19.0 vanilla

2026-04-24 10:22:02 +02:00 · 2026-03-09 09:29:53 +01:00 · 2026-03-09 09:29:53 +01:00 · 3ca647e428
commit 3ca647e428
parent 6e54c1af6c
1087 changed files with 132065 additions and 108499 deletions
--- a/odoo-bringout-oca-ocb-pos_adyen/pos_adyen/controllers/main.py
+++ b/odoo-bringout-oca-ocb-pos_adyen/pos_adyen/controllers/main.py
@ -3,7 +3,7 @@ import logging
 import pprint
 import json
 from urllib.parse import parse_qs
-from odoo import fields, http
+from odoo import http
 from odoo.http import request
 from odoo.tools import consteq

@ -11,7 +11,8 @@ _logger = logging.getLogger(__name__)


 class PosAdyenController(http.Controller):
-    @http.route('/pos_adyen/notification', type='json', methods=['POST'], auth='public', csrf=False, save_session=False)
+
+    @http.route('/pos_adyen/notification', type='jsonrpc', methods=['POST'], auth='public', csrf=False, save_session=False)
    def notification(self):
        data = json.loads(request.httprequest.data)

@ -20,33 +21,60 @@ class PosAdyenController(http.Controller):
            return

        _logger.info('notification received from adyen:\n%s', pprint.pformat(data))
-        terminal_identifier = data['SaleToPOIResponse']['MessageHeader']['POIID']
-        payment_method = request.env['pos.payment.method'].sudo().search([('adyen_terminal_identifier', '=', terminal_identifier)], limit=1)

-        if payment_method:
-            # These are only used to see if the terminal is reachable,
-            # store the most recent ID we received.
-            if data['SaleToPOIResponse'].get('DiagnosisResponse'):
-                payment_method.adyen_latest_diagnosis = data['SaleToPOIResponse']['MessageHeader']['ServiceID']
-            else:
-                try:
-                    adyen_additional_response = data['SaleToPOIResponse']['PaymentResponse']['Response']['AdditionalResponse']
-                    parsed_adyen_additional_response = parse_qs(adyen_additional_response)
-                    pos_hmac_metadata = parsed_adyen_additional_response.get('metadata.pos_hmac')
-                    pos_hmac = pos_hmac_metadata[0] if pos_hmac_metadata and len(pos_hmac_metadata) == 1 else None
+        msg_header = data['SaleToPOIResponse'].get('MessageHeader')
+        if not msg_header \
+            or msg_header.get('ProtocolVersion') != '3.0' \
+            or msg_header.get('MessageClass') != 'Service' \
+            or msg_header.get('MessageType') != 'Response' \
+            or msg_header.get('MessageCategory') != 'Payment' \
+            or not msg_header.get('POIID'):
+            _logger.warning('Received an unexpected Adyen notification')
+            return

-                    msg_header = data['SaleToPOIResponse']['MessageHeader']
-                    if not pos_hmac or not consteq(pos_hmac, payment_method._get_hmac(msg_header['SaleID'], msg_header['ServiceID'], msg_header['POIID'], data['SaleToPOIResponse']['PaymentResponse']['SaleData']['SaleTransactionID']['TransactionID'])):
-                        _logger.warning('Received an invalid Adyen event notification (invalid hmac): \n%s', pprint.pformat(data))
-                        return
+        terminal_identifier = msg_header['POIID']
+        adyen_pm_sudo = request.env['pos.payment.method'].sudo().search([('adyen_terminal_identifier', '=', terminal_identifier)], limit=1)
+        if not adyen_pm_sudo:
+            _logger.warning('Received an Adyen event notification for a terminal not registered in Odoo: %s', terminal_identifier)
+            return

-                    # The HMAC is removed to prevent anyone from using it in place of Adyen.
-                    pos_hmac_metadata_raw = 'metadata.pos_hmac='+pos_hmac
-                    safe_additional_response = adyen_additional_response.replace('&'+pos_hmac_metadata_raw, '').replace(pos_hmac_metadata_raw, '')
-                    data['SaleToPOIResponse']['PaymentResponse']['Response']['AdditionalResponse'] = safe_additional_response
-                except (KeyError, AttributeError):
-                    _logger.warning('Received an invalid Adyen event notification: \n%s', pprint.pformat(data))
-                    return
-                payment_method.adyen_latest_response = json.dumps(data)
-        else:
-            _logger.error('received a message for a terminal not registered in Odoo: %s', terminal_identifier)
+        try:
+            adyen_additional_response = data['SaleToPOIResponse']['PaymentResponse']['Response']['AdditionalResponse']
+            pos_hmac = PosAdyenController._get_additional_data_from_unparsed(adyen_additional_response, 'metadata.pos_hmac')
+
+            if not pos_hmac or not consteq(pos_hmac, adyen_pm_sudo._get_hmac(msg_header['SaleID'], msg_header['ServiceID'], msg_header['POIID'], data['SaleToPOIResponse']['PaymentResponse']['SaleData']['SaleTransactionID']['TransactionID'])):
+                _logger.warning('Received an invalid Adyen event notification (invalid hmac): \n%s', pprint.pformat(data))
+                return
+
+            # The HMAC is removed to prevent anyone from using it in place of Adyen.
+            pos_hmac_metadata_raw = 'metadata.pos_hmac='+pos_hmac
+            safe_additional_response = adyen_additional_response.replace('&'+pos_hmac_metadata_raw, '').replace(pos_hmac_metadata_raw, '')
+            data['SaleToPOIResponse']['PaymentResponse']['Response']['AdditionalResponse'] = safe_additional_response
+        except (KeyError, AttributeError):
+            _logger.warning('Received an invalid Adyen event notification: \n%s', pprint.pformat(data))
+            return
+
+        return self._process_payment_response(data, adyen_pm_sudo)
+
+    @staticmethod
+    def _get_additional_data_from_unparsed(adyen_additional_response, data_key):
+        parsed_adyen_additional_response = parse_qs(adyen_additional_response)
+        return PosAdyenController._get_additional_data_from_parsed(parsed_adyen_additional_response, data_key)
+
+    @staticmethod
+    def _get_additional_data_from_parsed(parsed_adyen_additional_response, data_key):
+        data_value = parsed_adyen_additional_response.get(data_key)
+        return data_value[0] if data_value and len(data_value) == 1 else None
+
+    def _process_payment_response(self, data, adyen_pm_sudo):
+        transaction_id = data['SaleToPOIResponse']['PaymentResponse']['SaleData']['SaleTransactionID']['TransactionID']
+        if not transaction_id:
+            return
+        transaction_id_parts = transaction_id.split("--")
+        if len(transaction_id_parts) != 2:
+            return
+        pos_session_id = int(transaction_id_parts[1])
+        pos_session_sudo = request.env["pos.session"].sudo().browse(pos_session_id)
+        adyen_pm_sudo.adyen_latest_response = json.dumps(data)
+        pos_session_sudo.config_id._notify("ADYEN_LATEST_RESPONSE", pos_session_sudo.config_id.id)
+        return request.make_json_response('[accepted]') # https://docs.adyen.com/point-of-sale/design-your-integration/choose-your-architecture/cloud/#guarantee