[ADD] payment_adyen_paybylink: migrate from HPP to Pay by Link

Adyen announced the deprecation of their Hosted Payment Page (HPP)
solution for the year 2022. They plan on stopping providing support on
July 1st and on disabling the API on October 1st.

This commit adds a new `payment_adyen_paybylink` module to migrate the
current implementation of Adyen from the HPP API to the equivalent (with
redirection) Pay by Link API.

task-2607397

closes odoo#94651

X-original-commit: a323651
Signed-off-by: Antoine Vandevenne (anv) <[email protected]>

Author: chevalierv

.tx/config

@@ -592,6 +592,11 @@ file_filter = addons/payment_adyen/i18n/<lang>.po
 source_file = addons/payment_adyen/i18n/payment_adyen.pot
 source_lang = en
 
+[odoo-14.payment_adyen_paybylink]
+file_filter = addons/payment_adyen_paybylink/i18n/<lang>.po
+source_file = addons/payment_adyen_paybylink/i18n/payment_adyen_paybylink.pot
+source_lang = en
+
 [odoo-14.payment_odoo_by_adyen]
 file_filter = addons/payment_odoo_by_adyen/i18n/<lang>.po
 source_file = addons/payment_odoo_by_adyen/i18n/payment_odoo_by_adyen.pot
@@ -1201,4 +1206,3 @@ source_lang = en
 file_filter = addons/website_twitter/i18n/<lang>.po
 source_file = addons/website_twitter/i18n/website_twitter.pot
 source_lang = en
-

addons/payment/models/payment_acquirer.py

@@ -497,7 +497,9 @@ def render(self, reference, amount, currency_id, partner_id=False, values=None):
             values = method(values)
 
         values.update({
-            'tx_url': self._context.get('tx_url', self.get_form_action_url()),
+            'tx_url':  self._context.get(
+                'tx_url', self.with_context(form_action_url_values=values).get_form_action_url()
+            ),
             'submit_class': self._context.get('submit_class', 'btn btn-link'),
             'submit_txt': self._context.get('submit_txt'),
             'acquirer': self,

addons/payment_adyen_paybylink/__init__.py

@@ -0,0 +1,17 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo import api, SUPERUSER_ID
+
+from . import models
+from . import controllers
+
+def _post_init_hook(cr, registry):
+    """ Disable the acquirer because new mandatory fields are added in this module. """
+    env = api.Environment(cr, SUPERUSER_ID, {})
+    acquirers = env['payment.acquirer'].search([
+        ('provider', '=', 'adyen'),
+        ('state', '!=', 'disabled'),
+    ])
+    acquirers.write({
+        'state': 'disabled',
+    })

addons/payment_adyen_paybylink/__manifest__.py

@@ -0,0 +1,18 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+{
+    'name': "Adyen Payment Acquirer/Pay by Link Patch",
+    'category': 'Accounting/Payment',
+    'summary': "Payment Acquirer: Adyen Pay by Link Patch",
+    'version': '1.0',
+    'description': """
+This module migrates the Adyen implementation from the Hosted Payment Pages API to the Pay by Link
+API.
+    """,
+    'depends': ['payment_adyen'],
+    'data': [
+        'views/payment_views.xml',
+    ],
+    'post_init_hook': '_post_init_hook',
+    'auto_install': True,
+    'license': 'LGPL-3'
+}

addons/payment_adyen_paybylink/const.py

@@ -0,0 +1,7 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+# Endpoints of the API.
+# See https://docs.adyen.com/api-explorer/#/CheckoutService/v68/overview for Checkout API
+API_ENDPOINT_VERSIONS = {
+    '/paymentLinks': 68,          # Checkout API
+}

addons/payment_adyen_paybylink/controllers/__init__.py

@@ -0,0 +1,3 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import main

addons/payment_adyen_paybylink/controllers/main.py

@@ -0,0 +1,135 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import base64
+import binascii
+import hashlib
+import hmac
+import logging
+import pprint
+
+from werkzeug.exceptions import Forbidden
+
+from odoo.exceptions import ValidationError
+from odoo.http import request, route
+
+from odoo.addons.payment_adyen.controllers.main import AdyenController
+
+_logger = logging.getLogger(__name__)
+
+
+class AdyenPayByLinkController(AdyenController):
+
+    @route()
+    def adyen_notification(self, **post):
+        """ Process the data sent by Adyen to the webhook based on the event code.
+
+        See https://docs.adyen.com/development-resources/webhooks/understand-notifications for the
+        exhaustive list of event codes.
+
+        :return: The '[accepted]' string to acknowledge the notification
+        :rtype: str
+        """
+        _logger.info(
+            "notification received from Adyen with data:\n%s", pprint.pformat(post)
+        )
+        try:
+            # Check the integrity of the notification
+            tx_sudo = request.env['payment.transaction'].sudo()._adyen_form_get_tx_from_data(post)
+            self._verify_notification_signature(post, tx_sudo)
+
+            # Check whether the event of the notification succeeded and reshape the notification
+            # data for parsing
+            event_code = post['eventCode']
+            if event_code == 'AUTHORISATION' and post['success'] == 'true':
+                post['authResult'] = 'AUTHORISED'
+
+                # Handle the notification data
+                request.env['payment.transaction'].sudo().form_feedback(post, 'adyen')
+        except ValidationError:  # Acknowledge the notification to avoid getting spammed
+            _logger.exception("unable to handle the notification data; skipping to acknowledge")
+
+        return '[accepted]'  # Acknowledge the notification
+
+    @staticmethod
+    def _verify_notification_signature(notification_data, tx_sudo):
+        """ Check that the received signature matches the expected one.
+
+        :param dict notification_data: The notification payload containing the received signature
+        :param recordset tx_sudo: The sudoed transaction referenced by the notification data, as a
+                                  `payment.transaction` record
+        :return: None
+        :raise: :class:`werkzeug.exceptions.Forbidden` if the signatures don't match
+        """
+        # Retrieve the received signature from the payload
+        received_signature = notification_data.get('additionalData.hmacSignature')
+        if not received_signature:
+            _logger.warning("received notification with missing signature")
+            raise Forbidden()
+
+        # Compare the received signature with the expected signature computed from the payload
+        hmac_key = tx_sudo.acquirer_id.adyen_hmac_key
+        expected_signature = AdyenPayByLinkController._compute_signature(
+            notification_data, hmac_key
+        )
+        if not hmac.compare_digest(received_signature, expected_signature):
+            _logger.warning("received notification with invalid signature")
+            raise Forbidden()
+
+    @staticmethod
+    def _compute_signature(payload, hmac_key):
+        """ Compute the signature from the payload.
+
+        See https://docs.adyen.com/development-resources/webhooks/verify-hmac-signatures
+
+        :param dict payload: The notification payload
+        :param str hmac_key: The HMAC key of the acquirer handling the transaction
+        :return: The computed signature
+        :rtype: str
+        """
+        def _flatten_dict(_value, _path_base='', _separator='.'):
+            """ Recursively generate a flat representation of a dict.
+
+            :param Object _value: The value to flatten. A dict or an already flat value
+            :param str _path_base: They base path for keys of _value, including preceding separators
+            :param str _separator: The string to use as a separator in the key path
+            """
+            if isinstance(_value, dict):  # The inner value is a dict, flatten it
+                _path_base = _path_base if not _path_base else _path_base + _separator
+                for _key in _value:
+                    yield from _flatten_dict(_value[_key], _path_base + str(_key))
+            else:  # The inner value cannot be flattened, yield it
+                yield _path_base, _value
+
+        def _to_escaped_string(_value):
+            """ Escape payload values that are using illegal symbols and cast them to string.
+
+            String values containing `\\` or `:` are prefixed with `\\`.
+            Empty values (`None`) are replaced by an empty string.
+
+            :param Object _value: The value to escape
+            :return: The escaped value
+            :rtype: string
+            """
+            if isinstance(_value, str):
+                return _value.replace('\\', '\\\\').replace(':', '\\:')
+            elif _value is None:
+                return ''
+            else:
+                return str(_value)
+
+        signature_keys = [
+            'pspReference', 'originalReference', 'merchantAccountCode', 'merchantReference',
+            'value', 'currency', 'eventCode', 'success'
+        ]
+        # Build the list of signature values as per the list of required signature keys
+        signature_values = [payload.get(key) for key in signature_keys]
+        # Escape values using forbidden symbols
+        escaped_values = [_to_escaped_string(value) for value in signature_values]
+        # Concatenate values together with ':' as delimiter
+        signing_string = ':'.join(escaped_values)
+        # Convert the HMAC key to the binary representation
+        binary_hmac_key = binascii.a2b_hex(hmac_key.encode('ascii'))
+        # Calculate the HMAC with the binary representation of the signing string with SHA-256
+        binary_hmac = hmac.new(binary_hmac_key, signing_string.encode('utf-8'), hashlib.sha256)
+        # Calculate the signature by encoding the result with Base64
+        return base64.b64encode(binary_hmac.digest()).decode()

addons/payment_adyen_paybylink/i18n/payment_adyen_paybylink.pot

@@ -0,0 +1,122 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* payment_adyen_paybylink
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 14.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-27 11:46+0000\n"
+"PO-Revision-Date: 2022-06-27 11:46+0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_transaction.py:0
+#, python-format
+msgid "; multiple order found"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_transaction.py:0
+#, python-format
+msgid "; no order found"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__adyen_api_key
+msgid "API Key"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_transaction.py:0
+#, python-format
+msgid "Adyen: received data for reference %s"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_transaction.py:0
+#, python-format
+msgid ""
+"Adyen: received data with missing reference (%s) or missing pspReference "
+"(%s)"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__adyen_checkout_api_url
+msgid "Checkout API URL"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_acquirer.py:0
+#, python-format
+msgid "Could not establish the connection to the API."
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__display_name
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_transaction__display_name
+msgid "Display Name"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__adyen_hmac_key
+msgid "HMAC Key"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__id
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_transaction__id
+msgid "ID"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer____last_update
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_transaction____last_update
+msgid "Last Modified on"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model,name:payment_adyen_paybylink.model_payment_acquirer
+msgid "Payment Acquirer"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model,name:payment_adyen_paybylink.model_payment_transaction
+msgid "Payment Transaction"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__adyen_skin_code
+msgid "Skin Code"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,field_description:payment_adyen_paybylink.field_payment_acquirer__adyen_skin_hmac_key
+msgid "Skin HMAC Key"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,help:payment_adyen_paybylink.field_payment_acquirer__adyen_api_key
+msgid "The API key of the webservice user"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,help:payment_adyen_paybylink.field_payment_acquirer__adyen_hmac_key
+msgid "The HMAC key of the webhook"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: model:ir.model.fields,help:payment_adyen_paybylink.field_payment_acquirer__adyen_checkout_api_url
+msgid "The base URL for the Checkout API endpoints"
+msgstr ""
+
+#. module: payment_adyen_paybylink
+#: code:addons/payment_adyen_paybylink/models/payment_acquirer.py:0
+#, python-format
+msgid "The communication with the API failed."
+msgstr ""

addons/payment_adyen_paybylink/models/__init__.py

@@ -0,0 +1,4 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import payment_acquirer
+from . import payment_transaction