def verify(request, uuid):
# Because this will be called at any point in the future,
# use guid in the URL.
addon = get_object_or_404(Addon, guid=uuid)
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Ensure CORS headers are set.
def response(data):
response = http.HttpResponse(data)
for header, value in get_headers(len(output)):
response[header] = value
return response
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return response(output)
return response(verify.invalid())
def reissue(request):
"""
Reissues an existing receipt, provided from the client. Will only do
so if the receipt is a full receipt and expired.
"""
raw = request.read()
verify = Verify(raw, request.META)
output = verify.check_full()
# We will only re-sign expired receipts.
if output["status"] != "expired":
log.info("Receipt not expired returned: {0}".format(output))
receipt_cef.log(request._request, None, "sign", "Receipt reissue failed")
output["receipt"] = ""
return Response(output, status=400)
receipt_cef.log(request._request, None, "sign", "Receipt reissue signing")
return Response({"reason": "", "receipt": reissue_receipt(raw), "status": "expired"})
def verify(request, addon):
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, "Apps", "Review") or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return http.HttpResponse(output, verify.get_headers(len(output)))
return http.HttpResponse(verify.invalid(), verify.get_headers(verify.invalid()))
def reissue(request):
"""
Reissues an existing receipt, provided from the client. Will only do
so if the receipt is a full receipt and expired.
"""
raw = request.read()
verify = Verify(raw, request.META)
output = verify.check_full()
# We will only re-sign expired receipts.
if output['status'] != 'expired':
log.info('Receipt not expired returned: {0}'.format(output))
receipt_cef.log(request._request, None, 'sign',
'Receipt reissue failed')
output['receipt'] = ''
return Response(output, status=400)
receipt_cef.log(request._request, None, 'sign', 'Receipt reissue signing')
return Response({'reason': '', 'receipt': reissue_receipt(raw),
'status': 'expired'})
def reissue(request):
"""
Reissues an existing receipt, provided from the client. Will only do
so if the receipt is a full receipt and expired.
"""
raw = request.read()
verify = Verify(raw, request.META)
output = verify.check_full()
# We will only re-sign expired receipts.
if output['status'] != 'expired':
log.info('Receipt not expired returned: {0}'.format(output))
receipt_cef.log(request._request, None, 'sign',
'Receipt reissue failed')
output['receipt'] = ''
return Response(output, status=400)
receipt_cef.log(request._request, None, 'sign', 'Receipt reissue signing')
return Response({'reason': '', 'receipt': reissue_receipt(raw),
'status': 'expired'})
def verify(request, uuid):
# Because this will be called at any point in the future,
# use guid in the URL.
addon = get_object_or_404(Addon, guid=uuid)
receipt = request.read()
verify = Verify(receipt, request.META)
output = verify.check_without_purchase()
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, "Apps", "Review") or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return response(output)
return response(verify.invalid())
def verify(request, uuid):
# Because this will be called at any point in the future,
# use guid in the URL.
addon = get_object_or_404(Addon, guid=uuid)
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return response(output)
return response(verify.invalid())
def verify(request, addon):
receipt = request.raw_post_data
verify = Verify(addon.pk, receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the authors can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return http.HttpResponse(output, verify.get_headers(len(output)))
return http.HttpResponse(verify.invalid(),
verify.get_headers(verify.invalid()))
def devhub_verify(request, status):
receipt = request.read()
verify = Verify(receipt, request.META)
return response(verify.check_without_db(status))