JBAS-1544 Paypal skip silent post URL option

Org unit setting to avoid sending the Paypal Silent Post URL during
secure token generation.  This is useful if you want to use a specific
server for handling silent posts that may not match the hostname of the
catalog paged accessed by the browser.

Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/KCLS/sql/schema/deploy/payflow-hosted-static-silent-post-url.sql b/KCLS/sql/schema/deploy/payflow-hosted-static-silent-post-url.sql
new file mode 100644 (file)
index 0000000..9251903
--- /dev/null
+++ b/KCLS/sql/schema/deploy/payflow-hosted-static-silent-post-url.sql
@@ -0,0 +1,17 @@
+-- Deploy kcls-evergreen:payflow-hosted-org-settings-urls to pg
+-- requires: payflow-hosted-org-settings
+
+BEGIN;
+
+INSERT INTO config.org_unit_setting_type 
+    (name, label, description, datatype, view_perm, update_perm, grp)
+VALUES
+    (
+        'credit.processor.payflowhosted.skip_silent_post_url',
+        'PayflowHosted: Avoid dynamic Silent POST URL',
+        'Let PP use the Silent Post URL configured in the PayPal Manager ' ||
+        'instead of sending our a dynamic (Apache host-based) URL',
+        'bool', 1005, 1006, 'credit'
+    );
+
+COMMIT;

diff --git a/KCLS/sql/schema/revert/payflow-hosted-static-silent-post-url.sql b/KCLS/sql/schema/revert/payflow-hosted-static-silent-post-url.sql
new file mode 100644 (file)
index 0000000..b7395f7
--- /dev/null
+++ b/KCLS/sql/schema/revert/payflow-hosted-static-silent-post-url.sql
@@ -0,0 +1,11 @@
+-- Revert kcls-evergreen:payflow-hosted-org-settings-urls from pg
+
+BEGIN;
+
+DELETE FROM actor.org_unit_setting
+    WHERE name = 'credit.processor.payflowhosted.skip_silent_post_url';
+
+DELETE FROM config.org_unit_setting_type 
+    WHERE name = 'credit.processor.payflowhosted.skip_silent_post_url';
+
+COMMIT;

diff --git a/KCLS/sql/schema/sqitch.plan b/KCLS/sql/schema/sqitch.plan
index d6b36b0..9307f30 100644 (file)
--- a/KCLS/sql/schema/sqitch.plan
+++ b/KCLS/sql/schema/sqitch.plan
@@ -30,3 +30,4 @@ vand-auth-edit-date [purge-user-activity] 2016-06-01T18:24:54Z Bill Erickson <be
 payflow-hosted-org-settings [vand-auth-edit-date] 2016-07-06T18:39:40Z Bill Erickson <berickxx@gmail.com> # PayflowPro Hosted Pages org unit settings
 sip-act-type-freegalsip [payflow-hosted-org-settings] 2016-08-19T20:24:01Z Bill Erickson <berickxx@gmail.com> # User activity type for freegalsip login
 audit-table-maint [payflow-hosted-org-settings] 2016-07-22T14:49:08Z Bill Erickson <berickxx@gmail.com> # Audit table cleanup functions
+payflow-hosted-static-silent-post-url [payflow-hosted-org-settings] 2016-08-17T13:14:48Z Bill Erickson <berickxx@gmail.com> # Fall back to PP silent post URL

diff --git a/KCLS/sql/schema/verify/payflow-hosted-static-silent-post-url.sql b/KCLS/sql/schema/verify/payflow-hosted-static-silent-post-url.sql
new file mode 100644 (file)
index 0000000..889168e
--- /dev/null
+++ b/KCLS/sql/schema/verify/payflow-hosted-static-silent-post-url.sql
@@ -0,0 +1,7 @@
+-- Verify kcls-evergreen:payflow-hosted-org-settings-urls on pg
+
+BEGIN;
+
+-- XXX Add verifications here.
+
+ROLLBACK;

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/PayflowHosted.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/PayflowHosted.pm
index 80f4923..240ab43 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/PayflowHosted.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/PayflowHosted.pm
@@ -75,8 +75,11 @@ sub create_xact_token {
         $pf_params{CANCELURL} = "$host/eg/opac/biblio/main_fines";
         $pf_params{RETURNURL} = "$host/eg/opac/payflow/pay_receipt/$tokenid";
         $pf_params{ERRORURL}  = "$host/eg/opac/biblio/main_fines/$tokenid";
-        # KCLS uses evgmobile for now to avoid TLS 1.2.  REVISIT.
-        #$pf_params{SILENTPOSTURL} = "$host/eg/opac/payflow/silent_post";
+
+        # Avoid sending a Silent POST URL if we are relying instead
+        # on the URL configured within the PayPal manager.
+        $pf_params{SILENTPOSTURL} = "$host/eg/opac/payflow/silent_post"
+            unless $settings{skip_silent_post_url};
     }
 
     my $api_server = $live_api_server;
@@ -143,10 +146,11 @@ sub get_settings {
     my %params;
     my $spfx = 'credit.processor.payflowhosted';
 
-    for my $p (qw/partner vendor login password testmode enabled autohosts/) {
+    for my $p (qw/partner vendor login password 
+            testmode enabled autohosts skip_silent_post_url/) {
         $params{$p} = $U->ou_ancestor_setting_value($org, "$spfx.$p");
 
-        if (!$params{$p} && $p ne 'testmode' && $p ne 'autohosts') {
+        if (!$params{$p} && $p !~ /testmode|autohosts|skip_silent_post_url/) {
             $logger->error("Attempt to make payment via 'payflowhosted' ".
                 "with no value for org unit setting: '$spfx.$p'");
             return undef;