Submit PayPal data encrypted from the code_问答_开发者

Submit PayPal data encrypted from the code

开发者 https://www.devze.com 2023-03-29 05:21 出处：网络

I\'m working with Ruby On Rails 3, and I would like to do the following, but from the code behind: <% form_tag \"https://www.sandbox.paypal.com/cgi-bin/webscr\" do %>

I'm working with Ruby On Rails 3, and I would like to do the following, but from the code behind:

<% form_tag "https://www.sandbox.paypal.com/cgi-bin/webscr" do %>  
  <%= hidden_field_tag :cmd, "_s-xclick" %>  
  <%= hidden_field_tag :encrypted, @cart.paypal_encrypted(products_url, payment_notifications_url) %>  
    <p><%= submit_tag "Checkout" %></p>  
<% end %>

I've tried this in my Cart model, but it's not redirecting anywhere, and I don't know what to do:

  PAYPAL_CERT_PEM = File.read("#{Rails.root}/certs/paypal_cert.pem")
  APP_CERT_PEM = File.read("#{Rails.root}/certs/app_cert.pem")
  APP_KEY_PEM = File.read("#{Rails.root}/certs/app_key.pem")

  PANEL = 'sandbox.paypal.com'
  PATH = '/cgi-bin/webscr'
  USERAGENT = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1'

  def paypal_u开发者_Go百科rl(order_id, return_url, notify_url)
    http = Net::HTTP.new(PANEL, 443)
    http.use_ssl = true

    http.verify_mode = OpenSSL::SSL::VERIFY_NONE

    # GET request -> so the host can set cookies
    resp, data = http.get2(PATH, {'User-Agent' => USERAGENT})
    cookie = resp.response['set-cookie'].split('; ')[0]

    values = {
        :cmd => '_s-xclick',
        :encrypted => paypal_encrypted(order_id, return_url, notify_url)
    }

    @headers = {
      'Cookie' => cookie,
      'Referer' => 'https://'+PANEL+PATH,
      'Content-Type' => 'application/x-www-form-urlencoded',
      'User-Agent' => USERAGENT
    }

    resp, data = http.post2(PATH, values.to_query, @headers)
  end

  def paypal_encrypted(order_id, return_url, notify_url)
    values      = {
        :business => 'seller_1234111143_biz@asciicasts.com',
        :cmd => '_cart',
        :upload => 1,
        :return => return_url,
        :invoice => order_id.to_s,
        :notify_url => notify_url,
        :currency_code => "USD"
    }

    items.each_with_index do |item, index|
      values.merge!({
                        "amount_#{index + 1}"      => item.unit_price,
                        "item_name_#{index + 1}"   => item.product.title,
                        "item_number_#{index + 1}" => item.product.id + Time.now.to_i,
                        "quantity_#{index + 1}"    => item.quantity.to_i
                    })
    end

    encrypt_for_paypal(values)
  end

  def encrypt_for_paypal(values)
      signed = OpenSSL::PKCS7::sign(OpenSSL::X509::Certificate.new(APP_CERT_PEM), OpenSSL::PKey::RSA.new(APP_KEY_PEM, ''), values.map { |k, v| "#{k}=#{v}" }.join("\n"), [], OpenSSL::PKCS7::BINARY)
      OpenSSL::PKCS7::encrypt([OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)], signed.to_der, OpenSSL::Cipher::Cipher::new("DES3"), OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")
  end

If you're wondering why I can't just use the html form, that's because I let users choose between more than one payment option, using radio fields, and once they have selected one, they will click on the "Submit Order" button, generating the respective movements in my database, before redirecting to the payment method.