uncloud-mravi/uncloud_pay/views.py

455 lines
16 KiB
Python
Raw Normal View History

from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic.base import TemplateView
2020-02-27 10:21:38 +00:00
from django.shortcuts import render
from django.db import transaction
2020-02-27 11:38:04 +00:00
from django.contrib.auth import get_user_model
2020-04-15 13:17:38 +00:00
from rest_framework import viewsets, mixins, permissions, status, views
from rest_framework.renderers import TemplateHTMLRenderer
2020-02-27 11:10:26 +00:00
from rest_framework.response import Response
2020-02-27 11:38:04 +00:00
from rest_framework.decorators import action
from rest_framework.reverse import reverse
from rest_framework.decorators import renderer_classes
from vat_validator import validate_vat, vies
from vat_validator.countries import EU_COUNTRY_CODES
2020-05-07 13:38:49 +00:00
from hardcopy import bytestring_to_pdf
from django.core.files.temp import NamedTemporaryFile
from django.http import FileResponse
from django.template.loader import render_to_string
from copy import deepcopy
2020-02-27 10:21:38 +00:00
2020-02-27 14:50:46 +00:00
import json
import logging
2020-02-27 14:50:46 +00:00
from .models import *
from .serializers import *
2021-01-01 11:41:54 +00:00
from .selectors import *
2020-02-27 11:10:26 +00:00
from datetime import datetime
from vat_validator import sanitize_vat
import uncloud_pay.stripe as uncloud_stripe
2020-02-27 10:21:38 +00:00
logger = logging.getLogger(__name__)
2021-01-01 11:41:54 +00:00
2020-03-05 09:27:33 +00:00
###
2020-12-28 22:35:34 +00:00
# 2020-12 checked code
class RegisterCard(LoginRequiredMixin, TemplateView):
login_url = '/login/'
2020-12-25 16:33:01 +00:00
template_name = "uncloud_pay/register_stripe.html"
def get_context_data(self, **kwargs):
2020-12-25 16:29:17 +00:00
customer_id = uncloud_stripe.get_customer_id_for(self.request.user)
2020-12-25 16:29:17 +00:00
setup_intent = uncloud_stripe.create_setup_intent(customer_id)
context = super().get_context_data(**kwargs)
context['client_secret'] = setup_intent.client_secret
context['username'] = self.request.user
context['stripe_pk'] = uncloud_stripe.public_api_key
return context
2020-12-26 10:22:51 +00:00
2020-12-28 22:35:34 +00:00
class CreditCardViewSet(mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
mixins.DestroyModelMixin,
mixins.ListModelMixin,
viewsets.GenericViewSet):
2020-12-26 10:22:51 +00:00
2020-12-28 22:35:34 +00:00
serializer_class = StripeCreditCardSerializer
permission_classes = [permissions.IsAuthenticated]
2020-12-26 10:22:51 +00:00
2020-12-28 22:35:34 +00:00
def list(self, request):
uncloud_stripe.sync_cards_for_user(self.request.user)
return super().list(request)
2020-12-26 10:22:51 +00:00
2020-12-28 22:35:34 +00:00
def get_queryset(self):
return StripeCreditCard.objects.filter(owner=self.request.user)
2020-12-29 00:43:33 +00:00
class PaymentViewSet(viewsets.ModelViewSet):
2020-12-28 22:35:34 +00:00
serializer_class = PaymentSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return Payment.objects.filter(owner=self.request.user)
2020-12-26 10:22:51 +00:00
2021-01-01 11:41:54 +00:00
class BalanceViewSet(viewsets.ViewSet):
permission_classes = [permissions.IsAuthenticated]
def list(self, request):
serializer = BalanceSerializer(data={
'balance': get_balance_for_user(self.request.user)
})
serializer.is_valid()
return Response(serializer.data)
2020-12-29 00:43:33 +00:00
###
# Payments and Payment Methods.
2020-12-28 22:35:34 +00:00
class OrderViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = OrderSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return Order.objects.filter(owner=self.request.user)
class ListCards(LoginRequiredMixin, TemplateView):
2020-12-26 10:22:51 +00:00
login_url = '/login/'
2020-12-28 22:35:34 +00:00
template_name = "uncloud_pay/list_stripe.html"
2020-12-26 10:22:51 +00:00
def get_context_data(self, **kwargs):
customer_id = uncloud_stripe.get_customer_id_for(self.request.user)
cards = uncloud_stripe.get_customer_cards(customer_id)
context = super().get_context_data(**kwargs)
context['cards'] = cards
context['username'] = self.request.user
return context
class PaymentMethodViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated]
2020-03-02 21:26:40 +00:00
def get_serializer_class(self):
if self.action == 'create':
return CreatePaymentMethodSerializer
2020-03-05 10:28:43 +00:00
elif self.action == 'update':
return UpdatePaymentMethodSerializer
2020-03-03 17:16:25 +00:00
elif self.action == 'charge':
return ChargePaymentMethodSerializer
2020-03-02 21:26:40 +00:00
else:
return PaymentMethodSerializer
def get_queryset(self):
return PaymentMethod.objects.filter(owner=self.request.user)
# XXX: Handling of errors is far from great down there.
@transaction.atomic
def create(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# Set newly created method as primary if no other method is.
if PaymentMethod.get_primary_for(request.user) == None:
serializer.validated_data['primary'] = True
if serializer.validated_data['source'] == "stripe":
# Retrieve Stripe customer ID for user.
2020-03-05 10:03:47 +00:00
customer_id = uncloud_stripe.get_customer_id_for(request.user)
if customer_id == None:
return Response(
{'error': 'Could not resolve customer stripe ID.'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
2020-03-05 10:03:47 +00:00
try:
setup_intent = uncloud_stripe.create_setup_intent(customer_id)
except Exception as e:
return Response({'error': str(e)},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
payment_method = PaymentMethod.objects.create(
owner=request.user,
2020-03-05 10:03:47 +00:00
stripe_setup_intent_id=setup_intent.id,
**serializer.validated_data)
# TODO: find a way to use reverse properly:
# https://www.django-rest-framework.org/api-guide/reverse/
2020-03-05 10:03:47 +00:00
path = "payment-method/{}/register-stripe-cc".format(
payment_method.uuid)
stripe_registration_url = reverse('api-root', request=request) + path
return Response({'please_visit': stripe_registration_url})
else:
serializer.save(owner=request.user, **serializer.validated_data)
return Response(serializer.data)
@action(detail=True, methods=['post'])
def charge(self, request, pk=None):
payment_method = self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
2020-03-03 17:16:25 +00:00
amount = serializer.validated_data['amount']
try:
payment = payment_method.charge(amount)
output_serializer = PaymentSerializer(payment)
return Response(output_serializer.data)
except Exception as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@action(detail=True, methods=['get'], url_path='register-stripe-cc', renderer_classes=[TemplateHTMLRenderer])
def register_stripe_cc(self, request, pk=None):
payment_method = self.get_object()
2020-03-05 10:03:47 +00:00
if payment_method.source != 'stripe':
return Response(
{'error': 'This is not a Stripe-based payment method.'},
template_name='error.html.j2')
if payment_method.active:
return Response(
{'error': 'This payment method is already active'},
template_name='error.html.j2')
try:
setup_intent = uncloud_stripe.get_setup_intent(
payment_method.stripe_setup_intent_id)
except Exception as e:
return Response(
{'error': str(e)},
template_name='error.html.j2')
# TODO: find a way to use reverse properly:
# https://www.django-rest-framework.org/api-guide/reverse/
callback_path= "payment-method/{}/activate-stripe-cc/".format(
2020-12-25 16:29:17 +00:00
payment_method.id)
2020-03-05 10:03:47 +00:00
callback = reverse('api-root', request=request) + callback_path
# Render stripe card registration form.
template_args = {
2020-03-05 10:03:47 +00:00
'client_secret': setup_intent.client_secret,
'stripe_pk': uncloud_stripe.public_api_key,
'callback': callback
}
return Response(template_args, template_name='stripe-payment.html.j2')
2020-03-05 10:03:47 +00:00
@action(detail=True, methods=['post'], url_path='activate-stripe-cc')
def activate_stripe_cc(self, request, pk=None):
payment_method = self.get_object()
2020-03-05 10:03:47 +00:00
try:
setup_intent = uncloud_stripe.get_setup_intent(
payment_method.stripe_setup_intent_id)
except Exception as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
# Card had been registered, fetching payment method.
2020-03-05 10:03:47 +00:00
print(setup_intent)
if setup_intent.payment_method:
payment_method.stripe_payment_method_id = setup_intent.payment_method
payment_method.save()
return Response({
'uuid': payment_method.uuid,
'activated': payment_method.active})
else:
error = 'Could not fetch payment method from stripe. Please try again.'
return Response({'error': error})
@action(detail=True, methods=['post'], url_path='set-as-primary')
def set_as_primary(self, request, pk=None):
payment_method = self.get_object()
payment_method.set_as_primary_for(request.user)
serializer = self.get_serializer(payment_method)
return Response(serializer.data)
2020-03-05 09:27:33 +00:00
###
# Bills and Orders.
class BillViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = BillSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return Bill.objects.filter(owner=self.request.user)
@action(detail=False, methods=['get'])
2020-03-05 09:27:33 +00:00
def unpaid(self, request):
serializer = self.get_serializer(
Bill.get_unpaid_for(self.request.user),
many=True)
return Response(serializer.data)
2020-03-05 09:27:33 +00:00
2020-05-07 13:38:49 +00:00
@action(detail=True, methods=['get'])
def download(self, *args, **kwargs):
2020-08-01 12:05:56 +00:00
"""
Allow to download
"""
2020-05-07 13:38:49 +00:00
bill = self.get_object()
2020-10-25 12:52:36 +00:00
provider = UncloudProvider.get_provider()
2020-05-07 13:38:49 +00:00
output_file = NamedTemporaryFile()
bill_html = render_to_string("bill.html.j2", {'bill': bill})
bytestring_to_pdf(bill_html.encode('utf-8'), output_file)
response = FileResponse(output_file, content_type="application/pdf")
response['Content-Disposition'] = 'filename="{}_{}.pdf"'.format(
bill.reference, bill.uuid
)
return response
2020-03-05 09:27:33 +00:00
class OrderViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = OrderSerializer
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return Order.objects.filter(owner=self.request.user)
2021-06-20 09:51:27 +00:00
class VATRateViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = VATRateSerializer
permission_classes = [permissions.IsAuthenticated]
queryset = VATRate.objects.all()
2020-04-15 13:17:38 +00:00
class BillingAddressViewSet(mixins.CreateModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
mixins.ListModelMixin,
viewsets.GenericViewSet):
permission_classes = [permissions.IsAuthenticated]
def get_serializer_class(self):
if self.action == 'update':
return UpdateBillingAddressSerializer
else:
return BillingAddressSerializer
def get_queryset(self):
return self.request.user.billingaddress_set.all()
def create(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# Validate VAT numbers.
country = serializer.validated_data["country"]
# We ignore empty VAT numbers.
2020-05-02 18:42:09 +00:00
if 'vat_number' in serializer.validated_data and serializer.validated_data["vat_number"] != "":
vat_number = serializer.validated_data["vat_number"]
if not validate_vat(country, vat_number):
return Response(
{'error': 'Malformed VAT number.'},
status=status.HTTP_400_BAD_REQUEST)
elif country in EU_COUNTRY_CODES:
# XXX: make a synchroneous call to a third patry API here might not be a good idea..
try:
vies_state = vies.check_vat(country, vat_number)
if not vies_state.valid:
return Response(
{'error': 'European VAT number does not exist in VIES.'},
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
logger.warning(e)
return Response(
{'error': 'Could not validate EU VAT number against VIES. Try again later..'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
2020-04-15 13:17:38 +00:00
serializer.save(owner=request.user)
return Response(serializer.data)
###
2020-05-07 10:45:06 +00:00
# Admin stuff.
class AdminPaymentViewSet(viewsets.ModelViewSet):
serializer_class = PaymentSerializer
permission_classes = [permissions.IsAdminUser]
def get_queryset(self):
2020-02-27 11:42:24 +00:00
return Payment.objects.all()
def create(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save(timestamp=datetime.now())
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
# Bills are generated from orders and should not be created or updated by hand.
class AdminBillViewSet(BillViewSet):
serializer_class = BillSerializer
permission_classes = [permissions.IsAdminUser]
def get_queryset(self):
2020-02-27 11:42:24 +00:00
return Bill.objects.all()
@action(detail=False, methods=['get'])
def unpaid(self, request):
unpaid_bills = []
# XXX: works but we can do better than number of users + 1 SQL requests...
for user in get_user_model().objects.all():
unpaid_bills = unpaid_bills + Bill.get_unpaid_for(self.request.user)
serializer = self.get_serializer(unpaid_bills, many=True)
return Response(serializer.data)
2020-02-27 11:42:24 +00:00
2020-05-08 08:42:04 +00:00
@action(detail=False, methods=['post'])
def generate(self, request):
users = get_user_model().objects.all()
generated_bills = []
for user in users:
now = timezone.now()
generated_bills = generated_bills + Bill.generate_for(
year=now.year,
month=now.month,
user=user)
return Response(
map(lambda b: b.reference, generated_bills),
status=status.HTTP_200_OK)
class AdminOrderViewSet(mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.CreateModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
2020-05-07 13:38:49 +00:00
serializer_class = OrderSerializer
2020-05-07 10:45:06 +00:00
permission_classes = [permissions.IsAdminUser]
2020-02-27 11:42:24 +00:00
2020-05-07 10:05:26 +00:00
def get_serializer(self, *args, **kwargs):
2020-05-07 13:38:49 +00:00
return self.serializer_class(*args, **kwargs, admin=True)
2020-05-07 10:05:26 +00:00
2020-02-27 11:42:24 +00:00
def get_queryset(self):
return Order.objects.all()
2020-05-08 07:31:46 +00:00
# Updates create a new order and terminate the 'old' one.
@transaction.atomic
def update(self, request, *args, **kwargs):
order = self.get_object()
partial = kwargs.pop('partial', False)
serializer = self.get_serializer(order, data=request.data, partial=partial)
serializer.is_valid(raise_exception=True)
# Clone existing order for replacement.
replacing_order = deepcopy(order)
# Yes, that's how you make a new entry in DB:
# https://docs.djangoproject.com/en/3.0/topics/db/queries/#copying-model-instances
replacing_order.pk = None
for attr, value in serializer.validated_data.items():
setattr(replacing_order, attr, value)
# Save replacing order and terminate 'previous' one.
replacing_order.save()
order.replaced_by = replacing_order
order.save()
order.terminate()
return Response(replacing_order)
2020-05-08 07:31:46 +00:00
@action(detail=True, methods=['post'])
def terminate(self, request, pk):
order = self.get_object()
if order.is_terminated:
return Response(
{'error': 'Order is already terminated.'},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
order.terminate()
return Response({}, status=status.HTTP_200_OK)