def paddle_coupon():
LOG.d(f"paddle coupon callback %s", request.form)
if not paddle_utils.verify_incoming_request(dict(request.form)):
LOG.e("request not coming from paddle. Request data:%s",
dict(request.form))
return "KO", 400
product_id = request.form.get("p_product_id")
if product_id != PADDLE_COUPON_ID:
LOG.e("product_id %s not match with %s", product_id,
PADDLE_COUPON_ID)
return "KO", 400
email = request.form.get("email")
LOG.d("Paddle coupon request for %s", email)
coupon = Coupon.create(
code=random_string(30),
comment="For 1-year coupon",
expires_date=arrow.now().shift(years=1, days=-1),
commit=True,
)
return (
f"Your 1-year coupon is <b>{coupon.code}</b> <br> "
f"It's valid until <b>{coupon.expires_date.date().isoformat()}</b>"
)
def paddle():
LOG.debug(
f"paddle callback {request.form.get('alert_name')} {request.form}")
# make sure the request comes from Paddle
if not paddle_utils.verify_incoming_request(dict(request.form)):
LOG.exception("request not coming from paddle. Request data:%s",
dict(request.form))
return "KO", 400
if (request.form.get("alert_name") == "subscription_created"
): # new user subscribes
# the passthrough is json encoded, e.g.
# request.form.get("passthrough") = '{"user_id": 88 }'
passthrough = json.loads(request.form.get("passthrough"))
user_id = passthrough.get("user_id")
user = User.get(user_id)
subscription_plan_id = int(
request.form.get("subscription_plan_id"))
if subscription_plan_id in PADDLE_MONTHLY_PRODUCT_IDS:
plan = PlanEnum.monthly
elif subscription_plan_id in PADDLE_YEARLY_PRODUCT_IDS:
plan = PlanEnum.yearly
else:
LOG.exception(
"Unknown subscription_plan_id %s %s",
subscription_plan_id,
request.form,
)
return "No such subscription", 400
sub = Subscription.get_by(user_id=user.id)
if not sub:
LOG.d(f"create a new Subscription for user {user}")
Subscription.create(
user_id=user.id,
cancel_url=request.form.get("cancel_url"),
update_url=request.form.get("update_url"),
subscription_id=request.form.get("subscription_id"),
event_time=arrow.now(),
next_bill_date=arrow.get(
request.form.get("next_bill_date"),
"YYYY-MM-DD").date(),
plan=plan,
)
else:
LOG.d(f"Update an existing Subscription for user {user}")
sub.cancel_url = request.form.get("cancel_url")
sub.update_url = request.form.get("update_url")
sub.subscription_id = request.form.get("subscription_id")
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD").date()
sub.plan = plan
# make sure to set the new plan as not-cancelled
# in case user cancels a plan and subscribes a new plan
sub.cancelled = False
LOG.debug("User %s upgrades!", user)
db.session.commit()
elif request.form.get(
"alert_name") == "subscription_payment_succeeded":
subscription_id = request.form.get("subscription_id")
LOG.debug("Update subscription %s", subscription_id)
sub: Subscription = Subscription.get_by(
subscription_id=subscription_id)
# when user subscribes, the "subscription_payment_succeeded" can arrive BEFORE "subscription_created"
# at that time, subscription object does not exist yet
if sub:
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD").date()
db.session.commit()
elif request.form.get("alert_name") == "subscription_cancelled":
subscription_id = request.form.get("subscription_id")
sub: Subscription = Subscription.get_by(
subscription_id=subscription_id)
if sub:
# cancellation_effective_date should be the same as next_bill_date
LOG.warning(
"Cancel subscription %s %s on %s, next bill date %s",
subscription_id,
sub.user,
request.form.get("cancellation_effective_date"),
sub.next_bill_date,
)
sub.event_time = arrow.now()
sub.cancelled = True
db.session.commit()
user = sub.user
send_email(
user.email,
"SimpleLogin - what can we do to improve the product?",
render(
"transactional/subscription-cancel.txt",
end_date=request.form.get(
"cancellation_effective_date"),
),
)
else:
return "No such subscription", 400
elif request.form.get("alert_name") == "subscription_updated":
subscription_id = request.form.get("subscription_id")
sub: Subscription = Subscription.get_by(
subscription_id=subscription_id)
if sub:
LOG.debug(
"Update subscription %s %s on %s, next bill date %s",
subscription_id,
sub.user,
request.form.get("cancellation_effective_date"),
sub.next_bill_date,
)
if (int(request.form.get("subscription_plan_id")) ==
PADDLE_MONTHLY_PRODUCT_ID):
plan = PlanEnum.monthly
else:
plan = PlanEnum.yearly
sub.cancel_url = request.form.get("cancel_url")
sub.update_url = request.form.get("update_url")
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD").date()
sub.plan = plan
# make sure to set the new plan as not-cancelled
sub.cancelled = False
db.session.commit()
else:
return "No such subscription", 400
return "OK"
def paddle():
LOG.debug(
"paddle callback %s %s %s %s %s",
request.form.get("alert_name"),
request.form.get("email"),
request.form.get("customer_name"),
request.form.get("subscription_id"),
request.form.get("subscription_plan_id"),
)
# make sure the request comes from Paddle
if not paddle_utils.verify_incoming_request(dict(request.form)):
LOG.error("request not coming from paddle. Request data:%s",
dict(request.form))
return "KO", 400
if (request.form.get("alert_name") == "subscription_created"
): # new user subscribes
user_email = request.form.get("email")
user = User.get_by(email=user_email)
if (int(request.form.get("subscription_plan_id")) ==
PADDLE_MONTHLY_PRODUCT_ID):
plan = PlanEnum.monthly
else:
plan = PlanEnum.yearly
sub = Subscription.get_by(user_id=user.id)
if not sub:
LOG.d("create a new sub")
Subscription.create(
user_id=user.id,
cancel_url=request.form.get("cancel_url"),
update_url=request.form.get("update_url"),
subscription_id=request.form.get("subscription_id"),
event_time=arrow.now(),
next_bill_date=arrow.get(
request.form.get("next_bill_date"),
"YYYY-MM-DD").date(),
plan=plan,
)
else:
LOG.d("update existing sub %s", sub)
sub.cancel_url = request.form.get("cancel_url")
sub.update_url = request.form.get("update_url")
sub.subscription_id = request.form.get("subscription_id")
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD").date()
sub.plan = plan
LOG.debug("User %s upgrades!", user)
db.session.commit()
elif request.form.get("alert_name") == "subscription_updated":
subscription_id = request.form.get("subscription_id")
LOG.debug("Update subscription %s", subscription_id)
sub: Subscription = Subscription.get_by(
subscription_id=subscription_id)
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(request.form.get("next_bill_date"),
"YYYY-MM-DD").date()
db.session.commit()
elif request.form.get("alert_name") == "subscription_cancelled":
subscription_id = request.form.get("subscription_id")
LOG.error("Cancel subscription %s", subscription_id)
sub: Subscription = Subscription.get_by(
subscription_id=subscription_id)
if sub:
sub.cancelled = True
db.session.commit()
return "OK"
def paddle():
LOG.debug(f"paddle callback {request.form.get('alert_name')} {request.form}")
# make sure the request comes from Paddle
if not paddle_utils.verify_incoming_request(dict(request.form)):
LOG.error(
"request not coming from paddle. Request data:%s", dict(request.form)
)
return "KO", 400
if (
request.form.get("alert_name") == "subscription_created"
): # new user subscribes
user_email = request.form.get("email")
user = User.get_by(email=user_email)
if (
int(request.form.get("subscription_plan_id"))
== PADDLE_MONTHLY_PRODUCT_ID
):
plan = PlanEnum.monthly
else:
plan = PlanEnum.yearly
sub = Subscription.get_by(user_id=user.id)
if not sub:
LOG.d(f"create a new Subscription for user {user}")
Subscription.create(
user_id=user.id,
cancel_url=request.form.get("cancel_url"),
update_url=request.form.get("update_url"),
subscription_id=request.form.get("subscription_id"),
event_time=arrow.now(),
next_bill_date=arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD"
).date(),
plan=plan,
)
else:
LOG.d(f"Update an existing Subscription for user {user}")
sub.cancel_url = request.form.get("cancel_url")
sub.update_url = request.form.get("update_url")
sub.subscription_id = request.form.get("subscription_id")
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD"
).date()
sub.plan = plan
# make sure to set the new plan as not-cancelled
# in case user cancels a plan and subscribes a new plan
sub.cancelled = False
LOG.debug("User %s upgrades!", user)
db.session.commit()
elif request.form.get("alert_name") == "subscription_payment_succeeded":
subscription_id = request.form.get("subscription_id")
LOG.debug("Update subscription %s", subscription_id)
sub: Subscription = Subscription.get_by(subscription_id=subscription_id)
# when user subscribes, the "subscription_payment_succeeded" can arrive BEFORE "subscription_created"
# at that time, subscription object does not exist yet
if sub:
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD"
).date()
db.session.commit()
elif request.form.get("alert_name") == "subscription_cancelled":
subscription_id = request.form.get("subscription_id")
sub: Subscription = Subscription.get_by(subscription_id=subscription_id)
if sub:
# cancellation_effective_date should be the same as next_bill_date
LOG.warning(
"Cancel subscription %s %s on %s, next bill date %s",
subscription_id,
sub.user,
request.form.get("cancellation_effective_date"),
sub.next_bill_date,
)
sub.event_time = arrow.now()
sub.cancelled = True
db.session.commit()
else:
return "No such subscription", 400
elif request.form.get("alert_name") == "subscription_updated":
subscription_id = request.form.get("subscription_id")
sub: Subscription = Subscription.get_by(subscription_id=subscription_id)
if sub:
LOG.debug(
"Update subscription %s %s on %s, next bill date %s",
subscription_id,
sub.user,
request.form.get("cancellation_effective_date"),
sub.next_bill_date,
)
if (
int(request.form.get("subscription_plan_id"))
== PADDLE_MONTHLY_PRODUCT_ID
):
plan = PlanEnum.monthly
else:
plan = PlanEnum.yearly
sub.cancel_url = request.form.get("cancel_url")
sub.update_url = request.form.get("update_url")
sub.event_time = arrow.now()
sub.next_bill_date = arrow.get(
request.form.get("next_bill_date"), "YYYY-MM-DD"
).date()
sub.plan = plan
# make sure to set the new plan as not-cancelled
sub.cancelled = False
db.session.commit()
else:
return "No such subscription", 400
return "OK"
def test_verify_incoming_request():
# the request comes from Paddle simulation
request_data = {
"alert_id":
"1647146853",
"alert_name":
"payment_succeeded",
"balance_currency":
"EUR",
"balance_earnings":
"966.81",
"balance_fee":
"16.03",
"balance_gross":
"107.37",
"balance_tax":
"670.85",
"checkout_id":
"8-a367127c071e8a2-cba0a50da3",
"country":
"AU",
"coupon":
"Coupon 7",
"currency":
"USD",
"customer_name":
"customer_name",
"earnings":
"820.91",
"email":
"*****@*****.**",
"event_time":
"2019-12-14 18:43:09",
"fee":
"0.26",
"ip":
"65.220.94.158",
"marketing_consent":
"1",
"order_id":
"8",
"passthrough":
"Example String",
"payment_method":
"paypal",
"payment_tax":
"0.18",
"product_id":
"3",
"product_name":
"Example String",
"quantity":
"29",
"receipt_url":
"https://my.paddle.com/receipt/4/5854e29100fd226-440fa7ba7a",
"sale_gross":
"568.82",
"used_price_override":
"true",
"p_signature":
"CQrBWKnAuhBOWdgu6+upbgpLo38c2oQJVgNHLTNsQoaUHtJgHUXzfUfQdcnD9q3EWZuQtyFXXPkygxx/fMbcu+UTnfxkjyecoHio8w4T858jU4VOy1RPqYy6fqazG1vlngiuYqEdgo8OHT/6oIJAf+NWm1v1iwbpr62rDygzJWZrqTzVSKkESfW8/4goxlN2BWr6eaN/4nKQ4gaHq5ee3/7vMmkrLAQG509x9SK3H0bYvh3pvbWMUhYNz8j+7GZRlXcSCpMKw1nkO/jK4IXKW0rtSwgyVjJhpX+/rt2byaCmWEvP0LtGhrug9xAqMYJ3tDCJmwSk2cXG8rPE7oeBwEEElZrQJdbV+i6Tw5rw9LaqEGrjhSkOapfpINdct5UpKXybIyiRZZ111yhJL081T1rtBqb8L+wsPnHG8GzI1Fg5je98j5aXGQU9hcw5nQN779IJQWNN+GbDQZ+Eleu5c6ZYauxpKzE8s/Vs2a4/70KB6WBK6NKxNSIIoOTumKqnfEiPN0pxZp5MMi2dRW7wu7VqvcLbIEYtCkOLnjxVyko32B6AMIgn8CuHvQp9ScPdNdU6B8dBXhdVfV75iYSwx+ythun5d3f357IecaZep27QQmKR/b7/pv4iMOiHKmFQRz9EKwqQm/3Xg2WS4GA4t1X0nslXMuEeRnX6xTaxbvk=",
}
assert verify_incoming_request(request_data)
# add a new field in request_data -> verify should fail
request_data["new_field"] = "new_field"
assert not verify_incoming_request(request_data)
# modify existing field -> verify should fail
request_data["sale_gross"] = "1.23"
assert not verify_incoming_request(request_data)
