1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from urllib.parse import urlparse, parse_qs
from unittest.mock import patch
from freezegun import freeze_time
from odoo.tests import tagged, JsonRpcException
from odoo.tools import mute_logger
from odoo.addons.payment.controllers.portal import PaymentPortal
from odoo.addons.payment.tests.http_common import PaymentHttpCommon
@tagged('post_install', '-at_install')
class TestFlows(PaymentHttpCommon):
def _test_flow(self, flow):
""" Simulate the given online payment flow and tests the tx values at each step.
:param str flow: The online payment flow to test ('direct', 'redirect', or 'token')
:return: The transaction created by the payment flow
:rtype: recordset of `payment.transaction`
"""
self.reference = f"Test Transaction ({flow} - {self.partner.name})"
route_values = self._prepare_pay_values()
# /payment/pay
payment_context = self._get_portal_pay_context(**route_values)
for key, val in payment_context.items():
if key in route_values:
self.assertEqual(val, route_values[key])
# Route values are taken from payment_context result of /pay route to correctly simulate the flow
route_values = {
k: payment_context[k]
for k in [
'amount',
'currency_id',
'partner_id',
'landing_route',
'reference_prefix',
'access_token',
]
}
route_values.update({
'provider_id': self.provider.id,
'payment_method_id': self.payment_method_id if flow != 'token' else None,
'token_id': self._create_token().id if flow == 'token' else None,
'flow': flow,
'tokenization_requested': False,
})
with mute_logger('odoo.addons.payment.models.payment_transaction'):
processing_values = self._get_processing_values(**route_values)
tx_sudo = self._get_tx(processing_values['reference'])
# Tx values == given values
self.assertEqual(tx_sudo.provider_id.id, self.provider.id)
self.assertEqual(tx_sudo.amount, self.amount)
self.assertEqual(tx_sudo.currency_id.id, self.currency.id)
self.assertEqual(tx_sudo.partner_id.id, self.partner.id)
self.assertEqual(tx_sudo.reference, self.reference)
# processing_values == given values
self.assertEqual(processing_values['provider_id'], self.provider.id)
self.assertEqual(processing_values['amount'], self.amount)
self.assertEqual(processing_values['currency_id'], self.currency.id)
self.assertEqual(processing_values['partner_id'], self.partner.id)
self.assertEqual(processing_values['reference'], self.reference)
# Verify computed values not provided, but added during the flow
self.assertIn("tx_id=", tx_sudo.landing_route)
self.assertIn("access_token=", tx_sudo.landing_route)
if flow == 'redirect':
# In redirect flow, we verify the rendering of the dummy test form
redirect_form_info = self._extract_values_from_html_form(
processing_values['redirect_form_html'])
# Test content of rendered dummy redirect form
self.assertEqual(redirect_form_info['action'], 'dummy')
# Public user since we didn't authenticate with a specific user
self.assertEqual(
redirect_form_info['inputs']['user_id'],
str(self.user.id))
self.assertEqual(
redirect_form_info['inputs']['view_id'],
str(self.dummy_provider.redirect_form_view_id.id))
return tx_sudo
def test_10_direct_checkout_public(self):
# No authentication needed, automatic fallback on public user
self.user = self.public_user
# Make sure the company considered in payment/pay
# doesn't fall back on the public user main company (not the test one)
self.partner.company_id = self.env.company.id
self._test_flow('direct')
def test_11_direct_checkout_portal(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.user = self.portal_user
self.partner = self.portal_partner
self._test_flow('direct')
def test_12_direct_checkout_internal(self):
self.authenticate(self.internal_user.login, self.internal_user.login)
self.user = self.internal_user
self.partner = self.internal_partner
self._test_flow('direct')
def test_20_redirect_checkout_public(self):
self.user = self.public_user
# Make sure the company considered in payment/pay
# doesn't fall back on the public user main company (not the test one)
self.partner.company_id = self.env.company.id
self._test_flow('redirect')
def test_21_redirect_checkout_portal(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.user = self.portal_user
self.partner = self.portal_partner
self._test_flow('redirect')
def test_22_redirect_checkout_internal(self):
self.authenticate(self.internal_user.login, self.internal_user.login)
self.user = self.internal_user
self.partner = self.internal_partner
self._test_flow('redirect')
# Payment by token #
####################
# NOTE: not tested as public user because a public user cannot save payment details
def test_31_tokenize_portal(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self.user = self.portal_user
self._test_flow('token')
def test_32_tokenize_internal(self):
self.authenticate(self.internal_user.login, self.internal_user.login)
self.partner = self.internal_partner
self.user = self.internal_user
self._test_flow('token')
# VALIDATION #
##############
# NOTE: not tested as public user because the validation flow is only available when logged in
# freeze time for consistent singularize_prefix behavior during the test
@freeze_time("2011-11-02 12:00:21")
def _test_validation(self, flow):
# Fixed with freezegun
expected_reference = 'V-20111102120021'
validation_amount = self.provider._get_validation_amount()
validation_currency = self.provider._get_validation_currency()
payment_context = self._get_portal_payment_method_context()
expected_values = {
'partner_id': self.partner.id,
'access_token': self._generate_test_access_token(self.partner.id, None, None),
'reference_prefix': expected_reference
}
for key, val in payment_context.items():
if key in expected_values:
self.assertEqual(val, expected_values[key])
transaction_values = {
'provider_id': self.provider.id,
'payment_method_id': self.payment_method_id,
'token_id': None,
'amount': None,
'currency_id': None,
'partner_id': payment_context['partner_id'],
'access_token': payment_context['access_token'],
'flow': flow,
'tokenization_requested': True,
'landing_route': payment_context['landing_route'],
'reference_prefix': payment_context['reference_prefix'],
'is_validation': True,
}
with mute_logger('odoo.addons.payment.models.payment_transaction'):
processing_values = self._get_processing_values(**transaction_values)
tx_sudo = self._get_tx(processing_values['reference'])
# Tx values == given values
self.assertEqual(tx_sudo.provider_id.id, self.provider.id)
self.assertEqual(tx_sudo.amount, validation_amount)
self.assertEqual(tx_sudo.currency_id.id, validation_currency.id)
self.assertEqual(tx_sudo.partner_id.id, self.partner.id)
self.assertEqual(tx_sudo.reference, expected_reference)
# processing_values == given values
self.assertEqual(processing_values['amount'], validation_amount)
self.assertEqual(processing_values['currency_id'], validation_currency.id)
self.assertEqual(processing_values['partner_id'], self.partner.id)
self.assertEqual(processing_values['reference'], expected_reference)
def test_51_validation_direct_portal(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self._test_validation(flow='direct')
def test_52_validation_direct_internal(self):
self.authenticate(self.internal_user.login, self.internal_user.login)
self.partner = self.internal_partner
self._test_validation(flow='direct')
def test_61_validation_redirect_portal(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self._test_validation(flow='direct')
def test_62_validation_redirect_internal(self):
self.authenticate(self.internal_user.login, self.internal_user.login)
self.partner = self.internal_partner
self._test_validation(flow='direct')
# Specific flows #
##################
def test_pay_redirect_if_no_partner_exist(self):
route_values = self._prepare_pay_values()
route_values.pop('partner_id')
# Pay without a partner specified --> redirection to login page
response = self._portal_pay(**route_values)
url = urlparse(response.url)
self.assertEqual(url.path, '/web/login')
self.assertIn('redirect', parse_qs(url.query))
# Pay without a partner specified (but logged) --> pay with the partner of current user.
self.authenticate(self.portal_user.login, self.portal_user.login)
tx_context = self._get_portal_pay_context(**route_values)
self.assertEqual(tx_context['partner_id'], self.portal_partner.id)
def test_pay_no_token(self):
route_values = self._prepare_pay_values()
route_values.pop('partner_id')
route_values.pop('access_token')
# Pay without a partner specified --> redirection to login page
response = self._portal_pay(**route_values)
url = urlparse(response.url)
self.assertEqual(url.path, '/web/login')
self.assertIn('redirect', parse_qs(url.query))
# Pay without a partner specified (but logged) --> pay with the partner of current user.
self.authenticate(self.portal_user.login, self.portal_user.login)
tx_context = self._get_portal_pay_context(**route_values)
self.assertEqual(tx_context['partner_id'], self.portal_partner.id)
def test_pay_wrong_token(self):
route_values = self._prepare_pay_values()
route_values['access_token'] = "abcde"
# Pay with a wrong access token --> Not found (404)
response = self._portal_pay(**route_values)
self.assertEqual(response.status_code, 404)
def test_pay_wrong_currency(self):
# Pay with a wrong currency --> Not found (404)
self.currency = self.env['res.currency'].browse(self.env['res.currency'].search([], order='id desc', limit=1).id + 1000)
route_values = self._prepare_pay_values()
response = self._portal_pay(**route_values)
self.assertEqual(response.status_code, 404)
# Pay with an inactive currency --> Not found (404)
self.currency = self.env['res.currency'].search([('active', '=', False)], limit=1)
route_values = self._prepare_pay_values()
response = self._portal_pay(**route_values)
self.assertEqual(response.status_code, 404)
def test_transaction_wrong_flow(self):
transaction_values = self._prepare_pay_values()
transaction_values.pop('reference')
transaction_values.update({
'flow': 'this flow does not exist',
'payment_option_id': self.provider.id,
'tokenization_requested': False,
'landing_route': 'whatever',
'reference_prefix': 'whatever',
})
# Transaction step with a wrong flow --> UserError
with mute_logger("odoo.http"), self.assertRaises(
JsonRpcException,
msg='odoo.exceptions.UserError: The payment should either be direct, with redirection, or made by a token.',
):
self._portal_transaction(**transaction_values)
@mute_logger('odoo.http')
def test_transaction_route_rejects_unexpected_kwarg(self):
route_kwargs = {
**self._prepare_pay_values(),
'custom_create_values': 'whatever', # This should be rejected.
}
with self.assertRaises(JsonRpcException, msg='odoo.exceptions.ValidationError'):
self._portal_transaction(**route_kwargs)
def test_transaction_wrong_token(self):
route_values = self._prepare_pay_values()
route_values['access_token'] = "abcde"
# Transaction step with a wrong access token --> ValidationError
with mute_logger('odoo.http'), self.assertRaises(JsonRpcException, msg='odoo.exceptions.ValidationError: The access token is invalid.'):
self._portal_transaction(**route_values)
def test_access_disabled_providers_tokens(self):
self.partner = self.portal_partner
# Log in as user from Company A
self.authenticate(self.portal_user.login, self.portal_user.login)
token = self._create_token()
provider_b = self.provider.copy()
provider_b.state = 'test'
token_b = self._create_token(provider_id=provider_b.id)
# User must see both tokens and compatible payment methods.
payment_context = self._get_portal_payment_method_context()
self.assertEqual(payment_context['partner_id'], self.partner.id)
self.assertIn(token.id, payment_context['token_ids'])
self.assertIn(token_b.id, payment_context['token_ids'])
self.assertIn(self.payment_method_id, payment_context['payment_method_ids'])
# Token of disabled provider(s) should not be shown.
self.provider.state = 'disabled'
payment_context = self._get_portal_payment_method_context()
self.assertEqual(payment_context['partner_id'], self.partner.id)
self.assertEqual(payment_context['token_ids'], [token_b.id])
# Archived tokens must be hidden from the user
token_b.active = False
payment_context = self._get_portal_payment_method_context()
self.assertEqual(payment_context['partner_id'], self.partner.id)
self.assertEqual(payment_context['token_ids'], [])
@mute_logger('odoo.addons.payment.models.payment_transaction')
def test_direct_payment_triggers_no_payment_request(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self.user = self.portal_user
with patch(
'odoo.addons.payment.models.payment_transaction.PaymentTransaction'
'._send_payment_request'
) as patched:
self._portal_transaction(
**self._prepare_transaction_values(self.payment_method_id, None, 'direct')
)
self.assertEqual(patched.call_count, 0)
@mute_logger('odoo.addons.payment.models.payment_transaction')
def test_payment_with_redirect_triggers_no_payment_request(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self.user = self.portal_user
with patch(
'odoo.addons.payment.models.payment_transaction.PaymentTransaction'
'._send_payment_request'
) as patched:
self._portal_transaction(
**self._prepare_transaction_values(self.payment_method_id, None, 'redirect')
)
self.assertEqual(patched.call_count, 0)
@mute_logger('odoo.addons.payment.models.payment_transaction')
def test_payment_by_token_triggers_exactly_one_payment_request(self):
self.authenticate(self.portal_user.login, self.portal_user.login)
self.partner = self.portal_partner
self.user = self.portal_user
with patch(
'odoo.addons.payment.models.payment_transaction.PaymentTransaction'
'._send_payment_request'
) as patched:
self._portal_transaction(
**self._prepare_transaction_values(None, self._create_token().id, 'token')
)
self.assertEqual(patched.call_count, 1)
def test_tokenization_input_is_shown_to_logged_in_users(self):
# Test both for portal and internal users
self.user = self.portal_user
self.provider.allow_tokenization = True
show_tokenize_input = PaymentPortal._compute_show_tokenize_input_mapping(self.provider)
self.assertDictEqual(show_tokenize_input, {self.provider.id: True})
self.user = self.internal_user
self.provider.allow_tokenization = True
show_tokenize_input = PaymentPortal._compute_show_tokenize_input_mapping(self.provider)
self.assertDictEqual(show_tokenize_input, {self.provider.id: True})
def test_tokenization_input_is_shown_to_logged_out_users(self):
self.user = self.public_user
self.provider.allow_tokenization = True
show_tokenize_input = PaymentPortal._compute_show_tokenize_input_mapping(self.provider)
self.assertDictEqual(show_tokenize_input, {self.provider.id: True})
|
