def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback() self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status != "Completed": self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if self.receiver_email != RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass self.save() self.send_signals()
def verify(self): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. """ self.response = self._postback().decode('ascii') self.clear_flag() self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if hasattr(settings, 'PAYPAL_RECEIVER_EMAIL'): warn("Use of PAYPAL_RECEIVER_EMAIL in settings has been Deprecated.\n" "Check of valid email must be done when receiving the\n" "valid_ipn_received signal", DeprecationWarning) if self.receiver_email != settings.PAYPAL_RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) else: # @@@ Run a different series of checks on recurring payments. pass self.save()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback().decode('ascii') self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if self.receiver_email != RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass self.save()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback().decode('ascii') self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) #JMY - updating this so it doesnt say invalid but rather notes that it was sent to an address other than defeault one if self.receiver_email != RECEIVER_EMAIL: self.set_flag("Payment sent directly to host (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass self.save()
def verify(self, item_check_callable=None, test=True): """ Verifies an IPN. Checks for obvious signs of weirdness in the payment and flags appropriately. You can provide a function `item_check_callabe` that takes a PayPalIPN instance and returns (True, None) if the item is valid. Returns (False, "reason") if the item isn't valid. This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ from paypal.standard.helpers import duplicate_txn_id if self._postback(test): if self.is_transaction(): if self.payment_status != "Completed": self.set_flag("Invalid payment_status.") if duplicate_txn_id(self): self.set_flag("Duplicate transaction ID.") if self.receiver_email != settings.PAYPAL_RECEIVER_EMAIL: self.set_flag("Invalid receiver_email.") if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # ### To-Do: Need to run a different series of checks on recurring payments. pass if self.flag: payment_was_flagged.send(sender=self) else: payment_was_successful.send(sender=self)
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback().decode('ascii') self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if hasattr(settings, 'PAYPAL_RECEIVER_EMAIL'): warn("Use of PAYPAL_RECEIVER_EMAIL in settings has been Deprecated.\n" "Check of valid email must be done when receiving the\n" "valid_ipn_received signal", DeprecationWarning) if self.receiver_email != settings.PAYPAL_RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass self.save()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (True, None) if the item is valid. Should return (False, "reason") if the item isn't valid. This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ logging.info('in verify') self._postback() logging.info('after postback') self._verify_postback() logging.info('after verifypostback') if not self.flag: logging.info('not flag') if self.is_transaction(): logging.info('tx status=%s' % str(self.payment_status)) if self.payment_status != "Completed" and self.payment_status != "Pending": logging.error("Invalid payment_status (%s). " % self.payment_status) self.set_flag("Invalid payment_status (%s). " % self.payment_status) if duplicate_txn_id(self): logging.error("Duplicate transaction ID (%s). " % self.txn_id) self.set_flag("Duplicate transaction ID (%s). " % self.txn_id) if self.receiver_email != RECEIVER_EMAIL: logging.error("Invalid receiver_email (%s). Need %s " % (self.receiver_email, RECEIVER_EMAIL)) self.set_flag("Invalid receiver_email (%s). " % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # ### To-Do: Need to run a different series of checks on recurring payments. pass logging.info('before save') self.save() logging.info('about to send signals') try: self.send_signals() except Exception, e: logging.error(e)
def verify(self): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. """ self.response = self._postback().decode('ascii') self.clear_flag() self._verify_postback() if not self.flag: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) self.save()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback() self._verify_postback() invalid_paypal_obj = self.flag if not invalid_paypal_obj: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) elif self.payment_status != ST_PP_COMPLETED: self.set_flag("Not a completed transacation. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if self.receiver_email != RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass # If settings.IGNORE_INVALID_PDT is set, don't save an invalid paypal # object to the db. Invalid paypal objects include non-validating # PayPalPDTForms (see pdt.views.pdt()) or postbacks that don't verify # Keeps bad PDT requests from filling up your db, a potential attack. # Note this only effects PDT, since IPN objects get saved during # ipn.views.ipn(). if not invalid_paypal_obj or \ not hasattr(settings, 'IGNORE_INVALID_PDT') or \ not settings.IGNORE_INVALID_PDT: self.save() self.send_signals()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback() self._verify_postback() invalid_paypal_obj = self.flag if not invalid_paypal_obj: if self.is_transaction(): if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if self.receiver_email != RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass # If settings.IGNORE_INVALID_PDT is set, don't save an invalid paypal # object to the db. Invalid paypal objects include non-validating # PayPalPDTForms (see pdt.views.pdt()) or postbacks that don't verify # Keeps bad PDT requests from filling up your db, a potential attack. # Note this only effects PDT, since IPN objects get saved during # ipn.views.ipn(). if not invalid_paypal_obj or \ not hasattr(settings, 'IGNORE_INVALID_PDT') or \ not settings.IGNORE_INVALID_PDT: self.save() self.send_signals()
def verify(self, item_check_callable=None): """ Verifies an IPN and a PDT. Checks for obvious signs of weirdness in the payment and flags appropriately. Provide a callable that takes an instance of this class as a parameter and returns a tuple (False, None) if the item is valid. Should return (True, "reason") if the item isn't valid. Strange but backward compatible :) This function should check that `mc_gross`, `mc_currency` `item_name` and `item_number` are all correct. """ self.response = self._postback().decode('ascii') self._verify_postback() if not self.flag: if self.is_transaction(): try: SETTINGS_RECEIVER_EMAIL = settings.CURRENCY_INFO[self.mc_currency]['PAYPAL_RECEIVER_EMAIL'] except (AttributeError, KeyError): SETTINGS_RECEIVER_EMAIL = RECEIVER_EMAIL if self.payment_status not in self.PAYMENT_STATUS_CHOICES: self.set_flag("Invalid payment_status. (%s)" % self.payment_status) if duplicate_txn_id(self): self.set_flag("Duplicate txn_id. (%s)" % self.txn_id) if self.receiver_email != SETTINGS_RECEIVER_EMAIL: self.set_flag("Invalid receiver_email. (%s)" % self.receiver_email) if callable(item_check_callable): flag, reason = item_check_callable(self) if flag: self.set_flag(reason) else: # @@@ Run a different series of checks on recurring payments. pass self.save() self.send_signals()