fix XSS

[freeside.git] / FS / bin / freeside-paymentech-upload

#!/usr/bin/perl

use strict;
use Getopt::Std;
use Date::Format qw(time2str);
use File::Temp qw(tempdir); #0.19 for ->newdir() interface, not in 5.10.0
use Net::SFTP::Foreign;
use Expect;
use FS::UID qw(adminsuidsetup datasrc);
use FS::Record qw(qsearch qsearchs);
use FS::pay_batch;
use FS::cust_pay_batch;
use FS::Conf;

use vars qw( $opt_a $opt_t $opt_v $opt_p );
getopts('avtp:');

#$Net::SFTP::Foreign::debug = -1;

sub usage { "
  Usage:
    freeside-paymentech-upload [ -v ] [ -t ] user batchnum
    freeside-paymentech-upload -a [ -p payby ] [ -v ] [ -t ] user\n
" }

my $user = shift or die &usage;
adminsuidsetup $user;

my $zip_check = `which zip` or die "can't find zip executable\n";

my @batches; 

if($opt_a) {
  my %criteria = (status => 'O');
  $criteria{'payby'} = uc($opt_p) if $opt_p;
  @batches = qsearch('pay_batch', \%criteria);
  die "No open batches found".($opt_p ? " of type '$opt_p'" : '').".\n" 
    if !@batches;
}
else {
  my $batchnum = shift;
  die &usage if !$batchnum;
  @batches = qsearchs('pay_batch', { batchnum => $batchnum } );
  die "Can't find payment batch '$batchnum'\n" if !@batches;
}

my $conf = new FS::Conf;
my @batchconf = $conf->config('batchconfig-paymentech');
# BIN, terminalID, merchantID, username, password
my $username = $batchconf[3] or die "no Paymentech batch username configured\n";
my $password = $batchconf[4] or die "no Paymentech batch password configured\n";

#my $tmpdir = File::Temp->newdir();
my $tmpdir = tempdir( CLEANUP => 1 ); #DIR=>somewhere?

my @filenames;

foreach my $pay_batch (@batches) {
  my $batchnum = $pay_batch->batchnum;
  my $filename = sprintf('%06d',$batchnum) . '-' .time2str('%Y%m%d%H%M%S', time);
  print STDERR "Exporting batch $batchnum to $filename...\n" if $opt_v;
  my $text = $pay_batch->export_batch(format => 'paymentech');
  $text =~ s!<fileID>FILEID</fileID>!<fileID>$filename</fileID>! 
    or die "couldn't find FILEID tag\n";
  open OUT, ">$tmpdir/$filename.xml";
  print OUT $text;
  close OUT;

  system('zip', '-P', $password, '-q', '-j',
           "$tmpdir/$filename.zip", "$tmpdir/$filename.xml");

  die "failed to create zip file\n" if (! -f "$tmpdir/$filename.zip" );
  push @filenames, $filename;
}

my $host = ($opt_t ? 'orbitalbatchvar.paymentech.net'
                   : 'orbitalbatch.paymentech.net');
print STDERR "Connecting to $username\@$host...\n" if $opt_v;

my $sftp = Net::SFTP::Foreign->new( host => $host,
                                    user => $username,
                                    password => $password,
                                    timeout => 30,
                                    );
die "failed to connect to '$username\@$host'\n(".$sftp->error.")\n" 
    if $sftp->error;

foreach my $filename (@filenames) {
  $sftp->put("$tmpdir/$filename.zip", "$filename.zip")
    or die "failed to upload file (".$sftp->error.")\n";
}

print STDERR "Finished!\n" if $opt_v;

=head1 NAME

freeside-paymentech-upload - Transmit a payment batch to Chase Paymentech via SFTP.

=head1 SYNOPSIS

  freeside-paymentech-upload [ -a [ -p PAYBY ] ] [ -v ] [ -t ] user batchnum

=head1 DESCRIPTION

Command line tool to upload a payment batch to the Chase Paymentech gateway.
The batch will be exported to the Paymentech XML format, packaged in a ZIP 
file, and transmitted via SFTP.  Use L<paymentech-download> to retrieve the 
response file.

-a: Send all open batches, instead of specifying a batchnum.

-p PAYBY: With -a, limit to batches of that payment type, e.g. -p CARD.

-v: Be verbose.

-t: Send the transaction to the test server.

user: freeside username

batchnum: pay_batch primary key

=head1 BUGS

Passing the zip password on the command line is slightly risky.

=head1 SEE ALSO

L<FS::pay_batch>

=cut

1;