def verify(request, uuid): # Because this will be called at any point in the future, # use guid in the URL. addon = get_object_or_404(Addon, guid=uuid) receipt = request.read() verify = Verify(receipt, request) output = verify(check_purchase=False) # Ensure CORS headers are set. def response(data): response = http.HttpResponse(data) for header, value in get_headers(len(output)): response[header] = value return response # Only reviewers or the developers can use this which is different # from the standard receipt verification. The user is contained in the # receipt. if verify.user_id: try: user = UserProfile.objects.get(pk=verify.user_id) except UserProfile.DoesNotExist: user = None if user and (acl.action_allowed_user(user, 'Apps', 'Review') or addon.has_author(user)): amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user) return response(output) return response(verify.invalid())
def reissue(request): """ Reissues an existing receipt, provided from the client. Will only do so if the receipt is a full receipt and expired. """ raw = request.read() verify = Verify(raw, request.META) output = verify.check_full() # We will only re-sign expired receipts. if output["status"] != "expired": log.info("Receipt not expired returned: {0}".format(output)) receipt_cef.log(request._request, None, "sign", "Receipt reissue failed") output["receipt"] = "" return Response(output, status=400) receipt_cef.log(request._request, None, "sign", "Receipt reissue signing") return Response({"reason": "", "receipt": reissue_receipt(raw), "status": "expired"})
def verify(request, addon): receipt = request.read() verify = Verify(receipt, request) output = verify(check_purchase=False) # Only reviewers or the developers can use this which is different # from the standard receipt verification. The user is contained in the # receipt. if verify.user_id: try: user = UserProfile.objects.get(pk=verify.user_id) except UserProfile.DoesNotExist: user = None if user and (acl.action_allowed_user(user, "Apps", "Review") or addon.has_author(user)): amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user) return http.HttpResponse(output, verify.get_headers(len(output))) return http.HttpResponse(verify.invalid(), verify.get_headers(verify.invalid()))
def reissue(request): """ Reissues an existing receipt, provided from the client. Will only do so if the receipt is a full receipt and expired. """ raw = request.read() verify = Verify(raw, request.META) output = verify.check_full() # We will only re-sign expired receipts. if output['status'] != 'expired': log.info('Receipt not expired returned: {0}'.format(output)) receipt_cef.log(request._request, None, 'sign', 'Receipt reissue failed') output['receipt'] = '' return Response(output, status=400) receipt_cef.log(request._request, None, 'sign', 'Receipt reissue signing') return Response({'reason': '', 'receipt': reissue_receipt(raw), 'status': 'expired'})
def verify(request, uuid): # Because this will be called at any point in the future, # use guid in the URL. addon = get_object_or_404(Addon, guid=uuid) receipt = request.read() verify = Verify(receipt, request.META) output = verify.check_without_purchase() # Only reviewers or the developers can use this which is different # from the standard receipt verification. The user is contained in the # receipt. if verify.user_id: try: user = UserProfile.objects.get(pk=verify.user_id) except UserProfile.DoesNotExist: user = None if user and (acl.action_allowed_user(user, "Apps", "Review") or addon.has_author(user)): amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user) return response(output) return response(verify.invalid())
def verify(request, uuid): # Because this will be called at any point in the future, # use guid in the URL. addon = get_object_or_404(Addon, guid=uuid) receipt = request.read() verify = Verify(receipt, request) output = verify(check_purchase=False) # Only reviewers or the developers can use this which is different # from the standard receipt verification. The user is contained in the # receipt. if verify.user_id: try: user = UserProfile.objects.get(pk=verify.user_id) except UserProfile.DoesNotExist: user = None if user and (acl.action_allowed_user(user, 'Apps', 'Review') or addon.has_author(user)): amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user) return response(output) return response(verify.invalid())
def verify(request, addon): receipt = request.raw_post_data verify = Verify(addon.pk, receipt, request) output = verify(check_purchase=False) # Only reviewers or the authors can use this which is different # from the standard receipt verification. The user is contained in the # receipt. if verify.user_id: try: user = UserProfile.objects.get(pk=verify.user_id) except UserProfile.DoesNotExist: user = None if user and (acl.action_allowed_user(user, 'Apps', 'Review') or addon.has_author(user)): amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user) return http.HttpResponse(output, verify.get_headers(len(output))) return http.HttpResponse(verify.invalid(), verify.get_headers(verify.invalid()))
def devhub_verify(request, status): receipt = request.read() verify = Verify(receipt, request.META) return response(verify.check_without_db(status))