From ac3b2d101c0f13d91010fb1e880c01b253bd76d2 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Tue, 23 Jul 2019 18:06:08 +0200
Subject: [PATCH] rejecting payments without 3D secure info

---
 requirements.txt                      |  25 ++++++++++++++-----------
 rowers/braintreestuff.py              |  13 +++++++++++++
 rowers/tests/testdata/testdata.csv.gz | Bin 12534 -> 12534 bytes
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 99a70b5b..a957a7fc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,13 +8,13 @@ atomicwrites==1.3.0
 attrs==19.1.0
 backcall==0.1.0
 beautifulsoup4==4.7.1
-billiard==3.5.0.5
+billiard==3.6.0.0
 bleach==3.1.0
 bokeh==1.0.4
 boto==2.49.0
-braintree==3.51.0
+braintree==3.55.0
 cairocffi==1.0.2
-celery==4.2.2
+celery==4.3.0
 certifi==2019.3.9
 cffi==1.12.2
 chardet==3.0.4
@@ -30,7 +30,7 @@ cycler==0.10.0
 dask==1.1.4
 decorator==4.4.0
 defusedxml==0.5.0
-Django==2.2.1
+Django==2.1.7
 django-analytical==2.5.0
 django-async-messages==0.3.1
 django-braces==1.13.0
@@ -46,9 +46,10 @@ django-leaflet==0.24.0
 django-mailbox==4.7.1
 django-oauth-toolkit==1.2.0
 django-oauth2-provider==0.2.6.1
+django-redis==4.10.0
 django-rest-framework==0.1.0
 django-rest-swagger==2.2.0
-django-rq==2.0
+django-rq==1.3.1
 django-rq-dashboard==0.3.3
 django-ses==0.8.10
 django-shell-plus==1.1.7
@@ -66,7 +67,9 @@ Faker==1.0.4
 fitparse==1.1.0
 Flask==1.0.2
 future==0.17.1
+GDAL==2.3.3
 geocoder==1.38.1
+geos==0.2.1
 holoviews==1.11.3
 html5lib==1.0.1
 htmlmin==0.1.12
@@ -96,7 +99,7 @@ jupyterlab==0.35.4
 jupyterlab-server==0.3.0
 keyring==18.0.0
 kiwisolver==1.0.1
-kombu==4.3.0
+kombu==4.5.0
 lxml==4.3.2
 Markdown==3.0.1
 MarkupSafe==1.1.1
@@ -129,9 +132,9 @@ pip-upgrader==1.4.6
 pluggy==0.9.0
 prometheus-client==0.6.0
 prompt-toolkit==2.0.9
+psycopg2==2.8.1
 ptyprocess==0.6.0
 py==1.8.0
-pycairo==1.18.0
 pycparser==2.19
 Pygments==2.3.1
 pyparsing==2.3.1
@@ -157,10 +160,9 @@ ratelim==0.1.6
 redis==3.2.1
 requests==2.21.0
 requests-oauthlib==1.2.0
-rowingdata==2.4.9
+rowingdata==2.4.4
 rowingphysics==0.5.0
-rq==1.0
-rq-dashboard==0.4.0
+rq==0.13.0
 scipy==1.2.1
 SecretStorage==3.1.1
 Send2Trash==1.5.0
@@ -188,8 +190,9 @@ VerbalExpressions==0.0.2
 vine==1.3.0
 wcwidth==0.1.7
 webencodings==0.5.1
-Werkzeug==0.15.2
+Werkzeug==0.15.1
 widgetsnbextension==3.4.2
+winkerberos==0.7.0
 xlrd==1.2.0
 xmltodict==0.12.0
 yamjam==0.1.7
diff --git a/rowers/braintreestuff.py b/rowers/braintreestuff.py
index 184cc58e..37cb67ac 100644
--- a/rowers/braintreestuff.py
+++ b/rowers/braintreestuff.py
@@ -101,6 +101,11 @@ def get_plans_costs():
 
 def make_payment(rower,data):
     nonce_from_the_client = data['payment_method_nonce']
+    nonce = gateway.payment_method_nonce.find(nonce_from_the_client)
+    info = nonce.three_d_secure_info
+    if info is None:
+        return False,0
+
     amount = data['amount']
     amount = '{amount:.f2}'.format(amount=amount)
     
@@ -131,6 +136,10 @@ def update_subscription(rower,data,method='up'):
     planid = data['plan']
     plan = PaidPlan.objects.get(id=planid)
     nonce_from_the_client = data['payment_method_nonce']
+    nonce = gateway.payment_method_nonce.find(nonce_from_the_client)
+    info = nonce.three_d_secure_info
+    if info is None:
+        return False,0
     amount = data['amount']
     amount = '{amount:.2f}'.format(amount=amount)
 
@@ -229,6 +238,10 @@ def update_subscription(rower,data,method='up'):
     
 def create_subscription(rower,data):
     nonce_from_the_client = data['payment_method_nonce']
+    nonce = gateway.payment_method_nonce.find(nonce_from_the_client)
+    info = nonce.three_d_secure_info
+    if info is None:
+        return False,0
     amount = data['amount']
 
     planid = data['plan']
diff --git a/rowers/tests/testdata/testdata.csv.gz b/rowers/tests/testdata/testdata.csv.gz
index 9651ecd409e827929528756f232676dcbce18067..c271349e47198005f1be73f15aa4836b4b1c36b3 100644
GIT binary patch
delta 16
XcmeyC_$`rLzMF&NpO*PX_V)$=JqHG+

delta 16
XcmeyC_$`rLzMF&NT8ZIC_V)$=J&gv!