handle bank response

app/controllers/registrar/payments_controller.rb

@@ -20,6 +20,18 @@ class Registrar::PaymentsController < RegistrarController
   # both back and IPN
   def back
     @bank_link = BankLink::Response.new(params[:bank], params)
+    if @bank_link.valid?
+      @bank_link.complete_payment
+
+      if @bank_link.invoice.binded?
+        flash[:notice] = t(:pending_applieds)
+      else
+        flash[:error]  = t(:something_wrong)
+      end
+    else
+      flash[:error] = t(:something_wrong)
+    end
+    redirect_to registrar_invoice_path(@bank_link.invoice)
   end
 
   private

app/models/bank_link.rb

@@ -43,7 +43,8 @@ class BankLink
     end
 
     def calc_mac(fields)
-      pars = %w(VK_SERVICE VK_VERSION VK_SND_ID VK_STAMP VK_AMOUNT VK_CURR VK_REF VK_MSG VK_RETURN VK_CANCEL VK_DATETIME)
+      pars = %w(VK_SERVICE VK_VERSION VK_SND_ID VK_STAMP VK_AMOUNT VK_CURR VK_REF
+                    VK_MSG VK_RETURN VK_CANCEL VK_DATETIME).freeze
       data = pars.map{|e| prepend_size(fields[e]) }.join
 
       sign(data)
@@ -53,6 +54,7 @@ class BankLink
       transaction = BankTransaction.where(description: fields["VK_MSG"]).first_or_initialize(
           reference_no: invoice.reference_no,
           currency:     invoice.currency,
+          iban:         invoice.seller_iban
       )
 
       transaction.save!
@@ -72,12 +74,80 @@ class BankLink
 
 
   class Response
-    attr_accessor :type, :params
+    include Base
+    include ActionView::Helpers::NumberHelper
+
+    attr_accessor :type, :params, :invoice
     def initialize(type, params)
       @type, @params = type, params
+
+      @invoice = Invoice.find_by(number: params["VK_STAMP"]) if params["VK_STAMP"].present?
     end
-    def bank_public_key
-      OpenSSL::X509::Certificate.new(certificate).public_key
+
+    def valid?
+      !!validate
+    end
+
+    def complete_payment
+      if valid?
+        transaction = BankTransaction.find_by(description: params["VK_MSG"])
+        transaction.sum  = BigDecimal.new(params["VK_AMOUNT"].to_s)
+        transaction.bank_reference  = params['VK_T_NO']
+        transaction.buyer_bank_code = params["VK_SND_ID"]
+        transaction.buyer_iban = params["VK_SND_ACC"]
+        transaction.buyer_name = params["VK_SND_NAME"]
+        transaction.paid_at    = Time.parse(params["VK_T_DATETIME"])
+
+        transaction.autobind_invoice
+      end
+    end
+
+
+
+    def validate
+      case params["VK_SERVICE"]
+        when "1111"
+          validate_success && validate_amount && validate_currency
+        when "1911"
+          validate_cancel
+        else
+          false
+      end
+    end
+
+    def validate_success
+      pars = %w(VK_SERVICE VK_VERSION VK_SND_ID VK_REC_ID VK_STAMP VK_T_NO VK_AMOUNT VK_CURR
+        VK_REC_ACC VK_REC_NAME VK_SND_ACC VK_SND_NAME VK_REF VK_MSG VK_T_DATETIME).freeze
+
+      @validate_success ||= (
+        data = pars.map{|e| prepend_size(params[e]) }.join
+        verify_mac(data, params["VK_MAC"])
+      )
+    end
+
+    def validate_cancel
+      pars = %w(VK_SERVICE VK_VERSION VK_SND_ID VK_REC_ID VK_STAMP VK_REF VK_MSG).freeze
+      @validate_cancel ||= (
+        data = pars.map{|e| prepend_size(params[e]) }.join
+        verify_mac(data, params["VK_MAC"])
+      )
+    end
+
+    def validate_amount
+      source = number_with_precision(BigDecimal.new(params["VK_AMOUNT"].to_s), precision: 2, separator: ".")
+      target = number_with_precision(invoice.sum_cache, precision: 2, separator: ".")
+
+      source == target
+    end
+
+    def validate_currency
+      invoice.currency == params["VK_CURR"]
+    end
+
+
+    def verify_mac(data, mac)
+      bank_public_key = OpenSSL::X509::Certificate.new(File.read(ENV["payments_#{type}_bank_certificate"])).public_key
+      bank_public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(mac), data)
     end
   end
 end

config/application-example.yml

@@ -116,12 +116,15 @@ payments_banks: >
 payments_seb_url: 'https://www.seb.ee/cgi-bin/dv.sh/ipank.r'
 payments_seb_bank_certificate: 'eyp_pub.pem'
 payments_seb_seller_private: 'kaupmees_priv.pem'
+payments_seb_seller_account: 'testvpos'
 payments_swed_url: 'https://www.seb.ee/cgi-bin/dv.sh/ipank.r'
 payments_swed_bank_certificate: 'eyp_pub.pem'
 payments_swed_seller_private: 'kaupmees_priv.pem'
+payments_swed_seller_account: 'testvpos'
 payments_lhv_url: 'https://www.seb.ee/cgi-bin/dv.sh/ipank.r'
 payments_lhv_bank_certificate: 'eyp_pub.pem'
 payments_lhv_seller_private: 'kaupmees_priv.pem'
+payments_lhv_seller_account: 'testvpos'
 
 #
 # AUTOTEST overwrites