Initial project's source code check-in.

WebsitePanel/Sources/WebsitePanel.Gateways.PayPalStandard/PayPalStandardProvider.cs

@@ -0,0 +1,275 @@
+// Copyright (c) 2011, Outercurve Foundation.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification,
+// are permitted provided that the following conditions are met:
+//
+// - Redistributions of source code must  retain  the  above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// - Redistributions in binary form  must  reproduce the  above  copyright  notice,
+//   this list of conditions  and  the  following  disclaimer in  the documentation
+//   and/or other materials provided with the distribution.
+//
+// - Neither  the  name  of  the  Outercurve Foundation  nor   the   names  of  its
+//   contributors may be used to endorse or  promote  products  derived  from  this
+//   software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,  BUT  NOT  LIMITED TO, THE IMPLIED
+// WARRANTIES  OF  MERCHANTABILITY   AND  FITNESS  FOR  A  PARTICULAR  PURPOSE  ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+// ANY DIRECT, INDIRECT, INCIDENTAL,  SPECIAL,  EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO,  PROCUREMENT  OF  SUBSTITUTE  GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)  HOWEVER  CAUSED AND ON
+// ANY  THEORY  OF  LIABILITY,  WHETHER  IN  CONTRACT,  STRICT  LIABILITY,  OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE)  ARISING  IN  ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+using System;
+using System.Web;
+using System.Xml;
+using System.Xml.Serialization;
+using System.Net;
+using System.IO;
+using System.Collections.Specialized;
+using System.Collections.Generic;
+using System.Text;
+using System.Security.Cryptography;
+
+namespace WebsitePanel.Ecommerce.EnterpriseServer
+{
+	/// <summary>
+	/// Payment provider for the PayPal Gateway 
+	/// </summary>
+	public class PayPalStandardProvider : SystemPluginBase, IInteractivePaymentGatewayProvider
+	{
+		public const string DEMO_SERVICE_URL = "https://www.sandbox.paypal.com/cgi-bin/webscr";
+		public const string LIVE_SERVICE_URL = "https://www.paypal.com/cgi-bin/webscr";
+
+		public const string BUSINESS_NOT_MATCH_MSG = "Business account doesn't match";
+		public const string INVALID_RESPONSE_MSG = "Response is reported as either invalid or corrupted";
+		public const string PAYMENT_REJECTED_MSG = "Payment has been rejected by payment gateway";
+		public const string IPN_PROCESSOR_ENDPOINT = "Services/PayPalIPN.ashx";
+
+		public const string CART_COMMAND = "_cart";
+		public const string ErrorPrefix = "PayPalStandard.";
+
+		/// <summary>
+		/// Gets whether plug-in running in live mode
+		/// </summary>
+		public bool LiveMode
+		{
+			get
+			{
+				return Convert.ToBoolean(PluginSettings[PayPalStdSettings.LIVE_MODE]);
+			}
+		}
+		/// <summary>
+		/// Gets service business account
+		/// </summary>
+		public string Business
+		{
+			get { return PluginSettings[PayPalStdSettings.BUSINESS]; }
+		}
+		/// <summary>
+		/// Gets service return url
+		/// </summary>
+		public string ReturnUrl
+		{
+			get { return PluginSettings[PayPalStdSettings.RETURN_URL]; }
+		}
+		/// <summary>
+		/// Gets service cancel return url
+		/// </summary>
+		public string CancelReturnUrl
+		{
+			get { return PluginSettings[PayPalStdSettings.CANCEL_RETURN_URL]; }
+		}
+		/// <summary>
+		/// Gets service url
+		/// </summary>
+		public string ServiceUrl
+		{
+			get
+			{
+				if (LiveMode)
+					return LIVE_SERVICE_URL;
+
+				return DEMO_SERVICE_URL;
+			}
+		}
+
+		public PayPalStandardProvider()
+		{
+		}
+
+		#region IInteractivePaymentGatewayProvider Members
+
+		public CheckoutFormParams GetCheckoutFormParams(FormParameters formParams, InvoiceItem[] invoiceLines)
+		{
+			// normalize target site variable
+			string targetSite = formParams["target_site"].EndsWith("/") ? formParams["target_site"] 
+				: formParams["target_site"] + "/";
+
+			CheckoutFormParams outputParams = new CheckoutFormParams();
+			// setup service url
+			outputParams.Action = ServiceUrl;
+			outputParams.Method = CheckoutFormParams.POST_METHOD;
+			// copy command
+			outputParams["cmd"] = CART_COMMAND;
+			// workaround to make IPN callbacks work
+			outputParams["rm"] = "2";
+			// set upload value to indicate a third-party shopping cart
+			outputParams["upload"] = "1";
+			// set business
+			outputParams["business"] = Business;
+			// set cancel return url
+			outputParams["cancel_return"] = String.Concat(targetSite, "?pid=ecOnlineStore&ContractId=", formParams[FormParameters.CONTRACT]);
+			// set return url
+			outputParams["return"] = targetSite;
+			// set IPN-Endpoint url
+			outputParams["notify_url"] = String.Concat(targetSite, IPN_PROCESSOR_ENDPOINT);
+			// set invoice number
+			outputParams["invoice"] = formParams[FormParameters.INVOICE];
+			// set contract number
+			outputParams["custom"] = formParams[FormParameters.CONTRACT];
+			// set invoice currency
+			outputParams["currency_code"] = formParams[FormParameters.CURRENCY];
+			// set formatted invoice number
+			outputParams["item_name_1"] = String.Format("{0} #{1}", FormParameters.INVOICE, formParams[FormParameters.INVOICE]);
+			// set invoice amount
+			outputParams["amount_1"] = formParams[FormParameters.AMOUNT];
+			// copy first name
+			AddParameter(formParams, outputParams, FormParameters.FIRST_NAME, "first_name");
+			// copy last name
+			AddParameter(formParams, outputParams, FormParameters.LAST_NAME, "last_name");
+			// copy address
+			AddParameter(formParams, outputParams, FormParameters.ADDRESS, "address1");
+			// copy city
+			AddParameter(formParams, outputParams, FormParameters.CITY, "city");
+			// copy state
+			AddParameter(formParams, outputParams, FormParameters.STATE, "state");
+			// copy country
+			AddParameter(formParams, outputParams, FormParameters.COUNTRY, "country");
+			// copy zip
+			AddParameter(formParams, outputParams, FormParameters.ZIP, "zip");
+			// copty email
+			AddParameter(formParams, outputParams, FormParameters.EMAIL, "email");
+			// copy phone number
+			if (formParams[FormParameters.COUNTRY] != "US" && formParams[FormParameters.COUNTRY] != "CA")
+			{
+				// phone numbers outside U.S copy as is
+				outputParams["night_phone_b"] = formParams[FormParameters.PHONE];
+			}
+			// return whole set of params
+			return outputParams;
+		}
+		#endregion
+
+		#region IPaymentGatewayProvider Members
+
+		public TransactionResult SubmitPaymentTransaction(CheckoutDetails details)
+		{
+			//init result structure
+			TransactionResult result = new TransactionResult();
+			// check is request genuine depending on the provider mode
+			Process_IPN_Request(result, details);
+			//
+			return result;
+		}
+
+		private void Process_PDT_Request(TransactionResult result, CheckoutDetails details)
+		{
+
+		}
+
+		private void Process_IPN_Request(TransactionResult result, CheckoutDetails details)
+		{
+			result.RawResponse = "";
+
+			// build raw response
+			foreach (string keyName in details.GetAllKeys())
+			{
+				if (String.IsNullOrEmpty(keyName))
+					continue;
+
+				// check for separator
+				if (!String.IsNullOrEmpty(result.RawResponse) && 
+					!result.RawResponse.EndsWith("&"))
+					result.RawResponse += "&";
+
+				result.RawResponse += keyName + "=" + details[keyName];
+			}
+			// compare business account against email addres in response
+			if (!String.Equals(details["receiver_email"], Business, StringComparison.InvariantCultureIgnoreCase))
+				throw new Exception(BUSINESS_NOT_MATCH_MSG);
+
+			// validate whether response still genuine
+			if(!IsResponseGenuine(result.RawResponse))
+				throw new Exception(INVALID_RESPONSE_MSG);
+			// build tran id
+			string transactionId = details["txn_id"];
+			// check payment status
+			switch(details["payment_status"])
+			{
+				case "Completed":
+				case "Processed":
+					result.Succeed = true;
+					// store order details
+					result.TransactionId = transactionId;
+					result.TransactionStatus = TransactionStatus.Approved;
+					break;
+				case "Pending":
+					result.Succeed = true;
+					// store order details
+					result.TransactionId = transactionId;
+					result.TransactionStatus = TransactionStatus.Pending;
+					break;
+				default:
+					result.Succeed = false;
+					result.TransactionStatus = TransactionStatus.Declined;
+					break;
+			}
+		}
+		#endregion
+
+		private void AddParameter(FormParameters inputParams, CheckoutFormParams outputParams, string inputKey, string outputKey)
+		{
+			string formParameter = inputParams[inputKey];
+			if (formParameter != null)
+			{
+				outputParams[outputKey] = formParameter;
+			}
+		}
+		
+		private bool IsResponseGenuine(string strFormValues)
+		{
+			// Create the request back
+			HttpWebRequest request = (HttpWebRequest)WebRequest.Create(ServiceUrl);
+
+			// Set values for the request back
+			request.Method = "POST";
+			request.ContentType = "application/x-www-form-urlencoded";
+			string strNewValue = strFormValues + "&cmd=_notify-validate";
+			request.ContentLength = strNewValue.Length;
+			// Write the request back IPN strings
+			StreamWriter writer = new StreamWriter(request.GetRequestStream(), System.Text.Encoding.ASCII);
+			writer.Write(strNewValue);
+			writer.Close();
+
+			// Do the request to PayPal and get the response
+			StreamReader reader = new StreamReader(request.GetResponse().GetResponseStream());
+			string strResponse = reader.ReadToEnd().Trim().ToUpper();
+			reader.Close();
+
+			return String.Equals(strResponse, "VERIFIED", StringComparison.InvariantCultureIgnoreCase);
+		}
+
+		private string HtmlEncode(string s)
+		{
+			return HttpContext.Current.Server.UrlEncode(s);
+		}
+	}
+}
+