def success(request):
"""
Process a redirect request after the Bango payment has completed.
This URL endpoint is pre-arranged with Bango via the Billing Config API.
Example request:
?ResponseCode=OK&ResponseMessage=Success&BangoUserId=1473894939
&MerchantTransactionId=webpay%3a14d6a53c-fc4c-4bd1-8dc0-9f24646064b8
&BangoTransactionId=1078692145
&TransactionMethods=USA_TMOBILE%2cT-Mobile+USA%2cTESTPAY%2cTest+Pay
&BillingConfigurationId=218240
&MozSignature=
c2cf7b937720c6e41f8b6401696cf7aef56975ebe54f8cee51eff4eb317841af
&Currency=USD&Network=USA_TMOBILE&Price=0.99&P=
"""
log.info('Bango success: %s' % request.GET)
# We should only have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') != 'OK':
return _error(request,
msg=('in success(): Invalid Bango response code: %s' %
request.GET.get('ResponseCode')))
if not _record(request):
return _error(request, msg='Could not record Bango success')
# Signature verification was successful; fulfill the payment.
tasks.payment_notify.delay(request.GET.get('MerchantTransactionId'))
return render(request, 'bango/success.html')
def process_pay_req(request):
form = VerifyForm(request.GET)
if not form.is_valid():
return _error(request, msg=form.errors.as_text(),
is_simulation=form.is_simulation)
if settings.ONLY_SIMULATIONS and not form.is_simulation:
# Real payments are currently disabled.
# Only simulated payments are allowed.
return render(request, 'error.html',
{'error': _('Payments are temporarily disabled.')},
status=503)
try:
pay_req = verify_jwt(
form.cleaned_data['req'],
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=('request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except (TypeError, InvalidJWT, RequestExpired), exc:
log.exception('calling verify_jwt')
return _error(request, exception=exc,
is_simulation=form.is_simulation)
def success(request):
"""
Process a redirect request after the Bango payment has completed.
This URL endpoint is pre-arranged with Bango via the Billing Config API.
Example request:
?ResponseCode=OK&ResponseMessage=Success&BangoUserId=1473894939
&MerchantTransactionId=webpay%3a14d6a53c-fc4c-4bd1-8dc0-9f24646064b8
&BangoTransactionId=1078692145
&TransactionMethods=USA_TMOBILE%2cT-Mobile+USA%2cTESTPAY%2cTest+Pay
&BillingConfigurationId=218240
&MozSignature=
c2cf7b937720c6e41f8b6401696cf7aef56975ebe54f8cee51eff4eb317841af
&Currency=USD&Network=USA_TMOBILE&Price=0.99&P=
"""
log.info('Bango success: %s' % request.GET)
# We should only have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') != 'OK':
log.info('Invalid response code: %s' % request.GET.get('ResponseCode'))
return _error(request)
if not _record(request):
return _error(request)
# Signature verification was successful; fulfill the payment.
tasks.payment_notify.delay(request.GET.get('MerchantTransactionId'))
return render(request, 'bango/success.html')
def process_pay_req(request):
form = VerifyForm(request.GET)
if not form.is_valid():
return _error(request,
msg=form.errors.as_text(),
is_simulation=form.is_simulation)
if settings.ONLY_SIMULATIONS and not form.is_simulation:
# Real payments are currently disabled.
# Only simulated payments are allowed.
return render(request,
'error.html',
{'error': _('Payments are temporarily disabled.')},
status=503)
try:
pay_req = verify_jwt(
form.cleaned_data['req'],
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=(
'request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except (TypeError, InvalidJWT, RequestExpired), exc:
log.exception('calling verify_jwt')
return _error(request, exception=exc, is_simulation=form.is_simulation)
def error(request):
log.info('Bango error: %s' % request.GET)
# We should NOT have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') == 'OK':
log.info('Invalid response code: %s' % request.GET.get('ResponseCode'))
return _error(request)
if not _record(request):
return _error(request)
if request.GET.get('ResponseCode') == 'CANCEL':
return render(request, 'bango/cancel.html')
return _error(request)
def error(request):
log.info('Bango error: %s' % request.GET)
# We should NOT have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') == 'OK':
return _error(request,
msg=('in error(): Invalid Bango response code: %s' %
request.GET.get('ResponseCode')))
if not _record(request):
return _error(request, msg=_('Could not record Bango error'))
if request.GET.get('ResponseCode') == 'CANCEL':
return render(request, 'bango/cancel.html')
return _error(request, msg=_('Received Bango error'))
def process_pay_req(request):
form = VerifyForm(request.GET)
if not form.is_valid():
codes = []
for erlist in form.errors.values():
codes.extend(erlist)
codes = ', '.join(codes)
return _error(request, code=codes)
if settings.ONLY_SIMULATIONS and not form.is_simulation:
# Real payments are currently disabled.
# Only simulated payments are allowed.
return render(request, 'error.html',
{'error': _('Payments are temporarily disabled.')},
status=503)
exc = er = None
try:
pay_req = verify_jwt(
form.cleaned_data['req'],
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=('request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except RequestExpired, exc:
er = msg.EXPIRED_JWT
def wait_to_start(request):
"""
Wait until the transaction is in a ready state.
The transaction was started previously during the buy flow in the
background from webpay.pay.tasks.
Serve JS that polls for transaction state.
When ready, redirect to the Bango payment URL using
the generated billing configuration ID.
"""
trans_id = request.session.get('trans_id', None)
if not trans_id:
# This seems like a seriously problem but maybe there is just a race
# condition. If we see a lot of these in the logs it means the
# payment will never complete so we should keep an eye on it.
log.error('wait_to_start() session trans_id was None')
try:
trans = solitude.get_transaction(trans_id)
except ObjectDoesNotExist:
trans = {'status': None}
if trans['status'] in constants.STATUS_ENDED:
log.exception('Attempt to restart finished transaction {0} '
'with status {1}'.format(trans_id, trans['status']))
return _error(request, msg=_('Transaction has already ended.'))
if trans['status'] == constants.STATUS_PENDING:
# Dump any messages so we don't show them later.
clear_messages(request)
# The transaction is ready; no need to wait for it.
return http.HttpResponseRedirect(_bango_start_url(trans['uid_pay']))
return render(request, 'pay/wait-to-start.html')
def wait_to_start(request):
"""
Wait until the transaction is in a ready state.
The transaction was started previously during the buy flow in the
background from webpay.pay.tasks.
Serve JS that polls for transaction state.
When ready, redirect to the Bango payment URL using
the generated billing configuration ID.
"""
try:
trans = solitude.get_transaction(request.session['trans_id'])
except ObjectDoesNotExist:
trans = {'status': None}
if trans['status'] in constants.STATUS_ENDED:
log.exception('Attempt to restart finished transaction.')
return _error(request, msg=_('Transaction has already ended.'))
if trans['status'] == constants.STATUS_PENDING:
# Dump any messages so we don't show them later.
clear_messages(request)
# The transaction is ready; no need to wait for it.
return http.HttpResponseRedirect(_bango_start_url(trans['uid_pay']))
return render(request, 'pay/wait-to-start.html')
def wait_to_start(request):
"""
Wait until the transaction is in a ready state.
The transaction was started previously during the buy flow in the
background from webpay.pay.tasks.
Serve JS that polls for transaction state.
When ready, redirect to the Bango payment URL using
the generated billing configuration ID.
"""
trans_id = request.session.get('trans_id', None)
if not trans_id:
# This seems like a seriously problem but maybe there is just a race
# condition. If we see a lot of these in the logs it means the
# payment will never complete so we should keep an eye on it.
log.error('wait_to_start() session trans_id was None')
try:
trans = solitude.get_transaction(trans_id)
except ObjectDoesNotExist:
trans = {'status': None}
if trans['status'] in constants.STATUS_ENDED:
log.exception('Attempt to restart finished transaction {0} '
'with status {1}'.format(trans_id, trans['status']))
return _error(request, msg=_('Transaction has already ended.'))
if trans['status'] == constants.STATUS_PENDING:
# Dump any messages so we don't show them later.
clear_messages(request)
# The transaction is ready; no need to wait for it.
return http.HttpResponseRedirect(_bango_start_url(trans['uid_pay']))
return render(request, 'pay/wait-to-start.html')
def process_pay_req(request):
form = VerifyForm(request.GET)
if not form.is_valid():
codes = []
for erlist in form.errors.values():
codes.extend(erlist)
codes = ', '.join(codes)
return _error(request, code=codes)
if settings.ONLY_SIMULATIONS and not form.is_simulation:
# Real payments are currently disabled.
# Only simulated payments are allowed.
return render(request,
'error.html',
{'error': _('Payments are temporarily disabled.')},
status=503)
exc = er = None
try:
pay_req = verify_jwt(
form.cleaned_data['req'],
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=(
'request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except RequestExpired, exc:
er = msg.EXPIRED_JWT
def lobby(request):
sess = request.session
trans = None
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
request.session['trans_id'] = trans_id()
elif not sess.get('is_simulation', False):
try:
trans = solitude.get_transaction(request.session.get('trans_id'))
except ObjectDoesNotExist:
if request.session.get('trans_id'):
log.info('Attempted to restart non-existent transaction {0}'
.format(request.session.get('trans_id')))
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'))
# Before we continue with the buy flow, let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from lobby'
.format(request.session.get('trans_id')))
tasks.configure_transaction(request, trans=trans)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(redirect_url)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s'
% (sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {
'simulate': sim_req
})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def lobby(request):
sess = request.session
trans = None
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
sess['trans_id'] = trans_id()
elif not sess.get('is_simulation', False):
try:
trans = solitude.get_transaction(sess.get('trans_id'))
except ObjectDoesNotExist:
if sess.get('trans_id'):
log.info(
'Attempted to restart non-existent transaction {0}'.format(
sess.get('trans_id')))
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'), False)
# Before we continue with the buy flow, let's save some
# time and get the transaction configured via Bango in the
# background.
log.info('configuring transaction {0} from lobby'.format(
sess.get('trans_id')))
tasks.configure_transaction(request, trans=trans)
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect('{0}?next={1}'.format(
reverse('pay.bounce'), redirect_url))
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s' %
(sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {'simulate': sim_req})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def error(request):
log.info("Bango error: %s" % request.GET)
# We should NOT have OK's coming from Bango, presumably.
if request.GET.get("ResponseCode") == "OK":
return _error(request, msg=("in error(): Invalid Bango response code: %s" % request.GET.get("ResponseCode")))
if not _record(request):
return _error(request, msg=_("Could not record Bango error"))
if request.GET.get("ResponseCode") == "CANCEL":
return render(request, "bango/cancel.html")
if request.GET.get("ResponseCode") == "NOT_SUPPORTED":
return _error(request, display=True, msg=_("Price point unavailable for this region or " "carrier."))
return _error(request, msg=_("Received Bango error"))
def error(request):
log.info('Bango error: %s' % request.GET)
# We should NOT have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') == 'OK':
return _error(request,
msg=('in error(): Invalid Bango response code: %s' %
request.GET.get('ResponseCode')))
if not _record(request):
return _error(request, msg=_('Could not record Bango error'))
if request.GET.get('ResponseCode') == 'CANCEL':
return render(request, 'bango/cancel.html')
if request.GET.get('ResponseCode') == 'NOT_SUPPORTED':
return _error(request, display=True,
msg=_('Price point unavailable for this region or '
'carrier.'))
return _error(request, msg=_('Received Bango error'))
def success(request):
"""
Process a redirect request after the Bango payment has completed.
This URL endpoint is pre-arranged with Bango via the Billing Config API.
Example request:
?ResponseCode=OK&ResponseMessage=Success&BangoUserId=1473894939
&MerchantTransactionId=webpay%3a14d6a53c-fc4c-4bd1-8dc0-9f24646064b8
&BangoTransactionId=1078692145
&TransactionMethods=USA_TMOBILE%2cT-Mobile+USA%2cTESTPAY%2cTest+Pay
&BillingConfigurationId=218240
&MozSignature=
c2cf7b937720c6e41f8b6401696cf7aef56975ebe54f8cee51eff4eb317841af
&Currency=USD&Network=USA_TMOBILE&Price=0.99&P=
"""
if settings.FAKE_PAYMENTS:
trans = 'fakepay:{0}'.format(uuid.uuid4())
log.info('Faking a successful payment with transaction {0}'
.format(trans))
tasks.fake_payment_notify.delay(
trans,
request.session['notes']['pay_request'],
request.session['notes']['issuer_key'])
return render(request, 'bango/success.html')
log.info('Bango success: %s' % request.GET)
# We should only have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') != 'OK':
return _error(request,
msg=('in success(): Invalid Bango response code: %s' %
request.GET.get('ResponseCode')))
if not _record(request):
return _error(request, msg='Could not record Bango success')
# Signature verification was successful; fulfill the payment.
tasks.payment_notify.delay(request.GET.get('MerchantTransactionId'))
return render(request, 'bango/success.html')
def error(request):
log.info('Bango error: %s' % request.GET)
# We should NOT have OK's coming from Bango, presumably.
if request.GET.get('ResponseCode') == 'OK':
return _error(request,
msg=('in error(): Invalid Bango response code: %s' %
request.GET.get('ResponseCode')))
if not _record(request):
return _error(request, msg=_('Could not record Bango error'))
if request.GET.get('ResponseCode') == 'CANCEL':
return render(request, 'bango/cancel.html')
if request.GET.get('ResponseCode') == 'NOT_SUPPORTED':
return _error(request,
display=True,
msg=_('Price point unavailable for this region or '
'carrier.'))
return _error(request, msg=_('Received Bango error'))
def lobby(request):
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
request.session['trans_id'] = uuid.uuid4()
elif not 'notes' in request.session:
# A JWT was not passed in and no JWT is in the session.
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
sess = request.session
if sess.get('uuid'):
auth_utils.update_session(request, sess.get('uuid'))
redirect_url = check_pin_status(request)
if redirect_url is not None:
return http.HttpResponseRedirect(redirect_url)
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s' %
(sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {'simulate': sim_req})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def lobby(request):
if request.GET.get('req'):
# If it returns a response there was likely
# an error and we should return it.
res = process_pay_req(request)
if isinstance(res, http.HttpResponse):
return res
elif settings.TEST_PIN_UI:
# This won't get you very far but it lets you create/enter PINs
# and stops a traceback after that.
request.session['trans_id'] = uuid.uuid4()
elif not 'notes' in request.session:
# A JWT was not passed in and no JWT is in the session.
return _error(request, msg='req is required')
pin_form = VerifyPinForm()
sess = request.session
if pin_recently_entered(request):
return http.HttpResponseRedirect(get_payment_url())
# If the buyer closed the trusted UI during reset flow, we want to unset
# the reset pin flag. They can hit the forgot pin button if they still
# don't remember their pin.
if sess.get('uuid_needs_pin_reset'):
solitude.set_needs_pin_reset(sess['uuid'], False)
sess['uuid_needs_pin_reset'] = False
if sess.get('is_simulation', False):
sim_req = sess['notes']['pay_request']['request']['simulate']
log.info('Starting simulate %s for %s'
% (sim_req, sess['notes']['issuer_key']))
return render(request, 'pay/simulate.html', {
'simulate': sim_req
})
return render(request, 'pay/lobby.html', {
'action': reverse('pin.verify'),
'form': pin_form,
'title': _('Enter Pin')
})
def wait_to_start(request):
"""
Wait until the transaction is in a ready state.
Serve JS that polls for transaction state.
When ready, redirect to the Bango payment URL using
the generated billing configuration ID.
"""
try:
trans = solitude.get_transaction(request.session['trans_id'])
except ValueError:
trans = {'status': None}
if trans['status'] in constants.STATUS_ENDED:
log.exception('Attempt to restart finished transaction.')
return _error(request, msg=_('Transaction has already ended.'))
if trans['status'] == constants.STATUS_PENDING:
# The transaction is ready; no need to wait for it.
return http.HttpResponseRedirect(_bango_start_url(trans['uid_pay']))
return render(request, 'pay/wait-to-start.html')
def wait_to_start(request):
"""
Wait until the transaction is in a ready state.
Serve JS that polls for transaction state.
When ready, redirect to the Bango payment URL using
the generated billing configuration ID.
"""
try:
trans = solitude.get_transaction(request.session['trans_id'])
except ValueError:
trans = {'status': None}
if trans['status'] in constants.STATUS_ENDED:
log.exception('Attempt to restart finished transaction.')
return _error(request, msg=_('Transaction has already ended.'))
if trans['status'] == constants.STATUS_PENDING:
# The transaction is ready; no need to wait for it.
return http.HttpResponseRedirect(_bango_start_url(trans['uid_pay']))
return render(request, 'pay/wait-to-start.html')
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=('request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except RequestExpired, exc:
er = msg.EXPIRED_JWT
except InvalidJWT, exc:
er = msg.INVALID_JWT
if exc:
log.exception('calling verify_jwt')
return _error(request, code=er,
display=form.is_simulation)
icon_urls = []
if pay_req['request'].get('icons'):
icon_urls = pay_req['request']['icons'].values()
# Verify that all URLs are valid.
try:
verify_urls(pay_req['request']['postbackURL'],
pay_req['request']['chargebackURL'],
is_simulation=form.is_simulation)
verify_urls(*icon_urls,
is_simulation=form.is_simulation,
check_postbacks=False)
except ValueError, exc:
log.exception('invalid URLs')
return _error(request, code=msg.MALFORMED_URL)
except (TypeError, InvalidJWT, RequestExpired), exc:
log.exception('calling verify_jwt')
return _error(request, exception=exc, is_simulation=form.is_simulation)
icon_urls = []
if pay_req['request'].get('icons'):
icon_urls = pay_req['request']['icons'].values()
# Verify that all URLs are valid.
try:
verify_urls(pay_req['request']['postbackURL'],
pay_req['request']['chargebackURL'],
*icon_urls,
is_simulation=form.is_simulation)
except ValueError, exc:
log.exception('invalid URLs')
return _error(request, exception=exc, is_simulation=form.is_simulation)
# Assert pricePoint is valid.
try:
marketplace.get_price(pay_req['request']['pricePoint'])
except UnknownPricePoint, exc:
log.exception('calling get price_price()')
return _error(request, exception=exc, is_simulation=form.is_simulation)
# All validation passed, save state to the session.
request.session['is_simulation'] = form.is_simulation
request.session['notes'] = {'pay_request': pay_req, 'issuer_key': form.key}
request.session['trans_id'] = 'webpay:%s' % uuid.uuid4()
# Before we verify the user's PIN let's save some
# time and get the transaction configured via Bango in the
log.exception('calling verify_jwt')
return _error(request, exception=exc,
is_simulation=form.is_simulation)
icon_urls = []
if pay_req['request'].get('icons'):
icon_urls = pay_req['request']['icons'].values()
# Verify that all URLs are valid.
try:
verify_urls(pay_req['request']['postbackURL'],
pay_req['request']['chargebackURL'],
*icon_urls,
is_simulation=form.is_simulation)
except ValueError, exc:
log.exception('invalid URLs')
return _error(request, exception=exc,
is_simulation=form.is_simulation)
# Assert pricePoint is valid.
try:
marketplace.get_price(pay_req['request']['pricePoint'])
except UnknownPricePoint, exc:
log.exception('calling get price_price()')
return _error(request, exception=exc,
is_simulation=form.is_simulation)
# All validation passed, save state to the session.
request.session['is_simulation'] = form.is_simulation
request.session['notes'] = {'pay_request': pay_req,
'issuer_key': form.key}
request.session['trans_id'] = 'webpay:%s' % uuid.uuid4()
settings.DOMAIN, # JWT audience.
form.secret,
required_keys=('request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except RequestExpired, exc:
er = msg.EXPIRED_JWT
except InvalidJWT, exc:
er = msg.INVALID_JWT
if exc:
log.exception('calling verify_jwt')
return _error(request, code=er)
icon_urls = []
if pay_req['request'].get('icons'):
icon_urls = pay_req['request']['icons'].values()
# Verify that all URLs are valid.
try:
verify_urls(pay_req['request']['postbackURL'],
pay_req['request']['chargebackURL'],
is_simulation=form.is_simulation)
verify_urls(*icon_urls,
is_simulation=form.is_simulation,
check_postbacks=False)
except ValueError, exc:
log.exception('invalid URLs')
return _error(request, code=msg.MALFORMED_URL)
form.secret,
required_keys=(
'request.id',
'request.pricePoint', # A price tier we'll lookup.
'request.name',
'request.description',
'request.postbackURL',
'request.chargebackURL'))
except RequestExpired, exc:
er = msg.EXPIRED_JWT
except InvalidJWT, exc:
er = msg.INVALID_JWT
if exc:
log.exception('calling verify_jwt')
return _error(request, code=er)
icon_urls = []
if pay_req['request'].get('icons'):
icon_urls = pay_req['request']['icons'].values()
# Verify that all URLs are valid.
try:
verify_urls(pay_req['request']['postbackURL'],
pay_req['request']['chargebackURL'],
is_simulation=form.is_simulation)
verify_urls(*icon_urls,
is_simulation=form.is_simulation,
check_postbacks=False)
except ValueError, exc:
log.exception('invalid URLs')
return _error(request, code=msg.MALFORMED_URL)
