Eamco/eamco_authorize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working payment accopunts

Browse Source
This commit is contained in:
Edwin Eames
2025-09-19 17:27:20 -04:00
parent 4bdfb4238d
commit 2ad9ed304e
9 changed files with 975 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

267
app/services/payment_service.py
View File

@@ -8,7 +8,8 @@ from authorizenet import apicontractsv1
from authorizenet.apicontrollers import (
createTransactionController,
createCustomerProfileController,
createCustomerPaymentProfileController
createCustomerPaymentProfileController,
getCustomerProfileController
)
from authorizenet.constants import constants
from .. import schemas
@@ -58,85 +59,60 @@ def _get_authnet_error_message(response):
def create_customer_profile(customer: schemas.Customer, card_info: schemas.CardCreate):
"""
Creates a new customer profile in Authorize.Net with their first payment method.
This version sanitizes and trims all customer data before sending.
Creates a new customer profile in Authorize.Net (payment profiles added separately).
This version sanitizes and trims customer data before sending.
"""
logger.info(f"Attempting to create Auth.Net profile for customer ID: {customer.id}")
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
# --- DATA SANITIZATION LOGIC ---
def sanitize(text, max_len, allow_spaces=False, is_zip=False):
if not text:
return ""
if is_zip:
pattern = r'[^a-zA-Z0-9-]' # Allow hyphens for ZIP+4
pattern = r'[^a-zA-Z0-9-]'
else:
pattern = r'[^a-zA-Z0-9]' if not allow_spaces else r'[^a-zA-Z0-9\s]'
sanitized = re.sub(pattern, '', str(text))
return sanitized.strip()[:max_len]
# API max lengths: name=50, address=60, city=40, state=40, zip=20, email=255
first_name = sanitize(customer.customer_first_name, 50) or "N/A"
last_name = sanitize(customer.customer_last_name, 50) or "N/A"
address = sanitize(customer.customer_address, 60, allow_spaces=True) or "N/A"
city = sanitize(customer.customer_town, 40) or "N/A"
# ========= CHANGE 1.A: ADD STATE HERE =========
state = sanitize(customer.customer_state, 40) or "MA" # Defaulting to MA for safety
zip_code = sanitize(customer.customer_zip, 20, is_zip=True)
# API max lengths: email=255
email = (customer.customer_email or f"no-email-{customer.id}@example.com")[:255]
creditCard = apicontractsv1.creditCardType(
cardNumber=card_info.card_number,
expirationDate=card_info.expiration_date,
cardCode=card_info.cvv
)
billTo = apicontractsv1.customerAddressType(
firstName=first_name,
lastName=last_name,
address=address,
city=city,
state='MA', # And include it in the object
zip=zip_code,
country="USA"
)
paymentProfile = apicontractsv1.customerPaymentProfileType(
billTo=billTo,
payment=apicontractsv1.paymentType(creditCard=creditCard),
defaultPaymentProfile=True
)
customerProfile = apicontractsv1.customerProfileType(
merchantCustomerId=str(customer.id),
email=email,
paymentProfiles=[paymentProfile]
email=email
# No paymentProfiles - will be added separately
)
request = apicontractsv1.createCustomerProfileRequest(
merchantAuthentication=merchantAuth,
profile=customerProfile,
# ========= CHANGE 2.A: USE liveMode =========
validationMode="testMode"
profile=customerProfile
)
controller = createCustomerProfileController(request)
# ... rest of the function is the same ...
try:
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok":
profile_id = response.customerProfileId
payment_id = response.customerPaymentProfileIdList[0] if response.customerPaymentProfileIdList else None
return str(profile_id), str(payment_id) if payment_id else None
# Payment profile ID is not available since profiles are added separately
payment_id = ""
logger.info(f"SUCCESS: Created customer profile: {profile_id} (payment profiles added separately)")
# Add detailed logging
logger.info(f"API Response - Profile ID: {profile_id}")
logger.info(f"Returning: profile_id='{str(profile_id)}', payment_id=''")
return str(profile_id), ""
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to create customer profile (API Error): {error_msg}")
logger.error(f"SANITIZED DATA SENT: FirstName='{first_name}', LastName='{last_name}', Address='{address}', City='{city}', State='{state}', Zip='{zip_code}', Email='{email}'")
logger.error(f"Full API Response: {pprint.pformat(vars(response))}")
raise ValueError(error_msg)
except Exception as e:
@@ -145,11 +121,11 @@ def create_customer_profile(customer: schemas.Customer, card_info: schemas.CardC
def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.Customer, card_info: schemas.CardCreate):
logger.info(f"Adding new payment profile to Auth.Net customer profile ID: {customer_profile_id}")
def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.Customer, card_info: schemas.CardCreate, is_default: bool = False):
logger.info(f"Adding {'default ' if is_default else ''}payment profile to Auth.Net customer profile ID: {customer_profile_id}")
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
def sanitize(text, max_len, allow_spaces=False, is_zip=False):
if not text:
return ""
@@ -164,15 +140,29 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
last_name = sanitize(customer.customer_last_name, 50) or "N/A"
address = sanitize(customer.customer_address, 60, allow_spaces=True) or "N/A"
city = sanitize(customer.customer_town, 40) or "N/A"
# ========= CHANGE 1.B: ADD STATE HERE =========
state = sanitize(customer.customer_state, 40) or "MA" # Defaulting to MA for safety
zip_code = sanitize(customer.customer_zip, 20, is_zip=True)
# Fix expiration date format for cards
try:
expiration_year = int(card_info.expiration_date.split('-')[0])
expiration_month = int(card_info.expiration_date.split('-')[1])
expiration_date = f"{expiration_month:02d}{expiration_year % 100:02d}"
except (ValueError, IndexError):
sanitized_exp = card_info.expiration_date.replace('/', '').replace('-', '')
if len(sanitized_exp) == 4:
expiration_date = sanitized_exp
else:
expiration_date = "0325"
logger.info(f"Parsed expiration date for card: {card_info.expiration_date} -> {expiration_date}")
creditCard = apicontractsv1.creditCardType(
cardNumber=card_info.card_number,
expirationDate=card_info.expiration_date,
expirationDate=expiration_date,
cardCode=card_info.cvv
)
@@ -181,7 +171,7 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
lastName=last_name,
address=address,
city=city,
state=state, # And include it in the object
state=state,
zip=zip_code,
country="USA"
)
@@ -189,7 +179,7 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
paymentProfile = apicontractsv1.customerPaymentProfileType(
billTo=billTo,
payment=apicontractsv1.paymentType(creditCard=creditCard),
defaultPaymentProfile=True
defaultPaymentProfile=is_default
)
request = apicontractsv1.createCustomerPaymentProfileRequest(
@@ -206,7 +196,12 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok":
return str(response.customerPaymentProfileId)
# Fix: Proper payment profile ID extraction (same bug fix as above)
if hasattr(response, 'customerPaymentProfileId') and response.customerPaymentProfileId:
return str(response.customerPaymentProfileId)
else:
logger.warning("WARNING: Added payment profile but no ID returned")
raise ValueError("Payment profile created but ID not found in response")
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to add payment profile: {error_msg}")
@@ -223,28 +218,85 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
logger.error(f"A critical exception occurred during the API call: {traceback.format_exc()}")
raise ValueError("Could not connect to the payment gateway.")
def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID):
def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID, db_session=None, customer_id=None, card_id=None):
"""
Creates an AUTH_ONLY transaction against a customer profile.
This holds the funds but does not capture them.
Creates an AUTH_ONLY transaction against a customer profile with automatic E00121 recovery.
This holds funds but doesn't capture them, and automatically recovers from invalid payment profiles.
"""
logger.info(f"Authorizing profile {customer_profile_id} / payment {payment_profile_id} for ${transaction_req.preauthorize_amount}")
logger.info(f"🔐 Authorizing profile {customer_profile_id} / payment {payment_profile_id} for ${transaction_req.preauthorize_amount}")
# Validate inputs
if not customer_profile_id or customer_profile_id.strip() == "":
logger.error("❌ INVALID: customer_profile_id is None or empty")
if not payment_profile_id or payment_profile_id.strip() == "":
logger.error("❌ INVALID: payment_profile_id is None or empty")
logger.error("Payment profile ID must be a valid, non-empty string")
# FIRST ATTEMPT - Normal authorization
logger.info("🔐 TRANSACTION ATTEMPT 1: Standard authorization")
response = _perform_authorization(customer_profile_id, payment_profile_id, transaction_req)
# CHECK FOR E00121 ERROR - "invalid payment profile ID"
if db_session and customer_id and card_id and _is_e00121_response(response):
logger.warning(f"🚨 E00121 DETECTED! Invalid payment profile {payment_profile_id}")
logger.info(f"🔄 AUTO-RECOVERING: Starting payment profile refresh for customer {customer_id}")
try:
# GET CUSTOMER PROFILE ID (since we have customer_id but need profile_id)
from .. import crud
customer = crud.get_customer(db_session, customer_id)
if customer:
# REFRESH ALL PAYMENT PROFILES FOR THIS CUSTOMER
logger.info(f"🔄 CALLING REFRESH: customer_id={customer_id}, profile_id={customer.auth_net_profile_id}")
from .user_create import refresh_customer_payment_profiles
refresh_customer_payment_profiles(db_session, customer_id, customer.auth_net_profile_id)
# GET THE UPDATED CARD WITH NEW PAYMENT PROFILE ID
updated_card = crud.get_card_by_id(db_session, card_id)
if updated_card and updated_card.auth_net_payment_profile_id != payment_profile_id:
new_payment_profile_id = updated_card.auth_net_payment_profile_id
logger.info(f"🔄 RECOVERY SUCCESS: Old ID '{payment_profile_id}' → New ID '{new_payment_profile_id}'")
# SECOND ATTEMPT - With refreshed payment profile ID
logger.info("🔐 TRANSACTION ATTEMPT 2: Retry with refreshed payment profile")
response = _perform_authorization(customer_profile_id, new_payment_profile_id, transaction_req)
if _is_e00121_response(response):
logger.error("❌ E00121 STILL PERSISTS after refresh - manual intervention may be needed")
logger.error(f"❌ Payment profile {new_payment_profile_id} also rejected by Authorize.Net")
else:
logger.info(f"✅ SUCCESS! E00121 RESOLVED - Transaction succeeded with refreshed payment profile {new_payment_profile_id}")
else:
logger.error(f"❌ RECOVERY FAILED: No updated payment profile ID found for card {card_id}")
logger.error("❌ Database refresh did not provide new payment profile ID")
else:
logger.error(f"❌ RECOVERY FAILED: Customer {customer_id} not found in database")
except Exception as e:
logger.error(f"❌ AUTO-RECOVERY FAILED: {str(e)}")
logger.error("❌ Exception during payment profile refresh process")
return response
def _perform_authorization(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID):
"""
Perform the actual Authorize.Net authorization call.
"""
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
profile_to_authorize = apicontractsv1.customerProfilePaymentType()
profile_to_authorize.customerProfileId = customer_profile_id
profile_to_authorize.customerPaymentProfileId = payment_profile_id
transactionRequest = apicontractsv1.transactionRequestType(
transactionType="authOnlyTransaction",
amount=f"{transaction_req.preauthorize_amount:.2f}",
profile=profile_to_authorize
)
if transaction_req.tax_amount and transaction_req.tax_amount > 0:
transactionRequest.tax = apicontractsv1.extendedAmountType(amount=f"{transaction_req.tax_amount:.2f}", name="Sales Tax")
createtransactionrequest = apicontractsv1.createTransactionRequest(
merchantAuthentication=merchantAuth,
transactionRequest=transactionRequest
@@ -252,8 +304,49 @@ def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str
controller = createTransactionController(createtransactionrequest)
controller.execute()
# The response is returned directly to the router to be parsed there
return controller.getresponse()
response = controller.getresponse()
# Log response details
if response and hasattr(response, 'messages'):
result_code = getattr(response.messages, 'resultCode', 'Unknown')
logger.info(f"Authorize response: resultCode='{result_code}'")
else:
logger.info("Authorize response: No standard response structure")
return response
def _is_e00121_response(response):
"""
Check if the Authorize.Net response contains E00121 error (invalid payment profile ID).
"""
if response is None:
return False
try:
if hasattr(response, 'messages') and response.messages is not None:
# Check for E00121 in different response message structures
if hasattr(response.messages, 'message'):
message = response.messages.message
# Handle list of messages
if isinstance(message, list):
for msg in message:
if getattr(msg, 'code', '') == 'E00121':
logger.info("🔍 E00121 detected in message list")
return True
# Handle single message
elif hasattr(message, 'code'):
if message.code == 'E00121':
logger.info(f"🔍 E00121 detected: '{getattr(message, 'text', 'No details')}'")
return True
else:
logger.debug(f"🔍 Message code: '{message.code}' (not E00121)")
return False
except Exception as e:
logger.warning(f"🔍 Error checking for E00121: {str(e)}")
return False
def capture_authorized_transaction(transaction_req: schemas.TransactionCapture):
@@ -278,6 +371,46 @@ def capture_authorized_transaction(transaction_req: schemas.TransactionCapture):
return controller.getresponse()
def get_customer_payment_profiles(customer_profile_id: str):
"""
Retrieves all payment profile IDs for a given customer profile from Authorize.net.
Returns a list of payment profile IDs in the order they were created.
"""
logger.info(f"Retrieving payment profiles for customer profile ID: {customer_profile_id}")
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
# Create request to get customer profile
request = apicontractsv1.getCustomerProfileRequest(
merchantAuthentication=merchantAuth,
customerProfileId=customer_profile_id
)
controller = getCustomerProfileController(request)
try:
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok" and response.profile is not None:
payment_profile_ids = []
if response.profile.paymentProfiles is not None:
for profile in response.profile.paymentProfiles:
payment_profile_ids.append(str(profile.customerPaymentProfileId))
logger.info(f"Retrieved {len(payment_profile_ids)} payment profile IDs for profile {customer_profile_id}")
return payment_profile_ids
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to retrieve customer profile {customer_profile_id}: {error_msg}")
raise ValueError(f"Could not retrieve customer profile: {error_msg}")
except Exception as e:
logger.error(f"Critical exception while retrieving customer profile {customer_profile_id}: {traceback.format_exc()}")
raise ValueError("Could not connect to the payment gateway.")
def charge_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionCreateByCardID):
"""
Creates an AUTH_CAPTURE transaction (charge now) against a customer profile.