/** Checks the given member's pin */
private void checkCredentials(Member member, final Channel channel, final String credentials) {
if (member == null) {
return;
}
final ServiceClient client = WebServiceContext.getClient();
final Member restrictedMember = client.getMember();
if (restrictedMember == null) {
// Non-restricted clients use the flag credentials required
if (!client.isCredentialsRequired()) {
// No credentials should be checked
throw new InvalidCredentialsException();
}
} else {
// Restricted clients don't need check if is the same member
if (restrictedMember.equals(member)) {
throw new InvalidCredentialsException();
}
}
if (StringUtils.isEmpty(credentials)) {
throw new InvalidCredentialsException();
}
member = fetchService.fetch(member, Element.Relationships.USER);
accessService.checkCredentials(
channel,
member.getMemberUser(),
credentials,
WebServiceContext.getRequest().getRemoteAddr(),
WebServiceContext.getMember());
}
public boolean expireTicket(final String ticketStr) {
try {
final PaymentRequestTicket ticket =
(PaymentRequestTicket)
ticketService.load(ticketStr, PaymentRequestTicket.Relationships.FROM_CHANNEL);
// Check the member restriction
final Member restricted = WebServiceContext.getMember();
if (restricted != null && !restricted.equals(ticket.getTo())) {
throw new Exception();
}
// Check the from channel
final Channel resolvedChannel = WebServiceContext.getChannel();
final Channel fromChannel = ticket.getFromChannel();
final Channel toChannel = ticket.getToChannel();
if ((fromChannel == null || !fromChannel.equals(resolvedChannel))
&& (toChannel == null || !toChannel.equals(resolvedChannel))) {
throw new Exception();
}
// Check by status
if (ticket.getStatus() == Ticket.Status.PENDING) {
ticketService.expirePaymentRequestTicket(ticket);
return true;
}
} catch (final Exception e) {
webServiceHelper.error(e);
// Ignore exceptions
}
return false;
}
/**
* Performs some static checks and loads the transfers to be chargedback by the bulk reverse
* operation.
*
* @param ids: Could be trace numbers or transfer ids.
* @param loader: The object responsible for loading the transfer by trace number or transferId.
*/
private <V> List<ChargebackResult> doBulkChargeback(
final List<V> ids, final TransferLoader<V> loader) {
final List<Transfer> transfers = new LinkedList<Transfer>();
final List<AccountDTO> allAccounts = new LinkedList<AccountDTO>();
final Member member = WebServiceContext.getMember();
final List<ChargebackResult> result = new LinkedList<ChargebackResult>();
boolean failed = false;
for (final V id : ids) {
Transfer transfer = null;
try {
transfer = loader.load(id);
transfers.add(transfer);
if (member != null && !transfer.getToOwner().equals(member)) {
throw new EntityNotFoundException();
}
result.add(new ChargebackResult(ChargebackStatus.NOT_PERFORMED, null, null));
allAccounts.add(new AccountDTO(transfer.getFrom()));
allAccounts.add(new AccountDTO(transfer.getTo()));
} catch (final EntityNotFoundException e) {
failed = true;
result.add(new ChargebackResult(ChargebackStatus.TRANSFER_NOT_FOUND, null, null));
webServiceHelper.error(
new Exception(
"Bulk status [Id=" + id + "]: " + ChargebackStatus.TRANSFER_NOT_FOUND, e));
}
}
if (failed) {
return result;
}
return bulkReverse(transfers, allAccounts);
}
public PaymentSimulationResult simulatePayment(final PaymentParameters params) {
PaymentStatus status;
AccountHistoryTransferVO transferVO = null;
try {
final PrepareParametersResult result = prepareParameters(params);
status = result.getStatus();
if (status == null) {
final DoExternalPaymentDTO dto =
paymentHelper.toExternalPaymentDTO(params, result.getFrom(), result.getTo());
if (!validateTransferType(dto)) {
webServiceHelper.trace(
PaymentStatus.INVALID_PARAMETERS
+ ". Reason: The service client doesn't have permission to the specified transfer type: "
+ dto.getTransferType());
status = PaymentStatus.INVALID_PARAMETERS;
} else {
// Simulate the payment
final Transfer transfer = (Transfer) paymentService.simulatePayment(dto);
transferVO = accountHelper.toVO(WebServiceContext.getMember(), transfer, null);
status = paymentHelper.toStatus(transfer);
}
}
} catch (final Exception e) {
webServiceHelper.error(e);
status = paymentHelper.toStatus(e);
}
if (!status.isSuccessful()) {
webServiceHelper.error("Simulate payment status: " + status);
}
return new PaymentSimulationResult(status, transferVO);
}
private ChargebackResult doChargeback(final Transfer transfer) {
ChargebackStatus status = null;
Transfer chargebackTransfer = null;
// Check if the transfer can be charged back
if (!paymentService.canChargeback(transfer, false)) {
if (transfer.getChargedBackBy() != null) {
chargebackTransfer = transfer.getChargedBackBy();
status = ChargebackStatus.TRANSFER_ALREADY_CHARGEDBACK;
} else {
if (transfer.getStatus() == Payment.Status.PENDING) {
final TransferAuthorizationDTO transferAuthorizationDto = new TransferAuthorizationDTO();
transferAuthorizationDto.setTransfer(transfer);
transferAuthorizationDto.setShowToMember(false);
chargebackTransfer =
transferAuthorizationService.cancelFromMemberAsReceiver(transferAuthorizationDto);
status = ChargebackStatus.SUCCESS;
} else {
status = ChargebackStatus.TRANSFER_CANNOT_BE_CHARGEDBACK;
}
}
}
// Do the chargeback
if (status == null) {
chargebackTransfer =
paymentService.chargeback(transfer, WebServiceContext.getClient().getId());
status = ChargebackStatus.SUCCESS;
}
if (!status.isSuccessful()) {
webServiceHelper.error("Chargeback result: " + status);
}
final Member member = WebServiceContext.getMember();
// Build the result
if (status == ChargebackStatus.SUCCESS
|| status == ChargebackStatus.TRANSFER_ALREADY_CHARGEDBACK) {
final AccountOwner owner = member == null ? transfer.getToOwner() : member;
final AccountHistoryTransferVO originalVO = accountHelper.toVO(owner, transfer, null);
final AccountHistoryTransferVO chargebackVO =
accountHelper.toVO(owner, chargebackTransfer, null);
return new ChargebackResult(status, originalVO, chargebackVO);
} else {
return new ChargebackResult(status, null, null);
}
}
private <V> ChargebackResult reverse(final V transferId, final TransferLoader<V> loader) {
Exception errorException = null;
ChargebackStatus status = null;
Transfer transfer = null;
try {
transfer = loader.load(transferId);
// Ensure the member is the one who received the payment
final Member member = WebServiceContext.getMember();
if (member != null && !transfer.getToOwner().equals(member)) {
throw new EntityNotFoundException();
} else {
final Collection<TransferType> possibleTypes =
fetchService
.fetch(
WebServiceContext.getClient(),
ServiceClient.Relationships.CHARGEBACK_PAYMENT_TYPES)
.getChargebackPaymentTypes();
if (!possibleTypes.contains(transfer.getType())) {
throw new EntityNotFoundException();
}
}
} catch (final EntityNotFoundException e) {
errorException = e;
status = ChargebackStatus.TRANSFER_NOT_FOUND;
}
if (status == null) {
try {
return doChargeback(transfer);
} catch (final Exception e) {
webServiceHelper.error(e);
return new ChargebackResult(ChargebackStatus.TRANSFER_CANNOT_BE_CHARGEDBACK, null, null);
}
} else {
if (!status.isSuccessful()) {
webServiceHelper.error(
errorException != null
? errorException
: new Exception("Chargeback status: " + status));
}
return new ChargebackResult(status, null, null);
}
}
/** Prepares the parameters for a payment. The resulting status is null when no problem found */
private PrepareParametersResult prepareParameters(final PaymentParameters params) {
final Member restricted = WebServiceContext.getMember();
final boolean fromSystem = params.isFromSystem();
final boolean toSystem = params.isToSystem();
PaymentStatus status = null;
Member fromMember = null;
Member toMember = null;
// Load the from member
if (!fromSystem) {
try {
fromMember = paymentHelper.resolveFromMember(params);
} catch (final EntityNotFoundException e) {
webServiceHelper.error(e);
status = PaymentStatus.FROM_NOT_FOUND;
}
}
// Load the to member
if (!toSystem) {
try {
toMember = paymentHelper.resolveToMember(params);
} catch (final EntityNotFoundException e) {
webServiceHelper.error(e);
status = PaymentStatus.TO_NOT_FOUND;
}
}
if (status == null) {
if (restricted == null) {
// Ensure has the do payment permission
if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
}
// Check the channel immediately, as needed by SMS controller
if (fromMember != null
&& !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
status = PaymentStatus.INVALID_CHANNEL;
}
} else {
// Enforce the restricted to member parameters
if (fromSystem) {
// Restricted to member can't perform payment from system
status = PaymentStatus.FROM_NOT_FOUND;
} else {
if (fromMember == null) {
fromMember = restricted;
} else if (toMember == null && !toSystem) {
toMember = restricted;
}
}
if (status == null) {
// Check make / receive payment permissions
if (fromMember.equals(restricted)) {
if (!WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
}
} else {
if (!WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.RECEIVE_PAYMENT);
}
}
// Ensure that either from or to member is the restricted one
if (!fromMember.equals(restricted) && !toMember.equals(restricted)) {
status = PaymentStatus.INVALID_PARAMETERS;
webServiceHelper.trace(
status
+ ". Reason: Neither the origin nor the destination members are equal to the restricted: "
+ restricted);
}
}
if (status == null) {
// Enforce the permissions
if (restricted.equals(fromMember)
&& !WebServiceContext.hasPermission(ServiceOperation.DO_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.DO_PAYMENT);
} else if (restricted.equals(toMember)
&& !WebServiceContext.hasPermission(ServiceOperation.RECEIVE_PAYMENT)) {
throw new PermissionDeniedException(
"The service client doesn't have the following permission: "
+ ServiceOperation.RECEIVE_PAYMENT);
}
}
}
}
// Ensure both from and to member are present
if (status == null) {
if (fromMember == null && !fromSystem) {
status = PaymentStatus.FROM_NOT_FOUND;
} else if (toMember == null && !toSystem) {
status = PaymentStatus.TO_NOT_FOUND;
}
}
if (status == null) {
// Check the channel
if (fromMember != null
&& !accessService.isChannelEnabledForMember(channelHelper.restricted(), fromMember)) {
status = PaymentStatus.INVALID_CHANNEL;
}
}
if (status == null) {
// Check the credentials
boolean checkCredentials;
if (restricted != null) {
checkCredentials = !fromMember.equals(restricted);
} else {
checkCredentials = !fromSystem && WebServiceContext.getClient().isCredentialsRequired();
}
if (checkCredentials) {
try {
checkCredentials(fromMember, WebServiceContext.getChannel(), params.getCredentials());
} catch (final InvalidCredentialsException e) {
status = PaymentStatus.INVALID_CREDENTIALS;
} catch (final BlockedCredentialsException e) {
status = PaymentStatus.BLOCKED_CREDENTIALS;
}
}
}
// No error
final AccountOwner fromOwner = fromSystem ? SystemAccountOwner.instance() : fromMember;
final AccountOwner toOwner = toSystem ? SystemAccountOwner.instance() : toMember;
return new PrepareParametersResult(status, fromOwner, toOwner);
}
public RequestPaymentResult requestPaymentConfirmation(final RequestPaymentParameters params) {
Exception errorException = null;
PaymentRequestStatus status = null;
// Get the to member
Member toMember = null;
final Member restricted = WebServiceContext.getMember();
if (restricted != null) {
// When restricted to a member, he is always the to
toMember = restricted;
} else {
try {
toMember = paymentHelper.resolveToMember(params);
} catch (final EntityNotFoundException e) {
status = PaymentRequestStatus.TO_NOT_FOUND;
}
// When not restricted to a member, check the channel access of the payment receiver
if (status == null && !memberHelper.isChannelEnabledForMember(toMember)) {
status = PaymentRequestStatus.TO_INVALID_CHANNEL;
}
}
// Get the from member
Member fromMember = null;
if (status == null) {
try {
fromMember = paymentHelper.resolveFromMember(params);
} catch (final EntityNotFoundException e) {
status = PaymentRequestStatus.FROM_NOT_FOUND;
}
}
// Generate the ticket if no error so far
PaymentRequestTicket ticket = null;
if (status == null) {
try {
ticket = paymentHelper.toTicket(params, null);
ticket.setFrom(fromMember);
ticket.setTo(toMember);
ticket = ticketService.generate(ticket);
status = PaymentRequestStatus.REQUEST_RECEIVED;
} catch (final InvalidChannelException e) {
status = PaymentRequestStatus.FROM_INVALID_CHANNEL;
} catch (final Exception e) {
errorException = e;
final PaymentStatus paymentStatus = paymentHelper.toStatus(e);
try {
// Probably it's a payment status also present on payment request status
status = PaymentRequestStatus.valueOf(paymentStatus.name());
} catch (final Exception e1) {
e1.initCause(e);
errorException = e1;
status = PaymentRequestStatus.UNKNOWN_ERROR;
}
}
}
if (!status.isSuccessful()) {
webServiceHelper.error(
errorException != null
? errorException
: new Exception("Request payment confirmation status: " + status));
}
// Build a result
final RequestPaymentResult result = new RequestPaymentResult();
result.setStatus(status);
if (ticket != null) {
result.setTicket(ticket.getTicket());
}
return result;
}
public PaymentResult doPayment(final PaymentParameters params) {
AccountHistoryTransferVO transferVO = null;
PaymentStatus status;
AccountStatus fromMemberStatus = null;
AccountStatus toMemberStatus = null;
try {
final PrepareParametersResult result = prepareParameters(params);
status = result.getStatus();
if (status == null) {
// Status null means no "pre-payment" errors (like validation, pin, channel...)
// Perform the payment
final DoExternalPaymentDTO dto =
paymentHelper.toExternalPaymentDTO(params, result.getFrom(), result.getTo());
// Validate the transfer type
if (!validateTransferType(dto)) {
status = PaymentStatus.INVALID_PARAMETERS;
webServiceHelper.trace(
status
+ ". Reason: The service client doesn't have permission to the specified transfer type: "
+ dto.getTransferType());
} else {
final Transfer transfer = (Transfer) paymentService.insertExternalPayment(dto);
status = paymentHelper.toStatus(transfer);
transferVO = accountHelper.toVO(WebServiceContext.getMember(), transfer, null);
if (WebServiceContext.getClient()
.getPermissions()
.contains(ServiceOperation.ACCOUNT_DETAILS)
&& params.isReturnStatus()) {
if (WebServiceContext.getMember() == null) {
fromMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(dto.getFrom(), dto.getTransferType().getFrom()));
toMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(dto.getTo(), dto.getTransferType().getTo()));
} else if (WebServiceContext.getMember()
.equals(paymentHelper.resolveFromMember(params))) {
fromMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(dto.getFrom(), dto.getTransferType().getFrom()));
} else {
toMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(dto.getTo(), dto.getTransferType().getTo()));
}
}
}
}
} catch (final Exception e) {
webServiceHelper.error(e);
status = paymentHelper.toStatus(e);
}
if (!status.isSuccessful()) {
webServiceHelper.error("Payment status: " + status);
}
return new PaymentResult(
status,
transferVO,
accountHelper.toVO(fromMemberStatus),
accountHelper.toVO(toMemberStatus));
}
public PaymentResult confirmPayment(final ConfirmPaymentParameters params) {
Exception errorException = null;
AccountStatus fromMemberStatus = null;
AccountStatus toMemberStatus = null;
Member fromMember = null;
Member toMember = null;
// It's nonsense to use this if restricted to a member
if (WebServiceContext.getMember() != null) {
throw new PermissionDeniedException();
}
final Channel channel = WebServiceContext.getChannel();
final String channelName = channel == null ? null : channel.getInternalName();
PaymentStatus status = null;
AccountHistoryTransferVO transferVO = null;
// Get the ticket
PaymentRequestTicket ticket = null;
try {
// Check that the ticket is valid
final Ticket t = ticketService.load(params.getTicket());
fromMember = t.getFrom();
toMember = t.getTo();
if (!(t instanceof PaymentRequestTicket) || t.getStatus() != Ticket.Status.PENDING) {
throw new Exception(
"Invalid ticket and/or status: "
+ t.getClass().getName()
+ ", status: "
+ t.getStatus());
}
// Check that the channel is the expected one
ticket = (PaymentRequestTicket) t;
if (!ticket.getToChannel().getInternalName().equals(channelName)) {
throw new Exception(
"The ticket's destination channel is not the expected one (expected="
+ channelName
+ "): "
+ ticket.getToChannel().getInternalName());
}
} catch (final Exception e) {
errorException = e;
status = PaymentStatus.INVALID_PARAMETERS;
}
// Validate the Channel and credentials
Member member = null;
if (status == null) {
member = ticket.getFrom();
if (!accessService.isChannelEnabledForMember(channelName, member)) {
status = PaymentStatus.INVALID_CHANNEL;
}
if (status == null && WebServiceContext.getClient().isCredentialsRequired()) {
try {
checkCredentials(member, channel, params.getCredentials());
} catch (final InvalidCredentialsException e) {
status = PaymentStatus.INVALID_CREDENTIALS;
} catch (final BlockedCredentialsException e) {
status = PaymentStatus.BLOCKED_CREDENTIALS;
}
}
}
// Confirm the payment
if (status == null) {
try {
final Transfer transfer = (Transfer) paymentService.confirmPayment(ticket.getTicket());
transferVO = accountHelper.toVO(member, transfer, null);
status = paymentHelper.toStatus(transfer);
if (WebServiceContext.getClient()
.getPermissions()
.contains(ServiceOperation.ACCOUNT_DETAILS)) {
if (WebServiceContext.getMember() == null) {
fromMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(fromMember, transfer.getFrom().getType()));
toMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(toMember, transfer.getTo().getType()));
} else if (WebServiceContext.getMember().equals(fromMember)) {
fromMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(fromMember, transfer.getFrom().getType()));
} else {
toMemberStatus =
accountService.getStatus(
new GetTransactionsDTO(toMember, transfer.getTo().getType()));
}
}
} catch (final Exception e) {
errorException = e;
status = paymentHelper.toStatus(e);
}
}
if (!status.isSuccessful()) {
webServiceHelper.error(
errorException != null
? errorException
: new Exception("Confirm payment status: " + status));
}
// Build the result
return new PaymentResult(
status,
transferVO,
accountHelper.toVO(fromMemberStatus),
accountHelper.toVO(toMemberStatus));
}
