def test_keys(self): self.setup_package() verify_keys(self.pay_jwt_dict(), ('iss', 'typ', 'aud', 'iat', 'exp', 'request.name', 'request.description', 'request.pricePoint', 'request.postbackURL', 'request.chargebackURL', 'request.productData'))
def test_keys(self): verify_keys(self.pay_jwt_dict(), ('iss', 'typ', 'aud', 'iat', 'exp', 'request.name', 'request.description', 'request.price', 'request.defaultPrice', 'request.postbackURL', 'request.chargebackURL', 'request.productData'))
def postback(request): """Verify signature from BlueVia and set contribution to paid.""" signed_jwt = request.raw_post_data if waffle.flag_is_active(request, 'solitude-payments'): result = client.verify_bluevia_jwt(signed_jwt) else: result = verify_bluevia_jwt(signed_jwt) if not result['valid']: ip = (request.META.get('HTTP_X_FORWARDED_FOR', '') or request.META.get('REMOTE_ADDR', '')) if not ip: ip = '(unknown)' log.info('Received invalid bluevia postback from IP %s' % ip) return http.HttpResponseBadRequest('invalid request') # From here on, let all exceptions raise. The JWT comes from BlueVia # so if anything fails we want to know ASAP. data = jwt.decode(signed_jwt, verify=False) verify_claims(data) iss, aud, product_data, trans_id = verify_keys(data, ('iss', 'aud', 'request.productData', 'response.transactionID')) log.info('received BlueVia postback JWT: iss:%s aud:%s ' 'trans_id:%s product_data:%s' % (iss, aud, trans_id, product_data)) pd = urlparse.parse_qs(product_data) contrib_uuid = pd['contrib_uuid'][0] try: contrib = Contribution.objects.get(uuid=contrib_uuid) except Contribution.DoesNotExist: etype, val, tb = sys.exc_info() raise LookupError('BlueVia JWT (iss:%s, aud:%s) for trans_id %s ' 'links to contrib %s which doesn\'t exist' % (iss, aud, trans_id, contrib_uuid)), None, tb contrib.update(type=amo.CONTRIB_PURCHASE, bluevia_transaction_id=trans_id) tasks.purchase_notify.delay(signed_jwt, contrib.pk) return http.HttpResponse(trans_id)
def verify_webpay_jwt(signed_jwt): # This can probably be deleted depending upon solitude. try: jwt.decode(signed_jwt.encode('ascii'), secret) except Exception, e: log.error('Error decoding webpay jwt: %s' % e, exc_info=True) return {'valid': False} return {'valid': True} def sign_webpay_jwt(data): return jwt.encode(data, secret) def parse_from_webpay(signed_jwt, ip): try: data = jwt.decode(signed_jwt.encode('ascii'), secret) except Exception, e: log.info('Received invalid webpay postback from IP %s: %s' % (ip or '(unknown)', e), exc_info=True) raise InvalidSender() verify_claims(data) iss, aud, product_data, trans_id = verify_keys( data, ('iss', 'aud', 'request.productData', 'response.transactionID')) log.info('Received webpay postback JWT: iss:%s aud:%s ' 'trans_id:%s product_data:%s' % (iss, aud, trans_id, product_data)) return data
def verify_bluevia_jwt(signed_jwt): # This can probably be deleted depending upon solitude. try: jwt.decode(signed_jwt.encode('ascii'), secret) except Exception, e: log.error('Error decoding bluevia jwt: %s' % e, exc_info=True) return {'valid': False} return {'valid': True} def sign_bluevia_jwt(data): return jwt.encode(data, secret) def parse_from_bluevia(signed_jwt, ip): try: data = jwt.decode(signed_jwt.encode('ascii'), secret) except Exception, e: log.info('Received invalid bluevia postback from IP %s: %s' % (ip or '(unknown)', e), exc_info=True) raise InvalidSender() verify_claims(data) iss, aud, product_data, trans_id = verify_keys( data, ('iss', 'aud', 'request.productData', 'response.transactionID')) log.info('Received BlueVia postback JWT: iss:%s aud:%s ' 'trans_id:%s product_data:%s' % (iss, aud, trans_id, product_data)) return data