PayPalNotificationAction.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.shopping.web.internal.portlet.action;

import com.liferay.portal.kernel.io.unsync.UnsyncBufferedReader;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.module.configuration.ConfigurationProviderUtil;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.ServiceContextFactory;
import com.liferay.portal.kernel.settings.GroupServiceSettingsLocator;
import com.liferay.portal.kernel.struts.BaseStrutsAction;
import com.liferay.portal.kernel.struts.StrutsAction;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.URLCodec;
import com.liferay.portal.kernel.util.UnsyncPrintWriterPool;
import com.liferay.shopping.configuration.ShoppingGroupServiceOverriddenConfiguration;
import com.liferay.shopping.constants.ShoppingConstants;
import com.liferay.shopping.constants.ShoppingPortletKeys;
import com.liferay.shopping.exception.NoSuchOrderException;
import com.liferay.shopping.model.ShoppingOrder;
import com.liferay.shopping.service.ShoppingOrderLocalService;
import com.liferay.shopping.util.ShoppingUtil;

import java.io.InputStreamReader;
import java.io.PrintWriter;

import java.net.URL;
import java.net.URLConnection;

import java.util.Enumeration;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

/**
 * @author Brian Wing Shun Chan
 * @author Peter Fellwock
 */
@Component(
	property = {
		"javax.portlet.name=" + ShoppingPortletKeys.SHOPPING,
		"javax.portlet.name=" + ShoppingPortletKeys.SHOPPING_ADMIN,
		"path=/shopping/notify"
	},
	service = StrutsAction.class
)
public class PayPalNotificationAction extends BaseStrutsAction {

	@Override
	public String execute(
			HttpServletRequest request, HttpServletResponse response)
		throws Exception {

		String invoice = null;

		try {
			if (_log.isDebugEnabled()) {
				_log.debug("Receiving notification from PayPal");
			}

			String query = "cmd=_notify-validate";

			Enumeration<String> enu = request.getParameterNames();

			while (enu.hasMoreElements()) {
				String name = enu.nextElement();

				String value = request.getParameter(name);

				query = query + "&" + name + "=" + URLCodec.encodeURL(value);
			}

			if (_log.isDebugEnabled()) {
				_log.debug("Sending response to PayPal " + query);
			}

			URL url = new URL("https://www.paypal.com/cgi-bin/webscr");

			URLConnection urlc = url.openConnection();

			urlc.setDoOutput(true);
			urlc.setRequestProperty(
				"Content-Type", "application/x-www-form-urlencoded");

			try (PrintWriter pw = UnsyncPrintWriterPool.borrow(
					urlc.getOutputStream())) {

				pw.println(query);
			}

			String payPalStatus = null;

			try (UnsyncBufferedReader unsyncBufferedReader =
					new UnsyncBufferedReader(
						new InputStreamReader(urlc.getInputStream()))) {

				payPalStatus = unsyncBufferedReader.readLine();
			}

			String itemName = ParamUtil.getString(request, "item_name");
			String itemNumber = ParamUtil.getString(request, "item_number");
			invoice = ParamUtil.getString(request, "invoice");
			String txnId = ParamUtil.getString(request, "txn_id");
			String paymentStatus = ParamUtil.getString(
				request, "payment_status");
			double paymentGross = ParamUtil.getDouble(request, "mc_gross");
			String receiverEmail = ParamUtil.getString(
				request, "receiver_email");
			String payerEmail = ParamUtil.getString(request, "payer_email");

			if (_log.isDebugEnabled()) {
				_log.debug("Receiving response from PayPal");
				_log.debug("Item name " + itemName);
				_log.debug("Item number " + itemNumber);
				_log.debug("Invoice " + invoice);
				_log.debug("Transaction ID " + txnId);
				_log.debug("Payment status " + paymentStatus);
				_log.debug("Payment gross " + paymentGross);
				_log.debug("Receiver email " + receiverEmail);
				_log.debug("Payer email " + payerEmail);
			}

			if (payPalStatus.equals("VERIFIED") && validate(request)) {
				ServiceContext serviceContext =
					ServiceContextFactory.getInstance(request);

				_shoppingOrderLocalService.completeOrder(
					invoice, txnId, paymentStatus, paymentGross, receiverEmail,
					payerEmail, true, serviceContext);
			}
			else if (payPalStatus.equals("INVALID")) {
			}

			return null;
		}
		catch (Exception e) {
			_portal.sendError(e, request, response);

			return null;
		}
	}

	@Reference(unbind = "-")
	protected void setShoppingOrderLocalService(
		ShoppingOrderLocalService shoppingOrderLocalService) {

		_shoppingOrderLocalService = shoppingOrderLocalService;
	}

	protected boolean validate(HttpServletRequest request) throws Exception {

		// Invoice

		String ppInvoice = ParamUtil.getString(request, "invoice");

		ShoppingOrder order = _shoppingOrderLocalService.getOrder(ppInvoice);

		ShoppingGroupServiceOverriddenConfiguration
			shoppingGroupServiceOverriddenConfiguration =
				ConfigurationProviderUtil.getConfiguration(
					ShoppingGroupServiceOverriddenConfiguration.class,
					new GroupServiceSettingsLocator(
						order.getGroupId(), ShoppingConstants.SERVICE_NAME));

		// Receiver email address

		String ppReceiverEmail = ParamUtil.getString(request, "receiver_email");

		String payPalEmailAddress =
			shoppingGroupServiceOverriddenConfiguration.getPayPalEmailAddress();

		if (!payPalEmailAddress.equals(ppReceiverEmail)) {
			return false;
		}

		// Payment gross

		double ppGross = ParamUtil.getDouble(request, "mc_gross");

		double orderTotal = ShoppingUtil.calculateTotal(order);

		if (orderTotal != ppGross) {
			return false;
		}

		// Payment currency

		String ppCurrency = ParamUtil.getString(request, "mc_currency");

		String currencyId =
			shoppingGroupServiceOverriddenConfiguration.getCurrencyId();

		if (!currencyId.equals(ppCurrency)) {
			return false;
		}

		// Transaction ID

		String ppTxnId = ParamUtil.getString(request, "txn_id");

		try {
			_shoppingOrderLocalService.getPayPalTxnIdOrder(ppTxnId);

			return false;
		}
		catch (NoSuchOrderException nsoe) {
		}

		return true;
	}

	private static final Log _log = LogFactoryUtil.getLog(
		PayPalNotificationAction.class);

	@Reference
	private Portal _portal;

	private ShoppingOrderLocalService _shoppingOrderLocalService;

}