def test_sign_string(self) -> None: string = "abc" signed_string, salt = sign_string(string) self.assertEqual(string, unsign_string(signed_string, salt)) with self.assertRaises(signing.BadSignature): unsign_string(signed_string, "randomsalt")
def initial_upgrade(request: HttpRequest) -> HttpResponse: if not settings.DEVELOPMENT: return render(request, "404.html") user = request.user error_message = "" if Customer.objects.filter(realm=user.realm).exists(): return HttpResponseRedirect(reverse('zilencer.views.billing_home')) if request.method == 'POST': plan = request.POST['plan'] if plan not in [Plan.CLOUD_ANNUAL, Plan.CLOUD_MONTHLY]: billing_logger.warning( "Tampered plan during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) error_message = "Something went wrong. Please contact [email protected]" try: seat_count = int( unsign_string(request.POST['signed_seat_count'], request.POST['salt'])) except signing.BadSignature: billing_logger.warning( "Tampered seat count during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) error_message = "Something went wrong. Please contact [email protected]" if not error_message: stripe_customer = do_create_customer_with_payment_source( user, request.POST['stripeToken']) do_subscribe_customer_to_plan( stripe_customer=stripe_customer, stripe_plan_id=Plan.objects.get(nickname=plan).stripe_plan_id, seat_count=seat_count, # TODO: billing address details are passed to us in the request; # use that to calculate taxes. tax_percent=0) # TODO: check for errors and raise/send to frontend return HttpResponseRedirect(reverse('zilencer.views.billing_home')) seat_count = get_seat_count(user.realm) signed_seat_count, salt = sign_string(str(seat_count)) context = { 'publishable_key': STRIPE_PUBLISHABLE_KEY, 'email': user.email, 'seat_count': seat_count, 'signed_seat_count': signed_seat_count, 'salt': salt, 'plan': "Zulip Premium", 'nickname_monthly': Plan.CLOUD_MONTHLY, 'nickname_annual': Plan.CLOUD_ANNUAL, 'error_message': error_message, } # type: Dict[str, Any] return render(request, 'zilencer/upgrade.html', context=context)
def initial_upgrade(request: HttpRequest) -> HttpResponse: if not settings.DEVELOPMENT: return render(request, "404.html") user = request.user error_message = "" if Customer.objects.filter(realm=user.realm).exists(): return HttpResponseRedirect(reverse('zilencer.views.billing_home')) if request.method == 'POST': plan = request.POST['plan'] if plan not in [Plan.CLOUD_ANNUAL, Plan.CLOUD_MONTHLY]: billing_logger.warning("Tampered plan during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) error_message = "Something went wrong. Please contact [email protected]" try: seat_count = int(unsign_string(request.POST['signed_seat_count'], request.POST['salt'])) except signing.BadSignature: billing_logger.warning("Tampered seat count during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) error_message = "Something went wrong. Please contact [email protected]" if not error_message: stripe_customer = do_create_customer_with_payment_source(user, request.POST['stripeToken']) do_subscribe_customer_to_plan( stripe_customer=stripe_customer, stripe_plan_id=Plan.objects.get(nickname=plan).stripe_plan_id, seat_count=seat_count, # TODO: billing address details are passed to us in the request; # use that to calculate taxes. tax_percent=0) # TODO: check for errors and raise/send to frontend return HttpResponseRedirect(reverse('zilencer.views.billing_home')) seat_count = get_seat_count(user.realm) signed_seat_count, salt = sign_string(str(seat_count)) context = { 'publishable_key': STRIPE_PUBLISHABLE_KEY, 'email': user.email, 'seat_count': seat_count, 'signed_seat_count': signed_seat_count, 'salt': salt, 'plan': "Zulip Premium", 'nickname_monthly': Plan.CLOUD_MONTHLY, 'nickname_annual': Plan.CLOUD_ANNUAL, 'error_message': error_message, } # type: Dict[str, Any] return render(request, 'zilencer/upgrade.html', context=context)
def unsign_and_check_upgrade_parameters(user: UserProfile, plan_nickname: str, signed_seat_count: str, salt: str) -> Tuple[Plan, int]: if plan_nickname not in [Plan.CLOUD_ANNUAL, Plan.CLOUD_MONTHLY]: billing_logger.warning("Tampered plan during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) raise BillingError('tampered plan', BillingError.CONTACT_SUPPORT) plan = Plan.objects.get(nickname=plan_nickname) try: seat_count = int(unsign_string(signed_seat_count, salt)) except signing.BadSignature: billing_logger.warning("Tampered seat count during realm upgrade. user: %s, realm: %s (%s)." % (user.id, user.realm.id, user.realm.string_id)) raise BillingError('tampered seat count', BillingError.CONTACT_SUPPORT) return plan, seat_count