From c03dbba00b8312bc1a4209fab0ae3ae8f7a7d54f Mon Sep 17 00:00:00 2001
From: Dmitry Novikov <nerosketch@gmail.com>
Date: Sat, 29 Sep 2018 14:28:27 +0300
Subject: [PATCH 1/2] pay forward

---
 abonapp/urls.py  |   3 +-
 abonapp/views.py | 104 ++++++++++++++++++++++++++++++++++++++++++++++-
 forward_pay.php  |  83 +++++++++++++++++++++++++++++++++++++
 3 files changed, 188 insertions(+), 2 deletions(-)
 create mode 100755 forward_pay.php

diff --git a/abonapp/urls.py b/abonapp/urls.py
index d13a2fd..c3a5d64 100644
--- a/abonapp/urls.py
+++ b/abonapp/urls.py
@@ -62,5 +62,6 @@ urlpatterns = [
     # Api's
     path('api/abons/', views.abons),
     path('api/abon_filter/', views.search_abon),
-    path('api/dhcp_lever/', views.DhcpLever.as_view())
+    path('api/dhcp_lever/', views.DhcpLever.as_view()),
+    path('api/duplicate_pay/', views.DublicatePay.as_view())
 ]
diff --git a/abonapp/views.py b/abonapp/views.py
index 22c3531..859f103 100644
--- a/abonapp/views.py
+++ b/abonapp/views.py
@@ -2,13 +2,14 @@ from ipaddress import ip_address
 from typing import Dict, Optional
 from datetime import datetime, date
 from django.core.exceptions import PermissionDenied, ValidationError
-from django.db import IntegrityError, ProgrammingError, transaction, OperationalError
+from django.db import IntegrityError, ProgrammingError, transaction, OperationalError, DatabaseError
 from django.db.models import Count, Q
 from django.shortcuts import render, redirect, get_object_or_404, resolve_url
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseRedirect
 from django.contrib import messages
 from django.urls import reverse_lazy
+from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from django.utils.decorators import method_decorator
 from django.views.generic import ListView, UpdateView, CreateView, DeleteView
@@ -33,6 +34,7 @@ from djing import ping
 from djing import lib
 from djing.lib.decorators import json_view, only_admins
 from djing.global_base_views import OrderedFilteredList, SecureApiView
+from xmlview.decorators import xml_view
 
 
 login_decs = login_required, only_admins
@@ -1325,3 +1327,103 @@ class DhcpLever(SecureApiView):
             print('Duplicate:', e)
             return str(e)
 
+
+class DublicatePay(SecureApiView):
+    http_method_names = 'get',
+
+    @staticmethod
+    def _bad_ret(err_id, err_description=None):
+        now = timezone.now()
+        r = {
+            'status_code': lib.safe_int(err_id),
+            'time_stamp': now.strftime("%d.%m.%Y %H:%M")
+        }
+        if err_description:
+            r.update({'description': err_description})
+        return r
+
+    @method_decorator(xml_view(root_node='pay-response'))
+    def get(self, request, *args, **kwargs):
+        act = lib.safe_int(request.GET.get('ACT'))
+        self.current_date = timezone.now().strftime("%d.%m.%Y %H:%M")
+
+        if act <= 0:
+            return self._bad_ret(-101, 'ACT less than zero')
+
+        try:
+            if act == 1:
+                return self._fetch_user_info(request.GET)
+            elif act == 4:
+                return self._make_pay(request.GET)
+            elif act == 7:
+                return self._check_pay(request.GET)
+            else:
+                return self._bad_ret(-101, 'ACT is not passed')
+        except models.Abon.DoesNotExist:
+            return self._bad_ret(-40)
+        except DatabaseError:
+            return self._bad_ret(-90)
+        except models.AllTimePayLog.DoesNotExist:
+            return self._bad_ret(-10)
+        except AttributeError:
+            return self._bad_ret(-101)
+
+    def _fetch_user_info(self, data: dict):
+        pay_account = data.get('PAY_ACCOUNT')
+        abon = models.Abon.objects.get(pk=pay_account)
+        fio = abon.fio
+        ballance = float(abon.ballance)
+        return {
+            'balance': ballance,
+            'name': fio,
+            'account': pay_account,
+            'service_id': getattr(settings, 'PAY_SERV_ID'),
+            'min_amount': 10.0,
+            'max_amount': 5000,
+            'status_code': 21,
+            'time_stamp': self.current_date
+        }
+
+    def _make_pay(self, data: dict):
+        trade_point = lib.safe_int(data.get('TRADE_POINT'))
+        receipt_num = lib.safe_int(data.get('RECEIPT_NUM'))
+        pay_account = data.get('PAY_ACCOUNT')
+        pay_id = data.get('PAY_ID')
+        pay_amount = lib.safe_float(data.get('PAY_AMOUNT'))
+        abon = models.Abon.objects.get(pk=pay_account)
+        pays = models.AllTimePayLog.objects.filter(pay_id=pay_id)
+        if pays.count() > 0:
+            return self._bad_ret(-100)
+
+        abon.add_ballance(None, pay_amount, comment='KonikaForward %.2f' % pay_amount)
+        abon.save(update_fields=('ballance',))
+
+        models.AllTimePayLog.objects.create(
+            pay_id=pay_id,
+            summ=pay_amount,
+            abon=abon,
+            trade_point=trade_point,
+            receipt_num=receipt_num
+        )
+        return {
+            'pay_id': pay_id,
+            'service_id': data.get('SERVICE_ID'),
+            'amount': pay_amount,
+            'status_code': 22,
+            'time_stamp': self.current_date
+        }
+
+    def _check_pay(self, data: dict):
+        pay_id = data.get('PAY_ID')
+        pay = models.AllTimePayLog.objects.get(pay_id=pay_id)
+        return {
+            'status_code': 11,
+            'time_stamp': self.current_date,
+            'transaction': {
+                'pay_id': pay_id,
+                'service_id': data.get('SERVICE_ID'),
+                'amount': pay.summ,
+                'status': 111,
+                'time_stamp': pay.date_add.strftime("%d.%m.%Y %H:%M")
+            }
+        }
diff --git a/forward_pay.php b/forward_pay.php
new file mode 100755
index 0000000..90bc3c6
--- /dev/null
+++ b/forward_pay.php
@@ -0,0 +1,83 @@
+#!/usr/bin/env php
+<?php
+
+define("API_AUTH_SECRET", "secret");
+define("SERVER_DOMAIN", 'http://localhost:8000');
+define('N', '
+');
+
+
+function calc_hash($str)
+{
+    $hash = bin2hex(mhash(MHASH_SHA256,$str));
+    return $hash;
+}
+
+
+function make_sign($data)
+{
+    asort($data, SORT_STRING);
+    array_push($data, API_AUTH_SECRET);
+    $str_to_hash = join('_', $data);
+    return calc_hash($str_to_hash);
+}
+
+
+function send_to($data)
+{
+    $sign = make_sign($data);
+    $data['sign'] = $sign;
+    $url_params = http_build_query($data);
+    $r = file_get_contents(SERVER_DOMAIN."/abons/api/duplicate_pay/?".$url_params);
+    return $r;
+}
+
+
+
+function forward_pay_request($act, $pay_account, $service_id, $trade_point, $receipt_num, $pay_id, $pay_amount)
+{
+    require('./users_uname_pk_pairs.php');
+
+    // $user_id_pairs
+
+    if($act == 1)
+    {
+        $pay = [
+            "ACT" => 1,
+            "PAY_ACCOUNT" => $user_id_pairs[$pay_account]
+        ];
+        return send_to($pay);
+    }else if($act == 4)
+    {
+        $pay = [
+            "ACT" => 4,
+            "PAY_ACCOUNT" => $user_id_pairs[$pay_account],
+            "TRADE_POINT" => $trade_point,
+            "RECEIPT_NUM" => $receipt_num,
+            "PAY_ID" => $pay_id,
+            "PAY_AMOUNT" => $pay_amount,
+            "SERVICE_ID" => $service_id
+        ];
+        return send_to($pay);
+    }else if($act == 7)
+    {
+        $pay = [
+            "ACT" => 7,
+            "PAY_ID" => $pay_id,
+            "SERVICE_ID" => $service_id
+        ];
+        return send_to($pay);
+    }
+
+}
+
+# Request
+echo forward_pay_request(1, '1234', null, null, null, null, null);
+
+# Add cash
+echo forward_pay_request('4', '1234', 'mypaysrv', '3432', '289473', '897879-989-68669', '1');
+
+# check cash
+echo forward_pay_request(7, null, 'mypaysrv', null, null, '897879-989-68669', null);
+
+?>

From 8309718d7422a21509b2906b20f817e0c89f080f Mon Sep 17 00:00:00 2001
From: Dmitry Novikov <nerosketch@gmail.com>
Date: Wed, 10 Oct 2018 11:26:14 +0300
Subject: [PATCH 2/2] Change fields

---
 accounts_app/forms.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accounts_app/forms.py b/accounts_app/forms.py
index f8fcc82..241617a 100644
--- a/accounts_app/forms.py
+++ b/accounts_app/forms.py
@@ -52,4 +52,4 @@ class UserPermissionsForm(forms.ModelForm):
 class UserProfileForm(forms.ModelForm):
     class Meta:
         model = UserProfile
-        exclude = ('avatar',)
+        exclude = ('avatar', 'password', 'groups', 'user_permissions', 'responsibility_groups')