initial work for removing the paypal token from the session #657

Author: syjer

src/main/java/alfio/controller/payment/PayPalCallbackController.java

@@ -22,13 +22,13 @@
 import alfio.model.TicketReservation;
 import alfio.model.transaction.token.PayPalToken;
 import alfio.repository.EventRepository;
+import alfio.repository.TransactionRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
 import javax.servlet.http.HttpSession;
 import java.util.Optional;
@@ -42,14 +42,14 @@ public class PayPalCallbackController {
 
     private final EventRepository eventRepository;
     private final TicketReservationManager ticketReservationManager;
+    private final TransactionRepository transactionRepository;
 
     @GetMapping("/confirm")
     public String payPalSuccess(@PathVariable("eventName") String eventName,
                                 @PathVariable("reservationId") String reservationId,
                                 @RequestParam(value = "paymentId", required = false) String payPalPaymentId,
                                 @RequestParam(value = "PayerID", required = false) String payPalPayerID,
                                 @RequestParam(value = "hmac") String hmac,
-                                RedirectAttributes redirectAttributes,
                                 HttpSession session) {
 
         Optional<Event> optionalEvent = eventRepository.findOptionalByShortName(eventName);
@@ -63,27 +63,23 @@ public String payPalSuccess(@PathVariable("eventName") String eventName,
             return "redirect:/event/"+eventName;
         }
 
+        var res = optionalReservation.get();
+        var ev = optionalEvent.get();
+
         if (isNotBlank(payPalPayerID) && isNotBlank(payPalPaymentId)) {
-            redirectAttributes.addFlashAttribute("paypalCheckoutConfirmation", true)
-                 .addFlashAttribute("tokenAcquired", true);
             session.setAttribute(PaymentManager.PAYMENT_TOKEN, new PayPalToken(payPalPayerID, payPalPaymentId, hmac));
+            return "redirect:/event/"+ev.getShortName()+"/reservation/"+res.getId()+"/overview";
         } else {
-            return payPalCancel(eventName, reservationId, redirectAttributes, session);
+            return payPalCancel(ev.getShortName(), res.getId(), session);
         }
-
-        return "redirect:/event/"+eventName+"/reservation/"+reservationId+"/overview";
     }
 
     @GetMapping("/cancel")
     public String payPalCancel(@PathVariable("eventName") String eventName,
                                @PathVariable("reservationId") String reservationId,
-                               RedirectAttributes redirectAttributes,
                                HttpSession session) {
 
         session.removeAttribute(PaymentManager.PAYMENT_TOKEN);
-
-        redirectAttributes.addFlashAttribute("tokenAcquired", false)
-             .addFlashAttribute("payPalCancelled", true);
         return "redirect:/event/"+eventName+"/reservation/"+reservationId+"/overview";
     }
 }

src/main/java/alfio/manager/payment/PayPalManager.java

@@ -21,7 +21,6 @@
 import alfio.manager.system.ConfigurationManager;
 import alfio.model.Event;
 import alfio.model.*;
-import alfio.model.system.Configuration;
 import alfio.model.system.ConfigurationKeys;
 import alfio.model.transaction.*;
 import alfio.model.transaction.capabilities.ExternalProcessing;
@@ -78,10 +77,13 @@ public class PayPalManager implements PaymentProvider, ExternalProcessing, Refun
     private final TransactionRepository transactionRepository;
 
     private APIContext getApiContext(EventAndOrganizationId event) {
-        int orgId = event.getOrganizationId();
-        boolean isLive = configurationManager.getBooleanConfigValue(Configuration.from(orgId, ConfigurationKeys.PAYPAL_LIVE_MODE), false);
-        String clientId = configurationManager.getRequiredValue(Configuration.from(orgId, ConfigurationKeys.PAYPAL_CLIENT_ID));
-        String clientSecret = configurationManager.getRequiredValue(Configuration.from(orgId, ConfigurationKeys.PAYPAL_CLIENT_SECRET));
+
+        var paypalConf = configurationManager.getFor(event,
+            Set.of(ConfigurationKeys.PAYPAL_LIVE_MODE, ConfigurationKeys.PAYPAL_CLIENT_ID, ConfigurationKeys.PAYPAL_CLIENT_SECRET));
+
+        boolean isLive = paypalConf.get(ConfigurationKeys.PAYPAL_LIVE_MODE).getValueAsBooleanOrDefault(false);
+        String clientId = paypalConf.get(ConfigurationKeys.PAYPAL_CLIENT_ID).getRequiredValue();
+        String clientSecret = paypalConf.get(ConfigurationKeys.PAYPAL_CLIENT_SECRET).getRequiredValue();
         return new APIContext(clientId, clientSecret, isLive ? "live" : "sandbox");
     }
 
@@ -380,7 +382,7 @@ public PaymentResult doPayment(PaymentSpecification spec) {
                 Long gatewayFee = Optional.ofNullable(i.getFee()).map(Long::parseLong).orElse(0L);
                 return Pair.of(platformFee, gatewayFee);
             }).orElseGet(() -> Pair.of(0L, 0L));
-            transactionRepository.invalidateForReservation(spec.getReservationId());
+            PaymentManagerUtils.invalidateExistingTransactions(spec.getReservationId(), transactionRepository);
             transactionRepository.insert(captureId, paymentId, spec.getReservationId(),
                 ZonedDateTime.now(), spec.getPriceWithVAT(), spec.getEvent().getCurrency(), "Paypal confirmation", PaymentProxy.PAYPAL.name(),
                 fees.getLeft(), fees.getRight(), alfio.model.transaction.Transaction.Status.COMPLETE, Map.of());

src/main/java/alfio/manager/payment/StripeCreditCardManager.java

@@ -129,6 +129,7 @@ public PaymentResult doPayment( PaymentSpecification spec ) {
                         Optional.ofNullable( BaseStripeManager.getFeeAmount(feeDetails, "stripe_fee")).map(Long::parseLong).orElse(0L));
                 }).orElse(null);
 
+                PaymentManagerUtils.invalidateExistingTransactions(spec.getReservationId(), transactionRepository);
                 transactionRepository.insert(charge.getId(), null, spec.getReservationId(),
                     ZonedDateTime.now(), spec.getPriceWithVAT(), spec.getEvent().getCurrency(), charge.getDescription(), PaymentProxy.STRIPE.name(),
                     fees != null ? fees.getLeft() : 0L, fees != null ? fees.getRight() : 0L, Transaction.Status.COMPLETE, Map.of());

src/main/java/alfio/manager/payment/StripeWebhookPaymentManager.java

@@ -137,6 +137,7 @@ private StripeSCACreditCardToken createNewToken(PaymentSpecification paymentSpec
             var intent = PaymentIntent.create(paymentIntentParams, baseStripeManager.options(paymentSpecification.getEvent()).orElseThrow());
             var clientSecret = intent.getClientSecret();
             long platformFee = paymentIntentParams.containsKey("application_fee") ? (long) paymentIntentParams.get("application_fee") : 0L;
+            PaymentManagerUtils.invalidateExistingTransactions(paymentSpecification.getReservationId(), transactionRepository);
             transactionRepository.insert(intent.getId(), intent.getId(),
                 paymentSpecification.getReservationId(), ZonedDateTime.now(paymentSpecification.getEvent().getZoneId()),
                 paymentSpecification.getPriceWithVAT(), paymentSpecification.getEvent().getCurrency(), "Payment Intent",