
036    import java.util.Enumeration;
037    
038    import javax.servlet.http.HttpServletRequest;
039    import javax.servlet.http.HttpServletResponse;
040    
041    import org.apache.struts.action.Action;
042    import org.apache.struts.action.ActionForm;
043    import org.apache.struts.action.ActionForward;
044    import org.apache.struts.action.ActionMapping;
045    
046    /**
047     * @author Brian Wing Shun Chan
048     */
049    public class PayPalNotificationAction extends Action {
050    
051            @Override
052            public ActionForward execute(
053                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
054                            HttpServletResponse response)
055                    throws Exception {
056    
057                    String invoice = null;
058    
059                    try {
060                            if (_log.isDebugEnabled()) {
061                                    _log.debug("Receiving notification from PayPal");
062                            }
063    
064                            String query = "cmd=_notify-validate";
065    
066                            Enumeration<String> enu = request.getParameterNames();
067    
068                            while (enu.hasMoreElements()) {
069                                    String name = enu.nextElement();
070    
071                                    String value = request.getParameter(name);
072    
073                                    query = query + "&" + name + "=" + HttpUtil.encodeURL(value);
074                            }
075    
076                            if (_log.isDebugEnabled()) {
077                                    _log.debug("Sending response to PayPal " + query);
078                            }
079    
080                            URL url = new URL("https://www.paypal.com/cgi-bin/webscr");
081    
082                            URLConnection urlc = url.openConnection();
083    
084                            urlc.setDoOutput(true);
085                            urlc.setRequestProperty(
086                                    "Content-Type","application/x-www-form-urlencoded");
087    
088                            PrintWriter pw = UnsyncPrintWriterPool.borrow(
089                                    urlc.getOutputStream());
090    
091                            pw.println(query);
092    
093                            pw.close();
094    
095                            UnsyncBufferedReader unsyncBufferedReader =
096                                    new UnsyncBufferedReader(
097                                            new InputStreamReader(urlc.getInputStream()));
098    
099                            String payPalStatus = unsyncBufferedReader.readLine();
100    
101                            unsyncBufferedReader.close();
102    
103                            String itemName = ParamUtil.getString(request, "item_name");
104                            String itemNumber = ParamUtil.getString(request, "item_number");
105                            invoice = ParamUtil.getString(request, "invoice");
106                            String txnId = ParamUtil.getString(request, "txn_id");
107                            String paymentStatus = ParamUtil.getString(
108                                    request, "payment_status");
109                            double paymentGross = ParamUtil.getDouble(request, "mc_gross");
110                            String receiverEmail = ParamUtil.getString(
111                                    request, "receiver_email");
112                            String payerEmail = ParamUtil.getString(request, "payer_email");
113    
114                            if (_log.isDebugEnabled()) {
115                                    _log.debug("Receiving response from PayPal");
116                                    _log.debug("Item name " + itemName);
117                                    _log.debug("Item number " + itemNumber);
118                                    _log.debug("Invoice " + invoice);
119                                    _log.debug("Transaction ID " + txnId);
120                                    _log.debug("Payment status " + paymentStatus);
121                                    _log.debug("Payment gross " + paymentGross);
122                                    _log.debug("Receiver email " + receiverEmail);
123                                    _log.debug("Payer email " + payerEmail);
124                            }
125    
126                            if (payPalStatus.equals("VERIFIED") && validate(request)) {
127                                    ShoppingOrderLocalServiceUtil.completeOrder(
128                                            invoice, txnId, paymentStatus, paymentGross, receiverEmail,
129                                            payerEmail, true);
130                            }
131                            else if (payPalStatus.equals("INVALID")) {
132                            }
133    
134                            return null;
135                    }
136                    catch (Exception e) {
137                            PortalUtil.sendError(e, request, response);
138    
139                            return null;
140                    }
141            }
142    
143            protected boolean validate(HttpServletRequest request) throws Exception {
144    
145                    // Invoice
146    
147                    String ppInvoice = ParamUtil.getString(request, "invoice");
148    
149                    ShoppingOrder order = ShoppingOrderLocalServiceUtil.getOrder(
150                            ppInvoice);
151    
152                    ShoppingPreferences shoppingPrefs = ShoppingPreferences.getInstance(
153                            order.getCompanyId(), order.getGroupId());
154    
155                    // Receiver email address
156    
157                    String ppReceiverEmail = ParamUtil.getString(
158                            request, "receiver_email");
159    
160                    String payPalEmailAddress = shoppingPrefs.getPayPalEmailAddress();
161    
162                    if (!payPalEmailAddress.equals(ppReceiverEmail)) {
163                            return false;
164                    }
165    
166                    // Payment gross
167    
168                    double ppGross = ParamUtil.getDouble(request, "mc_gross");
169    
170                    double orderTotal = ShoppingUtil.calculateTotal(order);
171    
172                    if (orderTotal != ppGross) {
173                            return false;
174                    }
175    
176                    // Payment currency
177    
178                    String ppCurrency = ParamUtil.getString(request, "mc_currency");
179    
180                    String currencyId = shoppingPrefs.getCurrencyId();
181    
182                    if (!currencyId.equals(ppCurrency)) {
183                            return false;
184                    }
185    
186                    // Transaction ID
187    
188                    String ppTxnId = ParamUtil.getString(request, "txn_id");
189    
190                    try {
191                            ShoppingOrderLocalServiceUtil.getPayPalTxnIdOrder(ppTxnId);
192    
193                            return false;
194                    }
195                    catch (NoSuchOrderException nsoe) {
196                    }
197    
198                    return true;
199            }
200    
201            private static Log _log = LogFactoryUtil.getLog(
202                    PayPalNotificationAction.class);
203    
204    }