Tweaks & Fixes

.gitignore

@@ -8,3 +8,6 @@ tmp
 nbproject
 *.swp
 spec/dummy
+*.sublime-workspace
+*.sublime-project
+

.travis.yml

@@ -1,6 +1,12 @@
-script: "bundle exec rake test_app && bundle exec rspec spec"
+before_install: gem install bundler --pre
+before_script:
+  - "bundle exec rake test_app"
+script: "DISPLAY=:99.0 bundle exec rspec spec"
+notifications:
+  email:
+    - [email protected]
+
+
 rvm:
-  - 1.8.7
   - 1.9.2
-  - 1.9.3
-  - rbx-2.0
+  - 1.9.3

Gemfile

@@ -1,13 +1,16 @@
-source 'http://rubygems.org'
+source :rubygems
 
-group :test do
-  gem 'ffaker'
-end
+gem 'sqlite3'
 
-if RUBY_VERSION < "1.9"
-  gem "ruby-debug"
-else
-  gem "ruby-debug19"
+gem 'spree', :git => 'git://github.com/spree/spree.git'
+
+group :test do
+  gem 'rspec-rails', '= 2.6.1'
+  gem 'database_cleaner', '= 0.6.7'
+  gem 'nokogiri'
+  gem 'capybara', '1.0.1'
+  gem 'faker'
+  gem 'factory_girl'
 end
 
 gemspec

README.md

@@ -2,7 +2,7 @@
 
 A [Spree](http://spreecommerce.com) extension to allow payments using PayPal Website Standard.
 
-[![Build Status](https://secure.travis-ci.org/tomash/spree-pp-website-standard.png)](http://travis-ci.org/tomash/spree-pp-website-standard)
+[![Build Status](https://secure.travis-ci.org/buddhi-desilva/spree-pp-website-standard.png)](http://travis-ci.org/buddhi-desilva/spree-pp-website-standard)
 
 ## Before you read further
 
@@ -47,25 +47,17 @@ Configure, run, test.
 
 ## Configuration
 
-Be sure to configure the following configuration parameters. Preferably put it in initializer like config/initializers/pp_website_standard.rb.
+Navigate to Spree > Admin > Configurations and Click on 'PayPal Preferences' and you can set the following preferences
 
-Example:
-
-    Spree::Paypal::Config.set(:account => "[email protected]") 
-    Spree::Paypal::Config.set(:success_url => "http://localhost:3000/paypal/confirm")
-
-
-The following configuration options (keys) can be set:
-
-    :account         # email account of store 
-    :success_url     # url the customer is redirected to after successfully completing payment
-    :currency_code   # default EUR
-    :sandbox_url     # paypal url in sandbox mode, default https://www.sandbox.paypal.com/cgi-bin/webscr
-    :paypal_url      # paypal url in production, default https://www.paypal.com/cgi-bin/webscr
-    :populate_address # (true/false) pre-populate fields of billing address based on spree order data
-    :encryption      # (true/false) use encrypted shopping cart
-    :cert_id         # id of certificate used to encrypted stuff
-    :ipn_secret      # secret string for authorizing IPN
+    account         # email account of store
+    success_url     # url the customer is redirected to after successfully completing payment
+    currency_code   # default EUR
+    sandbox_url     # paypal url in sandbox mode, default https://www.sandbox.paypal.com/cgi-bin/webscr
+    paypal_url      # paypal url in production, default https://www.paypal.com/cgi-bin/webscr
+    populate_address # (true/false) pre-populate fields of billing address based on spree order data
+    encryption      # (true/false) use encrypted shopping cart
+    cert_id         # id of certificate used to encrypted stuff
+    ipn_secret      # secret string for authorizing IPN
 
 Only the first three ones need to be set up in order to get running. 
 
@@ -75,14 +67,20 @@ The last three are required for secure, encrypted operation (see below).
 
 The payment link can be encrypted using an SSL key pair and a PayPal public key. In order to attempt this encryption, the following elements must be available. If these are not available a normal link will be generated.
 
+And we shouldn't confuse this encryption with SSL provided by the website to eliminate somebody hijacking users' sessions. This encrypts the data sent to PayPal and eliminate an outsider or especially a buyer crafting a PayPal response to mark the order as paid.
+
 Spree::Paypal::Config[:encrypted] must be set to true.
 Spree::Paypal::Config[:cert_id] must be set to a valid certificate id.
 Spree::Paypal::Config[:ipn_secret] must be set to a string considered secret.
 Application must have a Rails.root/certs directory with following files:
 
     app_cert.pem # application certificate
     app_key.pem  # application key
-    paypal_cert_#{Rails.env}.pem # paypal certificate
+    paypal_cert_#{Rails.env}.pem # paypal public certificate (downloded from PayPal)
+
+Download the two PayPal public certificates for development and production environments and rename paypal_cert_development.pem and paypal_cert_production.pem respectively. Gem will pick the correct certificate based on the environment.
+
+Also get the certificate ID from PayPal (copy the listed ID next to the uploaded public/application key) and set the cert_id configuration variable.
 
 The best instructions on what is what, how these files should be generated etc. are [in AsciiCast 143](http://asciicasts.com/episodes/143-paypal-security) (basically the code of this extension is also based on this AsciiCast). 
 

app/assets/stylesheets/admin/spree_paypal_website_standard.css

@@ -1,3 +1,3 @@
 /*
  *= require admin/spree_core
-*/
+*/

app/controllers/spree/admin/paypal_preferences_controller.rb

@@ -0,0 +1,28 @@
+module Spree
+  module Admin
+    class PaypalPreferencesController < Spree::Admin::BaseController
+
+      def index
+        @pp_config = Spree::PaypalWebsiteStandard::Config
+      end
+
+      def create
+        params.each do |name, value|
+          next unless Spree::PaypalWebsiteStandard::Config.has_preference? name
+          Spree::PaypalWebsiteStandard::Config[name] = value
+        end
+
+        # Setting the success URL within the controller to prevent error.
+        # If the confirm url get change it has to be reflected here.
+        Spree::PaypalWebsiteStandard::Config[:success_url] = Spree::Config.site_url + "/paypal/confirm"
+
+        unless params.has_key?('encrypted')
+          Spree::PaypalWebsiteStandard::Config.encrypted = false
+        end
+
+        redirect_to admin_paypal_preferences_path
+      end
+
+    end
+  end
+end

app/controllers/spree/base_controller_decorator.rb

@@ -0,0 +1,30 @@
+Spree::BaseController.class_eval do
+	before_filter :check_current_order
+
+	# Checks if an order exists and if its paid
+	# will display the payment success message
+	def check_current_order	
+		# TODO: Introduce a proper way to check the order payment status
+		# Currently the order get removed from the session the moment the
+		# spree receives payment and no way of tracking. Might have to introduce
+		# other means of checking for payment receival for orders. A possible
+		# method would be to have session id sent along with IPN secret and
+		# mark a flag on payment notifications after displaying payment received
+		# message
+		# if current_order \
+		# && current_order.completed? 
+		# # && ((current_order.payment_state == "paid") or (current_order.payment_state == "credit_owed"))
+		# 	flash[:notice] = t(:pp_ws_payment_received)
+		# 	@order = current_order
+		# 	session[:order_id] = nil
+
+		# 	if current_user
+		# 		redirect_to spree.order_path(@order)
+		# 	else
+		# 		redirect_to root_path
+		# 	end
+
+		# end
+	end
+
+end

app/controllers/spree/payment_notifications_controller.rb

@@ -14,10 +14,7 @@ def create
         :order_id => @order.id,
         :status => params[:payment_status],
         :transaction_id => params[:txn_id])
-
-      logger.info "PayPal_Website_Standard: processing payment notification for invoice #{params["invoice"]}, amount is #{params["mc_gross"]} #{params["mc_currency"]}"
-      # this logging stuff won't live here for long...
-
+
       Order.transaction do
       # main part of hacks
         order = @order
@@ -36,54 +33,26 @@ def create
         payment.payment_method = Spree::Order.paypal_payment_method
         order.payments << payment
         payment.started_processing
-
-        order.payment.complete
+
+        payment.complete!
+        @order.update_attributes({:state => "complete", :completed_at => Time.now}, :without_protection => true)
         logger.info("PayPal_Website_Standard: order #{order.number} (#{order.id}) -- completed payment")
 
-        until @order.state == "complete"
-          if @order.next!
-            @order.update!
-            state_callback(:after)
-          end
+        if @order.respond_to?(:consume_users_credit, true)
+          @order.send(:consume_users_credit)
         end
 
+        @order.finalize!
+
         logger.info("PayPal_Website_Standard: Order #{order.number} (#{order.id}) updated successfully, IPN complete")
       end
 
       render :nothing => true
     end
 
     private
+    #########################
 
-    # those methods are copy-pasted from CheckoutController
-    # we cannot inherit from that class unless we want to skip_before_filter
-    # half of calls in SpreeBase module
-    def state_callback(before_or_after = :before)
-      method_name = :"#{before_or_after}_#{@order.state}"
-      send(method_name) if respond_to?(method_name, true)
-    end
-
-    def before_address
-      @order.bill_address ||= Address.new(:country => default_country)
-      @order.ship_address ||= Address.new(:country => default_country)
-    end
-
-    def before_delivery
-      @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
-    end
-
-    def before_payment
-      current_order.payments.destroy_all if request.put?
-    end
-
-		#This isn't working here in payment_nofitications_controller since IPN will run on a different session
-    def after_complete
-      session[:order_id] = nil
-    end
-
-    def default_country
-      Country.find Spree::PaypalWebsiteStandard::Config.default_country_id
-    end
-
+
   end
 end

app/controllers/spree/paypal_controller.rb

@@ -1,27 +1,32 @@
 module Spree
-  class PaypalController < Spree::CheckoutController
+  class PaypalController < BaseController
     protect_from_forgery :except => [:confirm]
     skip_before_filter :persist_gender
-    
+
     def confirm
-      unless current_order
-        redirect_to root_path
-      else
-        order = current_order
-        if (order.payment_state == "paid") or (order.payment_state == "credit_owed")
-          flash[:notice] = t(:pp_ws_payment_received)
-          state_callback(:after)
+      @pp_order = params[:order].blank? ? nil : Spree::Order.find_by_number(params[:order])
+
+      if @pp_order
+
+        if @pp_order.complete?
+            flash[:notice] = t(:pp_ws_payment_received)
+
+            if current_user && (current_user == @pp_order.user)
+              redirect_to order_path(@pp_order)
+            else
+              redirect_to root_path
+            end
+
         else
-          while order.state != "complete"
-            order.next
-            state_callback(:after)
-          end
-          flash[:notice] = t(:pp_ws_order_processed_successfully)
-          flash[:commerce_tracking] = "nothing special"
+          flash[:notice] = t(:pp_ws_order_processing)
+          redirect_to root_path
         end
-        redirect_to order_path(current_order)
+
+      else
+        redirect_to root_path
       end
+
     end
-  
+
   end
 end

app/models/spree/order_decorator.rb

@@ -2,19 +2,42 @@
   has_many :payment_notifications
 
   # SSL certificates for encrypting paypal link
-  PAYPAL_CERT_PEM = "#{Rails.root}/certs/paypal_cert_#{Rails.env}.pem"
-  APP_CERT_PEM = "#{Rails.root}/certs/app_cert.pem"
-  APP_KEY_PEM = "#{Rails.root}/certs/app_key.pem"
-  def shipment_cost
-    adjustment_total - credit_total
+  PAYPAL_CERT_PEM = "#{Rails.root}/certs/paypal_cert_#{Rails.env}.pem" # PayPal’s public certificate (downloaded from PayPal)
+  APP_CERT_PEM = "#{Rails.root}/certs/app_cert.pem" # Public Key
+  APP_KEY_PEM = "#{Rails.root}/certs/app_key.pem" # Private Key
+
+  # This is a workaround for PayPal's disocunt limitations. Discount cannot be bigger than item total.  
+  # E.g: Before calculation 
+  # Promo credits : 20
+  # Total item cost: 19
+  # Shipping: 5
+  # --------------------------
+  # Becomes:
+  # Discount :18.99 (PayPal sees it as a discount) 
+  # Total item cost: 19 (cannot be changed, PayPal does the calculation)
+  # Shipping : 4.01
+  def paypal_cart_adjustments
+    pp_adjustments = {}
+    # The discount has to be a positive number and shipping is calcuated separately in paypal.
+    pp_adjustments[:discount] = (self.adjustment_total - self.ship_total).abs
+
+    # for PayPal discount has to be < total item cost
+    # deducting the remaining credit from the shipping cost
+    if pp_adjustments[:discount] > self.item_total
+      pp_adjustments[:ship_cost] = (pp_adjustments[:discount] - (self.item_total + self.ship_total - BigDecimal("0.01"))).abs
+      pp_adjustments[:discount] = self.item_total - BigDecimal("0.01")
+    else
+      pp_adjustments[:ship_cost] = self.ship_total
+    end
+    pp_adjustments
   end
 
   def payable_via_paypal?
     !!self.class.paypal_payment_method
   end
 
   def self.paypal_payment_method
-    PaymentMethod.select{ |pm| pm.name.downcase =~ /paypal/}.first
+    Spree::PaymentMethod.select{ |pm| pm.name.downcase =~ /paypal/}.first
   end
 
   def self.use_encrypted_paypal_link?
@@ -33,7 +56,8 @@ def paypal_encrypted(payment_notifications_url, options = {})
       :cmd => '_cart',
       :upload => 1,
       :currency_code => options[:currency_code] || Spree::PaypalWebsiteStandard::Config.currency_code,
-      :handling_cart => self.ship_total,
+      :handling_cart => self.paypal_cart_adjustments[:ship_cost],
+      :discount_amount_cart => self.paypal_cart_adjustments[:discount],
       :return => Spree::PaypalWebsiteStandard::Config.success_url,
       :notify_url => payment_notifications_url,
       :charset => "utf-8",