framework/app/controllers/fees_controller.rb at c8b368013ebaa22f480b8ca8f8fd3e9aea1f9187 · BerkeleyLibrary/framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
require 'jwt'

class FeesController < ApplicationController

  # This will be needed for transaction_complete since Paypal will hit that
  protect_from_forgery with: :null_session

  def index
    @jwt = params.require(:jwt)
    decoded_token = JWT.decode @jwt, nil, false
    @alma_id = decoded_token.first['userName']
    @fees = FeesPayment.new(alma_id: @alma_id)
  rescue ActionController::ParameterMissing
    redirect_to 'https://www.lib.berkeley.edu/find/borrow-renew?section=pay-fees', allow_other_host: true
  rescue JWT::DecodeError
    redirect_to(action: :transaction_error)
  end

  def efee
    @jwt = params.require(:jwt)
    secret = EfeesInvoice.secret
    decoded_token = JWT.decode @jwt, secret, true, { algorithm: 'HS256' }
    @alma_id = decoded_token.first['userName']
    @fees = FeesPayment.new(alma_id: @alma_id)
    render 'index'
  rescue JWT::DecodeError
    redirect_to(action: :transaction_error)
  end

  # Form to lookup patron fees
  def efees
    authorize!
  end

  # Display User Info to Lib Staff
  def lookup
    authorize!
    begin
      @user = Alma::User.find_if_exists params[:alma_id]
    rescue ActiveRecord::RecordNotFound
      flash[:danger] = "Error: No patron found with Alma ID: #{params[:alma_id]}"
      redirect_to(action: :efees)
    end
  end

  def send_invoice
    invoice = EfeesInvoice.new(params[:user_id])
    @email = invoice.email
    invoice.submit!
  end

  def payment
    if params[:fee].present?
      @fees = FeesPayment.new(alma_id: params[:alma_id], fee_ids: params[:fee][:payment])
    else
      flash[:danger] = 'Please select at least one fee.'
      redirect_with_params(action: :index)
    end
  end

  def transaction_fail
    log_error('TRANSACTION_FAIL', params)
  end

  def transaction_error
    log_error('TRANSACTION_ERROR', params)
  end

  def transaction_complete
    log_info('TRANSACTION_COMPLETE', params)
    render(plain: 'Failed', status: :internal_server_error) && return unless params['RESULT'] == '0'

    @fees = FeesPayment.new(alma_id: params[:USER1], fee_ids: params[:USER2])
    @fees.pp_ref_number = params[:PNREF]
    @fees.credit
    render json: { status: 'silent post received' }
  end

  private

  def authorize!
    return if Rails.env.development?

    authenticate!
    raise Error::ForbiddenError unless current_user.alma_admin
  end

  # def log_error(src, p)
  def log_error(e, p = nil)
    logger.error("FEES-#{e}: ALMA_ID: #{p[:USER]}, PP_ID: #{p[:PNREF]}, FEE_IDS: #{p[:USER2]}, AMT: #{p[:AMT]}, RESPMSG: #{p[:RESPMSG]}") if p
  end

  def log_info(src, p)
    logger.info("FEES-#{src}: ALMA_ID: #{p[:USER1]}, PP_ID: #{p[:PNREF]}, FEE_IDS: #{p[:USER2]}, AMT: #{p[:AMT]}, RESPMSG: #{p[:RESPMSG]}")
  end

end