-2

I am adding recurring payment system using a payment gateway (cashfree payment gateway) to the website that I am developing. After the payment is processed then payment gateway redirects to my wesbite url with some parameters with POST request as given here. I am unable to read these parameters. This is my first web development project and I am little bit confused here. It was mentioned in the documentation that it was POST request but in the backend request.method gives GET method. I am using below code

@csrf_exempt
@login_required
def cashfree_response(request):
    if request.method == "POST":
        print('inside post method')
    if request.method == "GET":
        print('inside get method')
        sub_ref = request.GET['cf_subReferenceId']

How to read cf_subReferenceId parameter value and other parameter values passed by the payment gateway? I also tried using sub_ref = request.GET.get('cf_subReferenceId') but it returned None. How to read those parameters and how to check if payment gateway is sending any parameters?

Update:

I contacted cashfree payment gateway and they replied that it is POST request.But when I print(request.method) it is showing as GET. They sent me couple of PHP files but I don't know PHP. Below are the PHP files they sent me. Can someone help me to determine what is the return method and how to read return parameters?

<?php  
     $secretkey = "60e9cfebec82c9693d9423011fc2898766119d1c";
     $cf_subReferenceId = $_POST["cf_subReferenceId"];
     $cf_subscriptionId = $_POST["cf_subscriptionId"];
     $cf_authAmount = $_POST["cf_authAmount"];
     $cf_orderId = $_POST["cf_orderId"];
     $cf_referenceId = $_POST["cf_referenceId"];
     $cf_status = $_POST["cf_status"];
     $cf_message = $_POST["cf_message"];
     $signature = $_POST["signature"];
     $data = "";
     $postData = $_POST;
     ksort($postData);
     foreach ($postData as $key => $value) {
     if (substr($key, 0, 3) == "cf_") {
     $data .= $key . $value;
}
 }
 //echo($data);
         //die();
         $hash_hmac = hash_hmac('sha256', $data, $secretkey, true) ;
         $computedSignature = base64_encode($hash_hmac);
         if ($signature == $computedSignature) {
         print_r("yes");
         }else{
         print_r("no");
         }
?>

and

<!DOCTYPE html>
<html>
<head>
    <title>Cashfree - PG Response Details</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
    <h1 align="center">PG Response</h1> 

    <?php  
         $secretkey = "60e9cfebec82c9693d9423011fc2898766119d1c";
         $cf_subReferenceId = $_POST["cf_subReferenceId"];
         $cf_subscriptionId = $_POST["cf_subscriptionId"];
         $cf_authAmount = $_POST["cf_authAmount"];
         $cf_orderId = $_POST["cf_orderId"];
         $cf_referenceId = $_POST["cf_referenceId"];
         $cf_status = $_POST["cf_status"];
         $cf_message = $_POST["cf_message"];
         $signature = $_POST["signature"];
         $data = "";
         $postData = $_POST;
         ksort($postData);
         foreach ($postData as $key => $value) {
         if (substr($key, 0, 3) == "cf_") {
         $data .= $key . $value;
}
 }
 //echo($data);
         //die();
         $hash_hmac = hash_hmac('sha256', $data, $secretkey, true) ;
         $computedSignature = base64_encode($hash_hmac);
         if ($signature == $computedSignature) {
     ?>
    <div class="container"> 
    <div class="panel panel-success">
      <div class="panel-heading">Signature Verification Successful</div>
      <div class="panel-body">
        <!-- <div class="container"> -->
            <table class="table table-hover">
                <tbody>
                  <tr>
                    <td>cf_subReferenceId</td>
                    <td><?php echo $cf_subReferenceId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_subscriptionId</td>
                    <td><?php echo $cf_subscriptionId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_authAmount</td>
                    <td><?php echo $cf_authAmount; ?></td>
                  </tr>
                  <tr>
                    <td>cf_orderId</td>
                    <td><?php echo $cf_orderId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_referenceId </td>
                    <td><?php echo $cf_referenceId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_status</td>
                    <td><?php echo $cf_status; ?></td>
                  </tr>
                  <tr>
                    <td>cf_message</td>
                    <td><?php echo $cf_message; ?></td>
                  </tr>
                </tbody>
            </table>
        <!-- </div> -->

       </div>
    </div>
    </div>
     <?php   
        } else {

     ?>
    <div class="container"> 
    <div class="panel panel-danger">
      <div class="panel-heading">Signature Verification failed</div>
      <div class="panel-body">
        <!-- <div class="container"> -->
            <table class="table table-hover">
                <tbody>
                  <tr>
                    <td>cf_subReferenceId</td>
                    <td><?php echo $cf_subReferenceId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_subscriptionId</td>
                    <td><?php echo $cf_subscriptionId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_authAmount</td>
                    <td><?php echo $cf_authAmount; ?></td>
                  </tr>
                  <tr>
                    <td>cf_orderId</td>
                    <td><?php echo $cf_orderId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_referenceId </td>
                    <td><?php echo $cf_referenceId; ?></td>
                  </tr>
                  <tr>
                    <td>cf_status</td>
                    <td><?php echo $cf_status; ?></td>
                  </tr>
                  <tr>
                    <td>cf_message</td>
                    <td><?php echo $cf_message; ?></td>
                  </tr>
                </tbody>
            </table>
        <!-- </div> -->
      </div>    
    </div>  
    </div>

    <?php   
        }
     ?>

</body>
</html>

After installing debug-toolbar it shows no arguments were passed enter image description here

enter image description here

In views.py to create plan and subscription and send the user to authlink. It is creating plan and subscription and I was redirected to authlink where I was able enter card details and authorize. Since it was test mode I selected success and then returned to the url I gave. That is where I didn't any parameters.

@login_required
def payment_process(request):
    if request.method == "POST":
        Sub_value =  int(request.POST.get('sub_value'))
        creator =  request.POST.get('creator')
        url = "https://test.cashfree.com/api/v2/subscription-plans"
        appID = settings.CASHFREEID
        secretKey = settings.CASHFREESECRETKEY
        headers = {
            'cache-control': 'no-cache',
            'content-type': 'application/json',
            'X-Client-Id': appID,
            'X-Client-Secret': secretKey,
        }
        data = {"planId":"plan_1", "planName":"Booster","type":"PERIODIC","amount":Sub_value,"intervalType":"week","intervals":2,"description":"This is the standard planfor our services"}
        data=json.dumps(data)
        response = requests.post('https://test.cashfree.com/api/v2/subscription-plans', headers=headers, data=data)
        response_text = json.loads(response.text)
        if not response_text['status'] == 'OK':
            # redirect to a page to tell the user to try again later!!
            pass

        data = {"subscriptionId":"sub1", "planId":plan_id, "amount":Sub_value, "customerEmail":request.user.email,"customerPhone":"7427259375","expiresOn":"2030-12-31 23:59:59","returnUrl":"http://127.0.0.1:8000/cashfreeresponse/"}
        data=json.dumps(data)
        response = requests.post('https://test.cashfree.com/api/v2/subscriptions', headers=headers, data=data)
        response_text = json.loads(response.text)

        if not response_text['status'] == 'OK':
            # redirect to a page to tell the user to try again later!!
            pass

        return redirect(response_text['authLink'])
sreekanthkura7
  • 115
  • 2
  • 18
  • It's not possible to make a browser do a POST request in response to a redirect - a redirect can only result in the browser doing a GET request to the target URL The documentation for the payment gateway you're using is poorly written. The arguments you are looking for will be available as GET parameters. – solarissmoke Feb 22 '20 at 05:32
  • @solarissmoke How do I read GET parameters? I am using `subID = request.GET.get('cf_subReferenceId',None)` but it is returning None. – sreekanthkura7 Feb 22 '20 at 14:42

1 Answers1

0

As read in the comments, redirections are usually made with GET methods from the browser.

For getting the GET parameters in Django, you can check this solution.

On the other hand, as seen in this video of Cashfree, you can debug from the Network tab of your browse, check the preserve log option, make a request and check the headers values.

pyjavo
  • 1,598
  • 2
  • 23
  • 41
  • I contacted cashfree payment gateway they said it is POST request. But `request.method` is showing as GET method. Also I couldn't see all the details from Network tab. I updated my question with some additional information. – sreekanthkura7 Mar 04 '20 at 19:49
  • @sreekanthkura7 install django-debug-toolbar and do the debugging with it. That app will help you. Please tell me how it goes later. The PHP lines are doing the same thing, trying to get data from the POST method ($_POST["cf_subReferenceId"]) and then printing it (echo) in the HTML – pyjavo Mar 04 '20 at 21:44
  • I installed django-debug-toolbar. It shows no arguments were passed. Please see the updated question. – sreekanthkura7 Mar 04 '20 at 22:15
  • @sreekanthkura7 then it seems to me that you are doing something wrong with the CashFree implementation. Maybe sharing the code in the question without any important data? – pyjavo Mar 04 '20 at 22:22
  • I updated the question with CashFree implementation. Just want to mention that I changed few things to make things simpler. – sreekanthkura7 Mar 04 '20 at 23:27
  • I couldn't solve this issue. Do you think it might encryption issue. Is it possible to encrypt localhost? Then I can use https:// instead of http:// – sreekanthkura7 Mar 05 '20 at 20:46
  • @sreekanthkura7 Mmmmmm https only works on production servers. I think you should check this 2 repositories and compare it with your current code. Cashfree repo: https://github.com/cashfree and Paywix repo: https://github.com/renjithsraj/paywix – pyjavo Mar 05 '20 at 20:58
  • I made some progress but still having some issues. I made a new question question here[https://stackoverflow.com/questions/60582564/django-unable-to-read-post-parameters-sent-by-payment-gateway]. Could you please look into it. – sreekanthkura7 Mar 08 '20 at 01:11