def _notify(notifier_task, trans, extra_response=None, simulated=NOT_SIMULATED,
task_args=None):
"""
Post JWT notice to an app server about a payment.
"""
# TODO(Kumar) yell if transaction is not completed?
typ, url = _prepare_notice(trans)
response = {'transactionID': trans['uuid']}
notes = trans['notes']
if not task_args:
task_args = [trans['uuid']]
if extra_response:
response.update(extra_response)
response['price'] = {'amount': trans['amount'],
'currency': trans['currency']}
issued_at = gmtime()
notice = {'iss': settings.NOTIFY_ISSUER,
# The original issuer of the request will now become the
# audience of the notice.
'aud': notes['issuer_key'],
'typ': typ,
'iat': issued_at,
'exp': issued_at + 3600, # Expires in 1 hour
'request': notes['pay_request']['request'],
'response': response}
log.info('preparing notice %s' % notice)
signed_notice = jwt.encode(notice, get_secret(notes['issuer_key']),
algorithm='HS256')
send_pay_notice(url, trans['type'], signed_notice, trans['uuid'],
notifier_task, task_args, simulated=simulated)
def _notify(notifier_task, trans, extra_response=None, simulated=NOT_SIMULATED, task_args=None):
"""
Post JWT notice to an app server about a payment.
"""
# TODO(Kumar) yell if transaction is not completed?
typ, url = _prepare_notice(trans)
response = {"transactionID": trans["uuid"]}
notes = trans["notes"]
if not task_args:
task_args = [trans["uuid"]]
if extra_response:
response.update(extra_response)
response["price"] = {"amount": trans["amount"], "currency": trans["currency"]}
issued_at = gmtime()
notice = {
"iss": settings.NOTIFY_ISSUER,
"aud": notes["issuer_key"],
"typ": typ,
"iat": issued_at,
"exp": issued_at + 3600, # Expires in 1 hour
"request": notes["pay_request"]["request"],
"response": response,
}
log.info("preparing notice %s" % notice)
signed_notice = jwt.encode(notice, get_secret(notes["issuer_key"]), algorithm="HS256")
success, last_error = send_pay_notice(
url, trans["type"], signed_notice, trans["uuid"], notifier_task, task_args, simulated=simulated
)
def reset_user(request):
"""
Reset the logged in Persona user.
This is not meant as a full logout. It's meant to compliment
navigator.id.logout() so that both Webpay and Persona think the user
is logged out.
"""
if 'logged_in_user' in request.session:
log.info('Resetting Persona user %s' %
request.session['logged_in_user'])
del request.session['logged_in_user']
if 'mkt_permissions' in request.session:
# This isn't strictly necessary since permissions are reset on
# login but it's good for paranoia.
del request.session['mkt_permissions']
# Set the starting timestamp of the reset for later use when verifying
# their Firefox Accounts password entry.
start_ts = gmtime()
request.session['user_reset'] = {'start_ts': start_ts}
log.info(
'PIN reset start: {r}'.format(r=datetime.utcfromtimestamp(start_ts)))
return {'status': 'OK'}
def reset_user(request):
"""
Reset the logged in Persona user.
This is not meant as a full logout. It's meant to compliment
navigator.id.logout() so that both Webpay and Persona think the user
is logged out.
"""
if 'logged_in_user' in request.session:
log.info('Resetting Persona user %s'
% request.session['logged_in_user'])
del request.session['logged_in_user']
if 'mkt_permissions' in request.session:
# This isn't strictly necessary since permissions are reset on
# login but it's good for paranoia.
del request.session['mkt_permissions']
# Set the starting timestamp of the reset for later use when verifying
# their Firefox Accounts password entry.
start_ts = gmtime()
request.session['user_reset'] = {'start_ts': start_ts}
log.info('PIN reset start: {r}'
.format(r=datetime.utcfromtimestamp(start_ts)))
return {'status': 'OK'}
def _notify(notifier_task, trans, extra_response=None, simulated=NOT_SIMULATED,
task_args=None):
"""
Post JWT notice to an app server about a payment.
"""
# TODO(Kumar) yell if transaction is not completed?
typ, url = _prepare_notice(trans)
response = {'transactionID': trans['uuid']}
notes = trans['notes']
if not task_args:
task_args = [trans['uuid']]
if extra_response:
response.update(extra_response)
response['price'] = {'amount': trans['amount'],
'currency': trans['currency']}
issued_at = gmtime()
notice = {'iss': settings.NOTIFY_ISSUER,
'aud': notes['issuer_key'],
'typ': typ,
'iat': issued_at,
'exp': issued_at + 3600, # Expires in 1 hour
'request': notes['pay_request']['request'],
'response': response}
log.info('preparing notice %s' % notice)
signed_notice = jwt.encode(notice, get_secret(notes['issuer_key']),
algorithm='HS256')
success, last_error = send_pay_notice(url, trans['type'], signed_notice,
trans['uuid'], notifier_task,
task_args, simulated=simulated)
def is_valid(payload):
data = jwt.decode(payload['notice'], 'f', # secret key
verify=True)
eq_(data['iss'], settings.NOTIFY_ISSUER)
eq_(data['typ'], TYP_POSTBACK)
eq_(data['request']['pricePoint'], 1)
eq_(data['request']['name'], app_payment['request']['name'])
eq_(data['request']['description'],
app_payment['request']['description'])
eq_(data['request']['productdata'],
app_payment['request']['productdata'])
eq_(data['request']['postbackURL'], 'http://foo.url/post')
eq_(data['request']['chargebackURL'], 'http://foo.url/charge')
eq_(data['response']['transactionID'], 'some:uuid')
assert data['iat'] <= gmtime() + 60, (
'Expected iat to be about now')
assert data['exp'] > gmtime() + 3500, (
'Expected exp to be about an hour from now')
return True
def is_valid(payload):
data = jwt.decode(payload['notice'], 'f', # secret key
verify=True, audience=self.payment_issuer)
eq_(data['iss'], settings.NOTIFY_ISSUER)
eq_(data['typ'], TYP_POSTBACK)
eq_(data['request']['pricePoint'], 1)
eq_(data['request']['name'], app_payment['request']['name'])
eq_(data['request']['description'],
app_payment['request']['description'])
eq_(data['request']['productdata'],
app_payment['request']['productdata'])
eq_(data['request']['postbackURL'], 'http://foo.url/post')
eq_(data['request']['chargebackURL'], 'http://foo.url/charge')
eq_(data['response']['transactionID'], 'some:uuid')
assert data['iat'] <= gmtime() + 60, (
'Expected iat to be about now')
assert data['exp'] > gmtime() + 3500, (
'Expected exp to be about an hour from now')
return True
def setUp(self):
super(TestPatch, self).setUp()
self.uuid = '1120933'
self.start_ts = gmtime() - (60 * 15) # 15 min ago
self.auth_at = self.start_ts + (60 * 10) # 5 min ago
self.set_session(
user_reset={'start_ts': self.start_ts,
'fxa_auth_ts': self.auth_at},
uuid=self.uuid)
solitude_client_patcher = mock.patch('webpay.pin.api.client')
self.solitude_client = solitude_client_patcher.start()
self.addCleanup(solitude_client_patcher.stop)
def setUp(self):
super(TestPatch, self).setUp()
self.uuid = '1120933'
self.start_ts = gmtime() - (60 * 15) # 15 min ago
self.auth_at = self.start_ts + (60 * 10) # 5 min ago
self.set_session(user_reset={
'start_ts': self.start_ts,
'fxa_auth_ts': self.auth_at
},
uuid=self.uuid)
solitude_client_patcher = mock.patch('webpay.pin.api.client')
self.solitude_client = solitude_client_patcher.start()
self.addCleanup(solitude_client_patcher.stop)
def jwt(self, issuer=None, secret=None, typ=settings.SIG_CHECK_TYP):
if not issuer:
issuer = settings.KEY
if not secret:
secret = settings.SECRET
issued_at = gmtime()
req = {
'iss': issuer,
'typ': typ,
'aud': settings.DOMAIN,
'iat': issued_at,
'exp': issued_at + 3600, # expires in 1 hour
'request': {}
}
return jwt.encode(req, secret)
def jwt(self, issuer=None, secret=None, typ=settings.SIG_CHECK_TYP):
if not issuer:
issuer = settings.KEY
if not secret:
secret = settings.SECRET
issued_at = gmtime()
req = {
'iss': issuer,
'typ': typ,
'aud': settings.DOMAIN,
'iat': issued_at,
'exp': issued_at + 3600, # expires in 1 hour
'request': {}
}
return jwt.encode(req, secret)
def setUp(self):
super(TestFxALogin, self).setUp()
self.url = reverse('auth.fxa_login')
self.solitude_client = self.patch('webpay.auth.utils.client')
self.solitude_client.get_buyer.return_value = {
'pin': False,
'needs_pin_reset': False,
}
# User started a PIN reset 15 min ago.
self.reset_start_ts = gmtime() - (60 * 15)
# User re-entered auth 5 min after starting a PIN reset.
self.auth_at = self.reset_start_ts + (60 * 10)
self._fxa_authorize = self.patch('webpay.auth.views._fxa_authorize')
self._fxa_authorize.return_value = ({'email': '*****@*****.**'},
{'auth_at': self.auth_at},)
def handle(self, *args, **options):
iat = gmtime()
exp = iat + 3600 # Expires in 1 hour.
req = {
'iss': options['iss'],
'aud': options['aud'],
'iat': iat,
'typ': options['typ'],
'exp': exp,
'request': {
'pricePoint': 1,
'id': options['id'], # Corresponds to seller's catalog
'defaultPrice': options['cur'],
'name': 'My bands latest album',
'description': '320kbps MP3 download, DRM free!',
'productData': options['data'] or ''
}
}
print jwt.encode(req, options['secret'] or settings.SECRET)
def payload(self,
iss=None,
aud=None,
exp=None,
iat=None,
typ='mozilla/postback/pay/v1',
extra_req=None,
extra_res=None,
include_response=True):
iss = iss or self.key
aud = aud or settings.DOMAIN
if not iat:
iat = gmtime()
if not exp:
exp = iat + 3600 # Expires in 1 hour.
req = {
'pricePoint': 1,
'id': 'some-generated-unique-id',
'name': 'My bands latest album',
'description': '320kbps MP3 download, DRM free!',
'productdata': 'my_product_id=1234',
'postbackURL': 'http://foo.url/post',
'chargebackURL': 'http://foo.url/charge'
}
if extra_req:
req.update(extra_req)
payload = {
'iss': iss,
'aud': aud,
'typ': typ,
'exp': exp,
'iat': iat,
'request': req,
}
if include_response:
res = {'transactionID': '1234'}
if extra_res:
res.update(extra_res)
payload['response'] = res
return payload
def setUp(self):
super(TestFxALogin, self).setUp()
self.url = reverse('auth.fxa_login')
self.solitude_client = self.patch('webpay.auth.utils.client')
self.solitude_client.get_buyer.return_value = {
'pin': False,
'needs_pin_reset': False,
}
# User started a PIN reset 15 min ago.
self.reset_start_ts = gmtime() - (60 * 15)
# User re-entered auth 5 min after starting a PIN reset.
self.auth_at = self.reset_start_ts + (60 * 10)
self._fxa_authorize = self.patch('webpay.auth.views._fxa_authorize')
self._fxa_authorize.return_value = (
{
'email': '*****@*****.**'
},
{
'auth_at': self.auth_at
},
)
def payload(self, iss=None, aud=None, exp=None, iat=None,
typ='mozilla/postback/pay/v1', extra_req=None, extra_res=None,
include_response=True):
iss = iss or self.key
aud = aud or settings.DOMAIN
if not iat:
iat = gmtime()
if not exp:
exp = iat + 3600 # Expires in 1 hour.
req = {
'pricePoint': 1,
'id': 'some-generated-unique-id',
'name': 'My bands latest album',
'description': '320kbps MP3 download, DRM free!',
'productdata': 'my_product_id=1234',
'postbackURL': 'http://foo.url/post',
'chargebackURL': 'http://foo.url/charge'
}
if extra_req:
req.update(extra_req)
payload = {
'iss': iss,
'aud': aud,
'typ': typ,
'exp': exp,
'iat': iat,
'request': req,
}
if include_response:
res = {'transactionID': '1234'}
if extra_res:
res.update(extra_res)
payload['response'] = res
return payload
