bornhack-website/shop/views.py

562 lines
20 KiB
Python
Raw Normal View History

from django.conf import settings
2016-05-12 17:08:54 +00:00
from django.contrib import messages
2016-05-15 22:09:00 +00:00
from django.contrib.auth.mixins import LoginRequiredMixin
2016-05-29 09:35:04 +00:00
from django.core.urlresolvers import reverse, reverse_lazy
2016-05-15 22:09:00 +00:00
from django.db.models import Count, F
2016-05-25 20:48:02 +00:00
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404
2016-05-16 19:54:25 +00:00
from django.shortcuts import get_object_or_404
2016-05-15 22:09:00 +00:00
from django.views.generic import (
View,
2016-05-15 22:09:00 +00:00
TemplateView,
ListView,
DetailView,
FormView,
2016-05-30 22:58:11 +00:00
UpdateView,
2016-05-15 22:09:00 +00:00
)
2016-05-29 10:10:51 +00:00
from django.views.generic.base import RedirectView
from django.views.generic.detail import SingleObjectMixin
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.utils.dateparse import parse_datetime
2016-05-31 21:15:33 +00:00
from django.utils import timezone
from camps.models import Camp
2016-05-15 22:09:00 +00:00
from shop.models import (
Order,
Product,
OrderProductRelation,
ProductCategory,
2016-05-16 17:12:59 +00:00
EpayCallback,
2016-05-17 06:15:14 +00:00
EpayPayment,
2016-05-25 20:48:02 +00:00
CoinifyAPIInvoice,
CoinifyAPICallback,
2016-05-30 20:50:43 +00:00
Ticket,
2016-05-15 22:09:00 +00:00
)
from .forms import AddToOrderForm
2016-05-17 05:42:31 +00:00
from .epay import calculate_epay_hash, validate_epay_callback
from collections import OrderedDict
2016-05-17 06:34:54 +00:00
from vendor.coinify_api import CoinifyAPI
2016-05-25 20:48:02 +00:00
from vendor.coinify_callback import CoinifyCallback
2016-05-31 21:58:25 +00:00
import json, time
2016-05-31 21:23:05 +00:00
class EnsureUserOwnsOrderMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
2016-05-31 21:23:05 +00:00
# If the user does not own this ticket OR is not staff
2016-05-31 21:30:18 +00:00
if not request.user.is_staff:
if self.get_object().user != request.user:
raise Http404("Order not found")
return super(EnsureUserOwnsOrderMixin, self).dispatch(
request, *args, **kwargs
)
class EnsureUnpaidOrderMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if self.get_object().paid:
messages.error(request, "This order is already paid for!")
return HttpResponseRedirect(reverse_lazy('shop:order_detail', kwargs={'pk': self.get_object().pk}))
return super(EnsureUnpaidOrderMixin, self).dispatch(
request, *args, **kwargs
)
class EnsurePaidOrderMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if not self.get_object().paid:
messages.error(request, "This order is not paid for!")
return HttpResponseRedirect(reverse_lazy('shop:order_detail', kwargs={'pk': self.get_object().pk}))
return super(EnsurePaidOrderMixin, self).dispatch(
request, *args, **kwargs
)
2016-05-17 06:34:54 +00:00
class EnsureClosedOrderMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if self.get_object().open is not None:
messages.error(request, 'This order is still open!')
return HttpResponseRedirect(reverse_lazy('shop:order_detail', kwargs={'pk': self.get_object().pk}))
return super(EnsureClosedOrderMixin, self).dispatch(
request, *args, **kwargs
)
class EnsureOrderHasProductsMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if not self.get_object().products.count() > 0:
messages.error(request, 'This order has no products!')
return HttpResponseRedirect(reverse_lazy('shop:index'))
return super(EnsureOrderHasProductsMixin, self).dispatch(
request, *args, **kwargs
)
2016-05-31 19:19:31 +00:00
2016-06-01 09:10:06 +00:00
class EnsureOrderIsNotCancelledMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if self.get_object().cancelled:
messages.error(
request,
'Order #{} is cancelled!'.format(self.get_object().id)
)
return HttpResponseRedirect(reverse_lazy('shop:index'))
2016-06-01 09:11:24 +00:00
return super(EnsureOrderIsNotCancelledMixin, self).dispatch(
2016-06-01 09:10:06 +00:00
request, *args, **kwargs
)
class EnsureOrderHasInvoicePDFMixin(SingleObjectMixin):
model = Order
def dispatch(self, request, *args, **kwargs):
if not self.get_object().invoice.pdf:
messages.error(request, "This order has no invoice yet!")
return HttpResponseRedirect(reverse_lazy('shop:order_detail', kwargs={'pk': self.get_object().pk}))
return super(EnsureOrderHasInvoicePDFMixin, self).dispatch(
request, *args, **kwargs
)
#################################################################################
2016-05-17 06:34:54 +00:00
2016-05-12 17:08:54 +00:00
class ShopIndexView(ListView):
model = Product
template_name = "shop_index.html"
2016-05-15 22:09:00 +00:00
context_object_name = 'products'
2016-05-13 06:36:56 +00:00
def get_context_data(self, **kwargs):
2016-05-13 06:50:04 +00:00
context = super(ShopIndexView, self).get_context_data(**kwargs)
2016-05-15 22:09:00 +00:00
if 'category' in self.request.GET:
category = self.request.GET.get('category')
2016-05-17 19:55:09 +00:00
# is this a public category
2016-05-17 19:24:04 +00:00
try:
2016-05-17 19:42:28 +00:00
categoryobj = ProductCategory.objects.get(slug=category)
2016-05-17 19:24:04 +00:00
if not categoryobj.public:
raise Http404("Category not found")
except ProductCategory.DoesNotExist:
2016-05-17 19:10:01 +00:00
raise Http404("Category not found")
2016-05-17 19:55:09 +00:00
# filter products by the chosen category
2016-05-15 22:09:00 +00:00
context['products'] = context['products'].filter(
2016-05-17 19:55:09 +00:00
category__slug=category
2016-05-15 22:09:00 +00:00
)
2016-05-30 18:56:03 +00:00
context['current_category'] = categoryobj
2016-05-15 22:09:00 +00:00
context['categories'] = ProductCategory.objects.annotate(
num_products=Count('products')
).filter(
2016-05-17 19:10:01 +00:00
num_products__gt=0,
public=True,
2016-05-15 22:09:00 +00:00
)
return context
2016-05-13 06:36:56 +00:00
class ProductDetailView(FormView, DetailView):
2016-05-15 22:09:00 +00:00
model = Product
template_name = 'product_detail.html'
form_class = AddToOrderForm
context_object_name = 'product'
2016-05-17 13:09:31 +00:00
def dispatch(self, request, *args, **kwargs):
if not self.get_object().category.public:
2016-05-17 13:09:31 +00:00
### this product is not publicly available
raise Http404("Product not found")
2016-05-17 18:42:02 +00:00
return super(ProductDetailView, self).dispatch(
request, *args, **kwargs
)
2016-05-12 17:08:54 +00:00
def form_valid(self, form):
2016-05-15 22:09:00 +00:00
product = self.get_object()
quantity = form.cleaned_data.get('quantity')
2016-05-15 22:09:00 +00:00
# do we have an open order?
try:
order = Order.objects.get(
user=self.request.user,
2016-05-15 22:14:45 +00:00
open__isnull=False
2016-05-15 22:09:00 +00:00
)
except Order.DoesNotExist:
# no open order - open a new one
order = Order.objects.create(
user=self.request.user,
camp=Camp.objects.current()
)
2016-05-15 22:09:00 +00:00
# get product from kwargs
if product in order.products.all():
# this product is already added to this order,
# increase count by quantity
OrderProductRelation.objects.filter(
product=product,
order=order
).update(quantity=F('quantity') + quantity)
2016-05-12 17:08:54 +00:00
else:
order.orderproductrelation_set.create(
product=product,
quantity=quantity,
)
2016-05-15 22:09:00 +00:00
messages.info(
self.request,
'{}x {} has been added to your order.'.format(
quantity,
product.name
)
)
2016-05-12 17:08:54 +00:00
2016-05-15 22:09:00 +00:00
# done
return super(ProductDetailView, self).form_valid(form)
2016-05-12 17:08:54 +00:00
def get_success_url(self):
return Order.objects.get(user=self.request.user, open__isnull=False).get_absolute_url()
2016-05-12 17:08:54 +00:00
class OrderListView(LoginRequiredMixin, ListView):
model = Order
template_name = "order_list.html"
2016-06-01 09:10:06 +00:00
context_object_name = 'orders'
2016-06-01 09:10:06 +00:00
def get_queryset(self):
queryset = super(OrderListView, self).get_queryset()
return queryset.filter(user=self.request.user).not_cancelled()
2016-06-01 09:10:06 +00:00
class OrderDetailView(
LoginRequiredMixin,
EnsureUserOwnsOrderMixin,
EnsureOrderHasProductsMixin,
EnsureOrderIsNotCancelledMixin,
DetailView
):
model = Order
template_name = 'order_detail.html'
context_object_name = 'order'
def post(self, request, *args, **kwargs):
order = self.get_object()
payment_method = request.POST.get('payment_method')
if payment_method in order.PAYMENT_METHODS:
order.payment_method = payment_method
# Mark the order as closed
order.open = None
order.save()
reverses = {
Order.CREDIT_CARD: reverse_lazy(
'shop:epay_form',
kwargs={'pk': order.id}
),
Order.BLOCKCHAIN: reverse_lazy(
'shop:coinify_pay',
kwargs={'pk': order.id}
),
Order.BANK_TRANSFER: reverse_lazy(
'shop:bank_transfer',
kwargs={'pk': order.id}
)
}
return HttpResponseRedirect(reverses[payment_method])
if 'update_order' in request.POST:
for order_product in order.orderproductrelation_set.all():
order_product_id = str(order_product.pk)
if order_product_id in request.POST:
new_quantity = int(request.POST.get(order_product_id))
order_product.quantity = new_quantity
order_product.save()
product_remove = request.POST.get('remove_product')
if product_remove:
order.orderproductrelation_set.filter(pk=product_remove).delete()
if not order.products.count() > 0:
2016-06-01 09:10:06 +00:00
order.mark_as_cancelled()
2016-05-31 19:01:48 +00:00
messages.info(request, 'Order cancelled!')
return HttpResponseRedirect(reverse_lazy('shop:index'))
2016-05-31 19:01:48 +00:00
if 'cancel_order' in request.POST:
2016-06-01 09:10:06 +00:00
order.mark_as_cancelled()
2016-05-31 19:01:48 +00:00
messages.info(request, 'Order cancelled!')
return HttpResponseRedirect(reverse_lazy('shop:index'))
return super(OrderDetailView, self).get(request, *args, **kwargs)
class DownloadInvoiceView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsurePaidOrderMixin, EnsureOrderHasInvoicePDFMixin, SingleObjectMixin, View):
model = Order
def get(self, request, *args, **kwargs):
response = HttpResponse(content_type='application/pdf')
response['Content-Disposition'] = 'attachment; filename="%s"' % self.get_object().invoice.filename
2016-05-30 22:00:57 +00:00
response.write(self.get_object().invoice.pdf.read())
return response
#################################################################################
class EpayFormView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsureUnpaidOrderMixin, EnsureClosedOrderMixin, EnsureOrderHasProductsMixin, DetailView):
model = Order
2016-05-16 13:31:37 +00:00
template_name = 'epay_form.html'
def get_context_data(self, **kwargs):
order = self.get_object()
2016-05-16 13:31:37 +00:00
context = super(EpayFormView, self).get_context_data(**kwargs)
context['merchant_number'] = settings.EPAY_MERCHANT_NUMBER
2016-05-17 05:06:25 +00:00
context['description'] = order.description
context['amount'] = order.total * 100
2016-05-17 05:06:25 +00:00
context['order_id'] = order.pk
context['accept_url'] = order.get_epay_accept_url(self.request)
context['cancel_url'] = order.get_cancel_url(self.request)
context['callback_url'] = order.get_epay_callback_url(self.request)
context['epay_hash'] = calculate_epay_hash(order, self.request)
2016-05-16 13:31:37 +00:00
return context
class EpayCallbackView(SingleObjectMixin, View):
2016-05-29 15:12:09 +00:00
model = Order
def get(self, request, *args, **kwargs):
2016-05-16 13:31:37 +00:00
callback = EpayCallback.objects.create(
payload=request.GET
)
if 'orderid' in request.GET:
query = OrderedDict(
2016-05-16 13:31:37 +00:00
map(
lambda x: tuple(x.split('=')),
request.META['QUERY_STRING'].split('&')
)
)
2016-05-16 19:57:52 +00:00
order = get_object_or_404(Order, pk=query.get('orderid'))
if order.pk != self.get_object().pk:
print "bad epay callback, orders do not match!"
return HttpResponse(status=400)
2016-05-16 13:31:37 +00:00
if validate_epay_callback(query):
callback.md5valid=True
callback.save()
else:
2016-05-17 05:42:31 +00:00
print "bad epay callback!"
2016-05-16 13:31:37 +00:00
return HttpResponse(status=400)
if order.paid:
### this order is already paid, perhaps we are seeing a double callback?
return HttpResponse('OK')
### epay callback is valid - has the order been paid in full?
if int(query['amount']) == order.total * 100:
### create an EpayPayment object linking the callback to the order
EpayPayment.objects.create(
order=order,
callback=callback,
txnid=query.get('txnid'),
)
### and mark order as paid (this will create tickets)
order.mark_as_paid()
else:
print "valid epay callback with wrong amount detected"
2016-05-16 13:31:37 +00:00
else:
return HttpResponse(status=400)
return HttpResponse('OK')
2016-05-16 14:31:51 +00:00
class EpayThanksView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsureClosedOrderMixin, DetailView):
2016-05-16 17:31:14 +00:00
model = Order
template_name = 'epay_thanks.html'
def dispatch(self, request, *args, **kwargs):
if request.GET:
# epay redirects the user back to our accepturl with a long
# and ugly querystring, redirect user to the clean url
2016-05-29 14:27:38 +00:00
return HttpResponseRedirect(reverse('shop:epay_thanks', kwargs={'pk': self.get_object().pk}))
2016-05-29 14:40:32 +00:00
return super(EpayThanksView, self).dispatch(
request, *args, **kwargs
)
#################################################################################
2016-05-16 17:31:14 +00:00
class BankTransferView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsureUnpaidOrderMixin, EnsureOrderHasProductsMixin, DetailView):
2016-05-16 17:31:14 +00:00
model = Order
template_name = 'bank_transfer.html'
2016-05-16 14:31:51 +00:00
2016-06-01 07:29:21 +00:00
def get_context_data(self, **kwargs):
context = super(BankTransferView, self).get_context_data(**kwargs)
context['iban'] = settings.BANKACCOUNT_IBAN
context['swiftbic'] = settings.BANKACCOUNT_SWIFTBIC
2016-06-01 07:36:42 +00:00
context['orderid'] = self.get_object().pk
2016-06-01 10:49:51 +00:00
context['regno'] = settings.BANKACCOUNT_REG
context['accountno'] = settings.BANKACCOUNT_ACCOUNT
2016-06-01 07:36:42 +00:00
context['total'] = self.get_object().total
2016-06-01 07:29:21 +00:00
return context
#################################################################################
2016-05-25 20:48:02 +00:00
class CoinifyRedirectView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsureUnpaidOrderMixin, EnsureClosedOrderMixin, EnsureOrderHasProductsMixin, SingleObjectMixin, RedirectView):
2016-05-25 20:48:02 +00:00
model = Order
2016-05-29 10:08:29 +00:00
def dispatch(self, request, *args, **kwargs):
2016-05-25 20:48:02 +00:00
order = self.get_object()
if hasattr(order, 'coinifyapiinvoice'):
# we already have a coinifyinvoice for this order,
# check if it expired
if parse_datetime(order.coinifyapiinvoice.invoicejson['expire_time']) < timezone.now():
# this coinifyinvoice expired, delete it
2016-05-31 23:30:05 +00:00
print "deleting expired coinifyinvoice id %s" % order.coinifyapiinvoice.invoicejson['id']
order.coinifyapiinvoice.delete()
order = self.get_object()
# create a new coinify invoice if needed
if not hasattr(order, 'coinifyapiinvoice'):
2016-05-29 10:08:29 +00:00
# Initiate coinify API
2016-05-25 20:48:02 +00:00
coinifyapi = CoinifyAPI(
settings.COINIFY_API_KEY,
settings.COINIFY_API_SECRET
)
2016-05-29 10:08:29 +00:00
# create coinify API
2016-05-25 20:48:02 +00:00
response = coinifyapi.invoice_create(
float(order.total),
2016-05-25 20:48:02 +00:00
'DKK',
plugin_name='BornHack 2016 webshop',
plugin_version='1.0',
description='BornHack 2016 order id #%s' % order.id,
callback_url=order.get_coinify_callback_url(request),
return_url=order.get_coinify_thanks_url(request),
cancel_url=order.get_cancel_url(request),
2016-05-25 20:48:02 +00:00
)
2016-05-29 10:08:29 +00:00
# Parse response
2016-05-25 20:48:02 +00:00
if not response['success']:
api_error = response['error']
print "API error: %s (%s)" % (
api_error['message'],
api_error['code']
)
2016-05-29 10:08:29 +00:00
messages.error(request, "There was a problem with the payment provider. Please try again later")
return HttpResponseRedirect(reverse_lazy('shop:order_detail', kwargs={'pk': self.get_object().pk}))
2016-05-25 20:48:02 +00:00
else:
# save this coinify invoice
2016-05-31 23:30:05 +00:00
coinifyinvoice = CoinifyAPIInvoice.objects.create(
2016-05-25 20:48:02 +00:00
invoicejson = response['data'],
order = order,
)
2016-05-31 23:30:05 +00:00
print "created new coinifyinvoice id %s" % coinifyinvoice.invoicejson['id']
2016-05-29 10:08:29 +00:00
return super(CoinifyRedirectView, self).dispatch(
request, *args, **kwargs
)
def get_redirect_url(self, *args, **kwargs):
2016-05-29 11:01:36 +00:00
return self.get_object().coinifyapiinvoice.invoicejson['payment_url']
2016-05-25 20:48:02 +00:00
2016-05-29 08:43:38 +00:00
class CoinifyCallbackView(SingleObjectMixin, View):
model = Order
@method_decorator(csrf_exempt)
def dispatch(self, *args, **kwargs):
return super(CoinifyCallbackView, self).dispatch(*args, **kwargs)
2016-05-25 20:48:02 +00:00
def post(self, request, *args, **kwargs):
2016-05-29 08:43:38 +00:00
# Get the signature from the HTTP headers
2016-05-25 20:48:02 +00:00
signature = request.META['HTTP_X_COINIFY_CALLBACK_SIGNATURE']
2016-05-31 18:50:08 +00:00
sdk = CoinifyCallback(settings.COINIFY_IPN_SECRET)
2016-05-25 20:48:02 +00:00
# make a dict with all HTTP_ headers
headerdict = {}
for key, value in request.META.iteritems():
if key[:5] == 'HTTP_':
headerdict[key[5:]] = value
# save callback to db
callbackobject = CoinifyAPICallback.objects.create(
2016-05-29 17:53:56 +00:00
headers=headerdict,
payload=json.loads(request.body),
order=self.get_object()
)
2016-05-25 20:48:02 +00:00
if sdk.validate_callback(request.body, signature):
# mark callback as valid in db
callbackobject.valid=True
callbackobject.save()
2016-05-25 20:48:02 +00:00
# parse json
callbackjson = json.loads(request.body)
if callbackjson['event'] == 'invoice_state_change' or callbackjson['event'] == 'invoice_manual_resend':
2016-05-31 19:19:31 +00:00
# find coinify invoice in db
2016-05-25 20:48:02 +00:00
try:
2016-05-31 19:41:31 +00:00
coinifyinvoice = CoinifyAPIInvoice.objects.get(invoicejson__id=callbackjson['data']['id'])
2016-05-25 20:48:02 +00:00
except CoinifyAPIInvoice.DoesNotExist:
2016-05-31 19:41:31 +00:00
print "unable to find CoinifyAPIInvoice with id %s" % callbackjson['data']['id']
2016-05-31 19:19:31 +00:00
return HttpResponseBadRequest('bad coinifyinvoice id')
2016-05-25 20:48:02 +00:00
2016-05-31 19:48:21 +00:00
# save new coinifyinvoice payload
coinifyinvoice.invoicejson = callbackjson['data']
coinifyinvoice.save()
2016-05-31 19:19:31 +00:00
2016-05-31 19:48:21 +00:00
# so, is the order paid in full now?
2016-05-25 20:48:02 +00:00
if callbackjson['data']['state'] == 'complete':
2016-05-31 19:48:21 +00:00
coinifyinvoice.order.mark_as_paid()
2016-05-29 17:47:44 +00:00
# return 200 OK
return HttpResponse('OK')
2016-05-25 20:48:02 +00:00
else:
2016-05-29 17:47:44 +00:00
return HttpResponseBadRequest('unsupported event')
2016-05-25 20:48:02 +00:00
else:
2016-05-29 17:53:56 +00:00
print "invalid coinify callback detected"
2016-05-29 17:47:44 +00:00
return HttpResponseBadRequest('something is fucky')
2016-05-25 20:48:02 +00:00
2016-05-29 08:43:38 +00:00
class CoinifyThanksView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, EnsureClosedOrderMixin, DetailView):
2016-05-29 08:43:38 +00:00
model = Order
template_name = 'coinify_thanks.html'
2016-05-30 20:50:43 +00:00
class TicketListView(LoginRequiredMixin, ListView):
model = Ticket
template_name = 'ticket_list.html'
context_object_name = 'tickets'
def get_queryset(self):
tickets = super(TicketListView, self).get_queryset()
user = self.request.user
return tickets.filter(order__user=user)
2016-05-30 22:58:11 +00:00
class TicketDetailView(LoginRequiredMixin, UpdateView, DetailView):
model = Ticket
template_name = 'ticket_detail.html'
context_object_name = 'ticket'
fields = ['name', 'email']
def form_valid(self, form):
messages.info(self.request, 'Ticket updated!')
return super(TicketDetailView, self).form_valid(form)
def dispatch(self, request, *args, **kwargs):
ticket = self.get_object()
if ticket.order.user != request.user:
return Http404
return super(TicketDetailView, self).dispatch(request, *args, **kwargs)