ability to ask for personal information from the paypal api (bug 719149)

Andy McKay · Andy McKay · commit df288933ebc8 · 2012-02-06T16:30:56.000-08:00
diff --git a/apps/constants/payments.py b/apps/constants/payments.py
@@ -82,3 +82,22 @@
     (INAPP_STATUS_INACTIVE, _('Inactive')),
     (INAPP_STATUS_REVOKED, _('Revoked'))
 )
+
+PAYPAL_PERSONAL = {
+    'first': 'http://axschema.org/namePerson/first',
+    'last': 'http://axschema.org/namePerson/last',
+    'email': 'http://axschema.org/contact/email',
+    'fullname': 'http://schema.openid.net/contact/fullname',
+    'company': 'http://openid.net/schema/company/name',
+    'country': 'http://axschema.org/contact/country/home',
+    'payerID': 'https://www.paypal.com/webapps/auth/schema/payerID',
+    'birthDate': 'http://axschema.org/birthDate',
+    'home': 'http://axschema.org/contact/postalCode/home',
+    'street1': 'http://schema.openid.net/contact/street1',
+    'street2': 'http://schema.openid.net/contact/street2',
+    'city': 'http://axschema.org/contact/city/home',
+    'state': 'http://axschema.org/contact/state/home',
+    'phone': 'http://axschema.org/contact/phone/default'
+}
+PAYPAL_PERSONAL_LOOKUP = dict([(v, k) for k, v
+                                      in PAYPAL_PERSONAL.iteritems()])
diff --git a/apps/devhub/forms.py b/apps/devhub/forms.py
@@ -1034,8 +1034,9 @@ def __init__(self, *args, **kw):
 
     def _show_token_msg(self, message):
         """Display warning for an invalid PayPal refund token."""
-        url = paypal.refund_permission_url(self.addon,
-                                           self.extra.get('dest', 'payment'))
+        url = paypal.get_permission_url(self.addon,
+                                        self.extra.get('dest', 'payment'),
+                                        ['REFUND'])
         msg = _(' <a href="%s">Visit PayPal to grant permission'
                 ' for refunds on your behalf.</a>') % url
         messages.warning(self.request, '%s %s' % (message, Markup(msg)))
diff --git a/apps/devhub/tests/test_views.py b/apps/devhub/tests/test_views.py
@@ -991,9 +991,9 @@ def test_no_token(self):
                                           "support_email": "dev@example.com"})
         assert 'refund token' in pq(res.content)('.notification-box')[0].text
 
-    @mock.patch('paypal.check_refund_permission')
-    def test_with_token(self, crp):
-        crp.return_value = True
+    @mock.patch('paypal.check_permission')
+    def test_with_token(self, cp):
+        cp.return_value = True
         self.setup_premium()
         self.addon.addonpremium.update(paypal_permissions_token='foo')
         res = self.client.post(self.url, {"paypal_id": "a@a.com",
diff --git a/apps/market/models.py b/apps/market/models.py
@@ -204,7 +204,8 @@ def has_valid_permissions_token(self):
             return True
         if not self.paypal_permissions_token:
             return False
-        return paypal.check_refund_permission(self.paypal_permissions_token)
+        return paypal.check_permission(self.paypal_permissions_token,
+                                       ['REFUND'])
 
 
 class PreApprovalUser(amo.models.ModelBase):
diff --git a/apps/market/tests/test_models.py b/apps/market/tests/test_models.py
@@ -44,11 +44,11 @@ def test_has_permissions_token_ignore(self):
         assert ap.has_permissions_token()
 
     @mock.patch('paypal.should_ignore_paypal', lambda: False)
-    @mock.patch('paypal.check_refund_permission')
-    def test_has_valid_permissions_token(self, check_refund_permission):
+    @mock.patch('paypal.check_permission')
+    def test_has_valid_permissions_token(self, check_permission):
         ap = AddonPremium.objects.create(addon=self.addon)
         assert not ap.has_valid_permissions_token()
-        check_refund_permission.return_value = True
+        check_permission.return_value = True
         ap.paypal_permissions_token = 'some_token'
         assert ap.has_valid_permissions_token()
 
diff --git a/apps/paypal/__init__.py b/apps/paypal/__init__.py
@@ -13,6 +13,7 @@
 import commonware.log
 from django_statsd.clients import statsd
 
+import amo
 from amo.helpers import absolutify, loc, urlparams
 from amo.urlresolvers import reverse
 from amo.utils import log_cef
@@ -241,10 +242,58 @@ def refund(paykey):
         return responses
 
 
-def check_refund_permission(token):
+def get_personal_data(token):
+    """
+    Ask PayPal for personal data based on the token. This makes two API
+    calls to PayPal. It's assumed you've already done the check_permission
+    call below.
+    Documentation: http://bit.ly/xy5BTs and http://bit.ly/yRYbRx
+    """
+    def call(api, data):
+        try:
+            with statsd.timer('paypal.get.personal'):
+                r = _call(settings.PAYPAL_PERMISSIONS_URL + api, data)
+        except PaypalError, error:
+            paypal_log.debug('Paypal returned an error when getting personal'
+                             'data for token: %s... error: %s'
+                             % (token[:10], error))
+            raise
+        return r
+
+    # A mapping fo the api and the values passed to the API.
+    calls = {
+        'GetBasicPersonalData':
+            {'attributeList.attribute':
+                [amo.PAYPAL_PERSONAL[k] for k in
+                    ['first', 'last', 'email', 'fullname',
+                     'company', 'country', 'payerID']]},
+        'GetAdvancedPersonalData':
+            {'attributeList.attribute':
+                [amo.PAYPAL_PERSONAL[k] for k in
+                    ['birthDate', 'home', 'street1',
+                     'street2', 'city', 'state', 'phone']]}
+        }
+
+    result = {}
+    for url, data in calls.items():
+        data = call(url, data)
+        for k, v in data.items():
+            if k.endswith('personalDataKey'):
+                k_ = k.rsplit('.', 1)[0]
+                v_ = amo.PAYPAL_PERSONAL_LOOKUP[v]
+                # If the value isn't present the value won't be there.
+                result[v_] = data.get(k_ + '.personalDataValue', '')
+
+    return result
+
+
+def check_permission(token, permissions):
     """
     Asks PayPal whether the PayPal ID for this account has granted
-    refund permission to us.
+    the permissions requested to us. Permissions are strings from the
+    PayPal documentation.
+    Documentation: http://bit.ly/zlhXlT
+
     """
     # This is set in settings_test so we don't start calling PayPal
     # by accident. Explicitly set this in your tests.
@@ -264,19 +313,21 @@ def check_refund_permission(token):
     # make sure REFUND is one of them.
     paypal_log.debug('Paypal returned permissions for token: %s.. perms: %s'
                      % (token[:10], r))
-    return 'REFUND' in [v for (k, v) in r.iteritems()
-                        if k.startswith('scope')]
+    result = [v for (k, v) in r.iteritems() if k.startswith('scope')]
+    return set(permissions).issubset(set(result))
 
 
-def refund_permission_url(addon, dest='payments'):
+def get_permission_url(addon, dest, scope):
     """
-    Send permissions request to PayPal for refund privileges on
-    this addon's paypal account. Returns URL on PayPal site to visit.
+    Send permissions request to PayPal for privileges on
+    this PayPal account. Returns URL on PayPal site to visit.
+    Documentation: http://bit.ly/zlhXlT
     """
     # This is set in settings_test so we don't start calling PayPal
     # by accident. Explicitly set this in your tests.
     if not settings.PAYPAL_PERMISSIONS_URL:
         return ''
+
     paypal_log.debug('Getting refund permission URL for addon: %s' % addon.pk)
 
     with statsd.timer('paypal.permissions.url'):
@@ -285,7 +336,7 @@ def refund_permission_url(addon, dest='payments'):
                         dest=dest)
         try:
             r = _call(settings.PAYPAL_PERMISSIONS_URL + 'RequestPermissions',
-                      {'scope': 'REFUND', 'callback': absolutify(url)})
+                      {'scope': scope, 'callback': absolutify(url)})
         except PaypalError, e:
             paypal_log.debug('Error on refund permission URL addon: %s, %s' %
                              (addon.pk, e))
@@ -344,6 +395,23 @@ def get_preapproval_url(key):
                      preapprovalkey=key)
 
 
+def _nvp_dump(data):
+    """
+    Dumps a dict out into NVP pairs suitable for PayPal to consume.
+    """
+    out = []
+    escape = lambda k, v: '%s=%s' % (k, urlquote(v))
+    # This must be sorted for chained payments to work correctly.
+    for k, v in sorted(data.items()):
+        if isinstance(v, (list, tuple)):
+            out.extend([escape('%s(%s)' % (k, x), v_)
+                        for x, v_ in enumerate(v)])
+        else:
+            out.append(escape(k, v))
+
+    return '&'.join(out)
+
+
 def _call(url, paypal_data, ip=None):
     request = urllib2.Request(url)
 
@@ -364,12 +432,10 @@ def _call(url, paypal_data, ip=None):
 
     # Warning, a urlencode will not work with chained payments, it must
     # be sorted and the key should not be escaped.
-    data = '&'.join(['%s=%s' % (k, urlquote(v))
-                     for k, v in sorted(paypal_data.items())])
     opener = urllib2.build_opener()
     try:
         with socket_timeout(10):
-            feeddata = opener.open(request, data).read()
+            feeddata = opener.open(request, _nvp_dump(paypal_data)).read()
     except AuthError, error:
         paypal_log.error('Authentication error: %s' % error)
         raise
diff --git a/apps/paypal/check.py b/apps/paypal/check.py
@@ -73,7 +73,7 @@ def check_refund(self):
             return
 
         try:
-            status = paypal.check_refund_permission(token)
+            status = paypal.check_permission(token, ['REFUND'])
             if not status:
                 self.failure(test_id, loc('No permission to do refunds.'))
             else:
diff --git a/apps/paypal/tests/test.py b/apps/paypal/tests/test.py
@@ -1,4 +1,4 @@
-# -*- coding: utf8 -*-
+# -*- coding: utf-8 -*-
 from cStringIO import StringIO
 from datetime import datetime, timedelta
 from decimal import Decimal
@@ -247,63 +247,81 @@ def test_check_paypal_id(urlopen_mock):
     eq_(val, (True, None))
 
 
+def test_nvp():
+    eq_(paypal._nvp_dump({'foo': 'bar'}), 'foo=bar')
+    eq_(paypal._nvp_dump({'foo': 'ba r'}), 'foo=ba%20r')
+    eq_(paypal._nvp_dump({'foo': 'bar', 'bar': 'foo'}), 'bar=foo&foo=bar')
+    eq_(paypal._nvp_dump({'foo': ['bar', 'baa']}), 'foo(0)=bar&foo(1)=baa')
+
+
 @mock.patch('paypal._call')
 @mock.patch.object(settings, 'PAYPAL_PERMISSIONS_URL', 'something')
 class TestRefundPermissions(amo.tests.TestCase):
 
     def setUp(self):
         self.addon = Addon(type=amo.ADDON_EXTENSION, slug='foo')
 
-    def test_refund_permissions_url(self, _call):
+    def test_get_permissions_url(self, _call):
         """
-        `paypal_refund_permission_url` returns an URL for PayPal's
+        `paypal_get_permission_url` returns an URL for PayPal's
         permissions request service containing the token PayPal gives
         us.
         """
         _call.return_value = {'token': 'foo'}
-        assert 'foo' in paypal.refund_permission_url(self.addon)
+        assert 'foo' in paypal.get_permission_url(self.addon, '', [])
 
-    def test_refund_permissions_url_settings(self, _call):
+    def test_get_permissions_url_settings(self, _call):
         settings.PAYPAL_PERMISSIONS_URL = ''
-        assert not paypal.refund_permission_url(self.addon)
+        assert not paypal.get_permission_url(self.addon, '', [])
 
-    def test_refund_permissions_url_malformed(self, _call):
+    def test_get_permissions_url_malformed(self, _call):
         _call.side_effect = paypal.PaypalError(id='580028')
-        assert 'wont-work' in paypal.refund_permission_url(self.addon)
+        assert 'wont-work' in paypal.get_permission_url(self.addon)
 
-    def test_refund_permissions_url_error(self, _call):
+    def test_get_permissions_url_error(self, _call):
         _call.side_effect = paypal.PaypalError
         with self.assertRaises(paypal.PaypalError):
-            paypal.refund_permission_url(self.addon)
+            paypal.get_permission_url(self.addon, '', [])
+
+    def test_get_permissions_url_scope(self, _call):
+        _call.return_value = {'token': 'foo'}
+        paypal.get_permission_url(self.addon, '', ['REFUND', 'FOO'])
+        eq_(_call.call_args[0][1]['scope'], ['REFUND', 'FOO'])
 
-    def test_check_refund_permission_fail(self, _call):
+    def test_check_permission_fail(self, _call):
         """
         `check_paypal_refund_permission` returns False if PayPal
         doesn't put 'REFUND' in the permissions response.
         """
         _call.return_value = {'scope(0)': 'HAM_SANDWICH'}
-        assert not paypal.check_refund_permission('foo')
+        assert not paypal.check_permission('foo', ['REFUND'])
 
-    def test_check_refund_permission(self, _call):
+    def test_check_permission(self, _call):
         """
         `check_paypal_refund_permission` returns True if PayPal
         puts 'REFUND' in the permissions response.
         """
         _call.return_value = {'scope(0)': 'REFUND'}
-        eq_(paypal.check_refund_permission('foo'), True)
+        eq_(paypal.check_permission('foo', ['REFUND']), True)
 
-    def test_check_refund_permission_error(self, _call):
+    def test_check_permission_error(self, _call):
         _call.side_effect = paypal.PaypalError
-        assert not paypal.check_refund_permission('oh-noes')
+        assert not paypal.check_permission('oh-noes', ['REFUND'])
 
-    def test_check_refund_permission_settings(self, _call):
+    def test_check_permission_settings(self, _call):
         settings.PAYPAL_PERMISSIONS_URL = ''
-        assert not paypal.check_refund_permission('oh-noes')
+        assert not paypal.check_permission('oh-noes', ['REFUND'])
 
     def test_get_permissions_token(self, _call):
         _call.return_value = {'token': 'FOO'}
         eq_(paypal.get_permissions_token('foo', ''), 'FOO')
 
+    def test_get_permissions_subset(self, _call):
+        _call.return_value = {'scope(0)': 'REFUND', 'scope(1)': 'HAM'}
+        eq_(paypal.check_permission('foo', ['REFUND', 'HAM']), True)
+        eq_(paypal.check_permission('foo', ['REFUND', 'JAM']), False)
+        eq_(paypal.check_permission('foo', ['REFUND']), True)
+
 
 good_refund_string = (
     'refundInfoList.refundInfo(0).receiver.amount=123.45'
@@ -415,3 +433,55 @@ def test_preapproval_url(self, _call):
         url = paypal.get_preapproval_url('foo')
         assert (url.startswith(settings.PAYPAL_CGI_URL) and
                 url.endswith('foo')), 'Incorrect URL returned'
+
+
+# This data is truncated
+good_personal_basic = {
+        'response.personalData(0).personalDataKey':
+            'http://axschema.org/contact/country/home',
+        'response.personalData(0).personalDataValue': 'US',
+        'response.personalData(1).personalDataValue': 'batman@gmail.com',
+        'response.personalData(1).personalDataKey':
+            'http://axschema.org/contact/email',
+        'response.personalData(2).personalDataValue': 'man'}
+
+good_personal_advanced = {
+        'response.personalData(0).personalDataKey':
+            'http://schema.openid.net/contact/street1',
+        'response.personalData(0).personalDataValue': '1 Main St',
+        'response.personalData(1).personalDataKey':
+            'http://schema.openid.net/contact/street2',
+        'response.personalData(2).personalDataValue': 'San Jose',
+        'response.personalData(2).personalDataKey':
+            'http://axschema.org/contact/city/home'}
+
+
+@mock.patch('paypal._call')
+class TestPersonalLookup(amo.tests.TestCase):
+
+    def setUp(self):
+        self.data = {'GetBasicPersonalData': good_personal_basic,
+                     'GetAdvancedPersonalData': good_personal_advanced}
+
+    def _call(self, *args, **kw):
+        return self.data[args[0]]
+
+    def test_preapproval_works(self, _call):
+        _call.side_effect = self._call
+        eq_(paypal.get_personal_data('foo')['email'], 'batman@gmail.com')
+        eq_(_call.call_count, 2)
+
+    def test_preapproval_absent(self, _call):
+        _call.side_effect = self._call
+        eq_(paypal.get_personal_data('foo')['street2'], '')
+
+    def test_preapproval_unicode(self, _call):
+        key = 'response.personalData(2).personalDataValue'
+        value = u'Österreich'
+        self.data['GetAdvancedPersonalData'][key] = value
+        _call.side_effect = self._call
+        eq_(paypal.get_personal_data('foo')['city'], value)
+
+    def test_preapproval_error(self, _call):
+        _call.side_effect = paypal.PaypalError
+        self.assertRaises(paypal.PaypalError, paypal.get_personal_data, 'foo')
diff --git a/apps/paypal/tests/test_check.py b/apps/paypal/tests/test_check.py
diff --git a/apps/paypal/tests/test_views.py b/apps/paypal/tests/test_views.py
