Eamco/eamco_authorize
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working payment accopunts

Browse Source
This commit is contained in:
Edwin Eames
2025-09-19 17:27:20 -04:00
parent 4bdfb4238d
commit 2ad9ed304e
9 changed files with 975 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/crud.py
View File

@@ -43,6 +43,12 @@ def create_customer_card(db: Session, customer_id: int, card_info: schemas.CardC
def get_customer(db: Session, customer_id: int):
return db.query(models.Customer).filter(models.Customer.id == customer_id).first()
def get_customer_cards(db: Session, customer_id: int):
"""
Get all cards for a specific customer.
"""
return db.query(models.Card).filter(models.Card.user_id == customer_id).all()
def get_customer_by_email(db: Session, email: str):
return db.query(models.Customer).filter(models.Customer.customer_email == email).first()

2
app/main.py
View File

@@ -3,6 +3,7 @@ from .database import engine
from . import models
from .routers import payment
from .routers.transaction import transaction_router
from .routers.user_check import user_check_router
from fastapi.middleware.cors import CORSMiddleware
from config import load_config
@@ -28,6 +29,7 @@ app.add_middleware(
app.include_router(payment.router, prefix="/api", tags=["payment"])
app.include_router(transaction_router, prefix="/api", tags=["transactions"])
app.include_router(user_check_router, prefix="/user", tags=["usercheck"])

13
app/models.py
View File

@@ -37,16 +37,23 @@ class Card(Base):
__tablename__ = "card_card"
id = Column(Integer, primary_key=True, index=True)
date_added = Column(DateTime, default=datetime.datetime.utcnow)
user_id = Column(Integer, nullable=False)
# This stores the payment profile ID for this specific card from Authorize.Net's CIM.
auth_net_payment_profile_id = Column(String, unique=True, index=True, nullable=False)
auth_net_payment_profile_id = Column(String, nullable=True)
# Columns to store non-sensitive card info for display purposes
card_number = Column(String(50), nullable=True)
last_four_digits = Column(String(4), nullable=False)
name_on_card = Column(String(500), nullable=True)
expiration_month = Column(String(20), nullable=False)
expiration_year = Column(String(20), nullable=False)
type_of_card = Column(String(50), nullable=True)
expiration_month = Column(Integer, nullable=False)
expiration_year = Column(Integer, nullable=False)
security_number = Column(String(10), nullable=True)
accepted_or_declined = Column(Integer, nullable=True)
main_card = Column(Boolean, nullable=True)
zip_code = Column(String(20), nullable=True)
class Transaction(Base):
__tablename__ = "transactions"

25
app/routers/payment.py
View File

@@ -206,14 +206,35 @@ def authorize_saved_card(customer_id: int, transaction_req: schemas.TransactionA
if not db_customer or not db_card or db_card.user_id != customer_id:
raise HTTPException(status_code=404, detail="Customer or card not found for this account")
# Add CRITICAL DEBUGGING to see exactly what's in the database
print(f"ROUTER DEBUG: Customer ID: {customer_id}")
print(f"ROUTER DEBUG: db_customer: {db_customer}")
print(f"ROUTER DEBUG: db_customer.auth_net_profile_id: '{db_customer.auth_net_profile_id}' (type: {type(db_customer.auth_net_profile_id)})")
print(f"ROUTER DEBUG: db_card: {db_card}")
print(f"ROUTER DEBUG: db_card.auth_net_payment_profile_id: '{db_card.auth_net_payment_profile_id}' (type: {type(db_card.auth_net_payment_profile_id)})")
# Check for specific problem values
if db_card.auth_net_payment_profile_id is None:
print("ROUTER DEBUG: CRITICAL - payment_profile_id is None - this will cause E00121!")
elif db_card.auth_net_payment_profile_id == "":
print("ROUTER DEBUG: CRITICAL - payment_profile_id is empty string - this will cause E00121!")
elif str(db_card.auth_net_payment_profile_id).lower() == "none":
print("ROUTER DEBUG: CRITICAL - payment_profile_id is string 'None' - this will cause E00121!")
else:
print(f"ROUTER DEBUG: payment_profile_id appears valid: '{db_card.auth_net_payment_profile_id}'")
if not db_customer.auth_net_profile_id or not db_card.auth_net_payment_profile_id:
print(f"ROUTER DEBUG: WILL THROW HTTP 400 ERROR: auth_net_profile_id='{db_customer.auth_net_profile_id}', payment_profile_id='{db_card.auth_net_payment_profile_id}'")
raise HTTPException(status_code=400, detail="Payment profile is not set up correctly for this customer/card")
# Call the NEW service function for authorization
# Call the service function for authorization with auto-recovery enabled
auth_net_response = payment_service.authorize_customer_profile(
customer_profile_id=db_customer.auth_net_profile_id,
payment_profile_id=db_card.auth_net_payment_profile_id,
transaction_req=transaction_req
transaction_req=transaction_req,
db_session=db, # For auto-recovery
customer_id=customer_id, # For auto-recovery
card_id=db_card.id # For auto-recovery
)
status, auth_net_transaction_id, rejection_reason = _parse_authnet_response(auth_net_response)

53
app/routers/user_check.py Normal file
View File

@@ -0,0 +1,53 @@
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
# Import database dependency
from ..database import get_db
from ..services.check_user_service import verify_customer_authorize_account
from ..services.user_delete import delete_user_account
from ..services.user_create import create_user_account
# Create router for user check endpoints
user_check_router = APIRouter()
@user_check_router.get("/check-authorize-account/{customer_id}", summary="Check if customer has valid Authorize.net account setup")
def check_authorize_account(customer_id: int, db: Session = Depends(get_db)):
"""
Check if customer has a valid Authorize.net account and payment methods for charging.
Returns status indicating what's needed for payment processing.
"""
try:
result = verify_customer_authorize_account(db, customer_id)
return result
except Exception as e:
raise HTTPException(status_code=500, detail=f"Error checking authorize account: {str(e)}")
@user_check_router.post("/create-account/{customer_id}", summary="Create customer's Authorize.net account using existing cards")
def create_account(customer_id: int, db: Session = Depends(get_db)):
"""
Create the complete Authorize.net account for a customer using their existing cards.
This creates the customer profile and all associated payment profiles in Authorize.net,
and updates the database with the profile IDs.
"""
try:
result = create_user_account(db, customer_id)
return result
except Exception as e:
raise HTTPException(status_code=500, detail=f"Error creating authorize account: {str(e)}")
@user_check_router.delete("/delete-account/{customer_id}", summary="Delete customer's Authorize.net account and all payment profiles")
def delete_account(customer_id: int, db: Session = Depends(get_db)):
"""
Delete the complete Authorize.net account for a customer.
This removes the customer profile and all associated payment profiles from Authorize.net,
and updates the database to null out the ID fields.
"""
try:
result = delete_user_account(db, customer_id)
return result
except Exception as e:
raise HTTPException(status_code=500, detail=f"Error deleting authorize account: {str(e)}")

178
app/services/check_user_service.py Normal file
View File

@@ -0,0 +1,178 @@
import logging
import authorizenet.apicontrollers as controllers
from authorizenet import apicontractsv1
from .. import crud, database, schemas
from config import load_config
from sqlalchemy.orm import Session
logger = logging.getLogger(__name__)
# Load Authorize.net credentials
ApplicationConfig = load_config()
API_LOGIN_ID = '9U6w96gZmX' # Sandbox credentials
TRANSACTION_KEY = '94s6Qy458mMNJr7G'
from authorizenet.constants import constants
constants.show_url_on_request = True
constants.environment = constants.SANDBOX
def verify_customer_authorize_account(db: Session, customer_id: int) -> dict:
"""
Verify if customer has a valid Authorize.net account set up for charging.
Args:
db: Database session
customer_id: Customer ID from database
Returns:
Dict with verification status and missing components
"""
try:
# Get customer from database
customer = crud.get_customer(db, customer_id)
if not customer:
return {
"profile_exists": False,
"has_payment_methods": False,
"missing_components": ["customer_not_found"],
"valid_for_charging": False
}
# Check if customer has auth_net_profile_id
if not customer.auth_net_profile_id:
return {
"profile_exists": False,
"has_payment_methods": False,
"missing_components": ["authorize_net_profile"],
"valid_for_charging": False
}
# Verify profile exists in Authorize.net
response = _get_customer_profile(customer.auth_net_profile_id)
# Enhanced profile validation - check multiple conditions for profile existence
profile_valid = _is_profile_valid(response)
if not profile_valid:
logger.info(f"Profile {customer.auth_net_profile_id} for customer {customer_id} is invalid/not found. Nulling out in database.")
# Profile not found or invalid - set auth_net_profile_id to NULL in database
try:
# Update the customer record to null out the invalid profile_id
customer.auth_net_profile_id = None
db.add(customer) # Mark for update
db.commit() # Persist the change
logger.info(f"Successfully nulled out auth_net_profile_id for customer {customer_id}")
except Exception as update_error:
logger.error(f"Failed to update customer auth_net_profile_id to NULL: {update_error}")
db.rollback() # Rollback on error
return {
"profile_exists": False,
"has_payment_methods": False,
"missing_components": ["authorize_net_profile_invalid"],
"valid_for_charging": False
}
# Check for payment profiles (cards)
has_payment_methods = False
if hasattr(response, 'profile') and response.profile:
payment_profiles = response.profile.paymentProfiles
if payment_profiles and len(payment_profiles) > 0:
has_payment_methods = True
missing_components = []
if not has_payment_methods:
missing_components.append("payment_method")
return {
"profile_exists": True,
"has_payment_methods": has_payment_methods,
"missing_components": missing_components,
"valid_for_charging": len(missing_components) == 0
}
except Exception as e:
logger.error(f"Error verifying customer authorize account for customer {customer_id}: {str(e)}")
return {
"profile_exists": False,
"has_payment_methods": False,
"missing_components": ["api_error"],
"valid_for_charging": False
}
def _is_profile_valid(response) -> bool:
"""
Check if the Authorize.net API response indicates a valid customer profile.
Args:
response: Authorize.net API response object
Returns:
bool: True if profile exists and is valid, False otherwise
"""
try:
# Check basic response validity
if not response:
return False
# Check if result code indicates success
if response.messages.resultCode != "Ok":
return False
# Check if profile data actually exists
if not hasattr(response, 'profile') or response.profile is None:
return False
# Check for any error messages that indicate profile doesn't exist
if hasattr(response, 'messages') and response.messages.message:
for message in response.messages.message:
# Check for specific error codes that indicate profile doesn't exist
if hasattr(message, 'code'):
# Common error codes for non-existent profiles
if message.code in ['E00040', 'E00035']: # Customer not found, etc.
return False
# Additional validation - check if profile has basic required fields
if hasattr(response.profile, 'customerProfileId'):
profile_id = getattr(response.profile, 'customerProfileId', None)
if not profile_id:
return False
else:
return False
return True
except Exception as e:
logger.error(f"Error validating profile response: {str(e)}")
return False
def _get_customer_profile(profile_id: str):
"""
Get customer profile from Authorize.net API.
Args:
profile_id: Authorize.net customer profile ID
Returns:
API response object or None if error
"""
try:
merchant_auth = apicontractsv1.merchantAuthenticationType(
name=API_LOGIN_ID,
transactionKey=TRANSACTION_KEY
)
request = apicontractsv1.getCustomerProfileRequest(
merchantAuthentication=merchant_auth,
customerProfileId=profile_id
)
controller = controllers.getCustomerProfileController(request)
controller.execute()
response = controller.getresponse()
return response
except Exception as e:
logger.error(f"Error getting customer profile {profile_id}: {str(e)}")
return None

247
app/services/payment_service.py
View File

@@ -8,7 +8,8 @@ from authorizenet import apicontractsv1
from authorizenet.apicontrollers import (
createTransactionController,
createCustomerProfileController,
createCustomerPaymentProfileController
createCustomerPaymentProfileController,
getCustomerProfileController
)
from authorizenet.constants import constants
from .. import schemas
@@ -58,8 +59,8 @@ def _get_authnet_error_message(response):
def create_customer_profile(customer: schemas.Customer, card_info: schemas.CardCreate):
"""
Creates a new customer profile in Authorize.Net with their first payment method.
This version sanitizes and trims all customer data before sending.
Creates a new customer profile in Authorize.Net (payment profiles added separately).
This version sanitizes and trims customer data before sending.
"""
logger.info(f"Attempting to create Auth.Net profile for customer ID: {customer.id}")
@@ -70,73 +71,48 @@ def create_customer_profile(customer: schemas.Customer, card_info: schemas.CardC
if not text:
return ""
if is_zip:
pattern = r'[^a-zA-Z0-9-]' # Allow hyphens for ZIP+4
pattern = r'[^a-zA-Z0-9-]'
else:
pattern = r'[^a-zA-Z0-9]' if not allow_spaces else r'[^a-zA-Z0-9\s]'
sanitized = re.sub(pattern, '', str(text))
return sanitized.strip()[:max_len]
# API max lengths: name=50, address=60, city=40, state=40, zip=20, email=255
first_name = sanitize(customer.customer_first_name, 50) or "N/A"
last_name = sanitize(customer.customer_last_name, 50) or "N/A"
address = sanitize(customer.customer_address, 60, allow_spaces=True) or "N/A"
city = sanitize(customer.customer_town, 40) or "N/A"
# ========= CHANGE 1.A: ADD STATE HERE =========
state = sanitize(customer.customer_state, 40) or "MA" # Defaulting to MA for safety
zip_code = sanitize(customer.customer_zip, 20, is_zip=True)
# API max lengths: email=255
email = (customer.customer_email or f"no-email-{customer.id}@example.com")[:255]
creditCard = apicontractsv1.creditCardType(
cardNumber=card_info.card_number,
expirationDate=card_info.expiration_date,
cardCode=card_info.cvv
)
billTo = apicontractsv1.customerAddressType(
firstName=first_name,
lastName=last_name,
address=address,
city=city,
state='MA', # And include it in the object
zip=zip_code,
country="USA"
)
paymentProfile = apicontractsv1.customerPaymentProfileType(
billTo=billTo,
payment=apicontractsv1.paymentType(creditCard=creditCard),
defaultPaymentProfile=True
)
customerProfile = apicontractsv1.customerProfileType(
merchantCustomerId=str(customer.id),
email=email,
paymentProfiles=[paymentProfile]
email=email
# No paymentProfiles - will be added separately
)
request = apicontractsv1.createCustomerProfileRequest(
merchantAuthentication=merchantAuth,
profile=customerProfile,
# ========= CHANGE 2.A: USE liveMode =========
validationMode="testMode"
profile=customerProfile
)
controller = createCustomerProfileController(request)
# ... rest of the function is the same ...
try:
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok":
profile_id = response.customerProfileId
payment_id = response.customerPaymentProfileIdList[0] if response.customerPaymentProfileIdList else None
return str(profile_id), str(payment_id) if payment_id else None
# Payment profile ID is not available since profiles are added separately
payment_id = ""
logger.info(f"SUCCESS: Created customer profile: {profile_id} (payment profiles added separately)")
# Add detailed logging
logger.info(f"API Response - Profile ID: {profile_id}")
logger.info(f"Returning: profile_id='{str(profile_id)}', payment_id=''")
return str(profile_id), ""
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to create customer profile (API Error): {error_msg}")
logger.error(f"SANITIZED DATA SENT: FirstName='{first_name}', LastName='{last_name}', Address='{address}', City='{city}', State='{state}', Zip='{zip_code}', Email='{email}'")
logger.error(f"Full API Response: {pprint.pformat(vars(response))}")
raise ValueError(error_msg)
except Exception as e:
@@ -145,8 +121,8 @@ def create_customer_profile(customer: schemas.Customer, card_info: schemas.CardC
def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.Customer, card_info: schemas.CardCreate):
logger.info(f"Adding new payment profile to Auth.Net customer profile ID: {customer_profile_id}")
def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.Customer, card_info: schemas.CardCreate, is_default: bool = False):
logger.info(f"Adding {'default ' if is_default else ''}payment profile to Auth.Net customer profile ID: {customer_profile_id}")
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
@@ -170,9 +146,23 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
zip_code = sanitize(customer.customer_zip, 20, is_zip=True)
# Fix expiration date format for cards
try:
expiration_year = int(card_info.expiration_date.split('-')[0])
expiration_month = int(card_info.expiration_date.split('-')[1])
expiration_date = f"{expiration_month:02d}{expiration_year % 100:02d}"
except (ValueError, IndexError):
sanitized_exp = card_info.expiration_date.replace('/', '').replace('-', '')
if len(sanitized_exp) == 4:
expiration_date = sanitized_exp
else:
expiration_date = "0325"
logger.info(f"Parsed expiration date for card: {card_info.expiration_date} -> {expiration_date}")
creditCard = apicontractsv1.creditCardType(
cardNumber=card_info.card_number,
expirationDate=card_info.expiration_date,
expirationDate=expiration_date,
cardCode=card_info.cvv
)
@@ -181,7 +171,7 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
lastName=last_name,
address=address,
city=city,
state=state, # And include it in the object
state=state,
zip=zip_code,
country="USA"
)
@@ -189,7 +179,7 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
paymentProfile = apicontractsv1.customerPaymentProfileType(
billTo=billTo,
payment=apicontractsv1.paymentType(creditCard=creditCard),
defaultPaymentProfile=True
defaultPaymentProfile=is_default
)
request = apicontractsv1.createCustomerPaymentProfileRequest(
@@ -206,7 +196,12 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok":
return str(response.customerPaymentProfileId)
# Fix: Proper payment profile ID extraction (same bug fix as above)
if hasattr(response, 'customerPaymentProfileId') and response.customerPaymentProfileId:
return str(response.customerPaymentProfileId)
else:
logger.warning("WARNING: Added payment profile but no ID returned")
raise ValueError("Payment profile created but ID not found in response")
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to add payment profile: {error_msg}")
@@ -223,13 +218,70 @@ def add_payment_profile_to_customer(customer_profile_id: str, customer: schemas.
logger.error(f"A critical exception occurred during the API call: {traceback.format_exc()}")
raise ValueError("Could not connect to the payment gateway.")
def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID):
def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID, db_session=None, customer_id=None, card_id=None):
"""
Creates an AUTH_ONLY transaction against a customer profile.
This holds the funds but does not capture them.
Creates an AUTH_ONLY transaction against a customer profile with automatic E00121 recovery.
This holds funds but doesn't capture them, and automatically recovers from invalid payment profiles.
"""
logger.info(f"Authorizing profile {customer_profile_id} / payment {payment_profile_id} for ${transaction_req.preauthorize_amount}")
logger.info(f"🔐 Authorizing profile {customer_profile_id} / payment {payment_profile_id} for ${transaction_req.preauthorize_amount}")
# Validate inputs
if not customer_profile_id or customer_profile_id.strip() == "":
logger.error("❌ INVALID: customer_profile_id is None or empty")
if not payment_profile_id or payment_profile_id.strip() == "":
logger.error("❌ INVALID: payment_profile_id is None or empty")
logger.error("Payment profile ID must be a valid, non-empty string")
# FIRST ATTEMPT - Normal authorization
logger.info("🔐 TRANSACTION ATTEMPT 1: Standard authorization")
response = _perform_authorization(customer_profile_id, payment_profile_id, transaction_req)
# CHECK FOR E00121 ERROR - "invalid payment profile ID"
if db_session and customer_id and card_id and _is_e00121_response(response):
logger.warning(f"🚨 E00121 DETECTED! Invalid payment profile {payment_profile_id}")
logger.info(f"🔄 AUTO-RECOVERING: Starting payment profile refresh for customer {customer_id}")
try:
# GET CUSTOMER PROFILE ID (since we have customer_id but need profile_id)
from .. import crud
customer = crud.get_customer(db_session, customer_id)
if customer:
# REFRESH ALL PAYMENT PROFILES FOR THIS CUSTOMER
logger.info(f"🔄 CALLING REFRESH: customer_id={customer_id}, profile_id={customer.auth_net_profile_id}")
from .user_create import refresh_customer_payment_profiles
refresh_customer_payment_profiles(db_session, customer_id, customer.auth_net_profile_id)
# GET THE UPDATED CARD WITH NEW PAYMENT PROFILE ID
updated_card = crud.get_card_by_id(db_session, card_id)
if updated_card and updated_card.auth_net_payment_profile_id != payment_profile_id:
new_payment_profile_id = updated_card.auth_net_payment_profile_id
logger.info(f"🔄 RECOVERY SUCCESS: Old ID '{payment_profile_id}' → New ID '{new_payment_profile_id}'")
# SECOND ATTEMPT - With refreshed payment profile ID
logger.info("🔐 TRANSACTION ATTEMPT 2: Retry with refreshed payment profile")
response = _perform_authorization(customer_profile_id, new_payment_profile_id, transaction_req)
if _is_e00121_response(response):
logger.error("❌ E00121 STILL PERSISTS after refresh - manual intervention may be needed")
logger.error(f"❌ Payment profile {new_payment_profile_id} also rejected by Authorize.Net")
else:
logger.info(f"✅ SUCCESS! E00121 RESOLVED - Transaction succeeded with refreshed payment profile {new_payment_profile_id}")
else:
logger.error(f"❌ RECOVERY FAILED: No updated payment profile ID found for card {card_id}")
logger.error("❌ Database refresh did not provide new payment profile ID")
else:
logger.error(f"❌ RECOVERY FAILED: Customer {customer_id} not found in database")
except Exception as e:
logger.error(f"❌ AUTO-RECOVERY FAILED: {str(e)}")
logger.error("❌ Exception during payment profile refresh process")
return response
def _perform_authorization(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionAuthorizeByCardID):
"""
Perform the actual Authorize.Net authorization call.
"""
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
profile_to_authorize = apicontractsv1.customerProfilePaymentType()
@@ -252,8 +304,49 @@ def authorize_customer_profile(customer_profile_id: str, payment_profile_id: str
controller = createTransactionController(createtransactionrequest)
controller.execute()
# The response is returned directly to the router to be parsed there
return controller.getresponse()
response = controller.getresponse()
# Log response details
if response and hasattr(response, 'messages'):
result_code = getattr(response.messages, 'resultCode', 'Unknown')
logger.info(f"Authorize response: resultCode='{result_code}'")
else:
logger.info("Authorize response: No standard response structure")
return response
def _is_e00121_response(response):
"""
Check if the Authorize.Net response contains E00121 error (invalid payment profile ID).
"""
if response is None:
return False
try:
if hasattr(response, 'messages') and response.messages is not None:
# Check for E00121 in different response message structures
if hasattr(response.messages, 'message'):
message = response.messages.message
# Handle list of messages
if isinstance(message, list):
for msg in message:
if getattr(msg, 'code', '') == 'E00121':
logger.info("🔍 E00121 detected in message list")
return True
# Handle single message
elif hasattr(message, 'code'):
if message.code == 'E00121':
logger.info(f"🔍 E00121 detected: '{getattr(message, 'text', 'No details')}'")
return True
else:
logger.debug(f"🔍 Message code: '{message.code}' (not E00121)")
return False
except Exception as e:
logger.warning(f"🔍 Error checking for E00121: {str(e)}")
return False
def capture_authorized_transaction(transaction_req: schemas.TransactionCapture):
@@ -278,6 +371,46 @@ def capture_authorized_transaction(transaction_req: schemas.TransactionCapture):
return controller.getresponse()
def get_customer_payment_profiles(customer_profile_id: str):
"""
Retrieves all payment profile IDs for a given customer profile from Authorize.net.
Returns a list of payment profile IDs in the order they were created.
"""
logger.info(f"Retrieving payment profiles for customer profile ID: {customer_profile_id}")
merchantAuth = apicontractsv1.merchantAuthenticationType(name=API_LOGIN_ID, transactionKey=TRANSACTION_KEY)
# Create request to get customer profile
request = apicontractsv1.getCustomerProfileRequest(
merchantAuthentication=merchantAuth,
customerProfileId=customer_profile_id
)
controller = getCustomerProfileController(request)
try:
controller.execute()
response = controller.getresponse()
if response is not None and response.messages.resultCode == "Ok" and response.profile is not None:
payment_profile_ids = []
if response.profile.paymentProfiles is not None:
for profile in response.profile.paymentProfiles:
payment_profile_ids.append(str(profile.customerPaymentProfileId))
logger.info(f"Retrieved {len(payment_profile_ids)} payment profile IDs for profile {customer_profile_id}")
return payment_profile_ids
else:
error_msg = _get_authnet_error_message(response)
logger.error(f"Failed to retrieve customer profile {customer_profile_id}: {error_msg}")
raise ValueError(f"Could not retrieve customer profile: {error_msg}")
except Exception as e:
logger.error(f"Critical exception while retrieving customer profile {customer_profile_id}: {traceback.format_exc()}")
raise ValueError("Could not connect to the payment gateway.")
def charge_customer_profile(customer_profile_id: str, payment_profile_id: str, transaction_req: schemas.TransactionCreateByCardID):
"""
Creates an AUTH_CAPTURE transaction (charge now) against a customer profile.

255
app/services/user_create.py Normal file
View File

@@ -0,0 +1,255 @@
import logging
import pprint
import traceback
from authorizenet import apicontractsv1
from authorizenet.apicontrollers import (
createCustomerProfileController,
createCustomerPaymentProfileController
)
from authorizenet.constants import constants
from config import load_config
from sqlalchemy.orm import Session
from . import payment_service
from .. import schemas
logger = logging.getLogger(__name__)
# Load Authorize.net credentials
ApplicationConfig = load_config()
API_LOGIN_ID = '9U6w96gZmX'
TRANSACTION_KEY = '94s6Qy458mMNJr7G'
constants.show_url_on_request = True
constants.environment = constants.SANDBOX
def _get_error_message(response):
"""
Robust error parsing function that correctly handles the API's response format.
"""
if response is None:
return "No response from payment gateway."
try:
if hasattr(response, 'messages') and response.messages is not None:
if hasattr(response, 'transactionResponse') and response.transactionResponse and hasattr(response.transactionResponse, 'errors') and response.transactionResponse.errors:
error = response.transactionResponse.errors[0]
return f"Error {error.errorCode}: {error.errorText}"
if hasattr(response.messages, 'message'):
message_list = response.messages.message
if not isinstance(message_list, list):
message_list = [message_list]
if message_list:
msg = message_list[0]
code = msg.code if hasattr(msg, 'code') else 'Unknown'
text = msg.text if hasattr(msg, 'text') else 'No details provided.'
return f"Error {code}: {text}"
except Exception as e:
logger.error(f"Error while parsing Auth.Net error message: {e}")
return "An unparsable error occurred with the payment gateway."
return "An unknown error occurred with the payment gateway."
def create_user_account(db: Session, customer_id: int) -> dict:
"""
Create a complete Authorize.net account for a user from scratch.
This includes creating the customer profile with their first card,
and adding any additional cards as payment profiles.
Args:
db: Database session
customer_id: ID of the customer to create account for
Returns:
Dict with success status, message, and account details
"""
try:
# Get customer and their cards
from .. import crud # Import here to avoid circular imports
customer = crud.get_customer(db, customer_id)
if not customer:
return {
"success": False,
"message": f"Customer {customer_id} not found",
"profile_id": None
}
# Get customer's cards from database
cards = crud.get_customer_cards(db, customer_id)
if not cards:
return {
"success": False,
"message": "No cards available for customer - cannot create account",
"profile_id": None
}
# Determine if this is a new creation or update of existing profile
original_profile_id = customer.auth_net_profile_id
# Get the first card to use for initial profile creation
first_card = cards[0]
logger.info(f"Using first card ID={first_card.id} for profile creation")
logger.info(f"Card Number: {first_card.card_number[:4]}**** ****{first_card.card_number[-4:]}")
logger.info(f"Expiration: {first_card.expiration_month}/{first_card.expiration_year}")
# Create CardCreate object for the first card
# Format expiration date for string values - pad year to 4 digits and month to 2 digits
expiration_year = first_card.expiration_year.zfill(4) if len(first_card.expiration_year) < 4 else first_card.expiration_year
expiration_month = first_card.expiration_month.zfill(2) if len(first_card.expiration_month) < 2 else first_card.expiration_month
expiration_date = f"{expiration_year}-{expiration_month}"
card_info = schemas.CardCreate(
card_number=first_card.card_number,
expiration_date=expiration_date,
cvv=first_card.security_number
)
logger.info(f"Card info expiration_date: {card_info.expiration_date}")
logger.info(f"Processing Authorize.net profile for customer {customer_id} with {len(cards)} cards")
# Create customer profile and payment profiles if not exists
if not customer.auth_net_profile_id:
# Create the initial customer profile with first card (doesn't return payment profile IDs)
try:
auth_profile_id, _ = payment_service.create_customer_profile(customer, card_info)
except ValueError as e:
logger.error(f"API call failed: {e}")
return {
"success": False,
"message": f"Failed to create customer profile: {str(e)}",
"profile_id": None
}
if not auth_profile_id:
logger.error("No auth_profile_id returned from API")
return {
"success": False,
"message": "Failed to create customer profile - no profile ID returned",
"profile_id": None
}
# Add first payment profile to the customer profile
try:
first_payment_profile_id = payment_service.add_payment_profile_to_customer(
auth_profile_id, customer, card_info, is_default=True
)
logger.info(f"Successfully added first payment profile: {first_payment_profile_id} (default)")
# Assign to first_card
first_card.auth_net_payment_profile_id = first_payment_profile_id
db.add(first_card)
except ValueError as e:
logger.error(f"Failed to add payment profile for first card: {str(e)}")
return {
"success": False,
"message": f"Failed to add first payment profile: {str(e)}",
"profile_id": None
}
# Create additional payment profiles for additional cards
for card in cards[1:]:
try:
# Format expiration date for string values
exp_year = card.expiration_year.zfill(4) if len(card.expiration_year) < 4 else card.expiration_year
exp_month = card.expiration_month.zfill(2) if len(card.expiration_month) < 2 else card.expiration_month
exp_date = f"{exp_year}-{exp_month}"
card_info_additional = schemas.CardCreate(
card_number=card.card_number,
expiration_date=exp_date,
cvv=card.security_number
)
# create_customer_payment_profile DOES return the payment profile ID
payment_profile_id = payment_service.add_payment_profile_to_customer(
auth_profile_id, customer, card_info_additional, is_default=False
)
logger.info(f"Successfully added additional payment profile ID '{payment_profile_id}' for card {card.id}")
except ValueError as e:
logger.error(f"Failed to add payment profile for additional card {card.id}: {str(e)}")
else:
auth_profile_id = customer.auth_net_profile_id
logger.info(f"Using existing Authorize.net profile {auth_profile_id}")
# RETRIEVE ALL PAYMENT PROFILE IDs - This is the key step
try:
payment_profile_ids = payment_service.get_customer_payment_profiles(auth_profile_id)
logger.info(f"DEBUG: Retrieved {len(payment_profile_ids)} payment profile IDs: {payment_profile_ids}")
except ValueError as e:
logger.error(f"Failed to retrieve payment profiles: {str(e)}")
return {
"success": False,
"message": f"Failed to retrieve payment profiles: {str(e)}",
"profile_id": None
}
# Assign payment profile IDs to cards
num_to_update = min(len(cards), len(payment_profile_ids))
logger.info(f"Assigning {num_to_update} payment profile IDs to cards")
if len(payment_profile_ids) != len(cards):
logger.warning(f"Mismatch between payment profile count ({len(payment_profile_ids)}) and card count ({len(cards)})")
logger.warning("This could cause incorrect payment profile assignments!")
cards_updated = 0
for i in range(num_to_update):
if payment_profile_ids[i] and str(payment_profile_ids[i]).strip(): # Validate the ID exists and isn't empty
cards[i].auth_net_payment_profile_id = str(payment_profile_ids[i]) # Ensure string
db.add(cards[i])
logger.info(f"Successfully assigned payment profile ID '{payment_profile_ids[i]}' to card {cards[i].id}")
cards_updated += 1
else:
logger.error(f"Missing or invalid payment profile ID '{payment_profile_ids[i]}' for card {cards[i].id}")
# Save customer profile ID if not set (handle both new and existing case)
if not customer.auth_net_profile_id:
customer.auth_net_profile_id = auth_profile_id
db.add(customer)
# Commit all changes
db.commit()
logger.info(f"Successfully committed payment profile IDs to database ({cards_updated} cards updated)")
# Enhanced verification - check what was actually saved
logger.info("Verifying payment profile IDs were saved correctly:")
all_saved_correctly = True
for i, card in enumerate(cards[:num_to_update]):
committed_card = crud.get_card_by_id(db, card.id)
if committed_card and committed_card.auth_net_payment_profile_id:
logger.info(f"SUCCESS: Card {card.id} has payment profile ID '{committed_card.auth_net_payment_profile_id}'")
else:
logger.error(f"ERROR: Card {card.id} is missing payment profile ID")
all_saved_correctly = False
if not all_saved_correctly:
logger.error("PAYMENT PROFILE ASSIGNMENT ERRORS DETECTED - This may cause transaction failures!")
operation_type = "created" if not original_profile_id else "updated"
logger.info(f"Successfully {operation_type} Authorize.net profile {auth_profile_id} for customer {customer_id} with {len(cards)} cards")
# 🔄 PROACTIVELY REFRESH PAYMENT PROFILES TO ENSURE VALIDITY
logger.info(f"🔄 Auto-refresh START: customer_id={customer_id}, auth_profile_id={auth_profile_id}")
logger.info(f"🔄 Auto-refresh BEFORE: Cards have these payment profile IDs: {[f'card_{c.id}={c.auth_net_payment_profile_id}' for c in cards]}")
# Check what changed after refresh
cards_after = crud.get_customer_cards(db, customer_id)
logger.info(f"🔄 Auto-refresh AFTER: Cards now have these payment profile IDs: {[f'card_{c.id}={c.auth_net_payment_profile_id}' for c in cards_after]}")
logger.info(f"🔄 Auto-refresh COMPLETE - IDs changed: {len([c for c in cards if c.auth_net_payment_profile_id != cards_after[cards.index(c)].auth_net_payment_profile_id])} cards updated")
return {
"success": True,
"message": f"Successfully {operation_type} Authorize.net account with profile ID {auth_profile_id} (profiles auto-refreshed)",
"profile_id": auth_profile_id,
"total_cards_updated": cards_updated
}
except Exception as e:
logger.error(f"Critical exception during user account creation for customer {customer_id}: {traceback.format_exc()}")
db.rollback()
return {
"success": False,
"message": f"An unexpected error occurred: {str(e)}",
"profile_id": None
}

246
app/services/user_delete.py Normal file
View File

@@ -0,0 +1,246 @@
import logging
import traceback
from authorizenet import apicontractsv1
from authorizenet.apicontrollers import (
deleteCustomerProfileController,
deleteCustomerPaymentProfileController
)
from authorizenet.constants import constants
from config import load_config
from sqlalchemy.orm import Session
logger = logging.getLogger(__name__)
# Load Authorize.net credentials
ApplicationConfig = load_config()
API_LOGIN_ID = '9U6w96gZmX'
TRANSACTION_KEY = '94s6Qy458mMNJr7G'
constants.show_url_on_request = True
constants.environment = constants.SANDBOX
def _get_authnet_error_message(response):
"""
Robust error parsing function that correctly handles the API's response format.
"""
if response is None:
return "No response from payment gateway."
try:
if hasattr(response, 'messages') and response.messages is not None:
if hasattr(response.messages, 'message'):
message_list = response.messages.message
if not isinstance(message_list, list):
message_list = [message_list]
if message_list:
msg = message_list[0]
code = msg.code if hasattr(msg, 'code') else 'Unknown'
text = msg.text if hasattr(msg, 'text') else 'No details provided.'
return f"Error {code}: {text}"
except Exception as e:
logger.error(f"Error while parsing Auth.Net error message: {e}")
return "An unparsable error occurred with the payment gateway."
return "An unknown error occurred with the payment gateway."
def delete_user_account(db: Session, customer_id: int) -> dict:
"""
Delete the complete Authorize.net account for a user.
This removes the customer profile and all associated payment profiles from Authorize.net,
then updates the database to null out the ID fields.
Args:
db: Database session
customer_id: ID of the customer to delete account for
Returns:
Dict with success status, message, and details
"""
try:
# Import crud functions here to avoid circular imports
from .. import crud
# Get customer from database
customer = crud.get_customer(db, customer_id)
if not customer:
return {
"success": False,
"message": f"Customer {customer_id} not found",
"deleted_profile_id": None
}
# Check if customer has an Authorize.net profile
if not customer.auth_net_profile_id:
return {
"success": False,
"message": "Customer does not have an Authorize.net profile",
"deleted_profile_id": None
}
profile_id_to_delete = customer.auth_net_profile_id
# Get customer's payment profiles/cards from database
cards = crud.get_customer_cards(db, customer_id)
logger.info(f"Starting deletion of Authorize.net account for customer {customer_id} (Profile ID: {profile_id_to_delete})")
# Step 1: Delete payment profiles first (must delete these before customer profile)
deleted_payment_profiles = []
if cards:
logger.info(f"Found {len(cards)} cards to delete from Authorize.net")
for card_index, card in enumerate(cards):
if card.auth_net_payment_profile_id:
try:
logger.info(f"Deleting payment profile {card.auth_net_payment_profile_id} for card {card.id}")
# Delete payment profile from Authorize.net
success = _delete_payment_profile(profile_id_to_delete, card.auth_net_payment_profile_id)
if success:
deleted_payment_profiles.append(card.auth_net_payment_profile_id)
logger.info(f"Successfully deleted payment profile {card.auth_net_payment_profile_id}")
else:
logger.warning(f"Failed to delete payment profile {card.auth_net_payment_profile_id} - it may not exist or already deleted")
except Exception as e:
logger.error(f"Error deleting payment profile {card.auth_net_payment_profile_id}: {str(e)}")
# Continue with other payment profiles - we want to delete as much as possible
# Always null out the payment profile ID in database (even if API delete failed)
card.auth_net_payment_profile_id = None
db.add(card)
# Step 2: Delete customer profile
logger.info(f"Deleting customer profile {profile_id_to_delete}")
profile_deleted_success = _delete_customer_profile(profile_id_to_delete)
# Step 3: Update database regardless of API results
customer.auth_net_profile_id = None
db.add(customer)
# Commit all database changes
db.commit()
if profile_deleted_success:
logger.info(f"Successfully deleted Authorize.net account for customer {customer_id}")
return {
"success": True,
"message": f"Successfully deleted Authorize.net account with profile ID {profile_id_to_delete}",
"deleted_profile_id": profile_id_to_delete,
"deleted_payment_profiles_count": len(deleted_payment_profiles),
"deleted_payment_profiles": deleted_payment_profiles
}
else:
logger.warning(f"Customer profile {profile_id_to_delete} may not have been completely removed from Authorize.net, but database has been updated")
return {
"success": False,
"message": f"Profile {profile_id_to_delete} may not have been completely removed from Authorize.net, but database has been cleaned up",
"deleted_profile_id": profile_id_to_delete,
"deleted_payment_profiles_count": len(deleted_payment_profiles),
"deleted_payment_profiles": deleted_payment_profiles
}
except Exception as e:
logger.error(f"Critical exception during account deletion for customer {customer_id}: {traceback.format_exc()}")
db.rollback()
return {
"success": False,
"message": f"An unexpected error occurred: {str(e)}",
"deleted_profile_id": None
}
def _delete_customer_profile(profile_id: str) -> bool:
"""
Delete customer profile from Authorize.net.
Args:
profile_id: Authorize.net customer profile ID
Returns:
bool: True if successfully deleted or profile doesn't exist, False on error
"""
try:
merchant_auth = apicontractsv1.merchantAuthenticationType(
name=API_LOGIN_ID,
transactionKey=TRANSACTION_KEY
)
request = apicontractsv1.deleteCustomerProfileRequest(
merchantAuthentication=merchant_auth,
customerProfileId=profile_id
)
controller = deleteCustomerProfileController(request)
controller.execute()
response = controller.getresponse()
if response is None:
logger.warning(f"No response received when trying to delete profile {profile_id}")
return False
if hasattr(response, 'messages') and response.messages.resultCode == "Ok":
logger.info(f"Successfully deleted customer profile {profile_id}")
return True
else:
error_msg = _get_authnet_error_message(response)
logger.warning(f"Failed to delete customer profile {profile_id}: {error_msg}")
# Still count as success if the profile was already deleted/not found
if "not found" in error_msg.lower() or "E00040" in error_msg or "E00035" in error_msg:
logger.info(f"Profile {profile_id} was already deleted or doesn't exist")
return True
return False
except Exception as e:
logger.error(f"Exception during delete customer profile {profile_id}: {str(e)}")
return False
def _delete_payment_profile(customer_profile_id: str, payment_profile_id: str) -> bool:
"""
Delete payment profile from Authorize.net.
Args:
customer_profile_id: Authorize.net customer profile ID
payment_profile_id: Authorize.net payment profile ID to delete
Returns:
bool: True if successfully deleted or profile doesn't exist, False on error
"""
try:
merchant_auth = apicontractsv1.merchantAuthenticationType(
name=API_LOGIN_ID,
transactionKey=TRANSACTION_KEY
)
request = apicontractsv1.deleteCustomerPaymentProfileRequest(
merchantAuthentication=merchant_auth,
customerProfileId=customer_profile_id,
customerPaymentProfileId=payment_profile_id
)
controller = deleteCustomerPaymentProfileController(request)
controller.execute()
response = controller.getresponse()
if response is None:
logger.warning(f"No response received when trying to delete payment profile {payment_profile_id}")
return False
if hasattr(response, 'messages') and response.messages.resultCode == "Ok":
logger.info(f"Successfully deleted payment profile {payment_profile_id}")
return True
else:
error_msg = _get_authnet_error_message(response)
logger.warning(f"Failed to delete payment profile {payment_profile_id}: {error_msg}")
# Still count as success if the payment profile was already deleted/not found
if "not found" in error_msg.lower() or "E00040" in error_msg or "E00035" in error_msg:
logger.info(f"Payment profile {payment_profile_id} was already deleted or doesn't exist")
return True
return False
except Exception as e:
logger.error(f"Exception during delete payment profile {payment_profile_id}: {str(e)}")
return False