more paypal

Author: sveneberth

src/viur/shop/globals.py

@@ -1,3 +1,7 @@
+"""
+Global constants and settings for the viur-shop.
+"""
+
 import logging
 import typing as t
 

src/viur/shop/payment_providers/abstract.py

@@ -1,4 +1,5 @@
 import abc
+import enum
 import functools
 import uuid
 
@@ -59,10 +60,14 @@ def description(self) -> translate:
         """Define the description of the payment provider"""
         return translate(f"viur.shop.payment_provider.{self.name}.descr", self.name)
 
+    # --- Internal Checks & Actions during the payment flow -------------------
+    # --- (controlled by the order module) ------------------------------------
+
     def is_available(
         self: t.Self,
         order_skel: SkeletonInstance_T[OrderSkel] | None,
     ) -> bool:
+        """Decide whether the payment provider is available."""
         return True
 
     def can_checkout(
@@ -131,21 +136,31 @@ def check_payment_deferred(self, order_key: db.Key) -> None:
         else:
             logger.info(f'Order {order_skel["key"]!r} is not paid')
 
+    # --- API Endpoints  ------------------------------------------------------
+
     @abc.abstractmethod
     # @exposed
     def return_handler(self):
+        """Frontend Endpoint where the might be redirected to by the payment provider during the payment flow"""
         ...
 
     @abc.abstractmethod
     # @exposed
     def webhook(self):
+        """API Endpoint (Webhook) to listen for events from payment provider"""
         ...
 
     @abc.abstractmethod
     # @exposed
     def get_debug_information(self):
+        """Provide information about the payment of an order.
+
+        Only for debugging purposes. It's not an API endpoint.
+        """
         ...
 
+    # --- utils ---------------------------------------------------------------
+
     def _append_payment_to_order_skel(
         self,
         order_skel: SkeletonInstance_T[OrderSkel],
@@ -194,5 +209,17 @@ def serialize_for_api(
             is_available=self.is_available(order_skel),
         )
 
+    @classmethod
+    def model_to_dict(cls, obj: t.Any) -> t.Any:
+        """Convert any nested model to a JSON-compatible representation
+        """
+        if isinstance(obj, dict):
+            return {k: cls.model_to_dict(v) for k, v in obj.items()}
+        elif isinstance(obj, list | tuple):
+            return [cls.model_to_dict(v) for v in obj]
+        elif isinstance(obj, enum.Enum):
+            return f"{obj!r}"
+        return obj
+
 
 PaymentProviderAbstract.html = True

src/viur/shop/payment_providers/invoice.py

@@ -2,6 +2,7 @@
 
 from viur.core import errors, exposed
 from viur.core.skeleton import SkeletonInstance
+
 from . import PaymentProviderAbstract
 from ..globals import SHOP_LOGGER
 from ..skeletons import OrderSkel

src/viur/shop/payment_providers/paypal_checkout.py

@@ -1,4 +1,3 @@
-import enum
 import json
 import logging
 import typing as t  # noqa
@@ -79,6 +78,8 @@ def __init__(
             ),
         )
 
+    # --- Internal Checks & Actions during the payment flow -------------------
+
     def get_checkout_start_data(
         self,
         order_skel: SkeletonInstance,
@@ -193,12 +194,7 @@ def check_payment_state(
                 logger.info(f"Payment #{idx} has a capture that is not completed ({capture.status=!r})")
                 continue  # This payment is incomplete
 
-            if capture.invoice_id != order_skel["order_uid"]:
-                logger.info(f"Payment #{idx} has a capture that does not match the order_uid "
-                            f"({capture.invoice_id=} != {order_skel["order_uid"]=})")
-                continue
-
-            if capture.invoice_id != order_skel["order_uid"]:
+            if float(capture.amount.value) != order_skel["total"]:
                 logger.error(f"Payment #{idx} has a fully captured payment, but amount does not match"
                              f"({capture.amount.value=} != {order_skel["total"]})")
                 raise InvalidStateError(f"Payment #{idx} has been captured with invalid amount")
@@ -207,6 +203,8 @@ def check_payment_state(
 
         return False, payment_results
 
+    # --- API Endpoints  ------------------------------------------------------
+
     @exposed
     def return_handler(self):
         raise errors.NotImplemented()
@@ -217,7 +215,7 @@ def return_handler(self):
     def webhook(self, *args, **kwargs):
         """Webhook for PayPal.
 
-        Listens to all events, but handle payment-complete as backup currently only.
+        Listens to all events, but handle PAYMENT.CAPTURE.COMPLETED as backup currently only.
         """
         try:
             payload = json.loads(current.request.get().request.body)
@@ -227,6 +225,11 @@ def webhook(self, *args, **kwargs):
         logger.info(f"{payload=}")
         logger.info(f"headers={dict(current.request.get().request.headers)!r}")
 
+        # TODO: PayPal has many large IP-Ranges
+        #  https://www.paypal.com/li/cshelp/article/what-are-the-internet-protocol-ip-addresses-for-paypal-server-endpoints-ts1056
+        #  Verifying the request source might be more safe, but since we use this webhook only as trigger
+        #  for an payment check (that load the state from the API-Server anyway),
+        #  this is not really a security issue.
         # ip = current.request.get().request.remote_addr
         # logger.info(f"{ip=}")
         # if ip not in IP_ADDRESS:
@@ -315,6 +318,8 @@ def capture_order(
         """
         Capture payment for the created order to complete the transaction.
 
+        Has to be called by the Frontend after the user has approved the payment.
+
         @see https://developer.paypal.com/docs/api/orders/v2/#orders_capture
         """
         order_key = self.shop.api._normalize_external_key(order_key, "order_key")
@@ -347,13 +352,7 @@ def capture_order(
         })
 
     @classmethod
-    def model_to_dict(cls, obj):
+    def model_to_dict(cls, obj: t.Any) -> t.Any:
         """Convert any nested PayPal model to dict representation"""
         obj = ApiHelper.json_serialize(obj, should_encode=False)  # Convert to dict first, then process recursively
-        if isinstance(obj, dict):
-            return {k: cls.model_to_dict(v) for k, v in obj.items()}
-        elif isinstance(obj, list | tuple):
-            return [cls.model_to_dict(v) for v in obj]
-        elif isinstance(obj, enum.Enum):
-            return f"{obj!r}"
-        return obj
+        return super().model_to_dict(obj)

src/viur/shop/payment_providers/prepayment.py

@@ -1,9 +1,9 @@
 import typing as t
 
 from deprecated.sphinx import deprecated
-
 from viur.core import errors, exposed
 from viur.core.skeleton import SkeletonInstance
+
 from . import PaymentProviderAbstract
 from ..globals import SHOP_LOGGER
 from ..skeletons import OrderSkel

src/viur/shop/payment_providers/unzer_abstract.py

@@ -1,5 +1,4 @@
 import abc
-import enum
 import functools
 import json
 import typing as t  # noqa
@@ -150,6 +149,8 @@ def sandbox(self) -> bool:
             return self._sandbox()
         return self._sandbox
 
+    # --- Internal Checks & Actions during the payment flow -------------------
+
     def can_checkout(
         self,
         order_skel: SkeletonInstance,
@@ -310,6 +311,8 @@ def check_payment_state(
 
         return False, payment_results
 
+    # --- API Endpoints  ------------------------------------------------------
+
     @exposed
     @log_unzer_error
     @error_handler
@@ -528,14 +531,8 @@ def shop_salutation_to_unzer_salutation(
         }.get(salutation, UnzerSalutation.UNKNOWN)
 
     @classmethod
-    def model_to_dict(cls, obj):
+    def model_to_dict(cls, obj: t.Any) -> t.Any:
         """Convert any nested unzer model to dict representation"""
         if isinstance(obj, BaseModel):
             obj = dict(obj)  # Convert to dict first, then process recursively
-        if isinstance(obj, dict):
-            return {k: cls.model_to_dict(v) for k, v in obj.items()}
-        elif isinstance(obj, list | tuple):
-            return [cls.model_to_dict(v) for v in obj]
-        elif isinstance(obj, enum.Enum):
-            return f"{obj!r}"
-        return obj
+        return super().model_to_dict(obj)

src/viur/shop/payment_providers/unzer_applepay.py

@@ -2,8 +2,8 @@
 
 import unzer
 from unzer.model import PaymentType
-
 from viur.core.skeleton import SkeletonInstance
+
 from .unzer_abstract import UnzerAbstract
 from ..globals import SHOP_LOGGER
 

src/viur/shop/payment_providers/unzer_googlepay.py

@@ -2,8 +2,8 @@
 
 import unzer
 from unzer.model import PaymentType
-
 from viur.core.skeleton import SkeletonInstance
+
 from .unzer_abstract import UnzerAbstract
 from ..globals import SHOP_LOGGER
 

src/viur/shop/payment_providers/unzer_paylater_invoice.py

@@ -2,10 +2,10 @@
 import typing as t  # noqa
 
 import unzer
-
-from viur import toolkit
 from viur.core import current, db, errors, exposed
 from viur.core.skeleton import SkeletonInstance
+
+from viur import toolkit
 from viur.shop.skeletons import OrderSkel
 from viur.shop.types import *
 from .unzer_abstract import UnzerAbstract, log_unzer_error