/ipn_handler

Paypal IPN Handler

Primary LanguageRuby

This example shows:

  1. When to delete a test?

  2. The ‘Breaking Out’ concept discussed in Growing OO system guided by tests. By applying separation of

concerns we have created a new object PaypalService that interacts with Paypal API.

  1. How to speed up unit tests? Can you run the tests with disconnected from network connection?

  2. The first few tests were written by copying the steps 1 - 6 from Paypal IPN Guide.

  3. Read the ActiveMerchant tests to learn about the plugin.

  4. The initial version of the tests were more like ActiveMerchant learning tests and tightly coupled to the

implementation. Therefore the tests were brittle as the refactoring forced data to be hidden.

  1. Deleted tests that were not related to controller responsibilities. These were scaffolding tests that gave quick feedback and allowed us to build the system.

  2. Moved those tests to layer below that provides the service to Paypal API.

  3. Notice the mocking of the Paypal service API in the controller specs.

  4. The first version of specs for PaypalService object has shown us the need for PaypalNotification active record object for most of the checks. PaypalService will delegate the checks to the persistant object and make most of the methods as private. Only process_payment class method will be public. The specs will be moved to ActiveRecord object tests for PaypalNotification.

  5. Surprised to see how injecting dependencies to make the test run faster resulted in decorator pattern.

  6. The has_correct_amount can be made private, the tests will require testing it indirectly using the method transaction_has_correct_amount which requires transaction_id to be set and the record to be saved. It became a trade-off between test speed vs encapsulation. If this library is for internal use we can choose has_correct_amount to be public.

To Do :

  1. Read IPN guide and implement the validation rules for fields.

  2. Refine the controller to handle all cases. If the response code is not 200, save the message for further investigation.

How to check the response code in ActiveMerchant? —————————————————————————————-

The URL that processes the IPN (notification URL), businesses can automate their order fulfillment process to perform such tasks as automatically updating a database with a new customer order, sending a confirmation email, and triggering an investigation into a claim made by a dissatisfied customer.

Since IPN messages can sometimes be delayed—hence not exactly “instant”—IPN should not be exclusively relied on when immediate order fulfillment is necessary, such as in the case of a digital download service.

IPN script should make sure to respond to the HTTP response with a 200 OK message to prevent additional attempts by PayPal to send the IPN.

If you receive an INVALID response, then either you’ve done something wrong or the original IPN should be treated as suspicious and investigated.

—————————————————————————————-

  1. Review Paypal IPN Up and Running. Create task list based on this book.

  2. Write Integration Test that hits the Paypal sandbox

  3. Find the Third-Party API Grant access screen in the current Paypal website.

  4. Is order_id in Payment required?

  5. Send frequency and period limited download link in the email.

  6. Asynchronous process - IPN allows you to automatically update a database with the transaction details, send a customized order confirmation email message to the buyer

  7. Use the item id to find the order id that is combined with other pass through variables.

  8. If the verified response passes the checks,take action based on the

value of the txn_type variable if it exists; otherwise, take action based on the value of the reason_code variable.

  1. receiver_id - Unique account ID of the payment recipient (i.e., the merchant). This is the same as the recipient’s referral ID. Length: 13 characters

This will likely be the user_id. This is alphanumeric. Why do you need to store this field?

  1. payer_status - Whether the customer has a verified PayPal account.

  2. receiver_email is mapped to account - primary_paypal_email. It is varchar 255

14.

  • description != notify.params (Use custom variable to store the id of the record that contains the pass through variable fields stored locally). Currently PaypalService class, description contains the item_name value, change it to match the API call.

Deployment

  1. Deploy the IPN handler code.

  2. Turn on IPN and specify the URL to which PayPal posts the notifications.

  3. Test IPN Handler using Paypal Sandbox : # seanbehan.com/business/paypal-ipn-simulator/

PayPal IPN using Active merchant

gist.github.com/1502215 github.com/Shopify/active_merchant/blob/master/lib/active_merchant/billing/integrations/paypal/notification.rb www.fortytwo.gr/blog/14/Using-Paypal-with-Rails www.volcanic.co.uk/ruby-on-rails/author/brian/ activemerchant.rubyforge.org/classes/ActiveMerchant/Billing/Integrations/Paypal/Notification.html

Done

  1. Find the subject field in the latest Paypal API docs

  2. Email a password to your customer for downloading digital media. NOT REQUIRED.

  3. Use a separate logger for IPN messages in Paypal IPN controller. [ DONE ]

  4. Save payer_email to send order confirmation and fulfillment emails. [ DONE ]

  5. Create Payment model and store Paypal transaction_id. [ DONE ]

- user_id (most likely payer_email) [ DONE ] - payment_date - Time/Date stamp generated by PayPal. [ DONE ] Length: 28 characters : It is varchar 255 [ DONE ] You should perform before completing and fulfilling the order:

  1. • Validate that the receiver_email is an email address registered in your PayPal account, to prevent the payment from being sent to a fraudster’s account. [ DONE ]

  2. • Check other transaction details, such as the item number and price, to confirm that the price has not been changed by a malicious third party. [ DONE ]

  3. Setup Paypal Sandbox accounts for seller and buyer with credit card and bank accounts. [ DONE ]