Beispiel #1
0
def postback(request):
    """Verify signature from BlueVia and set contribution to paid."""
    result = client.verify_bluevia_jwt(request.raw_post_data)
    if not result['valid']:
        ip = (request.META.get('HTTP_X_FORWARDED_FOR', '') or
              request.META.get('REMOTE_ADDR', ''))
        if not ip:
            ip = '(unknown)'
        log.info('Received invalid bluevia postback from IP %s' % ip)
        return http.HttpResponseBadRequest('invalid request')
    data = jwt.decode(request.raw_post_data, verify=False)
    # TODO(Kumar) verify all JWT dict keys and values. bug 776646.
    product_data = urlparse.parse_qs(data['request']['productData'])
    cn = get_object_or_404(Contribution, uuid=product_data['contrib_uuid'][0])
    cn.update(type=amo.CONTRIB_PURCHASE)
    # TODO(Kumar) notify dev via default postback URL. bug 776646.
    trans_id = data['response']['transactionID']
    return http.HttpResponse(trans_id)
Beispiel #2
0
def postback(request):
    """Verify signature from BlueVia and set contribution to paid."""
    signed_jwt = request.raw_post_data
    if waffle.flag_is_active(request, 'solitude-payments'):
        result = client.verify_bluevia_jwt(signed_jwt)
    else:
        result = verify_bluevia_jwt(signed_jwt)

    if not result['valid']:
        ip = (request.META.get('HTTP_X_FORWARDED_FOR', '') or
              request.META.get('REMOTE_ADDR', ''))
        if not ip:
            ip = '(unknown)'
        log.info('Received invalid bluevia postback from IP %s' % ip)
        return http.HttpResponseBadRequest('invalid request')
    # From here on, let all exceptions raise. The JWT comes from BlueVia
    # so if anything fails we want to know ASAP.
    data = jwt.decode(signed_jwt, verify=False)
    verify_claims(data)
    iss, aud, product_data, trans_id = verify_keys(data,
                                            ('iss',
                                             'aud',
                                             'request.productData',
                                             'response.transactionID'))
    log.info('received BlueVia postback JWT: iss:%s aud:%s '
             'trans_id:%s product_data:%s'
             % (iss, aud, trans_id, product_data))
    pd = urlparse.parse_qs(product_data)
    contrib_uuid = pd['contrib_uuid'][0]
    try:
        contrib = Contribution.objects.get(uuid=contrib_uuid)
    except Contribution.DoesNotExist:
        etype, val, tb = sys.exc_info()
        raise LookupError('BlueVia JWT (iss:%s, aud:%s) for trans_id %s '
                          'links to contrib %s which doesn\'t exist'
                          % (iss, aud, trans_id, contrib_uuid)), None, tb
    contrib.update(type=amo.CONTRIB_PURCHASE,
                   bluevia_transaction_id=trans_id)

    tasks.purchase_notify.delay(signed_jwt, contrib.pk)
    return http.HttpResponse(trans_id)