From 1b1cbaae1f33d9b49caf20c6e38d457190133aa1 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 3 Apr 2015 17:39:21 +0200
Subject: [PATCH] Send payment request using POST for SystemPayV2 (fixes #6904)

It's the new right way to do it.
---
 eopayment/systempayv2.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/eopayment/systempayv2.py b/eopayment/systempayv2.py
index 926c8ae..cef825a 100644
--- a/eopayment/systempayv2.py
+++ b/eopayment/systempayv2.py
@@ -1,19 +1,19 @@
 # -*- coding: utf-8 -*-
 
 import datetime as dt
 import hashlib
 import logging
 import string
 import urlparse
-import urllib
 from gettext import gettext as _
+import cgi
 
-from common import PaymentCommon, PaymentResponse, URL, PAID, ERROR
+from common import PaymentCommon, PaymentResponse, PAID, ERROR, FORM, Form
 from cb import CB_RESPONSE_CODES
 
 __all__ = ['Payment']
 
 SERVICE_URL = "https://paiement.systempay.fr/vads-payment/"
 LOGGER = logging.getLogger(__name__)
 VADS_TRANS_DATE = 'vads_trans_date'
 VADS_AUTH_NUMBER = 'vads_auth_number'
@@ -298,21 +298,25 @@ class Payment(PaymentCommon):
             if name not in fields and parameter.default is not None:
                 if callable(parameter.default):
                     fields[name] = parameter.default()
                 else:
                     fields[name] = parameter.default
         check_vads(fields)
         fields[SIGNATURE] = self.signature(fields)
         self.logger.debug('%s request contains fields: %s', __name__, fields)
-        url = '%s?%s' % (SERVICE_URL, urllib.urlencode(fields))
-        self.logger.debug('%s return url %s', __name__, url)
         transaction_id = '%s_%s' % (fields[VADS_TRANS_DATE], transaction_id)
         self.logger.debug('%s transaction id: %s', __name__, transaction_id)
-        return transaction_id, URL, url
+        form = Form(
+                url=SERVICE_URL,
+                method='POST',
+                fields=[{'type': 'hidden',
+                        'name': name,
+                        'value': value} for name, value in fields.iteritems()])
+        return transaction_id, FORM, form
 
     def response(self, query_string):
         fields = urlparse.parse_qs(query_string, True)
         for key, value in fields.iteritems():
             fields[key] = value[0]
         copy = fields.copy()
         bank_status = []
         if VADS_AUTH_RESULT in fields:
-- 
1.9.1